NASA servers hacked: TinKode claims responsibility, posts evidence of breach online

A hacker with a history of breaking into high profile websites to expose poor security has claimed to have broken into an FTP site belonging to NASA’s Goddard Space Flight Center, based in Greenland Maryland.

The serial hacker, who calls himself TinKode and is believed to hail from Romania, posted images on the web as supporting evidence of the hack.

Previous targets to have fallen at the hands of TinKode include the Royal Navy website and MySQL.com which succumbed (oh, the irony!) to an SQL injection attack.

“TinKode is one of a new breed of hacker, courting the media and announcing his successful hacks via web postings and announcements on his Twitter account. The good news is that the mysterious TinKode appears to be spurred on more by the desire to embarrass organisations into tightening their web security than financial motivation,” explains Graham Cluley, senior technology consultant at Sophos.

In an interview with Network World, TinKode compared his work to a free security audit:

Until now, no. I don’t do bad things. I only find and make public the info. Afterwards I send an email to them to fix the holes. It’s like an security audit, but for free.

Nevertheless, his actions are still against the law and he could face prosecution if brought to court. Others would be unwise to follow in TinKode’s footsteps. Of course, prevention is always better than cure – and less embarrassing too.

Asia becomes top spam continent: India contributes 7.1% to worldwide spam

Security firm Sophos has published its latest report into the top twelve spam relaying countries, covering the first quarter of 2011. Despite remaining at the top, the USA’s proportion of the global spam output fell significantly from 18.83% to 13.7% of all spam relayed from compromised computers. The United Kingdom also saw a drop, with its spam pollution falling from 4.54% to 3.2% of total global spam relayed, the UK moving down from fifth to sixth place in the dirty dozen. India was seen as the biggest contributor to Spam in Asia, contributing to 7.1% of worldwide spam.

Sophos warns that the continued growth in popularity of mobile platforms and social networking means that the number of spam attack vectors is increasing and computer security still needs to be at the forefront of people’s minds.

“Although the USA and UK contribution to the global spam problem has decreased in percentage terms, it is essential for organizations not to become complacent,” said Graham Cluley, Senior Technology Consultant at Sophos.

“Financially-motivated criminals are controlling compromised zombie computers to not just launch spam campaigns, but also to steal identity and bank account information. Users need to be educated about the dangers of clicking on links or attachments in spam mails – and many computers may already be under the control of cybercriminals. Businesses and computer users must take a more proactive approach to spam filtering and IT security in order to avoid adding to this global problem.”

Scam message offers you to enable a ‘Dislike’ button on Facebook

Many of us on various occasions would have wished to see a ‘Dislike’ button on Facebook along with the ‘like’ button. There’s a good news and a bad won for those wishing to show their disagreement or disliking towards a post, picture or a video on Facebook. The good news is that there is a way to ‘Enable the ‘Dislike’ button’ on Facebook but the bad news is, this is a scam.

Messages claiming to offer the opposite to a like button have been appearing on many Facebook users’ walls:

Facebook now has a dislike button! Click 'Enable Dislike Button' to turn on the new feature!

“Like the “Preventing Spam / Verify my account” scam which went before it, the scammers have managed to waltz past Facebook’s security to replace the standard “Share” option with a link labelled “Enable Dislike Button”,” explains Graham Cluley, Senior Technology Consultant at Sophos.

The fact that the “Enable Dislike Button” link does not appear in the main part of the message, but lower down alongside “Link” and “Comment”, is likely to fool some users into believing that it is genuine.

Clicking on the link, however, will not only forward the fake message about the so-called “Fakebook Dislike button” to all of your online friends by posting it to your profile, but also run obfuscated Javascript on your computer.

There is no official dislike button provided by Facebook and there isn’t ever likely to be. But it remains something that many Facebook users would like, and so scammers have often used the offer of a “Dislike button” as bait for the unwary.

Here’s another example that is spreading, attempting to trick you into pasting JavaScript into your browser’s address bar, before leading you to a survey scam:

Sophos Acquires Astaro to Meet Demand for Complete, Layered Security Protection

Security firm Sophos today announced it has entered into an agreement to acquire Astaro, a privately held provider of network security solutions, headquartered in Wilmington, Massachusetts, USA and Karlsruhe, Germany.

“The combination of Astaro’s comprehensive portfolio of network security solutions alongside our endpoint, mobile, and email and web threat and data protection capabilities will enable us to continue to deliver on our vision of providing complete security without complexity wherever the user and company data resides,” stated Steve Munford, Chief Executive Officer, Sophos.

The market for multi-function security appliances has continued to grow because organizations of all sizes want better protection against security threats and need to support their users and distributed workplaces in a comprehensive, easy to use, efficient way. According to IDC, the market for unified threat management was approximately $2 billion worldwide in 2010, with a CAGR of 13% 2010-2014 .

Astaro, with $56 million in billings and 30% year over year growth in 2010, is the fourth largest dedicated unified threat management (UTM) provider, leads the market and has sustained fast growth due to its strong track record of innovation and robust portfolio of feature rich network security solutions. With over 56,000 installations in over 60 countries, Astaro protects business and government networks across the globe against IT security threats. The company currently has more than 220 employees in nine countries spanning three continents, including a significant presence in the EMEA region.

