2M Botnet infected computers taken down by FBI

The Internet is probably the most widely used form of communication on earth and our dependency on it increases every day. Almost anything can be conducted on the internet, and with such widespread use, the number of cyber criminal activities also increases.
Recently, the Federal Bureau of Investigation has succeeded in disrupting an international cyber crime syndicate; a botnet operation that had affected two million computers. A botnet is a collection of infected computers or bots that have been taken over by hackers and are used to perform malicious tasks or functions. A computer becomes a bot when it downloads a file (e.g., an email attachment) that has bot software embedded in it.

Authorities believed that Coreflood infected more than two million PCs, enslaving them into a botnet that grabbed banking credentials and other sensitive data. Its masters then used the details to steal funds via fraudulent banking and wire transactions, the US Department of Justice said yesterday. The vast majority of the infected machines were in the US, but the criminal gang was likely based overseas. Security experts said it was hard to know how much money the gang stole. It could easily be tens of millions of dollars and could go above $100 million, said Dave Marcus, McAfee Labs research and communications director.
Security experts are pretty sure the Russians were behind it. A civil complaint against 13 unnamed foreign nationals was also filed by the US district attorney in Connecticut. It accused them of wire and bank fraud. The Justice Department said it had an ongoing criminal investigation. "Botnets and the cyber criminals who deploy them jeopardize the economic security of the United States and the dependability of the nation's information infrastructure," Shawn Henry, executive assistant director of the FBI's Criminal, Cyber, Response, and Services Branch, said in a statement.

Coreflood started out as an internet relay chat (IRC) bot used for attacking other IRC users. Over time however, it evolved into a TCP proxy as part of an anonymity service, and then later into a full-fledged info stealer Trojan. The last several years Coreflood has maintained a low profile while other more prolific botnets came to the forefront of public attention. However, just recently the group behind Coreflood escalated their activity until it was brought down by the FBI.

In 208, a ring of cyber bank robbers from southern Russia breached inside company networks. They infected every PC within reach with a custom-made data-stealing program using Coreflood. The Coreflood Gang infected swaths of PCs inside thousands of companies, hospitals, universities and government agencies, says SecureWorks researcher Joe Stewart, who has tracked and documented the spread of Coreflood over that period. Says F-Secure researcher Patrik Runald, "This is very organized crime. These gangs are hiring people and making tons of money". The Coreflood Gang is among the most sophisticated. "It's spying on you, capturing your log-ons, user names, passwords, bank balances, contents of your e-mail," Stewart says.
US Government programmers shut down the Coreflood botnet on Tuesday. They also instructed the computers enslaved in the botnet to stop sending stolen data and to shut down. It was the first time US authorities had used this method to shut down a botnet, according to court documents. "The seizure of the Coreflood servers and internet domain names is expected to prevent criminals from using Coreflood or computers infected by Coreflood for their nefarious purposes," US Attorney David Fein said in a statement.
Companies need to secure their network security. IT professionals need to understand the latest hacking trips and methodologies that are out there by undergoing technical security training programs. EC-Councils brand new TakeDownCon is a technical information security conference series, in addition to learning from some of the best security experts, TakeDownCon also offers highly sought after technical training courses, including the Certified Ethical Hacker (CEH) course, often touted as the worlds most comprehensive ethical hacking training program.

The CEH Program certifies individuals in the specific network security discipline of Ethical Hacking from a vendor-neutral perspective. The Certified Ethical Hacker certification will fortify the application knowledge of security officers, auditors, security professionals, site administrators, and anyone who is concerned about the integrity of the network infrastructure. A Certified Ethical Hacker is a skilled professional who understands and knows how to look for the weaknesses and vulnerabilities in target systems and uses the same knowledge and tools as a malicious hacker.

Facebook Fan Likes, I know how to get thousands of them !

Ok, this is a little post aside from the usual hacking Facebook accounts stuffs.

I created a page on Facebook and found it very tiring to get Fan Likes, and likes are what differentiate good pages among crap pages. I set a goal of 5000 Likes and I was just starting on my journey to the 5K !
Good content attracts Likes and not 5K of them, I had to look for another option and that's when I found LikeUp.

