The group used social engineering to access WHMCS’s customer database, then leaked 500,000 records online

WHMCS, a provider of online billing services, is the latest victim of a high-profile security breach launched by a hacker group claiming moral high ground for its actions.

Hacker group UGNazi has taken responsibility for swiping and leaking more than a half-million customer records — including credit card information and passwords — from WHMCS on Monday. The group used WHMCS’s hacked Twitter account as a forum to justify its actions: “Many websites use WHMCS for scams. You ignored our warnings. We spoke louder. We are watching; and will continue to be watching.”

UGNazi joins the likes of  in employing hacking as a means of punishing organizations for perceived wrongdoings.

According to WHMCS lead developer Matt Pugh, the perpetrators employed a social-engineering attack to dupe the company’s Web hosting company — reportedly HostGator — to give up administrator credentials. With credentials in hand, the group accessed WHMCS’ database on Monday to steal customer’s credit card information and passwords, as well as user names and support tickets. UGNazi proceeded to leak links to the stolen records on Pastebin.

According to Pugh, the hackers deleted all files on the company’s servers after the heist, including 17 hours’ worth of new orders and help tickets.

The passwords were stored in a hash format, and the credit card information was encrypted — but evidently not PCI-compliant, a point raised by WHMCS clients on the company’s forum. “Any support ticket content may be at risk — so if you’ve recently submitted any login details in tickets to us, and have not yet changed them again following resolution of the ticket, [so] we recommend changing them now,” Pugh cautioned.

Compounding the impact of the attack, outside hackers have since hit WHMCS with a large-scale DDoS (distributed denial of service) attack. UGNazi has a reputation for launching DDoS attacks against the U.S. government.

Pugh took pains in the WHMCS blog to point out that the attack “was not directly due to any lapses in the security in place on either our server or WHMCS itself,” implying that the lapse was on HostGator’s part.

Still, Pugh did acknowledge that WHMCS should have had a more robust hosting infrastructure in place. “Plans have already been put in motion for a new multi-server hosting infrastructure to be setup and migrated to,” he wrote.

This story, “Hacker group UGNazi leaks and deletes billing service’s database,” was originally published at InfoWorld.com.

Direct Link:  http://www.infoworld.com/t/hacking/hacker-group-ugnazi-leaks-and-deletes-billing-services-database-193867

Iran confirms Flame virus attacked computers of high-ranking officials

Iran has confirmed that the Flame virus attacked the computers of high-ranking officials causing a “massive” data loss.

The Telegraph / UK

30 May 2012

Figures released by the Kaspersky Lab show that infections by the programme were spread across the Middle East with 189 attacks in Iran, 98 incidents in the West Bank, 32 in Sudan and 30 in Syria Photo: AFP

ZDNet

By Dancho Danchev

May 5, 2012

Summary: The web site of the Israeli Institute for National Security Studies (INSS) has been compromised, and is currently serving client-side exploits and malware to its visitors.

 

 

According to security researchers from Websense,  the web site of the Israeli Institute for National Security Studies (INSS) has been compromised, and is currently serving client-side exploits and malware to its visitors.

Upon visiting its web site, users are exposed to malicious iFrame redirects, ultimately serving the client-side exploit from the following IP – 194.183.224.73.

The campaign ultimately exploits the well known Java vulnerability CVE-2012-0507, in an attempt to serve a copy of the Poison Ivy RAT (remote access tool).

 

Detection rate:

svchost.exe

MD5: 52aa791a524b61b129344f10b4712f52

Detected by 29 out of 42 antivirus vendors as Backdoor.Win32.Poison.dizt.

Upon execution, the sample connects to a Dynamic DNS command and control address at: ids.ns01.us

Websense has notified the affected web site, but so far hasn’t heard back from its web master. According to the company, the attack appears to be isolated incident, and not part of a massive client-side exploits serving campaign currently circulating in the wild.

 

Direct Link:  http://www.zdnet.com/blog/security/israeli-institute-for-national-security-studies-compromised-serving-poison-ivy-diy-malware/11870

ZDNET

By Emil Protalinski

May 21, 2012

Summary: If you’re asked to confirm or deny a Facebook account cancellation request, ignore it. Facebook will never ask you this, and chances are someone is looking to install malware on your computer.

