Anonymous ? ! intro about Anoymous hackers.
Indian Military Docs Stolen Cofidential Memo leaked on web.
Who names the Malwares ? Info about computer malware.
Issue 01 Volume 01
Editorial Belated happy new year to all my readers and friends. I thank, all you guys for downloading this magazine. ImHaker is here to make awareness among people about computer security, hacking and hackers. Magazine will also informative for the security professionals & people who are learning. When you learn to break the security, you can able to create a better security. Now a day most of the computer viruses spread through user interaction, for example malicious links with a catchy headline, that will attract the user to fall into the hole. So the people should be educated to prevent themselves from this kind of problems. ImHaker features different categories you can enjoy such as hacking, security, malware, and case studies. Hope you guys will enjoy this issue. ImHaker is a new born baby it needs your support to stand up.
2 IImHaker Magazine
Content Haker Events 04
Who is a hacker? 06
Hacked by Anonymous ?! 08
Indian Military Docs stolen! 10
Banking malware targets Facebook 12
What is a Malware? 14
Who names the malware? 16
Facebook scams and Viruses* 18
Geek Jokes 22
Tech View 24
ImHacker Magazine 3
SANS 2012 North American SCADA Summit
When: Sunday, 15 Jan 2012
When: January 21 - 29, 2012
Where: Swissotel Merchant Court Hotel, Singapore
Where: Lake Buena Vista, FL
NDSS Symposium 2012
13th Annual Privacy and Security Conference
When:Sun, Feb 5, 2012 - Thu, Feb 9, 2012
When: 16 February - 17 February 2012
Where:San Diego, California USA
Where: Victoria Conference Centre, BC, Canada
CODASPY’12 — Second ACM Conference on Data and Application Security and Privacy
SANS Secure India 2012
SANS Security East 2012
When: 08 Feb 2012 - 12 Feb 2012
When: January 17 - 26, 2012
When: Fri, Jan 27, 2012 - Mon, Jan 29, 2012
Where: San Antonio, TX, United States
Where: Sheraton New Orleans ,New Orleans, LA
Where: Washington, DC USA
http://www.shmoocon.org/ SANS Phoenix 2012
SCALE 10x - 2012 Southern Linux Expo
SANS Monterey 2012
When: February 13 - 18, 2012
When January 20 - 22, 2012
When: January 30 - February 4, 2012
Where: Phoenix, AZ
Where: Hilton LAX - Los Angeles, CA USA
Where: Monterey, CA
http://www.sans.org/info/91506 Nullcon Goa 2012
Cyber Crime Conference (CCC) 2012
InfoSec Southwest 2012
When: February 15 - 18, 2012
When:Fri, Jan 20, 2012 - Sat, Jan 28, 2012
WhenWednesday, 1 Feb 2012
Where: Goa, India
Where:Atlanta, Georgia USA
BugCON Security Conference ‘12
When: January 21, 2012
When: February 2 - 3, 2012
Where: Mexico City, Mexico
4 IImHaker Magazine
When: 20 Feb 2012 - 25 Feb 2012 Where: Bangalore, India http://www.sans.org/info/83954
RSA Conference 2012 When: Mon, Feb 27, 2012 - Sat, Mar 2, 2012 Where: San Francisco, California USA http://www.rsaconference.com/
You Shot The Sherif 6 (YSTS 6) When: Sunday, 26 Feb 2012 Where: Sao Paulo, Brazil (map) http://www.ysts.org/
ESSoS ‘12 International Symposium on Engineering Secure Software and Systems
FC’12 Financial Cryptography and Data Security 2012
When: 16 Feb 2012 - 17 Feb 2012
When: 27 Feb 2012 - 02 Mar 2012
Where: Eindhoven, Netherlands
Where: Bonaire, Netherlands Antilles
http://fc12.ifca.ai/ ImHacker Magazine 5
Who is a Hacker ? Hackers are heros of the cyber world! In general hacking is the art of modifying things customized as you wish. In computer security hacking is the process of finding vulnerability and uses them to break in to the system.
