Teen hacker hacks into US National Intelligence Director James Clapper’s email account

Teen Hacker who had earlier hacked into CIA Director’s emails, breaks into US National Intelligence Director’s email accounts

Hackers have now turned their attention to the personal online accounts of James Clapper, the director of US National Intelligence just months after breaching the personal email of John Brennan, the director of the Central Intelligence Agency (CIA).

Citing an intelligence official, the Associated Press confirmed that the personal email and other accounts connected to Clapper have been hacked.

DNI spokesman Brian Hale said on Tuesday that Clapper’s office is aware of the hacking and has reported the incident to appropriate authorities. He declined to provide other details.

An individual not authorized to discuss details who spoke only on condition of anonymity, said that the Office of the Director of National Intelligence was aware of the hacking incident before it was first reported on Tuesday by Motherboard.

Motherboard reported that the same teenage hacker who broke into Brennan’s account also targeted Clapper. The hacker, who goes by the name ‘Cracka’ online, and is a part of the “Crackas with Attitude” group, claimed that officials were not aware of the attack.

The alleged hacker claimed to have broken into accounts connected to Clapper including his home telephone, Internet and his wife Susan’s Yahoo email, Cracka told Motherboard.

The hacker also stated that he was able to reroute calls intended for Clapper’s home phone to the Free Palestine Movement, a pro-Palestine advocacy group.

Cracka also told Motherboard that he changed the settings in Clapper’s Verizon FiOS account so that every call to his home phone was forwarded to the Free Palestine Movement.

Motherboard said Cracka provided them with what was said to be Clapper’s home phone number and when called, Paul Larudee, co-founder of the Free Palestine Movement answered.

Brennan said in October that he was annoyed that someone hacked his personal email account and publicized sensitive data, including his contact list and his wife’s Social Security number.

He called the hack an “outrage” that highlighted the challenges faced by intelligence and national security communities in a more connected world.

“What it does is to underscore just how vulnerable people are to those who want to cause harm,” he said in October, according to a CNN account of a speech at an intelligence conference. “We really have to evolve to deal with these new threats and challenges.”

The hacker has said he is a high school student protesting U.S. policy. He said he fooled Verizon into providing him access to Brennan’s account.

Meanwhile, security expert Michael Adams, who worked for US Special Operations Command, said it was “insane” that Clapper’s personal information wasn’t hidden better.

“If I’m the Director of National Intelligence of the United States of America nobody is going to know where the f*** I live, nobody is going to have my goddamn phone number or address,” he told Motherboard.

Until now, it is not clear if anything other than Clapper’s some personal information anything else has been exposed. When Brennan’s accounts were hacked, documents and draft papers detailing the CIA chief’s thoughts on torture and Iran were stolen and published later by WikiLeaks.

DNI-JAmes-Clapper-at-NSS-2014-1024x682-702x336

Advertisements

Largest DDoS Attack in History

ddosDDoS attacks are one of the biggest enemies of a website admin. The year 2015 saw an unprecedented growth in the number of DDoS attacks. Along the similar lines, Arbor Networks recorded an attack peaking up to 334 Gbps. Well, things aren’t looking good in 2016 as a hacktivist group has taken the responsibility of the DDoS attack on BBC website that peaked up to 602 Gbps.

On New Year’s eve, the BBC website and iPlayer service went down due to a massive Distributed Denial of Service (DDoS) attack. The attack peaked up to 602 Gbps, according to the claims made by the New World Hacking group, who took the responsibility of the attack. In another recent attack, the Republican presidential candidate Donald Trump’s main campaign website was also targeted by the same group.
Earlier BBC announced that the service failure was due to some technical failure. Later it rephrased that the New World Hacking group took the responsibility just to “test its capabilities.”
602 Gbps – Largest DDoS Attack in History
DDoS attacks are conducted by flooding a web server with a torrent of traffic. These attacks are widely popular and often used by hackers with an aim to bring down the websites.
The BBC websites including the Player on-demand service suffered at least three hours outage on Thursday due to the DDoS attack.
This group is calling itself a hacktivist group whose main target is ISIS.  One of the members of the group – calling himself as Ownz – has told ZDNet their real motives.
Detailing the attack, Ownz said that they have their own ways to bypass the security layers of the Amazon Web Services.They Said,
“The best way to describe it is we tap into a few administrative services that Amazon is use to using. The [sic] simply set our bandwidth limit as unlimited and program our own scripts to hide it.”

Top Ten OS for ethical hackers and security researchers.

kali-wp-june-2014_1920x1080_a-702x336Here is the list of top ten. Note that these are based on Linux kernel hence are free and open source:

1- Kali Linux:

Kali Linux is an advanced penetration testing tool that should be a part of every security professional’s toolbox. Penetration testing involves using a variety of tools and techniques to test the limits of security policies and procedures. What Kali has done is collect just about everything you’ll need in a single CD. It includes more than 300 different tools, all of which are open source and available on GitHub.
Click Download For kali Linux OS.

