Wenzhou lawyers Zhang Kai published case truth: instigating illegal gatherings

housands of WordPress websites used as a platform to launch DDOS

In a recent investigation case, security researchers at Sucuri revealed that 26,000 different WordPress sites were exploited to launch Layer 7 distributed denial of service (DDoS) attacks.

In a recent investigation case, security researchers at Sucuri revealed that 26,000 different WordPress sites were generating a sustained rate of 10,000 to 11,000 HTTPS requests per second against one website, and sometimes even peaked at 20,000. The problem is that any WordPress website could be used to attack the availability of other websites if the pingback feature is enabled (its default setting).

The HTTP flood or Layer 7 attacks would inundate the web server with Layer 7 requests resulting in very large DDoS attacks and disrupt a server by exhausting its resources at the application layer and not at the network layer. They do not require as many requests or as much bandwidth to cause damage; they are able to force a large consumption of memory and CPU on most PHP applications, content management systems (CMS), and databases.

Founder and CTO of Sucuri, Daniel Cid recommends disabling pingbacks on your site. Although It won’t protect you from being attacked, but will stop your site from attacking others.

“The best course of action is to disable pingbacks and if possible, disable xmlrpc altogether if you are not using it. If you are, you can make some very small changes to your .htaccess file to allow only whitelisted IPs to access the file. This might be the case with the popular JetPack plugin.” He said.

It has been known for years that the WordPress pingback service can be abused for DDoS attacks mainly because website owners rarely bother to prevent their site from being added to a botnet. Since the attack is coming from thousands of different IP’s, network-based firewalls will do little to stop the attacks as they only do rate limiting per IP address. The researchers discovered that the majority of IP addresses used in this attack were sites hosted on popular VPS/Cloud/Dedicated server providers: Amazon AWS, Digital Ocean, Google Cloud, Microsoft Azure, Hetzner, OVH and Linode.

The researchers discovered that the majority of IP addresses used in this attack were sites hosted on popular VPS/Cloud/Dedicated server providers: Amazon AWS, Digital Ocean, Google Cloud, Microsoft Azure, Hetzner, OVH and Linode.

Japan wins the hacker critical infrastructure

Security firm Cylance have uncovered a long-running hacking campaign dubbed ‘Operation Dust Storm’ targeting commercial and critical infrastructure organizations in Japan.

Threat actors behind the Operation Dust Storm have been active since at least 2010, the hackers targeted several organizations in Japan, South Korea, the US, Europe, and other Asian countries.

Experts believe that the group is well-organized and well-funded, a circumstance that lead the researchers to speculate the involvement of a nation-state actor.

The researchers at Cylance revealed that the threat actors started focusing on Japanese organizations since 2015, they hackers breached networks of Japanese organizations in the electricity generation, oil and natural gas, transportation,  finance, and construction industries.

The list of victims includes an automaker, the Japanese subsidiary of a South Korean electric utility firm, and an oil and gas company.

The hackers demonstrated the availability of unique backdoors and zero-day exploits in their arsenal, used to launch watering holes and spear phishing attacks. In a number of attacks conducted in May 2015, the group also used several Android backdoors against targets in South Korea and Japan.

Fortunately the attacks launched by the group behind Operation Dust Storm were not sophisticated. The researchers spotted the group in 2011, when the hackers relied on Adobe Flash Player (CVE-2011-0611) and Internet Explorer (CVE-2011-1255) zero-day vulnerabilities to deliver a strain of malware dubbed Misdat.

“Very little public information was available throughout 2010 on this threat, despite the group’s primary backdoor gaining some level of prominence in targeted Asian attacks” states the report published by Cylance “It wasn’t until June 2011 that Operation Dust Storm started to garner some notoriety from a series of attacks which leveraged an unpatched Internet Explorer 8 vulnerability, CVE-2011-1255, to gain a foothold into victim networks. “

In October 2011, the hackers targeted gathering intelligence about the Libyan crisis following the death of Muammar Gaddafi. In 2012, the group leveraged the Internet Explorer zero-day (CVE-2012-1889) for their cyber espionage campaigns.

Experts at Cylance noticed a significant reduction of the Operation Dust Storm in March 2013, after the publication of the Mandiant’s analysis of the Chinese APT group dubbed APT1.