But if you want to be hacker you need to learn all these things and expertise in it.
Hackers are the ultimate skilled people, who have knowledge in all fields of computer and technology. Basic characteristics of hackers are, • They were skilled in programming, reverse engineering, networking, hardware and more. • They will do hack things for money, dispute or adventure. • They can able to think offensive as well as defensive.
Hackers can be categorized by their attitude as well as their skill level too. A white hat hacker is the person who hack things ethically. They get agreement signed by the owners to hack things and submit report on the system security and vulnerabilities. White hat hackers formally known as Security Professionals. On the other hand malicious hackers who crack things illegally without the owner’s permission for some personal protest or profit. They are formally known as crackers.
If you want to be a web designer you need to think creatively, learn PHP, HTML, CSS and other web oriented languages, for a software engineer you need to think logically, learn C++, JAVA, Perl, VB, C#, .NET and so on and for a database administrator you need to know MySQL, SQL, ORACLE and so on.
In the combination of black and white hat, we have Grey hat hackers who may surf the internet and hack into computer systems for the sole purpose of notifying the administrator that their system has been hacked and then they may offer to repair their system for a small fee.
6 IImHaker Magazine
Based on the skill level, the Elite hacker stands top as most skilled person. Next to that script kiddie is a non-expert person who breaks into system by using pre-packed automated tools. The new person who is learning computer hacking is known as newbie or “n00b “ or neophyte. In a special case we have Blue hat hackers who work in software firms as penetration or application testers. Microsoft uses the term blue hat to represent a series of security briefings. A hacktivist is the person who broken into systems for announcing social, ideological, religious or political message. Most of the hacktivism involves website defacement (changing the home page of a website to notifying that the website has been hacked or any other message) and DoS attacks
H A C K I N G
Hacked by Anonymous ?! A hacktivist group Anonymous is a concept that spreads via internet originated in 2003. It represents the concept of many online community users simultaneously existing as a society without a publicly enforced government or violently enforced political authority, digitalized global brain. In its early form, the concept has been adopted by a decentralized online community acting anonymously in a coordinated manner, usually toward a loosely selfagreed goal, and primarily focused on entertainment. Beginning with 2008, the Anonymous collective has become increasingly associated with collaborative, international hacktivism, undertaking protests and other actions, often with the goal of promoting internet freedom and freedom of speech. Actions credited to “Anonymous” are
8 IImHaker Magazine
undertaken by unidentified individuals who apply the Anonymous label to themselves as attribution. Anonymous has defined them-self as, “We [Anonymous] just happen to be a group of people on the internet who need — just kind of an outlet to do as we wish, that we wouldn’t be able to do in regular society. ...That’s more or less the point of it. Do as you wish. ... There’s a common phrase: ‘we are doing it for the lulz’.” Still, experts are not sure that the collective, whose members hide behind the mask of legendary British freedom fighter Guy Fawkes, which is quickly became the symbol of this group. Definitions tend to emphasize the fact that the concept, and by extension the collective of users, cannot be readily encompassed by a simple definition.
The Hacktivisms involved by Anonymous Year
Habbo raids, Hal Turner raid, Chris Forcand arrest.
Chanology, Epilepsy Foundation forum invasion, Defacement of SOHH and All HipHop websites.
Operation Titstorm, Oregon Tea Party raid, Operations Payback, Avenge Assange, and Bradical, Operation Leakspin, Zimbabwe.
Attack on Fine Gael website, Arab Spring Activities, Attack on HBGary Federal, Purported threat against the Westboro Baptist Church, 2011 Wisconsin protests, 2011 Bank of America document release, Operation Sony, Spanish Police, Supporting 2011 Indian Anti-corruption movement in cyber space, Operation Malaysia, Operation Orlando, Operation Intifada, Operation AntiSecurity, Operation Facebook, Operation BART,, Support of Occupy Wall Street, Operation Syria, Operation DarkNet, Opposition to Los Zetas, Operation Brotherhood Takedown, Operation Blackout, Operation Mayhem, Attack on Lt. John Pike, Attack on Stratfor.
