cyber Archives - Slaffcheff's place

This article is something different. It’s not the typical cybercrime. This is next level hacking activity. Just .. read 🙂

The article is not mine, unfortunately. You will find the source on the bottom of this page. Now, ENJOY 🙂

They’d been high all weekend long — on Ecstasy, coke, mushrooms and acid — so there seemed little harm in doing one last bump of Special K while they packed up to leave their $5,000-a-night duplex in South Beach. For the past three days, the three friends had barely bothered leaving their hotel, as a dozen club kids in town for Winter Music Conference, the annual festival that draws DJs and ravers from all over the world, flocked to their luxury suite to partake of the drug smorgasbord laid out on the coffee table. But even stoned on industrial-grade horse tranquilizers, Albert Gonzalez remained focused on business — checking his laptop constantly, keeping tabs on the rogue operators he employed in Turkey and Latvia and China, pushing, haranguing, issuing orders into his cellphone in a steady voice. “Let’s see if this Russian asshole has what I need,” he’d say calmly. Then he would help himself to glass plates of powder, each thoughtfully cut into letters for easy identification: “E” for Ecstasy, “C” for coke.

Albert’s two friends were in no shape to think about work. Stephen Watt, a freakishly tall bodybuilder, was planted on the big leather sofa, immobile as the hotel suite’s potted palm. Only 23, Watt was the group’s coding genius, who until recently had been employed in the IT department at Morgan Stanley, the giant Wall Street investment bank. Patrick Toey, 22, Albert’s most loyal foot soldier, was lazing around the suite, staring at the Miami seascape through the two-story picture windows, letting his thoughts drift.

“Listen, I need you to do this now,” Albert was saying in a firm voice as he set his laptop on the desk in the master bedroom upstairs. For weeks, he had been badgering Stephen, known in hacker circles as the “Unix Terrorist,” to refine a crucial bit of code for him. They were in the midst of pulling off the biggest cybercrime ever perpetrated: hacking into the databases of some 250 companies — including Barnes & Noble, OfficeMax, 7-Eleven, Boston Market, Sports Authority and DSW — and stealing 170 million credit-card numbers. But unless Albert could get Stephen to focus, the whole thing was in danger of falling apart.

“Now that I’ve got you here, I need you to do it, or it’s never gonna happen,” Albert urged. The whites of his brown eyes had gone veiny from the K, but he was still the ringleader, still in control. Continue reading “Sex, Drugs, and .. CODE! The story of GREEN HATS” →

First let’s start with a diagram of possible IO threats.

Securing a network involves protocols, technologies, devices, tools, and techniques to secure data and mitigate threats. Many external network security threats today are spread over the Internet. The most common external threats to networks include:

Viruses, worms, and Trojan horses – malicious software and arbitrary code running on a user device

Spyware and adware – software installed on a user device that secretly collects information about the user

Zero-day attacks, also called zero-hour attacks – an attack that occurs on the first day that a vulnerability becomes known
Hacker attacks – an attack by a knowledgeable person to user devices or network resources
Denial of service attacks – attacks designed to slow or crash applications and processes on a network device
Data interception and theft – an attack to capture private information from an organization’s network
Identity theft – an attack to steal the login credentials of a user in order to access private data
It is equally important to consider internal threats. There have been many studies that show that the most common data breaches happen because of internal users of the network. This can be attributed to lost or stolen devices, accidental misuse by employees, and in the business environment, even malicious employees. With the evolving BYOD strategies, corporate data is much more vulnerable. Therefore, when developing a security policy, it is important to address both external and internal security threats.

So .. What are the security solutions to all these threats?

No single solution can protect the network from the variety of threats that exist. For this reason, security should be implemented in multiple layers, using more than one security solution. If one security component fails to identify and protect the network, others still stand.

A home network security implementation is usually rather basic. It is generally implemented on the connecting host devices, as well as at the point of connection to the Internet, and can even rely on contracted services from the ISP.

In contrast the network security implementation for a corporate network usually consists of many components built into the network to monitor and filter traffic. Ideally, all components work together, which minimizes maintenance and improves security.

Network security components for a home or small office network should include, at a minimum:

Antivirus and antispyware – to protect user devices from malicious software

Firewall filtering – to block unauthorized access to the network. This may include a host-based firewall system that is implemented to prevent unauthorized access to the host device, or a basic filtering service on the home router to prevent unauthorized access from the outside world into the network.

In addition to the above, larger networks and corporate networks often have other security requirements:

Dedicated firewall systems – to provide more advanced firewall capability that can filter large amounts of traffic with more granularity

Access control lists (ACL) – to further filter access and traffic forwarding

Intrusion prevention systems (IPS) – to identify fast-spreading threats, such as zero-day or zero-hour attacks

Virtual private networks (VPN) – to provide secure access to remote workersSo let’s summarize ..Networks must be reliable. This means the network must be fault tolerant, scalable, provide quality of service, and ensure security of the information and resources on the network. Network security is an integral part of computer networking, regardless of whether the network is limited to a home environment with a single connection to the Internet, or as large as a corporation with thousands of users. No single solution can protect the network from the variety of threats that exist. For this reason, security should be implemented in multiple layers, using more than one security solution.
The network infrastructure can vary greatly in terms of size, number of users, and number and types of services that are supported on it. The network infrastructure must grow and adjust to support the way the network is used. The routing and switching platform is the foundation of any network infrastructure.

Tag: cyber

Sex, Drugs, and .. CODE! The story of GREEN HATS

Securing the network v2