“Demand for network security solutions with more comprehensive and high-quality protection is accelerating fast, and yet companies are struggling with the complexity of multiple security solutions to serve these needs,” stated Jan Hichert, Chief Executive Officer, Astaro. “We are excited to join forces with Sophos, as we share a common mission and passion for providing the most comprehensive security solutions that are also easy to use. Together, we will deliver to customers the ability to apply consistent security and web and application controls regardless of where the user is or where the network boundary may lie.”

This transaction brings two complementary security portfolios together to deliver coordinated protection and policy between endpoint and network. By combining policy, security filtering and information known at the endpoint with the network, Sophos will be able to provide improved security and visibility along with integrated management and reporting.

The solutions will offer complete protection to meet complex threats and malware challenges, especially from the web, applications and social engineering vectors that require full visibility and coordination, supported by SophosLabs and malware and threat expertise.

Osama Bin Laden dead but new malware born

Google’s top-trending Anglophone search term right now is, understandably, “osama bin laden dead”.

Google officially describes its hotness (you couldn’t make this stuff up) as volcanic.

According to President Obama’s statement, “On Sunday, a ‘small team’ of Americans raided the compound. After a firefight, they killed Bin Laden. Apparently, DNA tests have confirmed Bin Laden’s identity.”

Now you know the basics – but watch out for the links you’re likely to come across in email or on social networking sites offering you additional coverage of this newsworthy event.

“Many of the links you see will be perfectly legitimate links. But at least some are almost certain to be dodgy links, deliberately distributed to trick you into hostile internet territory. If in doubt, leave it out!” warns Paul Ducklin, Sophos’s Head of Technology, Asia Pacific.

Sometimes, poisoned content is rather obvious. The links in the spam below give the impression of going to a news site:

The links don’t go anywhere of the sort, of course. Wherever you click, you end up finding out how to replace your tired old windows:

But even well-meant searches using your favorite search engine might end in tears. What’s commonly called “Black-Hat Search Engine Optimisation” (BH-SEO) means that cybercrooks can often trick the secret search-ranking algorithms of popular search engines by feeding them fake pages to make their rotten content seem legitimate, and to trick you into visiting pages which have your worst interests at heart.

Well-known topics that have been widely written about for years are hard to poison via BH-SEO. The search engines have a good historical sense of which sites are likely to be genuinely relevant if your interest is searches like “Commonwealth of Australia”, “Canadian Pacific Railway” or “Early history of spam”.

But a search term which is incredibly popular but by its very nature brand new – “Japanese tsunami”, “William and Kate engagement”, “Kate Middleton wedding dress” or, of course “Osama bin Laden dead” – doesn’t give the search engines much historical evidence to go on.

Of course, the search engines want to be known for being highly responsive to new trends – that means more advertising revenue for them, after all – and that means, loosely speaking, that they have to take more of a chance on accuracy.

What can you do to keep safe?

* Don’t blindly trust links you see online, whether in emails, on social networking sites, or from searches. If the URL and the subject matter don’t tie up in some obvious way, give it a miss.

* Use an endpoint security product which offers some sort of web filtering so you get early warning of poisoned content.

* If you go to a site expecting to see information on a specific topic but get redirected somewhere unexpected – to a “click here for a free security scan” page, for instance, or to a survey site, or to a “download this codec program to view the video” dialog – then get out of there at once. Don’t click further. You’re being scammed.

Prince Williams and Kate Middleton’s Wedding over, but Facebook scams continue to spread

The Royal Wedding is finally over. While thousands of people were present at The Westminster Abbey in London, there were millions who so wished to be there. Well, some really smart hackers are trying to cheer people who couldn’t make it for the wedding by offering them to play a new game on Facebook that may sound fun but actually steals user’s personally identifiable data (PII).

Here’s a typical message that is currently being spread by well-meaning users across the social network:

In honor of the big wedding on Friday, use your royal wedding guest name. Start with either Lord or Lady. Your first name is one of your grandparents’ names. Your surname is the name of your first pet, double-barreled with the name of the street you grew up on. Let’s do this! Post yours here. Then cut and paste it into your status.

Regally yours,

Lady Edith Spanky-Rushmoor

Do you see the problem?

By playing the game, you might be unwittingly making life easier for identity thieves and hackers.

Look at it this way. Think of all the websites which ask you to give it a “secret question” which can confirm your identity in the event of you forgetting your password.

If you tell everyone your Royal Wedding Guest name then you are giving away information which might help someone break into, say, your email account.

So, here’s an advice from Graham Cluley, Senior Technology Consultant at security firm, Sophos:

Firstly, don’t post this kind of personal information onto the internet – the few seconds worth of amusement you may get by telling people your Royal Wedding Guest name are not worth the potential pain of having your identity stolen.

Secondly, when websites ask you for a “secret answer” to reset your password… lie. You don’t need to tell the truth when you’re asked by a website what your mother’s maiden name was, or the name of your favourite TV show. So, say something random but memorable that no-one is likely to guess like “Xena Warrior Princess” or “Artichoke Sandwich”.