Club, 2009 Iranian election Operation Didgeridie.
Instead it is often defined by aphorisms describing perceived qualities. One self-description is: “We are Anonymous. We are Legion. We do not forgive. We do not forget. Expect us.” In July, 2011 FBI arrests 16 people in the United States for the hacking attacks by anonymous group and a sixteen year old was arrested in London who goes by the hacker handle “Tflow”and is believed to be key member of LulzSec. AnonOps Communications, which is a news website about Anonymous has reports that “ Anonymous fights for The Pirate Bay “ Which is a famous BitTorrent website recently blocked by finnish government and the SOPA (Stop-Online-Piracy-Act)
ImHacker Magazine 9
H A C K I N G
Indian Military Docs stolen!
Backdoor access provided by Nokia, RIM and Apple ?!?
Backdoor access in the secured network
Officials in India could not be reached for comment. According to the memo, which was prepared on October 6 last year, the backdoor was reportedly opened by Nokia, Apple and RIM in exchange of doing This is the same group who had business in Indian market. leaked the source code of Norton Anti-virus reported that, Indian “Since MI (military intelligence) military intelligence officials have has no access to USCC LAN (local been reportedly given backdoor area network) limited to VPN, POP access for digital surveillance by servers (communication gateways) Nokia, Apple and Research In Motion etc, and they are primary target (RIM), which makes Blackberry concerning PRC (People’s Republic of China), decision was made earlier phones. this year to sign an agreement with The memo revealed that “the mobile manufacturers in exchange backdoor” was allegedly used by for Indian market presence,” the Indian intelligence to spy on officials memo read. of United States-China Economic and Security Review Commission Alan Hely, senior director of (USCC). USCC officials on Monday corporate communications at told Reuters that the organization Apple, told TOI that the company has “contacted relevant authorities would not like to comment on the to investigate the matter”. The leaked memo. “But I can deny that news agency reported the USCC backdoor access was provided,” did not dispute the authenticity of he said. A Nokia spokesperson intercepted mails that were cited in too refused to comment on the specifics of the matter but said, “The the leaked memo. An Indian hacker group named “The Lords of Dharmaraja” has broken into the Indian military network and stole critical documents and signed agreements.
10 IImHaker Magazine
the privacy of customers and their data seriously and is committed to comply with all applicable data protection and privacy laws.” RIM refused to comment on this specific case. However, the Canadian company that makes BlackBerry phones says in its guidelines “it has no ability to provide its customers’ encryption keys” to anyone and that it “maintains a consistent global standard for lawful access requirements that does not include special deals for specific countries”. While electronic surveillance and wiretapping is often a necessity to check crime and for national security purposes, the law usually only allows for it on a case-to-case basis. It is not clear at the moment if the alleged backdoor access provided by Nokia, RIM and Apple was used for en masse surveillance in India. As more and more people connect to the digital world, governments across the world are looking to tap into the networks, often with the help of private companies, for information gathering and spying
ImHacker Magazine 11
S E C u r i t y
Use below link to see the Facebook Security Infography, http://goo.gl/suixg
Banking Malware Targets Facebook Ramnit a modified version of Zeus
Zeus a malware, which was discovered in 2010 and used to target on stealing banking/financial data. The source code of the Zeus has been leaked on the web last year has been amended by hackers to steal Facebook information, according to researchers from seculert, an enterprise-focused internet security company.
