Sunday, January 3, 2016

Satoshi Nakamoto Unmasked?

Is Craig Steven Wright really 'Satoshi Nakamoto': the founder of Bitcoin?
Claiming to be the founder of Bitcoin, the cyberworld online money being used by some online stores down to the "dealers" in the darknet.

Over the years, Satoshi Nakamoto, the enigmatic person or group who released the first paper on The Cryptography Mailing list describing what was now known as Bitcoin.

According to Wikipedia:

Many articles have been written about the possible identity or identities of Nakamoto. Some speculations about his identity include:

  • In a 2011 article in The New Yorker, Joshua Davis claimed to have narrowed down the identity of Nakamoto to a number of possible individuals, including the Finnish economic sociologist Dr. Vili Lehdonvirta and Irish student Michael Clear, then a graduate student in cryptography at Trinity College Dublin.[15] Clear strongly denied he was Nakamoto,[16] as did Lehdonvirta.[17]
  • In October 2011, writing for Fast Company, investigative journalist Adam Penenberg cited circumstantial evidence suggesting Neal King, Vladimir Oksman and Charles Bry could be Nakamoto.[18] They jointly filed a patent application that contained the phrase "computationally impractical to reverse" in 2008, which was also used in the bitcoin white paper by Nakamoto.[19] The domain name bitcoin.org was registered three days after the patent was filed. All three men denied being Nakamoto when contacted by Penenberg.[18]
  • In May 2013, Ted Nelson speculated that Nakamoto is really Japanese mathematician Shinichi Mochizuki.[20] Later, an article was published in The Age newspaper that claimed that Mochizuki denied these speculations, but without attributing a source for the denial.[21]
  • A 2013 article,[22] in Vice listed Gavin Andresen, Jed McCaleb, or a government agency as possible candidates to be Nakamoto. Dustin D. Trammell, a Texas-based security researcher, was suggested as Nakamoto, but he publicly denied it.[23]
  • In 2013, two Israeli mathematicians, Dorit Ron and Adi Shamir, published a paper claiming a link between Nakamoto and Ross William Ulbricht. The two based their suspicion on an analysis of the network of bitcoin transactions,[24] but later retracted their claim.[25]


The latest was a revelation from the W I R E D pointing to Craig Steven Wright as Satoshi Nakamoto. He was revealed by an unknown person who sent email evidences of exchanges between Craig Steven Wright and a Kleiman, a U.S. Army veteran and a reclusive computer forensics  who lived in Palm Beach County, Florida. Craig Steven Wright is thought of now as Satoshi Nakamoto.

One of the email exchanges identified Craig Steven Wright as the one.

During an October 2015 panel discussion with fellow Bitcoin experts (including Nick Szabo, long suspected by many as being the real Satoshi Nakamoto), Wright is asked to introduce himself.

[I do] a whole lot of things that people don’t realize is possible yet,


he replied.

When asked by the moderator for clarification, Wright said that

I’m a bit of everything...I have a masters of law...I have a masters in statistics, a couple doctorates, I forget actually what I’ve got these days.
In a more recent article, Craig Steven Wright was accused to being a hoaxer due to some questions on his background.

So. Will the real Satoshi Nakamoto step out or is he already that?

-vmaria 1/4/2016

Thursday, September 24, 2015

Facebook says "Sorry, something went wrong." and Down for a Few

At around 12:44 PM, Thursday, September 24, 2015, Eastern Time (ET) Facebook, the world's leading social media platform went down for a few minutes here in Asia.

The following are screenshots I got from both PC and CP.

Facebook on PC:
Facebook website on Google Chrome

Facebook on CP:
Facebook on Opera Mini browser in an android celphone.
This happened for only around 5 to 10 minutes then it came back up.
Verified locations for users who feedbacked the Facebook went down.
Philippines
Malaysia

Taking a peek at the newsfeed, NewsWeek published a report regarding Facebook being down.

Sunday, August 23, 2015

Methods in Hacking: No System is Safe

In the movie, Who am I - No System is Safe, Benjamin Engel, a young, friendless, German computer whiz, was invited to join a subversive hacker group that wants to be noticed on the world's stage and became a most wanted man.