Get thousands of Fans
on your Facebook page!

Join the largest community for sharing likes. Get new, genuine fans everyday on your Facebook page. Boost your popularity with LikeUb!

Nice slogan hah ?
Well, i was as sceptic as you but, Until i tried and got 1500 is a week.
SignUp Link:

LikeUp Get thousands of facebook like - Hack-Website

Hack Proofing your identity - Hacking Ebook

Stealing someone's identity in this digital era is no more a big deal.
Hack Proofing Your Identity will provide readers with hands-on instruction for how to secure their personal information on multiple devices. It will include simple measures as well as advanced techniques gleaned from experts in the field who have years of experience with identity theft and fraud. This book will also provide readers with instruction for identifying cyber-crime and the different ways they can report it if it occurs.

Hot Topic. Hack Proofing Your Identity will provide readers with both simple and advanced steps they can take to protect themselves from cyber-crime.
Expert Advice. This book will present security measures gathered from experts in both the federal government and the private sector to help secure your personal information and assets online.
Unique Coverage. Hack Proofing Your Identity will be the only book to include security measure for multiple devices like laptops, PDAs and mobile phones to allow users to protect themselves while taking advantage of the newest ways to access the Internet.
The author is the CEO of Hackademia, a firm focused on security education.

Happy reading :D

Download Here

Hacking - A Crime

 Every accountable Internet end user recognizes that hacking is usually a severe crime. However, you know also that rights most likely are not on hand due to the victims. Many private and public firms, including governments, have forfeit profits because of information theft producing damages and damage as a result of hackers. The sad thing is, laws are not tough enough on cyber offenders. Sometimes, they're not even deemed offenders by any means a result of the deficiency of lawmaking that describes so they cover Internet offenses. This finds us thinking what goes on with a hacker when he's found.

You'll find, needless to say, famous times when hackers have actually been brought to legal requirements. However, it isn't very comforting take into consideration how a movie industry has even somehow developed this belief of hackers to be cool and even sexy. It appears like The show biz industry has neglected to represent these black hats because they really are. This task looks as though everyone has created a twisted conception in this act and don't realize that it is usually severely detrimental. Still, i am left merely to speculate why that is so.

The big issue now is, what the results are to cyberpunk let's say they're caught? Do they even buy what they've accomplished? Would they serve a jail conviction? Could they be meant to pay indemnity to the victim? It's crazy to consider that some people in authorities actually think the problem may be solved by confiscating the hacker's gear and forbidding him from purchasing any new tools. It certainly is utterly absurd to concentrate on how the problem may be averted by confiscation. Of course, any black hat can seek the services of one to buy him a fresh computer, modem or storage device then he'll be back on his craft like nothing came about.

Certainly, hacking can be a far more significant offense versus the majority of justice officials will be ready acknowledge. Which indulgence is, in fact, fashioning the situation a whole lot worse. Since these people realize they are able to effortlessly go away regardless of whether they were captured, they will basically continue slowly destroying people and organizations with their identities and causing their victims enormous hindrance when they lose inside their private planes and burn a few ready cash within an offshore gambling hell.

If things carry on like this, then Online surfers will have to ensure their online security by themselves by making use of every measure there's and keep hackers from exploding. As these cyber culprits can begin by installing key-loggers into your pc, it would always be a good idea to have basic computer safety application   installed. The firewall is the one other key component in securing your digestive system along with an anti-virus software each different kind of anti-malware there exists.

Ethical Hacking - An Overview of Ethical Hackers

Ethical hacker is usually an expert in hacking hired by corporate world especially using vast computer network for its operation. The idea is always to legally allow testing of the operation network with the company for virtually every existing vulnerabilities. Basically ethical hacker shows which information within the computer network may be accessed by an illegal hacker or Black Hat Hacker; how the unauthorized retrieved information may be used by an illegal hacker contrary to the interest from the company. Further the hired hacker will be able to provide tools to alert whenever successful or unsuccessful hacking bid occurs.

Company hiring hacker for that security with their automatic data processing system should explain at length which data is crucial and where it has been kept. The hired hacker himself must have integrity beyond doubt since he can be permitted to access all, sensitive in addition to non-sensitive, on the company's database. Company should make sure to thoroughly go through the profile in the hacker prior to getting him for his services.

