August 25th, 2008

Hundreds of Dutch web sites hacked by Islamic hackers

Posted by Dancho Danchev @ 1:46 pm

Categories: Black Hat, Denial of Service (DoS), Dutch, Governments, Hackers, Passwords

Tags: Security, Hacking, Web Site Defacement, Netherlands, Dancho Danchev

In what appears to be a mass defacement, where several hundred domains take advantage of a shared hosting provider, starting as of this Friday, an Islamic hacker known as nEt^DeViL — this is not the NetDevilz team that hijacked the DNS records of the ICANN and Photobucket in June — managed to successfully hack a couple of hundred Dutch web sites as a hacktivist response to the release of the Fitna film, a controversial film released by Geert Wilders, a member of the Dutch parliament in March, 2008.

How did they do it? Since all of the sites are parked on a single IP (81.4.97.190) owned by the Geenpunt.nl hosting company, compromising it means having the ability to compromise the content on all the domains hosted there, which is exactly what happened in this case.

Read the rest of this entry »

June 26th, 2008

Security researchers hack the London underground train for free ride

Posted by Nathan McFeters @ 7:22 pm

Categories: Complex Attacks, Dutch, Governments, Hackers, RFID, United Kingdom, Vulnerability research, Wireless, Zero-day attacks

Tags: Card, Smart Card, Researcher, Smart Cards, Security, Nathan McFeters

A group of Dutch security researchers were able to clone the “smartcards” that commuters use to pay fares in the London Underground system, allowing the group to ride for free.  This is an interesting attack vector that I actually talked to Adam Laurie about when I was at Black Hat Amsterdam.  I’ve spoken about similar hacks with a number of security researchers, and there’s been some interesting ideas proposed on the subject.  In fact, I may just try this on the laundry cards used in my apartment complex.  I promise a full write up on how it was done if I manage to pull something off.

I originally saw this story commented on in an article on Wired by Alexander Lew, which commented that:

There are more than 17 million of the transit cards, called Oyster Cards, in circulation. Transport for London says the breach poses no threat to passengers and “the most anyone could gain from a rogue card is one day’s travel.” But this is about more than stealing a free fare or even cribbing any personal information that might be on the cards.

Oyster Cards feature the same Mifare chip used in security cards that provide access to thousands of secure locations. Security experts say the breach poses a threat to public safety and the cards should be replaced.

 ”The cryptography is simply not fit for purpose,” security consultant Adam Laurie told the Telegraph. “It’s very vulnerable and we can expect the bad guys to hack into it soon if they haven’t already.”

For those not familiar, Adam Laurie is a major player in the computer security research field and has done a ton of interesting research on all number of wireless technology.  I’m working on getting Adam to write up a guest editorial or two on what he’s been working on lately. 

Read on…

[Images courtesy of Transport For London]

Read the rest of this entry »