SFbay Metro hit with Ransomware - Polidicks

[img]http://mtc.ca.gov/sites/default/files/styles/gallery-thumb/public/Traffic-BARTcommuters_BayBridge%20backdrop.jpg?itok=F7XqJB-N[/img] [quote]San Francisco’s transport agency has been hit by a hack attack that led to customers being able to travel for nothing. The hackers have made a ransom demand of 100 Bitcoin, which amounts to about $70,000 (£56,000 ; €66,000). [/quote] [quote]Computers across the city’s transport network, including at stations, were disabled with screens displaying a message from the attackers. The message read: [code]You Hacked, ALL Data Encrypted. Contact For Key(cryptom27@yandex.com)ID:681 ,Enter[/code] [/quote] [quote]The trains themselves were not affected - and city officials said a full investigation was underway. [/quote] [quote]San Francisco news site Hoodline told the BBC the hacker had provided a list of machines he or she claimed to have infected in Muni's network - more than 2,000 in total. It appeared to include many employee terminals as well as machines that may be used to look after payroll and employees’ personal information. The hacker told Hoodline on Sunday that Muni had “one more day” to make a deal. [/quote] [url=http://www.bbc.com/news/technology-38127096]**SOURCE**[/url] Hacker? Lol, it's more like some asshole with a USB stick wandering through the office.

[QUOTE=pentium;51439915][ig]http://mtc.ca.gov/sites/default/files/styles/gallery-thumb/public/Traffic-BARTcommuters_BayBridge%20backdrop.jpg?itok=F7XqJB-N[/img] [url=http://www.bbc.com/news/technology-38127096]**SOURCE**[/url] Hacker? Lol, it's more like some asshole with a USB stick wandering through the office.[/QUOTE] 90% of "hacking" is social engineering

"yandex.com" fuckken russkies

And somehow this all comes back to Ubisoft - viral marketing for WD2.

[QUOTE=Ott;51439920]90% of "hacking" is social engineering[/QUOTE] What does this statement mean?

[QUOTE=Talishmar;51440009]What does this statement mean?[/QUOTE] Essentially, a lot of major "hacks" in the past haven't been highly advanced from a technical standpoint, but instead the perpetrators have been able to con the victims into giving them want they want (i.e., passwords, shutting off firewalls, etc.) Look up the exploits of Kevin Mitnick in the 90s for an excellent example.

[QUOTE=pentium;51439915] Hacker? Lol, it's more like some asshole with a USB stick wandering through the office.[/QUOTE] This "thAts not HACKING!1!1" shit is getting to be just as stupid as people freaking out over the media classifying guns with certain recognizable terms. You don't look intelligent when you correct people like this, just stuck up and snobbish. Especially when you do it outside of Internet forums. It's time to accept and move on with the fact that, in mainstream society, the term "hacking" has become synonymous with the interface of computers with malicious intent.

[QUOTE=ScriptKitt3h;51440032]Essentially, a lot of major "hacks" in the past haven't been highly advanced from a technical standpoint, but instead the perpetrators have been able to con the victims into giving them want they want (i.e., passwords, shutting off firewalls, etc.) Look up the exploits of Kevin Mitnick in the 90s for an excellent example.[/QUOTE] I recommend [url=https://www.amazon.com/Art-Deception-Controlling-Element-Security/dp/076454280X/]The Art of Deception[/url] by him, it's a good read.

customers being able to travel for nothing - now this is my type of hacking :godzing:

[QUOTE=Talishmar;51440009]What does this statement mean?[/QUOTE] *telephone rings* "Hi, this is Roy Gerbil from the corporate office. We're going to have to reset the system at your location, because there is a problem. What's the password again?"

[QUOTE=pentium;51439915] Hacker? Lol, it's more like some asshole with a USB stick wandering through the office.[/QUOTE] So, what's your point? Is this not serious occurrence for them, is that what you're saying?

[QUOTE=ScriptKitt3h;51440032]Essentially, a lot of major "hacks" in the past haven't been highly advanced from a technical standpoint, but instead the perpetrators have been able to con the victims into giving them want they want (i.e., passwords, shutting off firewalls, etc.) Look up the exploits of Kevin Mitnick in the 90s for an excellent example.[/QUOTE] And I imagine the guys who DID really do major hacks, ended up targeting very wealthy individuals. If I had the skills and know how, I wouldn't go for the SFBay metro ffs. Or like that guy here in Argentina that modified mark notes in the UADE for a fee... That, or they got caught by the NSA, BND, FSB or whatever and ended up working for them.