You can find definite signs of computing system being hacked. One of the most common sign is computer running very slow. In addition to which the computer system's hard drive could possibly have software that is unrecognizable. Now now you ask , how can illegal hacker accomplish his task of hacking?

For uploading and downloading of files, FTP shortly called FTP is use for many years. Many of the commercial systems have FTP server, if this is not configured properly with firewall software for security then hacker requires little effort to hack the machine. The FTP server may be used by hacker to store illegal software and files as part of your computer's disk space. The files usually stored are pirated movies, pornography, and cracked software. The script used in programming by hackers seriously isn't an uncomplicated one. It makes a directory structure in your metabolism which stores their illegal data. The normal user finds it too tough to remove these scripts off their system since they have extended extensions very hard to identify.

In the event that users are lucky enough to get know that their system is hacked, they might eradicate hacker's script by wiping out your complete system and then again reinstalling it. Oftentimes hacker use Internet Relay Chat (IRC). In many systems hackers install IRC relay agent in order that information can be extracted from host system without understanding of owner. The sole effect which might be experienced in the computer is lowering in performance and access to the internet becoming slow.

Another option that hacker uses commonly for destructive motive is peer-to-peer file sharing software. Any ADPS which utilizes peer-to-peer file sharing software for downloading of files from internet is liable being hacked. The anti virus software placed in the machine keep a check mark on any attempt of hacking and cautions the user whenever something non-standard is detected while downloading files inside the system by making use of peer-to-peer services. Any organization allowing utilization of peer-to-peer file sharing software packages are putting their system and network at riskly.

4 ways to hack facebook accounts

4 approaches to The best way to hack facebook password/account ? I am going to cover 4 methods right here:

1. Facebook Phishing
2. Keylogging
3. Social engineering
4. Primary email address hack

Facebook phishing:

We've taken this kind of first because i believe this can be a hottest method/way involving hacking facebook. I studied various facebook surveys taken on web about hacking facebook. The outcome of these surveys show "Phishing" as being the most used method to hack 'facebook' in order to note"Phishing is favorite method of facebook hackers". So, friends.. beware of facebook Phishing. Facebook staff is working hard to prevent these Facebook phishers. Phishing not just allows you to hack "Facebook" but as well virtually any email account. You have to only have the trick used to create a phisher, which i think is quite easy. I learnt it without difficulty. But, remember, this really is only reserved for educational purpose. Let me not extend this topic up here when i have added on Phishing in my article How you can hack .facebook password


This really is my second favorite, as only thing you need to do is remotely use a keylogger application (without having any physical having access to victim computer). Keylogging becomes more easy should you have physical entry to victim computer as only thing you want to do is purchase a keylogger and direct it for a destination so that it will point all recorded keystrokes to pointed destination. Such a keylogger does will it be records the keystrokes into a log file and you may utilize these logs to get required Facebook password and thus can hack. facebook password. We have posted detailed information involving top keyloggers inside the trade to read more see my Hacking section

Social engineering:

This sounds to get pretty not working at beginning. Even I used to be neglecting that way. But, once, I believed of using it against my pal on Facebook i got his Facebook password without difficulty with that method. I do think many involving you will be understanding how what this social engineering, For newbies, social engineering is method of retrieving password or answer involving security question simply be quering using the victim. You should be cautious while using the this as victim must not be aware involving your intention. Just talk about cautiously using your logic.

Primary email hack

If Facebook hacker, by some means, hacks your gmail or yahoo account which you are generally using as primary email address, than the Facebook hacker can certainly hack your Facebook password using "Forgot password" trick. He's going to simply ask Facebook to transmit password reset email for a primary email address contact info- and that is already hacked. Thus, your Facebook account password will likely be reset and this will be hacked !!!

So, try to remember to defend your Facebook primary email address contact information and then try to keep unknown or useless mail id as the primary email addressSo far, i came across these Facebook hacking methods as best and working ways to hack facebook account passwords. I never encourage hacking Facebook or any email account,,I recently wanna allow you to be aware about Facebook dangers online. I will appreciate your effort if you mention some other Facebook hacking method.

