Malware

EXCLUSIVE: The Internet Party web site hacked

jm

FOR IMMEDIATE RELEASE

New Zealand has experienced¬†the rise and rise of the Kim Dotcom financed, ex Internet NZ Org’s Vikram Kumar managed, and political silver diva mercenary Laila Harre’s fronted Internet Party.

Due to this unexpected direction in political focus, Peter Norton and John McAffee, the men behind the word famous Norton and McCaffee Antivirus brands have recognised the need for a different kind of 21st century party:  The Virus Checker Party.

“Just like the rise of the computer caused a new phenomenon, where real-life viruses infecting people and requiring a doctors’ visit, resulted in a new industry of computer anti-virus progams, the rise of the Internet Party virtual political party concept is now driving the need for an Internet-based virtual antidote”, John McCaffee said today.

“The amount of invisible damage the Internet Party does to people’s lives is only just starting to become an issue that is reaching people’s awareness”, he added.

Just like computer viruses were laughed and and minimised in the early days, it took people losing the wedding or baby photos to these viruses for them to realise that these apparently childish games had a real impact on people.

“Exposure to The Internet Party” is leading to people breaking out in a rash due to the exposure to the colour purple”, Peter Norton said. ¬†“But that’s not the worst of it. ¬†A whole group of young adults that were previously able to think rationally and observed the world with a healthy dose of skepticism are now observed running around with cat T-Shirts on, Tweeting from their mobiles while looking lovingly to Kim and Laila – or “mum and dad” as they are internally referred to.” ¬† Read more »

Scoop’s Open Source Adserver

There has been a great deal of talk about the poor coding efforts of Wheedle.

NBR broke that story and found security holes in the site of another Trademe wannabe.

This post is about another woeful coding effort, this time from Scoop.co.nz. This has all the hallmarks of the infamous Labour Party screw up with their website but with a very real risk in this instance of someone placing malicious code within sites that are having ads served by Scoop.

To be extremely clear before I go into the story. I have not hacked or performed any hacking of Scoop or any other site. The aderver is completely open to the public and searchable via Google. 

I also shared my discovery with some media so as to protect myself from accusations of hacking. You simply do not need to perform any such illegal activity as Scoop has left the door wide open and the keys in the ignition.

I was searching on Google for some details about adservers for a project I am working on and stumbled upon something that is very concerning about the set up of Scoop’s adserver. For a start to you can google it. (Image of search).

Even basic protections like creating a disallow for the folder that contains the adserver in their robots.txt have not been perfomred. That is not security, rather it is obscurity that at the very least would have hidden the adserver from search results.

Once you find it however, then you have unfettered administrative rights to the entire adserver:

I was able to view their entire adserver setup:

Including settings for individual ads:

Access and edit live ads:

Control which sites they would appear on:

Create new campaigns:

Place new ads:

And ad code including iframe code that would allow me, or anyone else for that matter to place malicious code within sites that Scoop delivers ads to:

This line in their source calls code into an iframe:

<iframe id=”ad_50767E148AB1_SCSG” align=”center” src=”/xl?c=SCSG;iframeid=ad_50767E148AB1_SCSG” width=”988″height=”26″ frameborder=”0″ marginwidth=”0″ marginheight=”0″ vspace=”0″ hspace=”0″ scrolling=”no”>

Because the content of that iframe is editable, anyone could inject their own malicious code to distribute malware etc. You could happily play havoc without them being any the wiser.

To prove my point I have placed ads on Scoop and on The Standard…ads they really wouldn’t want on there, but I could do it nonetheless, without any hacking.

On Scoop:

On The Standard:

This is very shoddy work from Scoop Media. If I had my advertising with them ¬†I would be¬†distinctly¬†unhappy that they had potentially exposed my site to the risks of malicious code. If I was an¬†advertiser¬†I’d be more unhappy that all my campaign details are there for all to see.