 

 

Cyber criminals are pushing malware to those who are looking to get rid of their Facebook accounts. If you ever receive an e-mail asking to confirm or deny that you wish to cancel your account, delete it. The message in question may contain malware or may link to malware, such as Mal/SpyEye-B.

Facebook will never ask you to confirm or deny an account cancellation request. The company gives you the option to deactivate your account at facebook.com/deactivate.php, after which you can eventually delete it. There is no such thing as cancelling a Facebook account.

 

Above, you can see an example of such an e-mail, the body of which follows below, courtesy of Sophos:

Hi [e-mail address]

We are sending you this email to inform you that we have received an account cancellation request from you. Please follow the link below to confirm or cancel this request

Thanks,
The Facebook Team

To confirm or cancel this request, follow the link below:
click here

 

The “click here” link takes you to a third-party Facebook app, but that doesn’t mean it’s from Facebook. If you go to the app’s page, you’re prompted to install an unknown Java applet on your computer. If you say no, it keeps pestering you to allow it.

Cyber criminals know people value their Facebook accounts, and many would be upset to lose them. As such, they may blindly agree to whatever the app tells them to do, in order to “cancel” the account cancellation request.

If you do allow the applet to run, you will see a message telling you that Adobe Flash must be updated. This is of course nonsense. Instead of an Adobe Flash update, you’ll get a backdoor Trojan installed, allowing remote hackers to spy on your activities and take control of your computer.

 

See also:

• Malware tricks Facebook users into exposing credit cards
• How to protect your Facebook account from stalkers
• Facebook virus or account hacked? Here’s how to fix it.
• Facebook teaches users how to remove adware (video)
• Facebook admits it needs to fight scams more efficiently
• Facebook Immune System checks 25 billion actions every day

 

Direct Link:  http://www.zdnet.com/blog/security/facebook-account-cancellation-is-malware-not-adobe-flash/12253

UPDATED: May 29, 2012

IDAHO FALLS, Idaho —

A new scam is reaching eastern Idahoans through the Web. This time the scammers are so invasive, they can access your computer remotely and even shut it down from thousands of miles away.

Computer hackers target owners of Windows-based, non-Apple computers. A representative will call a computer user claiming to be from a fictional Microsoft help desk called “Microsoft Certified.

“Microsoft Certified does not exist.”

Basically from the time these guys call up and say hello, everything after that is a lie,” said Idaho Falls computer consultant Monte McCall.

McCall said he’s received several phone calls from clients complaining about the scam. He said the representative on the phone will ask the target of the scam to download a file. Once downloaded, it allows the hacker total remote access to the computer.

Then the representative walks the scam target through steps identifying a series of errors on the machine. McCall said all of the so-called errors are common diagnostic messages the hackers use to convince computer users they have a virus.”

Your computer’s gotten in touch with us, and it’s been sending us messages that you’re infected with a virus,” said McCall, as he gave an example of what the hackers will say on a call.

The fake customer service reps have been calling many eastern Idaho numbers lately. They direct a computer user to open a program called Error Log that lists internal errors on Microsoft computers.”

Those error messages — even a brand new machine gets those,” said McCall. “They’re nothing to worry about, (but) they use those errors to say, ‘Oh these are viruses.’”

Then comes the sales pitch.”Their final goal is to turn you over to a senior technician they call it, and then he comes in and takes over and sells you a software package of anti-virus and everything for $250 bucks a year,” said McCall.

McCall said the scammers get vicious if you get suspicious.”After I got to the senior tech I told them, ‘I know what you guys are saying is all lies.’ He immediately went into my system, the virtual machine, and tried to disable it from starting up again, by deleting certain files it needs to boot up,” said McCall.

McCall said the anti-virus package the scammers are trying to sell is Microsoft freeware available for no payment online.

The Better Business Bureau knows about the scam. They request anyone who is contacted by the scammers to report it by calling 342-4649.

Direct Link: http://www.localnews8.com/scams/31123352/detail.html

Romania’s organized crime prosecutors detained 12 individuals suspected of hacking into official websites

IDG News Service –

Twelve individuals were detained by Romanian authorities on Tuesday, suspected of being members of a cyber criminal group that hacked into the websites of various Romanian and foreign public institutions and government agencies.

Prosecutors from the Romanian Directorate for Investigating Organized Crime and Terrorism (DIICOT) have dismantled a criminal group consisting of 14 members, who engaged in cyber criminal activities that included accessing computer systems without authorization, copying confidential data stored on them and publishing the captured information online, DIICOT said on Tuesday.