Op Blackout - Anonymous pins down FBI and Justice Dept websites

<== Operation Blackout ==>

After one of the most popular file hoster Megaupload goes down following the US Department of Justice's indiction of 7 people who ran it, Anonymous strikes back !

Indeed, the Megaupload 7 were tracked down the day after the Blackout of Wikipedia and other major websites happended in protest against SOPA and PIPA, two internet piracy bills to be passed in congress.
The Retaliation

Only 15 minutes after the indictment, The Black Hat Hacktivist group Anonymous launches a Massive DOS attack  against 10 websites. Among those who became completely out of service are:
=> The Federal Bureau of Investigation (FBI)
=> The US Department of Justice
=> Universal Music Group
=> Recording Industry Association of America
=> Motion Picture Association of America

The Distributed Denial of Service
(DDOS) Attack

Anonymous is a collective group of hackers who come from different geographical locations but work together against designated targets. In this event, they communicated details of their target through their IRC channel #AnonOps. You can find more information on Anonymous group's operations and even tutorials on setting up softwares and required communication channels in order to help in their cause here:

The Software = ???

So you might be thinking..what the heck did those guys use to put down FBI's fucking website ???
The answer is LOIC => Low Orbit Ion Cannon. 
LOIC is DOS applications developed to put enormous load on a target by continuously pining it. Used by thousands it becomes an effective DDOS which can put most servers down. An Anonymous rep sais that more than 5k users downloaded and used LOIC to flood the target websites.

Anonymous Message - Don't Mess With Us

The secret to their Firepower

LOIC was initially a manually operated piece of software, but it eventually evolved and transformed itself into one which can be remotely operated. The LOIC program link that spreads across Anonymous's network is one which has been modified. It indeed can be pointed at an internet relay chat server and then be controlled by the Anon Admins to use your PC and internet connection to launch attack against the targets. So basically when installing the application, you become part of a botnet..the Anonymous Botnet and you give hackes the power to control your computer. That's their firepower..and considering the enormous amount of downloads that software has received..they got a lot of it !!!

Hacking Exposed Ebook - Web Applications 3

From the world renowned series of ebooks related to computer security comes:

Hacking Exposed Web applications 3

So what this ebook is about ? 

Web Applications are widely used on the internet today and are highly at risk from hackers and other malicious attackers. Web Applications Security therefore has become a must in the industry. Web Applications, Third Edition is fully updated to cover new infiltration methods and countermeasures.
For the hacker:
Learn how to exploit holes in web applications using SQL Injections techniques.
Learn how tools like Maltego work.
Learn how to Hack into Web Authentication technologies.
Find vulnerabilities in ASP.NET, PHP, J2EE and other technologies used to make web apps.
Learn about how browser-based and client-side exploits work.
Learn the most devastating methods used in today's hacks, including SQL injection, XSS, XSRF, Phishing, and XML Injection techniques.


Making Money Online - When you do not hack

Greetings Fellow Hacker and apprentices,
I have been surfing the net for years now and came across several Online Money Making programs, most of which did not work out. Of of those who did work out (PTC, Affialites ect...) most of them were not much remunerating..couple of bucks or $10 bucks per month.
Then I Found PostLoop.
Earn Money Posting in Forums
Postloop is a marketplace and exchange for Forum Owners, Blog Owners, and Content Writers

Forum owners can use Postloop to attract more posts to their forums,
Blog owners use Postloop to attract more comments to their blogs, and content writers use Postloop to earn money for posting in forums and commenting on blogs. 

So you get it ? At Postloop you get paid to post. Forum and blogs owners pay so that poster like you and me come and post on their websites. In exchange they pay PostLoop and Postloop pays you.

I registered for their program and aside from maintaining the Black Hat Hacker blog, I make some bucks posting on forums. I make around $3 a day for now, but as your rating as a poster increases, so does your earning potential.
Postloop rates it's users by the quality of their post so if you have a decent grammar and good English, you should be able to make money online.
Click on the banner below to sign up free.