In February 2014 the group behind Operation Dust Storm appeared again, it launched a series of attacks leveraging a new Internet Explorer zero-day exploit (CVE-2014-0322) used in watering hole attacks.

The researchers at Cylance have no doubts, the attacks against Japanese critical infrastructure will rapidly increase in the future.

“However, our team believes that attacks of this nature on companies involved in Japanese critical infrastructure and resources are ongoing and are likely to continue to escalate in the future.” Cylance concluded.

Encryption isn’t at stake, the FBI knows Apple already has the desired key

The second technique is that the iPhone can be configured to wipe the device after ten failed PIN attempts. When this option is turned on, the phone will discard its file system key after 10 bad PINs, rendering all the file system metadata (including the per-file keys) permanently inaccessible.

The third and final technique is that the computation used to derive the PIN key from the PIN itself is slow, taking approximately 80 milliseconds.

It's the first two of these mechanisms that the FBI is asking for assistance with. While the 80 millisecond delay is in some sense unavoidable (a faster system might be able to perform the key derivation more quickly, but it's not as if the iPhone hardware is readily upgradeable), both the escalating long delays and device-wiping functionality are arbitrary software decisions. The FBI is asking for Apple to create a custom iPhone firmware that removes the escalating delays and omits the device wipe. As a bonus, the FBI is also asking for a way to enter PINs other than typing them in one after the other on the touchscreen. Thus, the FBI wants Apple to make a special version of iOS that is amenable to brute-force attacks on its PIN.

As long as the phone uses a PIN, this would ultimately let the FBI unlock it. If it's locked with a secure password, unlocking the phone may well prove intractable even with the special firmware.

Such a firmware would not seem to be generally useful for attacking other iPhones, though. The FBI's request is that the special firmware be tied to the specific device. Every iPhone contains a multitude of unique identifiers that are baked into its hardware (the serial number, the cellular radio IMEI, and the Wi-Fi and Bluetooth MAC), and the court order explicitly states that the custom firmware must be tied to the San Bernardino phone's unique identifier, such that it can only run on that specific phone.

Assuming that this can be done (and done robustly), it means that even if the custom firmware were given to nation-states or even published on the Internet, it would not serve as a general-purpose way of performing brute-force PIN attacks. It would be useless on any device other than the San Bernardino device. To make such leakage less likely, the court order does allow for the possibility that the custom firmware might be used only at an Apple location, with the FBI having remote access to the passcode recovery system.

Such an approach is consistent with the way Apple already performs lock screen bypasses on devices running old versions of iOS; law enforcement sends the device to Apple, Apple does the data extraction using tools the company has explicitly created to perform the extraction, and law enforcement receives a FireWire or USB drive with the data. Apple's custom tools never leave Cupertino.

Hypothetically, if the special firmware were to leak, what exactly would prevent people from making it work with a different unique identifier—or even with any unique identifier. This concern strikes at the very heart of the matter, and it's why Apple is involved at all.

The FBI does not really need Apple to write a custom firmware that lets you brute force the iPhone PIN without risk of wiping the device or suffering lengthy timeouts. It's much easier for Apple to write this code, of course, because Apple knows all about the iPhone, but there's no doubt that the FBI could pay some enterprising reverse engineers and hackers to develop the software itself. The problem for the FBI is not so much the development of the software; it is getting that software to run on the iPhone.

The iPhone requires that its firmware have a digital signature that authentically demonstrates that the firmware was developed by Apple and has not been subsequently modified. The FBI does not have (and is not asking for) access to Apple's signing key. It is instead asking for Apple to use its signing key to sign the custom firmware so that the iPhone will accept it and run it. It is this signature requirement that means the FBI cannot create the software itself.

It's this same requirement that also means that iPhone users would be safe even if the special firmware leaked. Changing the embedded unique identifier within the special firmware would break the signature and thus cause targeted iPhones to reject the firmware. This is why complying with the court demand would not jeopardize the security of any other phones. The cryptographic safeguards don't allow it.

The security of these digital signatures is being taken for granted by the FBI; once again, the cryptography underpinning the system is sound, and the government is not asking for it to be bypassed or backdoored or otherwise attacked.