Supported by the Romanian Police forces and the Romanian Gendarmerie, the DIICOT prosecutors executed 12 search warrants at residential addresses in 10 different cities and detained 12 suspects. The detained individuals will be taken to DIICOT’s central office in Bucharest for questioning.

The twelve suspects are believed to be associated with the Anonymous hacktivist collective, local media reports said. However, DIICOT declined to confirm this.

DIICOT believes that the leader of the criminal group is a 24-year-old man named Gabriel Baleasa from the city of Piatra Neamt, who used the online aliases lulzcart, anonsboat, anonsweb and cartman.

During the past few months, several hackers who claimed affiliation with Anonymous, including one using the lulzcart Twitter handle — which is now disabled — have taken credit for hacking into the websites of several Romanian public institutions, including the Bucharest City Hall, the Romanian Social Services and Child Protection Agency, the Romanian National Institute of Research and Development for Optoelectronics and the Romanian National Institute of Physics and Nuclear Engineering.

Baleasa is believed to have created the hacker group together with two men named Fabian Gabor and Mihai Emil Picos, with other members joining at a later time, DIICOT said.

The hackers allegedly broke into 29 websites by using publicly available SQL injection tools like Havij and SQL Map. In the majority of cases, they defaced the compromised websites by inserting images and messages that promoted their group, DIICOT said.

The hackers also copied confidential information found on the servers hosting those websites and published that information online as proof of their success. Their activities resulted in significant financial losses associated with data recovery and the implementation of new security measures, DIICOT said.

The 12 suspects are being investigated for criminal offenses that include obtaining unauthorized access to a computer system by circumventing security measures with the intention of accessing confidential data, modifying electronic data without authorization and transferring data from a computer system without authorization.

The Romanian Intelligence Service (SRI) — the country’s domestic intelligence service– has provided the investigation with technical and informational support, DIICOT said.

Direct Link:  http://www.computerworld.com/s/article/9227550/Romanian_authorities_dismantle_hacker_group_targeting_government_websites

Bounty Hunters Arrested After Entering West Tulsa Home

 

TULSA, Oklahoma -

Bounty hunters kicked in the door of a woman in her 70s in West Tulsa last week. Once inside, they realized they had the wrong address.

 

*** News Video Segment

 

She asked the dispatcher if she could put the phone down long enough to get her gun, but was told to stay on the line. Just then, two men kicked in her back door.

 

 

Police found the three bounty hunters and realized two of them, Ronnie Shaw and Cecil Deere, had warrants out for their arrests.

The elderly woman was terrified and had no idea who the men were. But that wasn’t the worst of it. She learned something about the two men from police that made her upset.

Mary was about to take a bath last Wednesday night when someone began banging on her front door.

“He said, ‘you better open the door. I told you we were bounty hunters,’” Mary said. “I said, ‘you could tell me you’re anybody.’”

He kept demanding and threatened to kick in the door. So she called 911. She asked the dispatcher if she could put the phone down long enough to get her gun, but was told to stay on the line.

Just then, two men kicked in her back door.

“I could hear the wood crushing,” Mary explained. “It was scary.”

The men came in and looked through her house. They demanded to know where Donnie was. But she repeatedly told them she lived alone and didn’t know a Donnie.

That’s when they realized their mistake.

“He said, ‘is this 124?’ I said, ‘no, it’s not 124,” Mary said. “‘My letters are on my mailbox in big white letters. You couldn’t have missed it.’”

The two men left with barely a word, leaving her backdoor still broken with a big footprint on it.

Police found the three bounty hunters and realized two of them, Ronnie Shaw and Cecil Deere, had warrants out for their arrests. So they were booked into jail.

All three men got tickets for breaking and entering without permission.

“That ain’t right to be looking for somebody else, kick in someone’s door in to get that person,” Mary said. “And here you’ve got two warrants out on yourself and your friend with you.”

Mary believes bounty hunters should be licensed and bonded. In hindsight, she’s glad she didn’t have her gun, because she believes she would’ve killed them.

“I’m still nervous,” Mary said. “I get knots thinking about it. That scared the liver out of me.”

The bondsmen who wanted the fugitive said he didn’t know the three men. He said they just called and offered to pick up the guy for him, which is pretty standard.

He was shocked to learn they had warrants, and one of the men had served eight years in prison. He believes bounty hunters should be licensed, like bail bondsmen are.