The Malware variant “Ramnit” is known to be a modified version of Zeus. Win32/Ramnit is a family of multi-component malware that infects Windows executable files, Microsoft Office files and HTML files. Win32/Ramnit spreads to removable drives, steals sensitive information such as saved FTP credentials and browser cookies. The malware may also open a backdoor to await instructions from a remote attacker. The attackers behind Ramnit are using the stolen credentials to login to victims’ Facebook accounts and to transmit malicious links to
12 IImHaker Magazine
their friends, thereby magnifying the malware’s spread even further. Ramnit was not initially designed to harvest Facebook credentials, but the Ramnit maintainers have recognized the value of Facebook accounts for propagation. Whereas email can be easily spoofed and is therefore more likely to be ignored, receiving communication from a trusted contact on Facebook will have much higher click-through rates. Victims are simply not aware that the ‘trusted’ Facebook account, from which the communication was received, may itself have already been compromised.
Seculert said they provided Facebook with a complete list of compromised accounts. They noted that the tendency to recycle password could play a role in using the harvested Facebook credentials to access VPN services, email, and various other accounts online.
Chart published by Seculert. Aliases: Type_Win32 (Kaspersky) Win32/Zbot.A (AVG) W32/Infector.Gen2 (Avira) Win32/Ramnit.A (CA) Win32.Rmnet (Dr.Web) W32.Infector (Ikarus) W32/Ramnit.a (McAfee) W32/Patched-I (Sophos) PE_RAMNIT.A (Trend Micro)
Symptoms: The following system changes may indicate the presence of this malware: The presence of the following file Srv.exe.
Ramnit recently stole over 45,000 Facebook login credentials; 96 percent of which were from the UK or France. Facebook hasn’t been the only target for Ramnit, It was able to “gain remote access to financial institutions, compromise online banking sessions and penetrate several corporate networks. Facebook clarified that “over half of these logins were either invalid or had old/expired passwords.” The company has “initiated remedial steps for all affected users to ensure the security of their accounts” and “have begun working with our external partners to add protections to our anti-virus systems to help users secure their devices”
ImHacker Magazine 13
S E C u r i t y
What is a Malware? Basics of Malicious Software Malware is a software program whose intent is malicious or whose effects are malicious. The spectrum of malware covers a wide variety of specific threats, including viruses, worms, Trojan horses and spyware. There are several techniques to detect, detain & destroy malwares. Have you ever think “how big an impact does malware really have?” It is important to know, because if computer security is to be treated as risk management, then you have to accurately assess how much damage a lapse in security could cause. The cost of the malware can be computed in two ways, first the real cost of malware are that which are apparent and which are relatively easy to calculate. If your computer’s software or hardware component is damaged by virus, the cost to replace it would be straight forward to assess. If your company’s computer is affected by virus, so that the cost and time spend by
14 IImHaker Magazine
Byour technical team to repair it can be considered as real cost. The hidden costs are the costs whose impact can’t be measured accurately, and may not even known. For example, the bank and financial companies could suffer damage to their reputation from a publicized malware incident. Regardless of the business, a leak of prietary information or customer data caused my malware could result in enormous damage to a company, no different than industrial espionage. Any downtime could drive existing customers to a competitor or turn away new, potential customers. The Basic characteristics of malware are, Self-replicating – malware actively attempts t propagate by creating new copies or instances of itself. Malware may also propagate passively, by user copying it accidentally.