Who Am I movie poster

The movie is interestingly an action-packed tutorials on the various methods of hacking into the systems whether software or hardware.

Here are some of the methods in hacking to which were demonstrated in the movie:

0 Day Exploit
According to Wikipedia, zero-day (also known as zero-hour or 0-day) vulnerability is an undisclosed and uncorrected computer application vulnerability that could be exploited to adversely affect the computer programs, data, additional computers or a network.[1] It is known as a "zero-day" because once a flaw becomes known, the programmer or developer has zero days to fix it.

Zero-day exploits are attempted before or on the day notice of the vulnerability is released to the public; sometimes before the author is aware or has developed and made available corrected code.

Zero-day attacks are a severe threat and they occur because a vulnerability window exists between the time a threat is released and the time security vendors release patches.


Phishing
Phishing is still the most popular attack vector used for hacking Facebook accounts. There are variety methods to carry out phishing attack. In a simple phishing attacks a hacker creates a fake log in page which exactly looks like the real Facebook page and then asks the victim to log in. Once the victim log in through the fake page the, the victims "Email Address" and "Password" is stored in to a text file, and the hacker then downloads the text file and gets his hands on the victims credentials.

Keylogging
Keylogging is the easiest way to hack a Facebook password. Keylogging sometimes can be so dangerous that even a person with good knowledge of computers can fall for it. A Keylogger is basically a small program which, once is installed on victim's computer, will record every thing victim types on his/her computer. The logs are then send back to the attacker by either FTP or directly to hackers email address.
source: Top 10 Facebook profile hacking techniques!

But there's more. Benjamin and his team used to try to hack a nemesis identity.

Using a Trojan?
As per Wiki : "A Trojan horse, or Trojan, in computing is generally a non-self-replicating type of malware program containing malicious code that, when executed, carries out actions determined by the nature of the Trojan, typically causing loss or theft of data, and possible system harm" and in the Benjamin is trying to identify the ip address and location of MRX, another hacker.

In most part of the story, they used Social Engineering as a tactic to get necessary information and/or convince the victim to do what the hacker wishes him/her to do.

"But the greatest of all is - Social Engineering!"
How a hacker proved that with social engineering technique he can get a free burger!

This was what said for how many times in the movie because they said "hacking is like magic".

Social Engineering always play a vital role to any hacking-related activity.
Social engineering is a non-technical method of intrusion hackers use that relies heavily on human interaction and often involves tricking people into breaking normal security procedures. It is one of the greatest threats that organizations today encounter.
TechTarget


Lets take a look at one of the reviews for this movie:


'Who am I' is a fast paced thriller, incessant, written and directed by the German director Baran Bo Odar talking about the increasingly present virtual world and the tasks of the hackers, who apparently are the new superheroes of the digital age , replacing the classic Superman, Batman or Spiderman. Young and capable of anything when faced with a computer.
agolpeeventos blogspot (translated)
And by the way, this movie is available in mediafire.

Philippines' Bureau of Customs Dozed by Hackers

A group of hackers performed DDOS (Distributed Denial of Service) attacks on the Bureau of Customs in secret operation they named as #OpCustoms which started as early as yesterday and this morning. Hackers continuously attacked the Bureau of Customs website with multiple pings and packets which either downed the site for a brief period or it made it slow for access to users.

A screenshot of the website when trying to access from the google.com website

The DDOSers from the Anonymous groups who called themselves ~Pinoy LulzSec, ~Elite Cyber Security and ~MCA and PHU DDOS Squad said that they downed the site "For the OFW's around the world"

They are in sympathy with the recent policy being enforced by the Bureau Of Customs wherein all "Balikbayan Boxes" sent by OFWs from around the world will be subject to intense inspection to opening of the said packages.

A lot Overseas Filipino Workers (OFWs) from around the world reacted strongly to this and the hackers sympathized with the OFWs.

Their message?