Earn Money Posting in Forums

Ethical Hacking eBook - Hacking For Dummies 3rd Edition

Looking for an easy way to start learning about ethical hacking ?
Then Hacking For Dummies (3rd Edition) is a must read. Containing about 411 pages, this ebook has been used by thousands of hackers around the globe to sharpen their penetration testing skills.

The Book adopts more the white hat way of hacking so that effective counter measures can be implemented agaisnt black hat hackers.After reading this, you will learn about the latest ethical hacking methods and how to protect your system against hacking attempts. The book is divided into seven main parts:
Part I - Building the Foundation of Ethical Hacking
Part II - Putting Ethical Hacking in Motion
Part III - Hacking The Network
Part IV - Hacking Operating Systems
Part V - Hacking Applications
Part VI - Ethical Hacking Aftermath
Part VII - The Part of Tens
Priced at about $15, the black hat hacker blog provides a link to download the eBook version for free. Enjoy ;)

Download Hacking For Dummies 3rd Edition

Black Hat Hacker Group - LulzSec

The phenomenon of black hat hackers working on groups is well know. The most well known group must surely be Anonymous. This group gets all kind of media attention and hence causes other smaller groups but which merit significantly more showtime is the black hat hacker group "LulzSec"

LulSec is short for Lulz Security. This group consists of 6 core black hat hacker members, their goal seem to be have fun hacking and exposing the several security threats on the net. They d things apparently for the 'lulz' part of doing it, for the entertainment.

Operation Anti-Security
Operation Antisec, #Antisec or whatever you want to call it is perhaps one of the most mediated hacking operation ever. The two most famous: Anonymous and LulzSec teamed up to bring down and hack targets like Serious Organised Crime Agency (SOCA), Arizona Department of Public Safety and newspapers like The Post and The Times.

LulzSec and the FBI
After hacking Fox.com and leaking X-Factors contestants personal info, they hacked onto The American PBS system and even Sonny Pictures was not sparred. Now they are going big - FBI Affiliated Organisations. You can get more info on all their attacks on Wikipedia. I came across a video relating some interesting info about the group and FBI, you are welcome to take a look.

I hope you have as much fun as i did when finding more about the group.

Their Tweeter page: :http://twitter.com/#!/LulzSec
Download all their leaked/published documents: http://thepiratebay.org/user/LulzSec/
Their Last Release: http://pastebin.com/

Google Chrome and Firefox Crash Exploit

Once in a while you come across people who just won't stop wasting your time on Facebook.
They just do not have anything else to do than to piss you off. In those time, you wish you could just disable that person's internet connection ! While this post won't show you how to do this, it will surely show you how you can piss off your friends by crashing their browsers.

I came across this exploit on the net devised by some hacker by the name of t3rm!n4t0r. The exploit can be found on the Exploit Database Website under the section DoS/PoC and with the name "Google Chrome Denial Of Service (DoS)".
The reason why the author call this a DoS is above my comprehension xD. It is just some javascipt code that crash the browser because the javascript code messes up with the memory of the browser. Still IT DOES CRASH THE BROWSER.

Download the exploit code here: Exploit Database 

Affected Platforms: Windows and Unix

Affected Browsers: Chrome and Firefox

Tested on: Chrome v15 and Firefox v7

How to make it work ?
This exploit can be handy, so you may want it to be ready and and ur disposal.
I recommend uploading the code on a free web host.
(You have to save the code as an html file first)
Shorten the url of your free web host using goo.gl service or any other.
Just send them the url and watch them dissapear xD
Total Fun and they don't even know what hit them.
Happy Crashing.

Department of Defence, NASA, Pentagon and NSA have been hacked by hacker named Sl1nk

The United States of America, Department of Defence (DoD).
Department of the Navy, the Pentagon, NASA and the National Security Agency(NSA)

All these security agencies are thought to have the best ever security put into place against hacker attacks...yet one claims to have hacked into them !!!

Hacker Pseudoname: Sl1nk
Organisation: Unknown
Reputation: Unknown

This guys claims to have done some quite interesting and unbelievable things..things that would mean that the security holes in these above mentioned agencies are countless..
Is that because they wanted to adopt cloud computing, we'll see that later.