Malwares in the wild are different in characteristics, size and infection level Population growth – describes the overall change in the number of malware instances due to self-replication. Malware that doesn’t self-replicate will always have zero population growth, but malware with a zero population growth may self-replicate. Parasitic – Malware requires some other executable code in order to exist.“executable”in the sense anything that can be executed, such as boot codeonadisk, binary codeinapplicationsandinterpretedcode. It also includes source code, like application scripting languages and code that may require compilation before being executed
self-replicating population parastitic growth
Table contains the malware type and its characteristics
ImHacker Magazine 15
M A L W A R E
Who names the Malware? Unfortunately, there isn’t a central naming authority for malwares. When a new piece of malware is spreading, the top priority of antivirus companies is to provide an effective defence, quickly. Coming up with a catchy name for the malware is secondary concern. Typically the primary, human-readable name of a piece of malware is decided by the anti-virus researcher who first analyses the malware. Names are often based on unique characteristics that malware has, either some feature of its code or some effect that it has. Unfortunately, there isn’t a central naming authority in the near future, for two reasons. First, the current speed of malware spreading precludes checking with a central authority in a timely manner. Second, it isn’t always clear what would need to be checked, since one distinct piece of malware may manifest itself in a practically infinite number of ways. General form of malware names: Bagle.C E-Mail worm.win32.Bagle.c W32.Bagle.C@MM WIN32/Bagle.c@MM
16 IImHaker Magazine
Malware type: It refers to the type of malware, Such as Trojan, Worm. Platform specifier: The operating environment in which malware runs. WIN32 represents a 32-bit windows operating system. VBS represents a Visual Basic Script. Family name: It is the “human-readable” name of the malware that is usually chosen by the anti-virus researcher performing the analysis. Variant: Usually a malware tends to be released multiple times with minor changes. This change referred as variant of the malware. Variants commonly assigned with letters in increasing order of discovery. Example: aaa.A -> aaa.B -> aaa.C and so on as “Z” gives way to “AA”.
Modifiers: Modifiers supply additional information about the malware. For example, MM stands for Mass Mailing
IImHaker Magazine 17
M A L W A R E
Facebook Scams and Viruses
HOW TO PREVENT? These kinds of attacks are potentially unpredictable as because they were done by new/unidentified person who uses the fake profile for this use. Once you have experienced this kind of attack, report the post to Facebook as spam and immediately block the respected user from your Facebook settings. If this attack was done by one of your well-known friend, then alert him/her to change their own Facebook password. Because their account may be compromised
2. Second, the Facebook scam post viral attack. This attack uses
the social engineering techniques to target the users, such as Osama-bin-laden’s death news, Actress scam videos, Pornography/ Violence videos or any trendy news at the peak of that time. An example of pornography scam video attack looks like this,
Facebook is regularly being used by millions of people around the world; it has been take placed in some people’s daily activities list too. This makes Facebook as a hot target for online scammers and black SEO marketers. Every day lot of people were infected by various malwares roaming around Facebook.
[VIDEO] DAD CATCHES DAUGHTERS ON WEBCAM [OMGGGG].AVI [LINK]
1. The Facebook wall post attack, that is used in link marketing or
IImHaker Magazine 19
c A s e s d y
On December, 2011 the Italian actress Marika Fruscio was a victim of an infamous wardrobe malfunction during a soccer show on Italian TV. The video of the incident went viral and is now being used as a bit in this scam. There are also a number of Marika Fruscio fan pages on Facebook.
“ONE OF YOUR FACEBOOK FRIEND’S NAME] – is in leading role in this video” but victim will not be able to watch the video and he/she will be promoted to download the Adobe Flash player plugin, victim will download the Flash player from the link given in same page so that flash player is NOT Original Flash Player plugin, actually it is a backdoor developed vary smartly to get access of your computer.
HOW TO PREVENT? While Facebook on its part is actively taking steps for a safer Facebook experience, the responsibility also lies with the user.
This scam is one of the many on Facebook that use the clickjacking technique to trick users into revealing confidential information and giving unauthorised access to their computers.