[QUOTE=FlakTheMighty;51440062]I recommend [url=https://www.amazon.com/Art-Deception-Controlling-Element-Security/dp/076454280X/]The Art of Deception[/url] by him, it's a good read.[/QUOTE]I have both Art of Deception and Art of Intrusion. They're fascinating with how simple some things are to do, and how even otherwise difficult or secure systems can be breached by just knowing a few things in advance and finding one person stupid enough or afraid enough of losing their jobs that they'll not question you.

social engineering is very easy, thats why you should Never Trust The Client, even if said client is on the intranet.

[QUOTE=Ott;51439920]90% of "hacking" is social engineering[/QUOTE] ...it's what?

[QUOTE=ZakkShock;51440381]...it's what?[/QUOTE] manipulating people into giving up information, especially confidential information, like accounts and passwords, it's basically the computer version of a con trick except it's usually not the end but a means to another end.

[QUOTE=ZakkShock;51440381]...it's what?[/QUOTE]Social Engineering is using human elements as a means to an end. In the book Flak brought up for instance he talks about two teens who talked their way in to an aircraft parts manufacturer in the middle of the night. A guard in the plant spotted them and brought them to the security room. The lead teen explained he was part of marketing showing around a new hire to get him up to speed and they had big business stuff to do. He then even offered up a manager in marketings name and phone number, the guard calls and then gives the phone to the lead teen. The teen starts talking about business plans and having coffee and appointments and shit, then hangs up saying things are good. Guards let the two teens go. Of course the lead teen was just bullshitting and rambling things to the manager and not letting her respond, then hung up so the guards couldn't check for themselves. By the time the manager called back trying to figure out what was going on the teens had fled and weren't found. The teen did his research before going in and learned employee names and information, certain facts like possible dealings with other companies, things of that nature. Then he made himself look official to pass glancing inspection. And when caught, he used his research to make himself sound official and bluffed his way through the questioning. Social Engineering is actually fascinating to study. Research, psychology, sociology, it's not just manipulation or lying.

$70k seems super cheap for what they're holding hostage

[QUOTE=geel9;51440910]$70k seems super cheap for what they're holding hostage[/QUOTE] They can just keep asking for more once they pay out a little bit.

[QUOTE=geel9;51440910]$70k seems super cheap for what they're holding hostage[/QUOTE] $70k is a good payout if it was a relatively low-effort and small group operation. Plus, ask too much and you certainly rule out any chance they pay up.

[QUOTE=Doctor Zedacon;51440778]Social Engineering is using human elements as a means to an end. In the book Flak brought up for instance he talks about two teens who talked their way in to an aircraft parts manufacturer in the middle of the night. A guard in the plant spotted them and brought them to the security room. The lead teen explained he was part of marketing showing around a new hire to get him up to speed and they had big business stuff to do. He then even offered up a manager in marketings name and phone number, the guard calls and then gives the phone to the lead teen. The teen starts talking about business plans and having coffee and appointments and shit, then hangs up saying things are good. Guards let the two teens go. Of course the lead teen was just bullshitting and rambling things to the manager and not letting her respond, then hung up so the guards couldn't check for themselves. By the time the manager called back trying to figure out what was going on the teens had fled and weren't found. The teen did his research before going in and learned employee names and information, certain facts like possible dealings with other companies, things of that nature. Then he made himself look official to pass glancing inspection. And when caught, he used his research to make himself sound official and bluffed his way through the questioning. Social Engineering is actually fascinating to study. Research, psychology, sociology, it's not just manipulation or lying.[/QUOTE] People who are good at Social Engineering often has a similar skillset as method actors.

[QUOTE=thelurker1234;51439922]"yandex.com" fuckken russkies[/QUOTE] It might very well be someone using that server to avoid US subpoenas against the email provider (though they'd be insane not to use additional indirection).

[QUOTE=Map in a box;51440344]social engineering is very easy, thats why you should Never Trust The Client, even if said client is on the intranet.[/QUOTE] Social engineering CAN be easy, when people like you are encountered it gets much, much more difficult. [editline]28th November 2016[/editline] [QUOTE=FlakTheMighty;51440062]I recommend [url=https://www.amazon.com/Art-Deception-Controlling-Element-Security/dp/076454280X/]The Art of Deception[/url] by him, it's a good read.[/QUOTE] imo that book is Mitnick masturbating into 300+ pages.