An Oklahoma senator proposed a law last year and this year, but both bills died.

Direct Link:   http://www.newson6.com/story/18391006/bounty-hunters-arrested-after

Bounty Hunters Cleaning Up Their Image

Bounty Hunter Billy Wells admits his profession has an image problem.

“There’s a picture that pops up your mind when you say ‘bounty hunter,’” he said. “You think of a thug.”

It’s an image that is not helped by regular — if infrequent — horror stories of bounty hunters’ apparent abuses and mistakes, such as the killing of a Virginia man last month. Police say a bounty hunter with criminal record raided the wrong home and fatally shot an innocent man.

And it’s more than just an image problem for those who make their living as skip tracers. Pressure from lawmakers is slowly reining in the storied profession, eroding unparalleled freedoms born in the days of the Wild West.

Reality vs. ‘The Wild Bunch’

Bounty hunters are hired by bail bond agents to track down and arrest clients who have failed to appear in court as required. They haul in an estimated 30,000 bail jumpers every year, earning a typical fee of about 10 percent of the bail amount.

The thousands of agents working in business range from private investigators and former police officers, to people like Crystal McElroy, a 26-year-old mother of three who works as a bounty hunter in Santa Fe, N.M.

The profession has long been a fixture of the American imagination, appearing in movies such as The Wild Bunch, Midnight Run, and even Star Wars. But the reality is usually not very glamorous, those in the industry say.

Bounty hunters spend days tracking down and staking out their prey. Professionals admit chases and high drama are rare, and many seasoned agents say they often just call the police when they’ve tracked down a particularly dangerous fugitive.

Only a few hundred agents around the country are able to support themselves as full-time bounty hunters, experts say.

“It’s a tough business,” said Wells. “I recommend to people — and I always have — don’t quit your day job.”

The ‘Rambo Approach’

Most bounty hunters are responsible professionals, but traditionally, virtually anyone could enter the field, and under a Supreme Court decision in 1872, they have enjoyed police-like powers.

It’s the freedom and the racy image that have attracted some of the wrong sorts of people.

“There’s a lot of people who take the ‘Rambo’ approach,” admits Dennis Bartlett, the executive director of the American Bail Coalition.

Something like that apparently is what happened in Virginia.

A bounty hunter named James Dickerson allegedly went to the wrong home on Christmas Eve while pursuing a fugitive. Dickerson and another man broke down the door, dragged a man outside and killed him, police said.

Dickerson had a criminal record; his alleged victim, Roberto Martinez, did not.

In Virginia, as has been the case in many states, virtually anyone can work as a bounty hunter, without obtaining a license or undergoing a background check.

Horror stories like the Martinez case are not new.

Earlier this year, two bail bondsmen in Fairfax, Va., were arrested after allegedly taking money from a couple they had recaptured after posting bond for them, police there reported.

In Houston last month, Thang Quoc Le pleaded not guilty to hiring a bounty hunter to kill a man who had been seeing his wife.

Last June, a 23-year-old man died after struggling with three bounty hunters in Kansas City. One of the men was charged with involuntary manslaughter and pleaded not guilty.

Breaking Down the Door to Your Home — Legally

The extensive power granted to bounty hunters stems from an 1872 U.S. Supreme Court decision, Taylor vs.Taintor. The high court ruled that a bail bond agent or bounty hunter can pursue bail jumpers across state lines, break into their homes, and arrest him or her at anytime.

These cases and others have highlighted the unusual police-like power and latitude given to bounty hunters.

Last year, the Ohio Supreme Court granted bounty hunter Michael Kole a new trial, on the grounds that he had the legal authority to arrest a defendant “at any time or place.” Kole had been convicted of abduction and burglary after he and a partner had entered a fugitive’s home and held the man at gunpoint.

With Little Success Curtailing Their Power…

Lawmakers have repeatedly tried to curtail bounty hunters’ powers, generally without success.

Efforts were jumpstarted in 1997, after a young couple was killed in their Phoenix, Ariz., home by men who claimed to be bounty hunters. The case prompted Arizona to pass a law requiring bounty hunters to be licensed and to obtain permission before entering a home.

Similar cases have periodically renewed interest in cracking down on the profession in other states, but bounty hunters have fiercely fought such efforts.

Bartlett and other bounty hunter advocates insist it would be impossible to do the job without the power to make arrests and enter home without warrants.

