According to a Forbes.com article, Internet Security specialist Tom Cross revealed a secret back door placed in Cisco products used for law enforcement monitoring at the Black Hat Security Conference last month. The feature is called “Lawful Intercept”. But this feature could be putting Cisco users at risk, according to an IBM consultant, because the back door does not have very tight security.
Also according to the article, Cisco is not the only company doing this. It was a similar practise of sharing information with law enforcement that enabled the recent hacking of Google. Erickson Network switches have also been compromised using this same technique.
Nothing like locking the front door but leaving the back door wide open. Read the full article at Forbes.com.
Renukanth Subramaniam, 33, set up DarkMarket, an eBay for cybercrooks where fraudsters and crackers could buy and sell stolen bank log-ins, credit card details and skimmers. The scheme became unstuck in 2008 after the site was infiltrated by an FBI agent who posed as a criminal hacker and gained a senior role running the site under the alias MastrSplyntr in an undercover operation that ultimately led to 60 arrests worldwide including Subramaniam (aka JiLsi). – The Register.
According to BBC News, “suspects linked to the website were arrested in the UK, US, Canada, Germany, France, Turkey and Russia. It even operated a secure payment system, allowing users to “review” the criminal services on offer – creating a “one-stop-shop for criminals the world over“.
I just love the undercover FBI’s alias, “MastrSplyntr”. Kudos to the FBI for bringing down this international operation, nice job guys.
Please everybody, be careful when ordering online. People have really let down their guard when it comes to online purchases. Do not order from places you don’t know or trust. And delete your browser cache after any online banking or credit card transactions.
“Christopher Allen Lewis, a.k.a. “EBK,” 20, of Newark, Del., pleaded guilty Wednesday to conspiring to disrupt service at Comcast corporation’s website in May 2008. Lewis is scheduled to be sentenced on May 21 and faces a maximum sentence of five years in prison, a $250,000 fine and up to three years of supervised release.” – SC Magazine.
They accomplished this attack by changing DNS records to point to a different location. They claim that it was a prank, but if the attackers had made a carbon copy of the site and pointed the DNS records to it, Comcast’s losses could have been much higher.
This weakness of the TCP/IP network model needs to be fixed. DNS records should be locked down on active websites.