Maybe what this hacker 'sl1nk' is claiming to have done is completely false..but the information he provided seems so precise that it becomes difficult to ignore them. There is a set of documents he presented as proof and which are available to view at the end of this post. For now take a look at the tricks he says he managed to pull:
  1. SSH access to a Network of 140 machine's layer 1 to 3 in the Pentagon
  2. Access to APACS (automated personell air clearance system) 
  3. Thousand's of documents ranging from seizure of a vehicle up to private encryption key request forms.
  4. Database of all usernames/passwords of Webmail of Nasa.
  5. Access to ASSIST (Database for Military Specifications and Military Standards)
  6. Data Transformation Corporation's FAA Sponsored DUAT Service
  7. Access to Government Gateway at http://www.gateway.gov.uk/
  8. Access to applicationmanager.gov
  9. Login access to HM Revenue & Customs (HMRC)
  10. Login to Central Data Exchange | US EPA
As you can see, he (sl1nk) claims to have SSH access to many boxes, a list is given below :-

Pentagon, Nasa, Navy, NSA Area 54 Department of the Navy, Space and Naval Warfare System Command - - 
IP=, and lots more

 He also presented some account credentials that suppozedly THN Team verified and documents originating from the Department of Defence (DoD).

User: COM502571
Pass: C*************g@@
system access code: 0016***9
password: F*****1
Agent Name: Corie Lee
User ID: 1152****652
Pass: **************
Your User ID is: 437067167597
Password: cl**********3d
User: administratorbackup
Pass: fu********l@
User: JCrimson
Pass: M*********0n
User: Adminbackup
Pass: g*********7

Nice proofs and for sure would make people believe that these agencies have security flaws..but to what extent is it true ?

Was it because they moved to cloud computing...but why our defense and intelligence agencies are moving so quickly to adopt cloud computing ?
The answer is cost savings and higher efficiency but the most important aspect is is grounded squarely in our DoD's need exploit information faster than its adversaries.
Cloud computing is unique in its ability to address critical defense and intelligence mission needs.  That’s why cloud computing is critical to national defense.
The main concerns surrounding Cloud Computing Security are:
Data security, privacy and integrity
Intrusion detection and prevention

Security concerns about Cloud Computing are nothing new
Security experts find flaws in cloud computing
Demonstrations of new ways to attack corporate data stored with the increasingly popular “cloud” services have added to concerns about the technology.
Security researchers at the Black Hat USA security conference in Las Vegas showed how users of Amazon’s Elastic Compute Cloud (EC2) services were tricked into using virtual machines that could have included “back doors” for snooping.

XerXeS DoS - Wikileaks Hacking Tool

DoS Attack Video Part 2
The Hacking tool used to DoS Wikileaks
This is demonstration of a XerXes DoS Attack in action against atahadi.com
Whats new from the first demo video is that more is revealed about the attack technique.
See for yourself :

Activate FullScreen for a better experience 
Click on this link to view the first video
This second video of XerXeS shows more of the XerXeS dashboard, and reveals even more about the attack technique – It's an Enhanced version of XerXes able to dos secured Apache servers !
Take a look at 02.25 when he sets up the target server:

XerXes can now affect multiple server flavors – some still more are under development. 
This time he dropped a Secured server which is supposed have the Apache setup that is impervious to a XerXeS hit.  
Denial of Service (DoS) Attacks
The basic premise to this attack is that by sending (but never fully completing) numerous requests to Apache, one could get the Apache process to consume all system resources and stop serving up the actual web content.  
The Apache vulnerability is only the beginning, Xerxes will be able to hit IIS in the future. 
DoS or DDoS ? 
The attack is performed on a single low-spec computer, and while The Jester sends relatively few packets from his own machine, the attack results in brief outages of the target site. 
So he is not using any intermediaries or botnets, sorry for having wrote DDoS in my first post xD
You can view part 1 here: XerXes in action
You surely can follow Jester here:

Hackers attack Mastercard


If you tried going to MasterCard’s web site this morning you might have found yourself waiting a long time. Hackvists Hackers supporting WikiLeaks founder Julian Assange claim to have taken down the website of MasterCard, which shutdown its payment service to the controversial website on Monday. 

The hacktivist group dubbed Anon_Operation said in one tweet that "www.mastercard.com/ is down" and designated mastercard.com as their "current target" in what was taking the proportions of cyber war.

