Security Week 35: Carders donate to Hutchins, 500 thousand pacemakers were recalled, 711 million emails found in spam bot

Published on September 01, 2017

Security Week 35: Carders donate to Hutchins, 500 thousand pacemakers were recalled, 711 million emails found in spam bot

    The tragic, but instructive story of the young British information security specialist Markus Hutchins, who was arrested in the United States a month ago, began to slide into a frank farce. I must say, the States treated Marcus relatively mildly: the guy was released on bail of $ 30 thousand, so that he with a bracelet on his leg awaits trial in the wild. Not even limited access to a computer.

    Meanwhile, many colleagues spoke in defense of Hutchins. Indeed, Marcus proved himself worthy in the story of WannaCry, and could impersonate a trojan writer for research purposes. As a result, well-wishers organized a fundraiser for him. After all, with money, protection always goes somehow brighter. The gathering was steered by New York lawyer Tor Eckeland, specializing in such cases. For a couple of weeks, friends and sympathizers pulled up as much as $ 150 thousand.

    However, Marcus's friends were somehow suspicious. The transaction processing company determined that out of the donations made, only $ 4,900 is legitimate, the rest came from stolen bank cards. Thor was upset by the news and announced that all honest donors would receive a refund.

    Meanwhile, evidence of the prosecution in the main case of Marcus became known . In addition to the samples of the banker Kronos, which he allegedly bungled, the investigation has 150 pages of Hutchins Jabber chat with some unknowns, 350 pages from the forum and recordings of interrogations. Nothing has been heard about real witnesses in the case. And if the story ends with a zugunder, it will be another reminder that the Internet should not talk too much. After all, a network talker is a godsend for the investigator.

    FDA recalls half a million pacemakers due to vulnerabilities

    News. There is an influential government agency in the United States - the FDA, which is also the Food and Drug Administration. A terrible force when it comes to protecting citizens from harmful drugs and dangerous foods. So these guys spent about a year investigating vulnerabilities in the medical equipment of St. Jude Medical decided to recall pacemakers of particularly distinguished models. A total of 465 thousand pieces.

    But back in 2016, when this story was just beginning. Med Sec published vulnerability descriptions for St. Jude Medical. Researchers explained their decision to “make holes public” as follows: they say that you cannot get vulnerability patching from these seals, so we have to take out dirty linen in public. St. Jude responded with a lawsuit, accusing Med Sec of self-serving lies. According to the plaintiff, this story was invented to shorten the shares of St. Jude and make money on their downfall while posting vulnerability news.

    The medical men replied that yes, they had shorted them, but only in order to recoup the costs of finding these vulnerabilities. The company is young, there are no customers, no money, spin as you want. However, the exchange is an exchange, and the vulnerabilities turned out to be the most real - something had to be done. At first, the FDA tried to persuade device developers to “fix” them somehow. But in the end, she made a radical decision - to recall pacemakers. Straight from the chest.

    In fact, you will not need to remove the device, of course. Patients will have to visit a cardiologist, under whose supervision the firmware will be updated in a pacemaker. The procedure is unsafe - as in the case of updating the firmware of any other device, there is always a risk of “corrupting” it, which, of course, can be fatal. Nevertheless, it is necessary to do this, given the danger of vulnerabilities:

    - CVE-2017-12712 allows you to control a pacemaker over the air without authentication;
    - CVE-2017-12714, with “proper” use, can quickly “milk” the device’s battery;
    - CVE-2017-12716 is suitable for draining monitoring data.

    It is not yet known for certain whether hackers were interested in these holes over the past year, but not so long ago, Reuters reportedthat two people in Europe died due to premature discharge of St. Jude.

    40 GB of foreign credentials were extracted from the botnet

    News . Many Trojans are designed solely to steal various valuable data from people - for example, logins and passwords. And if it doesn’t work, then even the email will go, it can be sold to spammers. It seems not very scary. But the scale of such data mining is really terrifying.

    The Onliner botnet, which researchers learned about in 2016, specializes in spamming, including malware, for example, the Ursnif banking Trojan. Onliner needs someone else’s email credentials to send spam on behalf of legitimate users. So it creeps through spam filters much more vigorously.

    Benkov’s comrade Benkowlab broke into the Onliner management and control server and found a powerful data layer there, a real big date — 40 GB files with mail addresses, usernames and passwords for mail, the configuration of SMTP servers, etc., and then contacted Troy Hunt, the lead of the famous Have I Been Pwned project, which rummaged around as it should.
    Based on the results, 711 million records were added to the Have I Been Pwned database. This is a roofing figure - as if the whole population of Europe, including children, had been hacked. In fact, there are fewer victims, of course, and not all emails have credentials, but anyway, the find, to put it mildly, is unpleasant. You can break through this base on HIBP .


    “Keydrop” A non-

    dangerous virus that typically infects the boot sectors of floppy disks when accessing them and the MBR of the hard drive when booting from an infected floppy disk. Manifested by the effect of “falling letters” (the codes of this algorithm are completely copied from the Cascade virus). It hooks int 13h. Contains the text "© Copyright 1990 Keydrop inc.".

    Quote from the book "Computer viruses in MS-DOS" by Eugene Kaspersky. 1992 year. Page 102.

    Disclaimer: This column reflects only the private opinion of its author. It may coincide with the position of Kaspersky Lab, or it may not coincide. Here it’s how lucky.