Syrian Electronic Army Hacks into Obama Campaign Staff Emails

Yesterday, the Syrian Electronic Army announced that it had compromised the email accounts of several staff members of Organizing For Action (OFA), a non-profit organization that also maintains the President’s website (barackobama.com), the President’s Facebook, and the President’s Twitter account (@barackobama). A screenshot posted by @Official_SEA16 confirms the hack and indicates some OFA staff were conducting business using Gmail email accounts, hosted through Google Apps for Business.

The attackers also compromised the URL shortening service account that the President used to share links through social media (ShortSwitch.com). The compromised links directed users to a video called “Syria Facing Terrorism”, hosted on YouTube, which has since been removed.

The Syrian Electronic Army may have targeted the Obama campaign the same way that they targeted The Onion satirical news site. The Onion published a write-up explaining how they were compromised earlier this year. In the write-up, they point to emails they received (phishing attacks) that redirected staff to fake Google Apps login pages.

Many organizations use Google Apps for email and for other services. And many of these organizations have not yet enabled two-factor authentication (Google calls this two-step verification)—a security feature that has been available in Google Apps since 2011.

Two-factor authentication for email is an important security feature that should be enabled. In the scenarios such as the one above, two-factor authentication would have helped the staff members of OFA mitigate an attempt by hackers to obtain access to the Obama campaign’s Google Apps email account.

If you are a Google Apps administrator, Symantec Security Response recommends turning on the two-factor authentication feature. Follow these instructions to allow two-factor authentication (2-step verification).

Google Apps administrators also have the option to “enforce” two-factor authentication, making it mandatory for all users of that domain. Please refer to Google’s help page for how to enable this feature.

Phishing attacks continue to evolve. All it takes is just one person in an organization to fall for a phishing scam to lower your security. Consider adding two-factor authentication to your Google Apps for Business account as well as incorporating regular user education training on security best practices for your employees.

For more information on two-factor authentication see:

Database hacking spree on US Army, NASA, and others costs gov’t millions

Federal prosecutors have accused a UK man of hacking thousands of computer systems, many of them belonging to the US government, and stealing massive quantities of data that resulted in millions of dollars in damages to victims.

Lauri Love, 28, was arrested on Friday at his residence in Stradishall, UK following a lengthy investigation by the US Army, US prosecutors in New Jersey said. According to prosecutors, the attacks date back to at least October 2012. Love and other alleged hackers are said to have breached networks belonging to the Army, the US Missile Defense Agency, NASA, the Environmental Protection Agency, and others, in most cases by exploiting vulnerabilities in SQL databases and the Adobe ColdFusion Web application. The objective of the year-long hacking spree was to disrupt the operations and infrastructure of the US government by stealing large amounts of military data and personally identifying information of government employees and military personnel, a 21-page indictment said.

"You have no idea how much we can fuck with the US government if we wanted to," Love told a hacking colleague in one exchange over Internet relay chat, prosecutors alleged. "This... stuff is really sensitive. It's basically every piece of information you'd need to do full identity theft on any employee or contractor" for the hacked agency.

Read 6 remaining paragraphs | Comments


    






Major Adobe Hack – Acrobat & ColdFusion Source Code Leaked

So earlier this month there was a major Adobe hack and the source code for a couple of it’s mainstream products (Acrobat Reader, ColdFusion and ColdFusion Builder) was leaked and downloaded, most likely in it’s entirety. There was a bit of a panic surrounding this as the software is used by a lot of major [...] The post Major Adobe...

Read the full post at darknet.org.uk

Halloween-themed Spam Tricks and Does Not Treat

Many people are waiting eagerly for Halloween, a holiday filled with mystery, magic and fantasy, where bonfires were lit and costumes were worn to ward off roaming ghosts. As expected, Halloween Day spam messages have started flowing through Symantec’s Probe Network. In this spam, users are asked to complete a fake survey, and then to click a URL containing the spam message, which redirects them to a website with a bogus Halloween Day offer.

 Top word combinations used in spam messages include:

  • Halloween – Costumes
  • Halloween – treat
  • Halloween – Special
  • Halloween – Survey

figure 1.png

Figure 1. The spam asks users to complete a fake survey for an offer

After a user completes the survey, a page is displayed, asking the user to enter their personal information to receive the bogus offer.

Figure 2.png

Figure 2. A fake survey which users must complete in order to claim a gift card

After users entering the details for claiming the gift card, they are taken to a  Web page to enter their personal details.

Figure 3.png

Figure 3. A fake offer on Halloween costumes presented to users. 

Figure 4.png

Figure 4: A fake pharmaceutical products promotion webpage

The above is an example of a webpage which encourages users to take advantage of bogus offers on pharmaceutical products. The domains which hosted these webpages have been found to be registered in Europe.

The following are some email subject lines used by these spam attacks:

  • Subject: Shop for Halloween Costumes Today
  • Subject: Complete the Halloween Survey and Claim Your xxx Gift Card
  • Subject: Halloween treat for your body
  • Subject: Shop Sexy Halloween Costumes  Free Shipping On Orders Over $50
  • Subject: Halloween Special--Up to 85% off Printer Ink and Toner
  • Subject: Shop The Halloween xxx Savings. Complete The Survey Today.
  • Subject: Personalize a Gift for Halloween - Treat Bags, Home Decorations, and More
  • Subject: Shop for new Halloween costumes at a low prices, today

Symantec advise users to exercise caution when receiving unsolicited or unexpected emails. We are closely monitoring Halloween Day spam attacks to ensure users are kept up-to-date with information on the latest threats.