Greetings!
We Are DDOSERS Came From Different Groups.
We unite for this #OPCustoms for the #OFW`s
THIS IS AN OPEN MESSAGE TO Bureau of Customs Specially to Commissioner Alberto Lina.
Why are you focusing your "ire" on the Overseas Filipino Workers and their hard-earned boxes? While smuggled goods and fake rice from China and thrash coming from Canada were brought in to our country without you knowing?
You said that they are the "new heroes" of our poor country and yet it is they whom you put stricter measures; not the bigtime smugglers nor the Chinese illegal traders?
Our country will not further to progress if you are attacking small fishes instead of the big ones. Graft and corruption will always hamper our grwoth.
To Commissioner Alberto Lina and President Aquino, is this what you call "Tuwid na daan" (straight path to progress)??
WE ARE WATCHING.
~Elite Cyber Security
~Pinoy Lulzsec
~#MCA AND #PHU DDOS SQUAD.
 

As of this time, the Bureau of Customs website is either inaccessible or it is slow in loading.

Saturday, May 2, 2015

like4like.org: Top 10 Facebook profile hacking techniques!

(A Note from the re-blogger)
Since the early days of Facebook, these methods have been tested and proven to be effective time and again, but, without the added component called "SOCIAL ENGINEERING", these are rendered just mere tools for hacking Facebook and other social media accounts.



1. Phishing

Phishing is still the most popular attack vector used for hacking Facebook accounts. There are variety methods to carry out phishing attack. In a simple phishing attacks a hacker creates a fake log in page which exactly looks like the real Facebook page and then asks the victim to log in. Once the victim log in through the fake page the, the victims "Email Address" and "Password" is stored in to a text file, and the hacker then downloads the text file and gets his hands on the victims credentials.

2. Keylogging
Keylogging is the easiest way to hack a Facebook password. Keylogging sometimes can be so dangerous that even a person with good knowledge of computers can fall for it. A Keylogger is basically a small program which, once is installed on victim's computer, will record every thing victim types on his/her computer. The logs are then send back to the attacker by either FTP or directly to hackers email address.

3. Password Stealers
Almost 80% percent people use stored passwords in their browser to access the Facebook. This is quite convenient, but can sometimes be extremely dangerous. Stealers' are softwares' specially designed to capture the saved passwords stored in the victims Internet browser.

4. Session Hijacking
Session Hijacking can be often very dangerous if you are accessing Facebook on a http (non secure) connection. In Session Hijacking attack, a hacker steals the victims browser cookie which is used to authenticate the user on a website, and use it to access the victims account. Session hijacking is widely used on LAN, and WiFi connections.

5. Sidejacking With Firesheep
Sidejacking attack went common in late 2010, however it's still popular now a days. Firesheep is widely used to carry out sidejacking attacks. Firesheep only works when the attacker and victim is on the same WiFi network. A sidejacking attack is basically another name for http session hijacking, but it's more targeted towards WiFi users.

6. Mobile Phone Hacking
Millions of Facebook users access Facebook through their mobile phones. In case the hacker can gain access to the victims mobile phone then he can probably gain access to his/her Facebook account. Their are a lots of Mobile Spying software's used to monitor a Cellphone. The most popular Mobile Phone Spying software's are: Mobile Spy, and Spy Phone Gold.

7. DNS Spoofing
If both the victim and attacker are on the same network, an attacker can use a DNS spoofing attack and change the original Facebook page to his own fake page and hence can get access to victims Facebook account.

8. USB Hacking
If an attacker has physical access to your computer, he could just insert a USB programmed with a function to automatically extract saved passwords in the Internet browser.

9. Man In the Middle Attacks
If the victim and attacker are on the same LAN and on a switch based network, a hacker can place himself between the client and the server, or he could act as a default gateway and hence capturing all the traffic in between.

10. Botnets
Botnets are not commonly used for hacking Facebook accounts, because of it's high setup costs. They are used to carry more advanced attacks. A Botnet is basically a collection of compromised computer. The infection process is same as the key logging, however a Botnet gives you additional options for carrying out attacks with the compromised computer. Some of the most popular Botnets include Spyeye and Zeus.