The CyberDispatch-Jan 22, 2017

Facebooktwitterredditpinterestlinkedinmailby feather

– Your Daily Digest for January 22, 2017

Krebs delivers on Mirai

This past week one of the finest sleuths on cyber crime seems to have to successfully pinpointed the coder behind the Mirai botnet that slammed DNS services provider Dyn, owned by Oracle, with DDoS attacks that took out some of the web’s most trafficked sites.

Despite the initial claims of attack by the “New World Hackers” and Anonymous, Krebs has narrowed the focus down to a Rutgers student named “Anna-Senpai” or “Paras Jha” a student from Rutgers. He did so by tying social media postings by both and examining claims, skill sets and modus operandi.

The student’s lawyer said he is innocent. However in the same interview the family, “Initially, the family believed authorities were trying to help their son, but they now believe the FBI is trying to build a case against him.”

The sites affected included major centers like reddit, Spotify, Twitter, Tumblr, Netflix, BBC, CNN, Comcast, Amazon server users, NY Times, Github, Airbnb, Etsy, Verizon, FoxNews, The Guardian, HBO, Paypal, Wired, Wall Street Journal and dozens more.


Russian Hacker Arrested

Another Russian hacker, Stanslav Lisov was detained by the Guardia Civil in Barcelona, Spain at the El Prat’s airport on January 13, 2017 under international warrant by FBI and Interpol. At this point he is accused of working to develop the NeverQuest, a trojan aimed at banking exfiltration.

Lisov’s arrest follows the arrest in October 2016 of Yevgeniy Aleksandrovich Nikulin who was indicted by a US federal grand jury October 20, 2016 for “obtaining information from computers, causing damage to computers, trafficking in access devices, aggravated identity theft and conspiracy,”

Notably he breached LinkedIn, Dropbox and Formspring, the site tied to former congressman Anthony Weiner. Found in the Justice Department release on the indictment, “Further, Nikulin is alleged to have engaged in a conspiracy with unnamed co-conspirators to traffic stolen Formspring user credentials.” This connection was explored here in a post called “Part One: Pawn Takes Queen”


New World Hackers claim hit on Gabon soccer site

After taking claim for the Mirai months ago, the DDoS attack that tickled our ears with the term IoTs, the group known as The New World Hackers told AP that they were behind an attack on a soccer tournament website. The group send an email to Associated Press stating hackers behind the attack were named “Kapustkiy”, “Cyric” and “Maxie”.

The attack flooded the African Cup of Nations’s site for 5 hours in retaliation for what they see as a “dictatorship” under Gabonese president Ali Bongo. This year the games will be held in Gabon. This cyber demonstration attack was aimed to bring attention to the politics of the leader and government ahead of the games.