The FBI's request does, however, put into sharp relief the parts that aren't sound. The PIN lockouts and device wiping measures are all "just software." They're not dependent on any particular mathematical feature of the algorithms, they're not proven by years of analysis of the underlying mathematics. And as "just software," Apple has every ability to override them.

One could imagine ways in which iPhones were made a little more resilient against this kind of thing, but they're not straightforward. The court order suggests the use of the iPhone's "DFU" mode. This is an extremely low-level mode designed for last-ditch recovery of the device. In this mode, the screen is not even activated or enabled; the phone has to be connected to a computer via USB to transfer a new firmware image. One could imagine ways in which even this mode could be PIN protected, perhaps even making it destroy the file system key if a correct PIN is not available, but this is tricky. One of the points of DFU mode is its simplicity. It does one thing as a fail-safe emergency measure. Making it more complex would jeopardize its ability to serve its fundamental purpose.

Overall, the FBI's request could be seen as a testament to just how good encryption is. The FBI can't attack the iPhone's encryption directly, and it can't bypass the firmware signature mechanism. There's no existing backdoor to the crypto.

But what the iPhone does have is software lockouts, and the security of those lockouts is entirely up to Apple. Apple's signing key gives the company wide power over the software-level protections built in to iOS. The FBI knows this, and that is why it's  demanding the company's assistance.

Terrorist training cold-blooded killer in the heart of Europe

London, England, a man armed with a knife stabbed people in the subway, and shouted, "To Syria." The police then arrived and let men lay down their arms, after many contend, criminals by the police with a stun gun uniforms. Later, the police will be characterized it as a terrorist attack.

Reference News Network February 23 foreign media reported that Europol sounded the alarm. Paris massacre is just the beginning. "Every reason to believe that" terrorist organization "somewhere in Europe and France in particular" other plan "can cause mass casualties among civilians," the attacks. Europol Rob Wainwright, head of presenting the results of this meeting of experts of the organization said.

According to Austria "News" website reported January 29, intelligence, terrorist organizations in the Middle East, the West established Rangers. Training not only in Syria, the same is also "EU camps and smaller Balkan countries" to start the situation Europol report says.

Media learned from the security sector, where a clue pointing to the Bosnian mountains. International investigators in recent years has repeatedly eyeing the village of Mao search Wahhabi control.

Europol would not comment on the internal situation of the EU terrorist training camps further formal statement, but the media more detailed survey points to Slovenia. There is evidence that far more than men have the will to do battle, "religion speech" from Austria via the Schengen open borders or Muslim children to attend the celebration of the birth. Team building in the remote destination is One Laibach nearby forest. Where people discuss and practice become extremely extreme use of arms. Also present from Germany, Luxembourg, Slovenia and Austria Salafists believers. Channel leading to the training venues guarded by two sentries. According to the Constitution Protection Agency news behind the mujahideen training locations may be Salafists organized a suburb of Laibach, which to combat zones in Iraq and Syria sent more than extremists.

Training means a professional terrorist organization. In the middle of the extremists and even spread the guerrilla 71 of a textbook. Including how to use weapons and explosives course, plotting measures, anti-spy and "decapitation murder and other special skills." Europol said the purpose of the course is capable of cold-blooded terrorists, without any emotion murder. Physical and mental training is so able to withstand possible terrorist police interrogation. Europol analysts noted in particular terrorist instructions very close to practice. "People can not learn by reading everything," a staff member of Europol said. Mujahideen training center is Syria.

Religion is not the primary consideration when recruiting. Europol investigation, said the militants were arrested in less than half understand doctrine, which also led it does not require a long time will be brainwashed and become extreme. More suicide bombers that they are "heroes" instead of "martyrs." In addition, 80% of the jihadists have a history of violent crime, reported that one in five people with mental health problems.

Europol stressed individual Syrian refugees in Europe may have been extreme, recruiters already eyeing the refugee camps.

Wainwright in The Hague introduced the new European anti-terrorism center. He said that the Paris attacks show that so far cooperation between agencies is still insufficient.

Russian engineers by Daash controlled gas plant work

Whether Salem Kenar and Reggie Psou Sylow published (FP) dated report Foreign Policy February 9, 2016, wrote in the newspaper, established in northern Syria and the Islamic State (#Daash) organization the control of the gas, have proved that the business organization and between the Syrian regime list.