One wonders what other security holes exist on Scoop’s website.

Those Israelis are cunning

ŠĒ• The Telegraph

It seems the Israelis have done even better than they did with their Stuxnet virus:

The world’s most complex computer virus, possessing a range of complex espionage capabilities, including the ability to secretly record conversations, has been exposed.

Middle Eastern states were targeted and Iran ordered an emergency review of official computer installations after the discovery of a new virus, known as Flame.

Experts said the massive malicious software was 20 times more powerful than other known cyber warfare programmes including the Stuxnet virus and could only have been created by a state.

It is the third cyber attack weapon targeting systems in the Middle East to be exposed in recent years.

Iran has alleged that the West and Israel are orchestrating a secret war of sabotage using cyber warfare and targeted assassinations of its scientists as part of the dispute over its nuclear programme.

Stuxnet attacked Iran’s nuclear programme in 2010, while a related programme, Duqu, named after the Star Wars villain, stole data.

Flame can gather data files, remotely change settings on computers, turn on computer microphones to record conversations, take screen shots and copy instant messaging chats.

The virus was discovered by a Russian security firm that specialises in targeting malicious computer code.

It made the 20 gigabyte virus available to other researchers yesterday claiming it did not fully understand its scope and said its code was 100 times the size of the most malicious software.

Kaspersky Labs said the programme appeared to have been released five years ago and had infected machines in Iran, Israel, Sudan, Syria, Lebanon, Saudi Arabia and Egypt.

“If Flame went on undiscovered for five years, the only logical conclusion is that there are other operations ongoing that we don’t know about,” Roel Schouwenberg, a Kaspersky security senior researcher, said.

Pullar admits to hacking ACC

The ACC debacle gets murkier and murkier. It todays’ Dominion Post Bronwyn Pullar, through her tame journalist, has admitted to installing malicious code at ACC in order to track her case from within.

Ms Pullar sent Dr Smith’s emailed letter to Ms Parker-Dennis on July 14. Ms Pullar forwarded the email using computer software that allows her to track each time her email has been opened and who it is subsequently forwarded to.

Ms Pullar is now demanding answers as to why her former case manager re-viewed Dr Smith’s letter four times between March 13 and March 19, the day before the New Zealand Herald published details of the contents.

Ms Parker-Dennis opened the letter three times the day before the story broke, Ms Pullar said.

She believes Ms Parker-Dennis had no legitimate reason to re-read the letter, given that she was no longer her case manager, days before its contents were leaked.

People have been wondering how she got sent the ACC spreadsheet that contained the names and addresses of more than 6000 claimants. I don’t think we need to wonder too much anymore.

These types of malicious code (malware) can also allow screenshots of what is open at the time, and the logging of keystrokes, and even the surreptitious emailing of attachments. It seems Bronwyn Pullar has hacked into the ACC systems in a calculating, premeditated and malicious manner.

The funny part is Labour has been dying in a ditch protecting her and and Michelle Boag when is it now clear from Pullar’s expose to Phil Kitchin that she was sitting at her computer in Auckland watching their every move through a piece of malicious code:

Ms Parker-Dennis reopened Dr Smith’s letter at 12.37pm on March 13. It was the first time she had opened the document this year, Ms Pullar said. “She had no business going back into my file because if she was looking for the email containing the mass privacy breach ACC had been clearly told that was an email sent to me, not one I sent to them.”

The email tracking software Ms Pullar attached to Dr Smith’s email shows it was received by Ms Parker-Dennis on July 14 last year. Ms Parker-Dennis forwarded the email to three senior ACC managers.

 The wonder is that an experienced investigative journalist has fallen into the trap of running the story of a hacker. If I were the Police investigating this case I would be serving warrants on Bronwyn Pullar and also Michelle Boag to grab their computers. Since Boag has worked very closely with Pullar it is possible that they used the same type of malicious code to try and set up Judith Collins.