WikiLeaks has benefited from a massive groundswell of online support. Twitter is choked with messages of solidarity. The site's Facebook page has 1 million fans. And tech-savvy supporters are organizing boycotts and other stunts.  

 Operation:Payback occurs after the credit-card company withdrew its funding services for WikiLeaks. The whistleblower Web site’s founder Julian Assange was arrested yesterday and denied bail. He remains in the custody of British police.

View our previous post to see Xerxes, the tool used to ddos Wikileak, in action. A tool able to make a distributed denial of service attack, created by the jester...

Wikileak Xerxes Dos Attack

Want to have a look at the tools which Jester (the one who did a Ddos distributed denial of service) attack against Wikileaks ? Here you go :

Xerxes in Action
The tool used to Ddos Wikileak

Activate FullScreen for a better experience xD
View the preceding post to get the full story xD

Wikileaks hacked - Mass Distributed Denial of Service (ddos) attacks

Wikileaks under mass distributed denial of service attacks

Wikileaks, the famous whistle blower website has attracted high attention after publishing confidential information otherwise not available to the public.in April 2010, WikiLeaks posted video from a 2007 incident in which Iraqi civilians and journalists were killed by U.S. forces, on a website called Collateral Murder. In July of the same year, WikiLeaks released Afghan War Diary, documents about the War in Afghanistan not previously available for public review.
Just recently, Wikileaks says it is the target of a computer-hacking operation, ahead of a release of secret US documents.

DDOS (Distributed Denial of Service)
Distributed denial-of-service attack (DDoS attack)
In short: Distributed Denial of Service, or DDoS. A group of computer users or an organization distributed across multiple systems floods the host's servers with spurious requests for access, 
Is showed in the below graph,  traffic to one of Wikileak’s primary hosting provider> At approximately 10:05am EST, traffic abruptly jumps by 2-4 Gbps as the attack begins.

The attack was "exceeding 10 Gigabits a second" 
Another way to think of it is that someone, somewhere is demanding that the WikiLeaks cablegate site deliver the equivalent of 114 movies per second
That's a massive attack, but it's not as big as some it has survived in the past. So why did it have so much trouble today?

Amazon dropped it
On 2 December 2010 Amazon.com severed its ties with WikiLeaks, to which it was providing infrastructure services, after an intervention of an aide of US Senator Joe Lieberman. Amazon denied acting under political pressure citing a violation of its terms of service. Fuck !
DNS too (Dynamic Network Services Inc.)
On 2 December 2010 American owned EveryDNS dropped WikiLeaks from its entries, citing DDoS attacks that "threatened the stability of its infrastructure".The site's 'info' DNS lookup remained operational at alternative addresses for direct access respectively to the Wikileaks and Cablegate websites

The Hacker who took it down (The Jester) 
So who is this hacker?
The hacker, who calls himself The Jester and goes by the name th3j35t3r on Twitter, said he was motivated to take down WikiLeaks for patriotic reasons. He also said his other targets include Web sites used by Al Qaeda and other terrorists groups for recruiting purposes. 
What he used? - XerXeS
He apparently developed a multi-thread, thin-client denial of service attack application that effectively allows him to launch a distributed denial of service (DDOS) attack on a website from a single linux server.
The everal interviews with The Jester, along with two videos he made for Infosec Island that demonstrate the XerXeS Dos attack in action.

Hacking Website : Training for hackers to hack websites

Hi there, all of you who come here to know how to hack a website have come to the right place. Hack-website.blogspot.com is the place to visit if you wants loads of information on website hacking. Further post wil be added about this but first lets start with a little bit of training. To get the basics of website hacking, you must understand how all these things work: webservers, web pages, vulnerabilities and sql injection. I will cover these parts later but for beginners i would recommend to sign up at hackthissite.org. This is the best place to start learning what is essential to hacking websites.

Certified Ethical Hacker Training Videos

The CEH Program certifies individuals in the specific network security discipline of Ethical Hacking from a vendor-neutral perspective. The Certified Ethical Hacker certification will fortify the application knowledge of security officers, auditors, security professionals, site administrators, and anyone who is concerned about the integrity of the network infrastructure. A Certified Ethical Hacker is a skilled professional who understands and knows how to look for the weaknesses and vulnerabilities in target systems and uses the same knowledge and tools as a malicious hacker.
So here you go with 13.52GB of Certified etical hacker training.