“If you don’t have some sort of coercive authority you’re never going to pick the guy up,” said Wells.

Bounty hunters insist they are performing an important public function. The bail system helps combat jail overcrowding, they argue. Police are rarely interested in pursuing bail jumpers charged with relatively minor offenses, so the job is left to skip tracers, industry officials say.

…States Cracks Down on the ‘Scumbag Element’

Instead of drastically limiting bounty hunters’ capabilities, many states have imposed restrictions on who can become a bail enforcement agent, as those in the industry prefer to be called.

California, for example, passed legislation in 2000 requiring bail-enforcement agent to receive about two weeks of training and undergo a background check for felony convictions.

The various state restrictions create a tangle of confusion for those in the business, though. In Texas, bounty hunters cannot carry fire arms, for example, but in California they can. In some states they cannot carry a badge and wear identifying clothing, but in others they are required to do so.

“There’s so much gray area. Even the cops don’t know what we can or can’t do,” complains Wells.

For many in the industry, some restrictions such as criminal background checks are welcome.

“What it’s done is sort of driven the scumbag element out of the picture,” says Bartlett, the executive director of the American Bail Coalition.

Direct Link:  http://abcnews.go.com/US/story?id=90553&page=1#.T7xCzFIuVI6

Police Identify Bounty Hunters Who Terrorized MWC Family

 

Midwest City Police have identified the bounty hunters who held the wrong family hostage last week.

Charges are being considered.

*** Video Segment

MIDWEST CITY, Oklahoma  –

Midwest City police say a group of bounty hunters who forced their way into a family’s apartment have been identified as the Bounty Boys.

Kevin Houston says someone pounded on his door just before midnight on July 25. The 51-year-old man jumped out of bed.

“I said ‘Who is it?’ And they never did say,” said Houston. “They were just like ‘Open the door.’”

7/29/11 Related Story: Police Looking For Bounty Hunters That Terrorized A MWC Family

7/29/11 Related Story: MWC Police Search For Bounty Hunters Terrorizing Innocent People

Houston says six men dressed as police officers rushed into his apartment. They were wearing vests labeled with the word “Fugitive” on the back. They also carried guns, tasers and badges. Houston says he did what they told him to do because he assumed they were police. Houston, his fiancé and two children were terrified.

“They had on all black with all these guns and tasers and stuff and they pointed the gun at him and I thought ‘oh God they’re going shoot him,” Houston’s fiancé April Frost said.

After detaining the family for 45 minutes, the bounty hunters realized they were at the wrong home. The fugitive they were searching for is white. Houston is black.

Houston says the men simply walked out, and never apologized.

Midwest City police have now identified the men as the Bounty Boys, a local bounty hunter group. After the original story aired, several law enforcement agencies and legitimate bounty hunters called police and said the “Bounty Boys” were likely the culprits.

Police say there have been other complaints made against the group, but victims would never testify in court. The Bounty Boys have posted some of their actions on YouTube, and describe themselves as reality actors.

A Midwest City Police Department investigator contacted one member of the Bounty Boys, who admitted the group entered Houston’s apartment. However, the member refused to speak more with the investigator, and referred him to the group’s attorney. The attorney has arranged interviews with the bounty hunters for next week.

“They made a mistake, but it’s not a mistake that should involve filing criminal charges,” said the group’s attorney Irvin Box. “If someone has some sort of civil litigation that’s up to them, but we don’t believe it rose to that degree.”

Police say the Bounty Boys could be charged with kidnapping, pointing a firearm, and entering a building with certain intent. It’s up to the Oklahoma County District Attorney to decide if charges will be filed.

“This incident has raised some concerns with the law enforcement community regarding a few rogue bounty hunters,” said Midwest City Police Chief Brandon Clabes. “As I said earlier, I don’t want to stereotype all good people who work in this field but we know there are some who need oversight and statutory regulation to ensure they don’t violate criminal law or civil rights.”

Dudley Goolsby, president of the Oklahoma Bondsmans Association issued this statement in regards to the incident:

“The law must be respected and adhered to. Bail bond agents should not use or condone the use of recovery agents (bounty hunters) who fail to follow the law or fail to respect the rights of citizens to be secure in their own homes.”

Direct Link:  http://www.news9.com/story/15206065/police-identify-bounty-hunters-who-terrorized-mwc-family