Google Malaysia Site DNS Hacked, Credit Claimed By ‘Team Madleets’ Hacker 1337

Google’s Malaysian site has been hacked and replaced with a splash screen giving credit to a group called “Team Madleets.” The normal site has been offline for several hours as of late Thursday afternoon and the page lists a series of handles that are ostensibly part of the team responsible. Updated with brief statement from the hackers below.

The attack appears to have been of the DNS poisoning variety, in which a hacker gained access to the Malaysia Network Information Center and changed the DNS records of Google’s site to Madleets-controlled servers. So no information appears to have been changed on Google’s servers at this time, as this is a redirect attack of sorts.

The stamp at the top says ‘[!] Struck by 1337′, which is apparently a reference to an individual hacker within the group called 1337, who has recently (allegedly) performed hacks on domain registrars of several countries. A message on 1337′s Facebook page says “Google Malaysia Stamped By 1337″ and references the google.com.my and google.my domains. The only other indicator about who the group could be is a reference to them being Pakistani in origin.

The Madleets address leads to a Facebook page for the team that has the following message posted:

"We feel we need to alert anyone, that we don’t hack any country tlds for example google.com.my as a result of any kind of hate, We don’t hate anyone, We love all humanity, there is no obvious reason for stamping the tlds.
Least the reason is not any kind of hate.
Whatever the reason is we can’t explain except we love all of you.
Regard’s
H4x0rL1f3"

The page info states that “MadLeets is a Ethical and 1337 White Hat Hackers Community. We are Anti Hackers , we teach how to protect yourself from getting hacked.”

If the reasoning on the team’s Facebook page is accurate, then this is simply a matter of doing it because they can and not to make a political statement. A link placed in the source code of the page leads to a music video for the artist Instrumental Core.  The music is auto-played on the site while visitors are there.

Google Malaysia was hacked back in July, along with several other Malaysian sites, by a group protesting the treatment of Bangladeshi workers in that country. One possible motivation for the group taking action now, if it is indeed not simply “exposing vulnerabilities” would be the Global Entrepreneurship Summit in Kuala Lumpur, which will be attended by Secretary of State John Kerry in lieu of President Barack Obama.

We’ve reached out to both the email address given for the team on the site and to Google. We will update this story if we receive a response from either side.

---

A serious vulnerability in WhatsApp allows anyone who is able to eavesdrop on WhatsApp connection to decrypt users' messages.

Whatsapp, the mobile application for instant messaging platform has become one of the main communication tools of the present day and its popularity makes it attractive for security researchers and hackers.

This time it is debated in the protection of the messages exchanged through the application, thanks to a vulnerability in the crypto implementation they can be intercepted by an attacker.

Thijs Alkemade is a computer science student at Utrecht University in The Netherlands who works on the open source Adium instant messaging project, during its research activity he disclosed a serious issue in the encryption used to secure WhatsApp messages.

In the post titled "Piercing Through WhatsApp’s Encryption" Alkemade remarked that Whatsapp has been plagued by numerous security issues recently, easily stolen passwords, unencrypted messages and even a website that can change anyone’s status.


"You should assume that anyone who is able to eavesdrop on your WhatsApp connection is capable of decrypting your messages, given enough effort. You should consider all your previous WhatsApp conversations compromised. There is nothing a WhatsApp user can do about this but expect to stop using it until the developers can update it." states the researcher.

An attacker sniffing a WhatsApp conversation is able to recover most of the plaintext bytes sent, WhatsApp uses RC4 software stream cipher to generate a stream of bytes that are encrypted with the XOR additive cipher.

The mistakes are:
The same encryption key in both directions
The same HMAC key in both directions
Below the trick used by the researcher to reveal the messages sent with WhatsApp exploiting first issue:

WhatsApp adopts the same key for the incoming and the outgoing RC4 stream, "we know that ciphertext byte i on the incoming stream xored with ciphertext byte i on the outgoing stream will be equal to xoring plaintext byte i on the incoming stream with plaintext byte i of the outgoing stream. By xoring this with either of the plaintext bytes, we can uncover the other byte."

The technique doesn't directly reveal all bytes but works in many cases, another element that advantage the attacker is that messages follow the same structure and are easy to predict starting from the portion of plaintext that is disclosed.

The second issue related to the HMAC id more difficult to exploit, Alkemade said WhatsApp also uses the same HMAC key in both directions, another implementation error that puts messages at risk, but is more difficult to exploit.

The MAC is used to detect data alteration but it is not enough to detect all forms of tampering, the attacker potentially could manipulate any message.

"TLS counters this by including a sequence number in the plaintext of every message and by using a different key for the HMAC for messages from the server to the client and for messages from the client to the server. WhatsApp does not use such a sequence counter and it reuses the key used for RC4 for the HMAC."

Alkemade is very critical to the development team of the popular platform:
“There are many pitfalls when developing a streaming encryption protocol. Considering they don’t know how to use a xor correctly, maybe the WhatsApp developers should stop trying to do this themselves and accept the solution that has been reviewed, updated and fixed for more than 15 years, like TLS,” he said.