Certified Ethical Hacking Training - CEH Overview

Hacking involves creativity and thinking 'outside-of-the-box', that is why vulnerability testing and security audits will not ensure the security proofing of an organization. To ensure that organisations have adequately protected their information assets, they must adopt the approach of 'defence in depth'. In other words, they must penetrate their networks and assess the security posture for vulnerabilities and exposure.

The goal of the Ethical Hacking & Countermeasures Course is to teach a delegate to help his organization to take pre-emptive measures against malicious attacks by attacking the system himself; all the while staying within legal limits. Delegates should be prepared for action paced course and the sheer size of the course content, however do not be intimidated as we will release e-learning prior to the delegate attending the course and also the instructor will prepare them thoroughly for the Certification Examination, the maunuals can then be taken home and to work and can be used as excellent reference volumes.

EC-Council Certified Ethical Hacker Certification: EC-Council has successfully certified more than a thousand information security professionals. CEH examination is becoming more demanding and more effective in measuring the true skills of a Penetration tester. Students are now required to be able to interpret identify exploits, log files, identify attack signatures, recommend countermeasures, have a firm grasp of the main tools and know standard procedures involved in penetration testing. The student is tested on 150 questions picked randomly from a pool of questions contributed by the security community. Our Pass rate to date is 98%  

Who Should Attend? This course will significantly benefit security officers, auditors, security professionals, site administrators, and anyone who is concerned about the integrity of the network and enterprise security.
Module 1: Introduction to Ethical Hacking
  • Why Security?
  • The Security, functionality and ease of use Triangle
  • Can Hacking be Ethical?
Module 2: Footprinting
  • Defining Footprinting
Module 3: Scanning
  • Definition of Scanning.
  • Types of scanning
Module 4: Enumeration
  • What is Enumeration?
  • NetBios Null Sessions
Module 5: System Hacking
  • Administrator Password Guessing
  • Manual Password Cracking Algorithm
  • Automated Password Cracking
Module 6: Trojans and Backdoors
  • Effect on Business
  • What is a Trojan?
Module 7: Sniffers
  • Definition of sniffing
  • How a Sniffer works?
Module 8: Denial of Service
  • What is Denial of Service?
  • Goal of DoS(Denial of Service)
Module 9: Social Engineering
  • What is Social Engineering?
  • Art of Manipulation
Module 10: Session Hijacking
  • Understanding Session Hijacking
  • Spoofing vs Hijacking
  • How Web Servers Work?
Module 11: Hacking Web Servers
  • How are Web Servers Compromised?
Module 12: Web Application Vulnerabilities
  • Web Application Set-up
  • Web Application Hacking
Module 13: Web Based Password Cracking Techniques
  • Authentication- Definition
  • Authentication Mechanisms
  • HTTP Authentication
Module 14: SQL Injection
  • Attacking SQL Servers
  • SQL Server Resolution Service (SSRS)
Module 15: Hacking Wireless Networks
  • Introduction to Wireless Networking
  • Business and Wireless Attacks
Module 16: Virus
  • Virus Characteristics
  • Symptoms of 'virus-like' attack
Module 17: Physical Security
  • Security statistics
  • Physical Security breach incidents
Module 18: Linux Hacking
  • Why Linux?
  • Linux basics
Module 19: Evading Firewalls, IDS and Honeypots
  • Intrusion Detection Systems
  • Ways to Detect Intrusion
Module 20: Buffer Overflows
  • Significance of Buffer Overflow Vulnerability
  • Why are Programs/Applications Vulnerable?
Module 21: Cryptography
  • Public-key Cryptography
  • Working of Encryption
Module 22: Penetration Testing Course
  • Introduction to Penetration Testing (PT)
Module 23: Advanced Exploit Writing
Module 24: Advanced Covert Hacking TechniquesModule 25: Advanced Virus Writing Techniques

Module 26: Advanced Reverse Engineering Techniques