According to the report, according to officials of the Turks and the "Syrian rebels", it is in spite of the President #Bashar_alosd, Russia and its allies against the Islamic State government declared a war, but natural gas facility's control of the organization, the Islamic State and companies linked to the president of Russia's energy partner sites #Vladimir_boaten between.

It has been reported, it is made by a company (STROY across gas) Russia Emaar company, which is controlled by billionaire (Gennady Temcenko), a close friend of Putin, and the company close contact Erimlin built capital, the newspaper reported that former the US Treasury has approved (STROY across gas), in addition to the company owned by (Temcenko) rest, they directly (Putin) interrelated activities participation, following Ukraine # events.

According to the article, the plant's controversial stories, including the Assad regime and businessman Ross - in addition to moderate Syrian group tried together Syrian Islamic countries can be provided to activate them, make financial and logistical facilities facility biggest increase (Syria ).

Syrian government in 2007 awarded based on the parent company (STROY span gas) facilities (Tweinan) contract, owned by Russian citizens secondary Contracting Company (Hsko) investment and construction - Syria (George Hassoana), the US Treasury has punished companies (Hsko ) last November conciliation Islamic countries and the Assad regime, and deny the sale of oil costs between this allegation Hassoana, according to FP.

In this partnership with Joseph Arbash wife (Hassoana) between # Management Office (Hsko) Moscow (Hsko) of, (STROY span gas) FP far beyond an interview with reporters the deal, he said, the two companies # Sudan, Algeria, Iraq and the United Arab Emirates, a joint venture worked since 2000.

According to the construction process continues slowly to the Union seized joint action with the support of Al-Qaida victory at the front established in 2013. Syrian rebels articles. With FP Abu Khalid, the brigade of Qais Al Qarni, a member of the Union who are part of an interview with reporters, when they enter the area, engineers and consultants Russians fled, leaving the Syrians staff, he said later. And Abizaid said: "We decided to protect this plant, we believe we will be by the Syrian people, he is the king of the Syrian state-owned."

According to FP, and the lips of senior Turkish officials, the Islamic state since 2014, plant control, and after these controls, continue (STROY span gas) through the construction of facilities (Hsko), subcontractors and licensed Islamic countries, also claimed Russian engineers are still working within the facilities to complete the project.

According to the Syrian government reports, newspaper last November confirmed this view, in January 2014 released a report, after the control of the Islamic countries of the facility, the paper quoted the Syrian government sources said, (STROY span gas ) has completed 80% of the project and expected to be passed to the system established by the second half of the year. Although this is not an article of the facility it is under the control of Islamic countries mentioned.

According to the details of the first phase of the project .. production facility is headquartered in London, which saw the (George Hassoana) wrote a letter to # (David Porter), at the Institute (Chatham House) Research Associate Display start at the end of 2014, and is ready to complete all work in 2015. "Some natural gas into electricity to do the milking station, wherein the operating under the protection of Islamic countries, and the rest is pumped to (Holmes) and (Damascus)" by what he said.

He also said, FP's (Abu Khalid), Russian engineers are still working in the factory, and (Hassoana) a system with Islamic countries and joint use of gas production from the plant process. Daash said, using the name "Daash allow Russian companies to re-send its engineers and staff in exchange for a larger share of gas and money Alambtzh work," and attributed his information to the Syrian rebel leaders who are fighting the regional Islamic state. He added: "This is the staff of Russian companies through a military base in the province of Hama # change their changes."

The newspaper reported that, Hassoana reject these allegations, and the Ministry of Finance, he served as an intermediary between the Islamic countries and the Assad regime's gas deal, saying after the return has never denied working gas facilities (Hsko) in continuation control of the area of ​​Islamic countries.

In 2014 Vadet group (Hsko) October Syrian media activities (tenderness silently slaughter) reported among Islamic countries (Hsko) and provisions for mediation has signed an agreement with the Islamic countries they are ready to give up big profits in their favor part. He came in October 2015 adopted the Financial Times reports indicate that the gas produced in the laboratory was sent to Aleppo thermal stations and official control of Islamic countries, but the deal provides 50 megawatts of electricity system, while Islamic countries to get 70 MW of electricity and 300 million barrels of condensate. According to FP, who worked in the lab engineer told the Financial Times said (Hsko) also sent nearly $ 50,000 a month in the Islamic countries to make their own efforts to protect the precious organs.