I agree with the thinking of the researcher, security for applications such as WhatsApp is crucial given its level of penetration, it is true that the interest of the scientific community and cybercrime will surely lead them to discover new vulnerabilities to which WhatsApp have to provide a quick solution.

Alkemade confirmed that there is no remediation for the flaw in this moment, that's why he suggest to stop using WhatsApp until developers produce a patch.

---

Vodafone Germany threw confidential customer info into a paper bin on the street

Vodafone Germany has admitted to another data breach. A partner agency in kaiserslautern threw documents containing confidential customer information into a paper bin on the street.

Last month Vodafone admitted a security data breach in which a hacker gained access to sensitive financial information of at least 2 million of its customers.

Now, there is again a data breach. The document reportedly contains information such as customer addresses, bank details, and copies of IDs.

Vodafone has stated that the mistake was made by a temporary employee and that it had informed federal data protection and telecoms authorities. 

8 More suspected users arrested in US, UK, Sweden: Silk Road

A federal judge on Wednesday ordered that Ulbricht charged with operating a notorious online drug marketplace known as the Silk Road to be sent to New York to face charges.

The so called - Hidden site, Silk Road used an online tool known as Tor to mask the location of its servers, that made it difficult for authorities to know who was using the website.

The site generated about $1.2 billion in sales of heroin, cocaine, ecstasy, marijuana and other illegal substances in less than three years, with Silk Road's operators netting $80 million in commissions.

People using the site to buy drugs also used the virtual currency Bitcoin to lessen the chances of being detected. But in its statement, the agency said the arrests sent a message to criminals that the anonymity touted by sites like Silk Road is an illusion. "The Hidden Internet isn't hidden and your anonymous activity isn't anonymous," it said. "We know where you are, what you are doing and we will catch you."

Keith Bristow, director general of the NCA said hidden or anonymous online environments were a key priority for the NCA, which had 4,000 officers and the latest technology at its disposal to tackle the problem. 

---

If you're unlucky enough to lose your Smartphone or have it stolen, anyone who finds the device will also be able to access any content stored on the device, whether its contacts, music or documents.
But by implementing a SIM card PIN lock, everytime the device is powered down and subsequently switch back on again, the PIN will need to enter before the phone can be used.

Security Researcher - Benjamin Kunz Mejri from Vulnerability Laboratory claimed that he found a new vulnerability in the iOS v7.0.1 & v7.0.2, that allows a hacker to bypass the Sim lock Mode.
In a Proof of Concept video, he demonstrates that how an attacker can bypass the restricted section of the iPhone, when Sim Lock is enabled on a Stolen iPhone Device.

Flaw can be exploited without user interaction and successful exploitation results in the bypass of the SIM lock mode to the regular lock mode.
Follow Steps to bypass SIM Lock on stolen Devices:
Turn on your iPhone and ensure you have the iOS v7.0.1 or 7.0.2 installed and Sim Lock mode is activated.
You will see a black notification in the middle of the display - SIM Locked.
Open the Calendar, and scroll down to the two hyperlinks.
Press the Power button and wait 2 seconds and then press one of the two hyperlinks.
You will be redirected via hyperlink, because of the restriction to the passcode SIM lock.
Press Power button again for 3 seconds and then press the Home button
Click cancel again in the shutdown menu but hold the Home button.
Open up the Control center and go to the calculator. Now a message box appears automatically with the SIM lock
Press the shutdown button for 3 seconds + Unlock Key + Home button.
The Passcode screen will pop up, but you will be again redirected to Calculator.
Now again press the Power button for 3 seconds the  and then press Cancel, at last press the Home button one time.
The Restricted Sim Lock Screen will disappear.
This flaw does not cover Regular Passcode bypass. For that attacker need to use other ways. Shortly after the iOS 7 release date earlier this month, users discovered a lock screen flaw that allowed users to use a simple exploit in order to view private details on the iPhone, iPad or iPod touch.

Apple worked quickly to fix the issue and rolled out iOS 7.0.2, an update aimed at adding Greek keyboard support and tackling the lock screen security flaw. But Just after that another Screen Lock Bypass bug appeared on the Internet. The growing number of iOS 7.0.2 problems are now frustrating iPhone and iPad users.

Kindly Check the video :

---

Whatsapp and AVG, Avira antivirus Website got defaced by "Palestinian hackers"

The Website of Word's most popular mobile messaging app and Antivirus Firm - AVG were hacked this morning and defaced by a new Palestinian Hacker group - KDMS Team, affiliated with Anonymous Group.

 The Defacement page titled 'You got Pwned', with Anonymous Logo and playing Palestinian national anthem in the page background, says:
we want to tell you that there is a land called Palestine on the earth
this land has been stolen by Zionist
do you know it ?
Palestinian people has the right to live in peace
Deserve to liberate their land and release all prisoners from israeli jails
we want peace
and "There Is No Full Security We Can Catch You !"

It seems that the hacker used DNS hijacking to point domains on a fake server with deface page. The Whatsapp has resolved the issue, but at the time of writing AVG is still defaced. It is not clear that if any user data was compromised from AVG or Whatsapp.

We have contacted WhatsApp and AVG for comment and will update this story when we hear back. Just two days before, KDMS Team hacked LeaseWeb, one of the world's biggest hosting company.