How do they do that? Someone from your Facebook Friends list will say you “Wanna laugh?? Watch my video here http://94.xxx.4x.5x/100000?xxxxxxxx” (xxxx is random numbers i.e http://94.xxx.4x.5x/100000?134068738 ) or Message would be like this “Hello How are you? your friend XYZ is in leading role in this video check it out http://22.214.171.124/100000?13406 8738” If victim will reply this message then victim will get some random messages in reply from the virus infected friends Facebook account. Obviously victim (In case you) will click on the link and the script associated to that video will automatically liked by yourself and posted on your entire friends wall. These actions will be done behind the scenes, Meanwhile a web page will opens the website which will look same like vary known and leading video broadcasting site YouTube’s video page where the title of video will be something like this
20 IImHaker Magazine
1. Be a sceptic. Doubt the authenticity of every link that you click. 2. As a rule, don’t trust short URLs always. 3. Do not enter your Facebook credentials on any website whose URL doesn’t begin with www.facebook.com. 4. It could be a foe hiding behind your friend. Because your friend’s account could’ve been compromised and is being used to spread malware. 5. Match the content and the character of the person. If you staid college professor is posting a link on “hot babes,” raise a red flag. 6. Some scams and spams try to trigger your curiosity. And curiosity killed the cat. So don’t bother and just delete. 7. Anyone promising you easy money or anything of desire could actually be luring you into a trap. Stay away. No free iPads. 8. If any communication on Facebook asks you to copy and paste some code to the address bar of your browser, don’t. 9. If clicking on a link isn’t meant to ask for a software installation, asks you to download/install. Stop. It could be malware. 10. You can also enable ‘Login Approvals’ from the ‘Account Security’ of your accounts setting page. This will add an additional layer of security to your Facebook account. 11. Also many of those fun apps can end up doing more harm than fun. Be selective about the apps you want to add. 12. It is also a good idea to ‘like’ Facebook Security (http://www. facebook.com/security) so that you can keep a tab on all the security related updates on Facebook. 13.If you find any content that is spammy or scammy, report it as spam or scam. 14. If you are a Firefox user, then use the security add-ons such as WOT and NoScript to prevent the malicious links being clicked
IImHaker Magazine 21
c A s e s d y
Geek Jokes! G A M e F u n
Social games in Facebook becomes annoying to most of the users!
Where is the “ANYKEY” ? 22 IImHaker Magazine
. IImHaker Magazine 23
Watch these two phones at action on video, goo.gl/eyLGx and goo.gl/0q7sk
VICTORINOX SWISS ARMY UNVEILS POCKET-SIZED TERABYTE STORAGE DEVICE AT THE 2012 INTERNATIONAL CONSUMER ELECTRONICS SHOW
Huawei Ascend P1 S vs Fujitsu F-07 D world’s thinnest smartphone runs on Android
T E c H N o
Some key features and benefitsof the Victorinox SSD include: World’s smallest high-capacity SSD drive on the market to-date. Variety of storage capacities: 64GB, 128GB, 256GB, and 1 terabyte. World’s only SSD device with only one connector that fits into USB2/3 and eSATA 2/3 connectors. World’s only SSD device with a Bi-Stable graphic display (E-Paper software) for labeling contents. Handles automatic backup and synchronization issues in un-hacked AES 256 security (combination hardware and software). Each SSD comes equipped with two knife bodies, between which the drive can easily be interchanged-one is flight-friendly and the other includes traditional Swiss Army Knife implements (blade, scissors, nail file/screw driver combo)
24 IImHaker Magazine
At the world’s greatest tech show, “Consumer Electronics Show” (CES) 2012, the year that two smartphones duked it out for the title of the world’s thinnest smartphone.Huawei Ascend P1 S -Thinness: 6.68mm Picture-1 & Fujitsu F-07 D - Thinness: 6.7mm - Picture -2
ImHacker Magazine 25
WE NEED YOU TO HELP US ! ImHaker is stepping up its first step in the cyber world. We want you to suggest any new topics to be included and any changes you want us to do in the magazine. In order to satisfy your needs, we need your help by any form of feedback. We are planning to increase the number of pages in the Magazine. So you can expect more hacking and fun on our next issue which is going to be published on February 01, 2012. Visit us at:
Mail us at:
The entire information shared in this magazine are strictly for educational purpose & to improve the security defence attitude to prevent hacker attacks. Do not abuse any information provided by ImHaker magazine. If you cause any damage to your own or any others properties directly or indirectly by the information provided, ImHaker Magazine and the authors are not responsible for that. Hacking is a crime, if it is implemented illegally. Secure yourself and help others
26 IImHaker Magazine