Israel Hackers Counterhack and Steal Saudi Credit Cards

On Saturday a pro-Palestinian hacker, who seemed to be from Saudi Arabia, leaked thousands of Israeli credit cards stolen from websites frequented by Israeli shoppers.

Israeli officials denounced the leak, and compared the theft to terrorism. According to Reuters, Israeli Deputy Foreign Minister Danny Ayalon stated in a speech that the attacks were “a breach of sovereignty comparable to a terrorist operation, and must be treated as such,” and “Israel has active capabilities for striking at those who are trying to harm it, and no agency or hacker will be immune from retaliatory action.

Reports have surfaced that the hacker was actually from Mexico, not Saudi Arabia. And also that Ayalon’s personal website was re-directed after his speech to point to an Islamic website that stated through Google Translate, “We declare war in cyberspace, do not be afraid of these monkeys.”

In a tit for tat type move, news just released a report stating that Pro-Israeli hackers breached Saudi shopping sites and that they have thousands of Saudi credit cards and personal information. “If the leaks continue, we will cause severe damage to the privacy of Saudi citizens,” one of the Israeli’s stated.

But it does not sound like the Israeli group will stop with just the credit card counter hack. “We could not stay silent after the pompous boasting of the Saudi hacker. A few Israeli hackers came together and decided on various responses for each cyber activity that would be carried out against Israel, including responses beyond the cyber world.”

He added that they would counterattack in the cyber realm for any terrorist attack against Israel, “If a terror attack were to take place, we will make every effort to publish the terrorist’s personal details and those of his family.”

I am a staunch supporter of Israel, but in this feud with continuous attacks and retaliations, one has to ask, when does it end?

Japan Building Automatic Cyber Defense Virus

Japan steps it up a notch in the cyber war arena. Apparently the Japanese government has hired IT product giant Fujitsu to create a cyberweapon virus that will automatically seek out and destroy enemy viruses:

“The three-year project was launched in fiscal 2008 to research and test network security analysis equipment production. The Defense Ministry’s Technical Research and Development Institute, which is in charge of weapons development, outsourced the project’s development to a private company. Fujitsu Ltd. won the contract to develop the virus, as well as a system to monitor and analyze cyber-attacks for 178.5 million yen.”

That’s a cool 2.3 million to create an offensive cyber defense system that will not only detect an attack, but will backtrack and seek out the attacker, even when attackers bounce through several proxy systems.  According to the article the “virus” will disable the incoming attack and record forensics data.

The defensive program almost acts like a human immune system tracking down and weeding out invading viruses. Systems like these are needed when facing the latest advanced threats.

Actually computer scientists and engineers are currently studying the human immune system to try to replicate it for computer defense.

Though automated cyber defense systems are classified, from what public data is available the US has had this capability for at least a couple of years now. US computer security company Rsignia comes to mind immediately. Rsignia creates cutting edge security devices used by the US government and in the US-CERT Einstein program.

We covered Rsignia’s Cyberscope automated offensive cyber weapon system back in 2010.

Cyberscope has the ability to detect and automatically counterattack incoming threats. It has several options that it can use in response. For example it can simply shut the attacking stream down or intercept the data that it being ex-filtrated, manipulate it, and feed it back to the attack. Or better yet, it can even infect the proxy machines used and turn them into bots to counter attack the infiltrator.

These were the capabilities openly discussed in mid-2010, who knows how far the US has advanced since.

Year in Review – Top Cyber Arms Posts for 2011

Happy New Year everyone!

I just wanted to thank everyone for another successful year here at CyberArms. Over the year, we talked about some of the hottest news in security and learned some new techniques through the latest hands-on tutorials. I figured what better way to celebrate our year together than to list the top ten articles from 2011, chosen by you, our visitors!

The following articles are the most popular for last year, ranked by page views:

Backtrack 4: Penetration Testing with Social Engineering Toolkit
Backtrack 4 has included a program that you do not hear much about in the main stream security media. But, it is a penetration testers dream. Under the penetration menu is a program called the Social Engineering Toolkit (SET). If social engineering attacks for penetration testers could be made any simpler, I do not know how.

Backtrack 4: How to use Metasploit Training Class
This, by far, is some of the best training videos I have seen on Metasploit. It is a taped security conference from the ISSA Kentuckiana Chapter and is billed by Adrian Crenshaw as being “more Metasploit than you can stand!”

How to Spy on Another Person’s Browser: Man-in-the-Middle Attacks
Today, I want to look at the “Remote Browser Attack” feature of Ettercap. This basically allows you to remotely spy on a target PC and a copy of the website they are visiting will be displayed on your computer.

Cracking 14 Character Complex Passwords in 5 Seconds
Sounds like we need to put this to the test. Most hackers will crack passwords by decoding the password hash dumps from a compromised computer. So,  I pulled several 14 character complex passwords hashes from a compromised Windows XP SP3 test machine, to see how they would stand up to Objectif’s free online XP hash cracker. The results were stunning.

Cracking WPA Protected Wi-Fi in 6 Minutes using the Cloud
Well, according to recent reports, security researcher Thomas Roth says with his brute force program he was able to break into a WPA-PSK protected network in about 20 minutes. And with recent updates to the program, the same password would take about 6 minutes!

NTLM Passwords: Can’t Crack it? Just Pass it!
Let me explain, if you can retrieve the LM or NT hashes from a computer, you do not need to crack them. There is really no need. Sometimes you can simply take the hash as-is and use it as a token to access the system. This technique is called “Pass the Hash”.

What to do When a Website Won’t let you Leave
Usually it is a “Do you really want to leave?” or “Click here to install our anti-virus program”. Here is the bad news. Clicking on the “accept”, “ok” or even the “no” or “cancel” button could be a security issue. It may install something that you don’t want. Also, clicking the red “X” on the popup window to close it may not work, or it may be the same as clicking “accept”. Yeah, I know, hackers and spammers are evil.

How to Log into Windows without the Password
So I booted into Ubuntu, went to the Windows System 32 directory, renamed utilman.exe to utilman.old, copied to utilman.exe and rebooted.  At the Windows log in prompt I hit the “Windows”+”U” key and open pops a system level command prompt. From here you can type any windows command, add users, etc.

GPU Crackers make Seven Character Passwords Inadequate
“Right now we can confidently say that a seven-character password is hopelessly inadequate – and as GPU power continues to go up every year, the threat will increase.”

Memory Forensics: How to Pull Passwords from a Memory Dump
We now have a list of where several key items are located in the memory dump. Next, we will extract the password hashes from the memory dump. To do this we need to know the starting memory locations for the system and sam keys. We look in the dump above and copy down the numbers in the first column that correspond to the SAM and SYSTEM locations. Then output the password hashes into a text file called hashs.txt.


2011 was a great year for both CyberArms and me personally. I had an amazing opportunity last year to be a technical editor for Vivek Ramachandran’s “Backtrack 5 Wireless Penetration Testing Beginner’s Guide”. Vivek is a great teacher, if you are interested in Wireless security at all, check out his book, or his website

I have also recently become an article reviewer and soon to be article contributor for the uber popular IT security magazine “Hakin9“. Hakin9 is one of the most popular computer security magazines in the world. I have followed the magazine for a while now, so it is an honor to be a part of the process.

If you have a business opportunity that you think I might be interested in, please feel free to contact me at cyberarms(at) I love the security field, research and writing and am always looking for new opportunities.

Thanks so much, and I wish you and your families a blessed and prosperous new year!