How To Install Kali Linux On Android Smartphone

Kali Linux, a secure distribution of Linux, is one of the most widely used OS among ethical hackers  (and unethical hackers). The reason is that Kali Linux has almost every tool required for pentesting pre-installed. And a great back end support from Offensive Security make it a great platform for beginners as well as professionals. Kali Linux is a successor of BackTrack OS which was also developed by Offensive Security.

The developers at Offensive Security have been working extensively for developing a dedicated operating system for cyber-security researchers. Along with ARM devices, Kali Linux is available for Android too.

The installation process is very simple and straightforward. If you have a rooted Android phone having at least 5GB of free storage and a fast internet connection (to download repository files), then everything else is just a matter of few taps on your smartphone.

First of all install Linux Deploy app from Play Store.

Now make sure that your phone is in the required state for installation. That is, make sure that your phone is rooted, having 5GB of free space, an internet connection with decent speed (and you are patient enough to wait for Kali to bootstrap from the network).

Root privilege is required because Kali will install itself in chroot mode. Which means that allowed access will be restricted to specified directory (acting as root directory) and their children.

Step 2 is running the app, and selecting Kali Linux in the distribution tab. Optionally, you can choose your architecture, verify that the Kali mirror is correct, set your installation type and location on your Android device, etc. Generally speaking, the defaults provided by Linux Deploy are good to begin with.

Once all the settings are at place, hit the “install” button and app will start a Kali Linux bootstrap directly from repositories of Offensive Security. Depending on your Internet connection speed, this process could take a while. You’ll be downloading a base install of Kali Linux (with no tools) at minimum.

When the installation is complete, you can have Linux Deploy automatically mount and load up your Kali Linux chroot image. This also includes the starting of services such as SSH and VNC for easier remote access. All of this is automatically done by hitting the “start” button. You should see Linux Deploy setting up your image with output similar to the following:

Kali Linux 

At this stage, Linux Deploy has started a VNC and SSH server inside your chrooted Kali image. You can connect to the Kali session remotely using the IP address assigned to your Android device (in my case, 10.0.0.10).

Logging In:

You can now access your Kali Linux instance with either VNC or Secure Shell(SSH). The required credentials are-

For VNC password is “changeme”

For SSH username is “android” and password is again “changeme”

This is what it all looks like on your device:

Linux localhost 3.4.5-447845 #1 SMP PREEMPT Fri Apr 12 17:22:34 KST 2013 armv7l

Kali GNU/Linux 1.0 [running on Android via Linux Deploy] android@localhost:~$ sudo su

root@localhost:/home/android# df

Filesystem 1K-blocks Used Available Use% Mounted on

/dev/loop3 4180944 667268 3304012 17% /

tmpfs 952708 80 952628 1% /dev

tmpfs 952708 0 952708 0% /dev/shm

root@localhost:/home/android#

root@localhost:/home/android# apt-get update

Hit http://http.kali.org kali Release.gpg

Hit http://http.kali.org kali Release

Hit http://http.kali.org kali/main Sources

Hit http://http.kali.org kali/contrib Sources

Hit http://http.kali.org kali/non-free Sources

Hit http://http.kali.org kali/main armel Packages

Hit http://http.kali.org kali/contrib armel Packages

Hit http://http.kali.org kali/non-free armel Packages

Ign http://http.kali.org kali/contrib Translation-en_US

Ign http://http.kali.org kali/contrib Translation-en

Ign http://http.kali.org kali/main Translation-en_US

Ign http://http.kali.org kali/main Translation-en

Ign http://http.kali.org kali/non-free Translation-en_US

Ign http://http.kali.org kali/non-free Translation-en

Reading package lists… Done

root@localhost:/home/android#

Memory Considerations:

If left unchanged, Linux Deploy will automatically set an image size of around 4 GB, for a “naked” installation of Kali. If you would like to install additional Kali tools down the road, you might want to consider using a larger image size, which is configurable via the settings in Linux Deploy.

Youtube Video Operation Demo

https://www.youtube.com/watch?v=QUUteTtNVJk

Quick Tip: Prefer SSH over VNC while logging into your OS. This will save you a lot of time.