Banned Lady Gaga video attack spreads on Twitter

Watch out for tweets about a banned Lady Gaga video, currently spreading across the Twitter network, warns security firm Sophos.

The tweets are being posted by rogue applications, that users are allowing to access their profiles in the belief that they will get to view a prohibited video of Lady Gaga

VIDEO PROHIBIDO LADY GAGA banned [LINK] @shakira @ladygaga como ganar dinero facil

(Please note that the precise wording can vary)

If you make the mistake of clicking on the link you are taken to a fake YouTube webpage.

Of course, you believe that you’re going to watch a banned video of Lady Gaga so you might very well click on the play button.

Doing so, however, asks you to grant permission to a third party app which wants to connect with your Twitter account.

“Don’t, whatever you do, give it permission to continue. Because if you do, your account can now be accessed by third parties – who will be able to post messages in your name to all of your followers. Hopefully the fact that the messages we have seen so far have all been in Spanish may reduce the impact of this particular attack,” says Graham Cluley, senior technology consultant at Sophos.

Interestingly, it seems that Lady Gaga herself has been having trouble with these Twitter hackers.

The eccentric songstress, who has more followers on Twitter than anyone else in the world, posted a message yesterday saying:

Whoever is hacking my Twitter must answer to 10 million monsters and Twitter police. #Don’tMakeMeCallTheApostles

The bit.ly links used in the messages posted to Lady Gaga’s Twitter page linked to the same fake YouTube page, and were created by the same person who appears to be behind the rogue application attack.

Is it possible that Lady Gaga, or the staff who manage her Twitter account, fell for the scam themselves? And that’s why the rogue message appeared on Lady Gaga’s Twitter page?

Lady Gaga has over 9.6 million followers on Twitter, making her the most popular person on the network (yes, beating even Justin Bieber..) and a prize goal for any scammer who wants their scammy spammy links to be spread to as wide an audience as possible.

If you were unfortunate enough to grant a rogue applications access to your Twitter account, revoke its rights immediately by going to the Twitter website and visiting Settings/Connections and revoking the offending app’s rights.

Don’t make it easy for scammers to make money in this way, and always exercise caution about which third party apps you allow to connect with your social networking accounts.

Malware attack poses as official warning from Facebook

Cybercriminals are adopting a new disguise, following last week’s “Facebook password changed” malware attack, Sophos Labs has reported.

“Computer users are discovering malicious code has been sent to their email inboxes, pretending to be a notification from Facebook that their social networking account has been used to send out spam,” said Graham Cluley, senior technology consultant at Sophos in a blog post.

A typical message reads:

Dear client

Spam is sent from your FaceBook account.

Your password has been changed for safety.

Information regarding your account and a new password is attached to the letter.

Read this information thoroughly and change the password to complicated one.

Please do not reply to this email, it’s automatic mail notification!

Thank you.

FaceBook Service.

The attack would, perhaps, be a little more successful at fooling more people if it had gone through a grammar check and if the perpetrators had paid more attention to the fact that it’s spelt “Facebook” not “FaceBook”.

Nevertheless, there are doubtless some computer users who might be tempted to open the attached ZIP file and infect their computers with malware.

“We’ve seen similar attacks before, of course – and I imagine that cybercriminals will continue to use ruses like this when spreading their malware. Plenty of people are hooked on Facebook, and a message telling them that their password has been reset is likely to send them into palpitations and they may open the unsolicited attachment without thinking, ” Cluley said.

After all, it’s not as though spam being sent from Facebook accounts is unusual.

If only more people realised that they cannot trust the “from:” address in an email, as it is so easily forged. In this case it presents itself as being from “Facebook Help” <official@facebook.com>, but in reality it could just as easily be a Hungarian hacker, a Finnish fraudster or a Serbian scammer who initiated the widespread spam attack.

“Twilight” game link on Facebook is a scam!

IT security firm Sophos, is urging Facebook users to be cautious following the discovery of a rapidly spreading scam targeted at fans of the popular “Twilight” teen vampire romance movies.

Scammers are pretending to be linking to a game promoting the upcoming movie “Twilight Breaking Dawn” starring actors Ed Cullen and Kristen Stewart. However, by clicking on a “Play Now” link, users are clickjacked into announcing that they “Like” the link, thus spreading it virally across Facebook.

The scam continues with users then being presented with a dialog box, asking them to grant permission for a third party application to access their Facebook account and post messages, updates and photos to their wall.

“Of course, if you’re a fan of “Twilight” you will quite possibly grant permission without thinking,” said Graham Cluley, Senior Technology Consultant at Sophos. “The only problem being that this isn’t a legitimate application request, but is being done by a rogue app which wants to make money out of your devotion to the works of Stephenie Meyer’s series of novels. Predictably, having gained the ability to post to your Facebook account, the scammers then present the final piece of the jigsaw: an online survey which earns them affiliate commission for each person who completes the questionnaire.”

If Facebook users have been affected by this scam, they should clean up their account before any further damage is done.