2-BackBox:

Backbox is a linux distribution based on Ubuntu. It has been developed to perform penetration tests and security assessments. BackBox is a lightweight OS and requires less hardware capacity. The power of this distribution is given by its Launchpad repository core constantly updated to the last stable version of the most known and used ethical hacking tools. The integration and development of new tools inside the distribution follows the commencement of open source community and particularly the Debian Free Software Guidelines criteria.

3-Parrot Security OS:

Parrot Security is an operating system based on Debian GNU/Linux mixed with Frozenbox OS and Kali linux in order to provide the best penetration and security testing experience. it is an operating system for IT security and penetration testing developed by the Frozenbox Dev Team. It is a GNU/Linux distribution based on Debian and mixed with Kali.

Parrot uses Kali repositories in order to take latest updates for almost all the tools, but it also has its own dedicated repository where all the custom packets are kept. This is why this distro is not just a simple Kali “mod” but entire new concept which relies on Kali’s tool repositories. As such, it introduces a lot of new features and different developing choices.Parrot uses MATE as a Desktop Environment. Lightweight and powerful interface is derived from famous Gnome 2, and thanks to FrozenBox highly customizable with captivating icons, ad-hoc themes and wallpapers. System look is proposed and designed by the community members and also members of Frozenbox Network, who are closely following the development of this project.
Click Download to Get.

4-DEFT:

Deft is Ubuntu customization with a collection of computer forensic programs and documents created by thousands of individuals, teams and companies. Each of these works might come under a different licence. There Licence Policy describe the process that we follow in determining which software we will ship and by default on the deft install CD.
Click Download to get 4-DEFT.

5-Samurai Web Security Framework:

The Samurai Web Testing Framework is a live linux environment that has been pre-configured to function as a web pen-testing environment. The CD contains the best of the open source and free tools that focus on testing and attacking websites. In developing this environment, we have based our tool selection on the tools we use in our security practice. We have included the tools used in all four steps of a web pen-test.
Download Samurai Here.

6-Network Security Toolkit:

Network Security Toolkit (NST) is a bootable live CD based on Fedora Core. The toolkit was designed to provide easy access to best-of-breed open source network security applications and should run on most x86 platforms. The main intent of developing this toolkit was to provide the network security administrator with a comprehensive set of open source network security tools.

What we find rather fascinating with NST is that we can transform most x86 systems (Pentium II and above) into a system designed for network traffic analysis, intrusion detection, network packet generation, wireless network monitoring, a virtual system service server, or a sophisticated network/host scanner.
Download NST here .

7-NodeZero:

It is said the necessity is the mother of all invention, and NodeZero Linux is no different. There team is built of testers and developers, who have come to the census that live systems do not offer what they need in their security audits. Penetration Testing distributions tend to have historically utilized the “Live” system concept of linux, which really means that they try not to make any permanent effects to a system. Ergo all changes are gone after reboot, and run from media such as discs and USB’s drives. However all that this maybe very handy for occasional testing, its usefulness can be depleted when your testing regularly. Its there believe that “Live System’s” just don’t scale well in a robust testing environment.

All though NodeZero Linux can be used as a “Live System” for occasional testing, its real strength comes from the understanding that a tester requires a strong and efficient system. This is achieved in our belief by working at a distribution that is a permanent installation, that benefits from a strong selection of tools, integrated with a stable linux environment.
Download Node-Zero Linux here.

8-GnackTrack:

GnackTrack is an open and free project to merge penetration testing tools and the linux Gnome desktop. GnackTrack is a Live (and installable) Linux distribution designed for Penetration Testing and is based on Ubuntu.

Backtrack is not only a single player in the field of ethical hacking, so you can try some other distribution as well, if you are Gnome lover than must try this, however backtrack 5 is also available on Gnome platform. Just like backtrack, Gnacktrack comes with multiple tools that are really helpful to do a effective penetration testing, it has Metasploit, armitage, wa3f and others wonderful tools.
Download Gnacktrack here.

9-Blackubuntu:

Blackbuntu is distribution for penetration testing which was specially designed for security training students and practitioners of information security. Blackbuntu is penetration testing distribution with GNOME Desktop Environment. It’s currently being built using the Ubuntu 10.10 and work on reference BackTrack.
Download Blackbuntu here.

10- Backtrack

The other well known linux based Operating system is backtrack that is being used from few pwevious years and best known as the OS for network cracking and pentesting. And its also the one of the best OS that can perform various network hacks with privacy.

Download backtrack here.

Bugtraq:

Bugtraq isnt a operating system but  an electronic mailing list dedicated to issues about computer security. On-topic issues are new discussions about vulnerabilities, vendor security-related announcements, methods of exploitation, and how to fix them. It is a high-volume mailing list, and almost all new vulnerabilities are discussed there.
Bugtraq team is experienced freaks and developers, It is available in Debian, Ubuntu and OpenSuSe in 32 and 64 bit architectures.

If there is any OS which is not included or deserves a better place in the list, you may let us know in the comments.