Tag Archives: hack

President Donald Trump’s Website Hacked; Defaced By Iraqi Hacker

Facebooktwittergoogle_plusredditpinterestlinkedinmail
During the 2016 presidential election campaign, we reported about how insecure was the mail servers operated by the Trump organization that anyone with little knowledge of computers can expose almost everything about Trump and his campaign.

Now, some unknown hackers calling themselves “Pro_Mast3r” managed to deface an official website associated with President Donald Trump’s presidential campaign fundraising on Sunday.

The hacker, claiming to be from Iraq, reportedly defaced the server, secure2.donaldjtrump.com, which is behind CloudFlare’s content management system and security platform.

The server appears to be an official Trump campaign server, reported Ars, as the certificate of the server is legitimate, “but a reference to an image on another site is insecure, prompting a warning on Chrome and Firefox that the connection is not secure.

The defaced website displayed an image of a black hat man and included a text message, which reads:

Hacked by Pro_Mast3r ~
Attacker Gov
Nothing Is Impossible
Peace From Iraq

At the time of writing, the server is now offline, and there is no official statement from Trump-Pence campaign team yet.

According to a blog post published by Italian IT journalist Paolo Attivissimo, the source code of the defaced server does not contain any malicious script.

Instead, the server includes a link to javascript on a now-nonexistent Google Code account, ‘masterendi,’ which was linked to cyber attacks on three other sites in the past.

Facebooktwittergoogle_plusredditpinterestlinkedinmail

Attack code for ‘unpatchable’ USB flaw released

Facebooktwittergoogle_plusredditpinterestlinkedinmail

Computer code that can turn any almost any device that connects via USB into a cyber-attack platform has been shared online.

Computer security researchers wrote the code following the discovery of the USB flaw earlier this year.

The pair made the code public in an attempt to force electronics firms to improve defences against attack by USB.

One of the experts who found the flaw said the release was a “stark reminder” of its seriousness.

Attack tools

Details of the BadUSB flaw were released at the Black Hat computer security conference in August by Karsten Nohl and Jakob Lell.

Their work revealed how to exploit flaws in the software that helps devices connect to computers via USB. The biggest problem they discovered lurks in the onboard software, known as firmware, found on these devices.

Among other things the firmware tells a computer what kind of a device is being plugged into a USB socket but the two cybersecurity researchers found a way to subvert this and install attack code. At Black Hat, the BBC saw demonstrations using a smartphone and a USB stick that could steal data when plugged into target machines.

Mr Nohl said he and his colleague did not release code in order to give firms making USB-controlling firmware time to work out how to combat the problem.

Now researchers Adam Caudill and Brandon Wilson have done their own work on the USB flaw and produced code that can be used to exploit it. The pair unveiled their work at the DerbyCon hacker conference last week and have made their attack software freely available via code-sharing site Github.

“We’re releasing everything we’ve done here, nothing is being held back,” said Mr Wilson in a presentation at DerbyCon.

“We believe that this information should not be limited to a select few as others have treated it,” he added. “It needs to be available to the public.”

Mr Wilson said cybercrime groups definitely had the resources to replicate the work of Mr Nohl and Mr Lell to produce their own attack code so releasing a version to the security community was a way to redress that imbalance.

Responding to the release of the attack tools Mr Nohl told the BBC that such “full disclosure” can motivate companies to act and make products more secure.

“In the case of BadUSB, however, the problem is structural,” he said. “The standard itself is what enables the attack and no single vendor is in a position to change that.”

“It is unclear who would feel pressured to improve their products by the recent release,” he added. “The release is a stark reminder to defenders, though, that BadUSB is – and always has been – in reach of attackers.”

Facebooktwittergoogle_plusredditpinterestlinkedinmail