Your daily round-up of some of the other stories in the news
Dark web host breached
More bad news for users of the dark web: just days after AlphaBay, one of the biggest souks on the dark web vanished, hosting company Deep Hosting suffered a breach which led to “some sites [being] exported”, according to Bleeping Computer.
Deep Hosting said that a user calling himself Dhostpwned had registered a shared hosting account and then used it to upload two shells, one of which was able to execute, leading to some sites apparently being exported.
The PHP shell seems to have affected more than 90 sites, according to a page posted by the hosting company. “A large part of the PHP shell is unusable since a certain number of functions are blocked on the shared servers but one function was not blocked. The attacker was able to access the server and execute a command with limited rights.”
The attack took place over the weekend and it was apparently 24 hours before the Deep Hosting admins were able to patch their servers. “We believe that some sites have been exported,” they said, adding: “It is possible that the linked databases were also recovered.”
Since these sites include marketplaces where drugs are sold, malware repositories and carding forums, there is bound to be anxiety among users about who has got what data.
Radio station pwnd
Listeners to a local radio station in the English Midlands have been surprised a few times over the past month or so when the regular programming was knocked off air by a pirate using his or her own transmitter to hijack the station, Mansfield 103.2, and play a comedy but decidedly NSFW song from the late 1970s
The song, by a band called Ivor Biggun – led by 1970s and 80s TV star Doc Cox – has popped up at least eight times in the past month, and broadcasting watchdog Ofcom has launched an investigation to find the pirate who keeps pwning the radio station.
Ofcom says it’s taking the hijacking of the station extremely seriously. Tony Delahunty, the managing director of Mansfield 103.2, pointed out to the BBC that “it exposes a situation that is available for – who knows, a terrorist, that type of person, some idiot who wants to put emergency messages on. It could become an awful lot worse.”
His listeners’ responses have been mixed, he added. “We have had calls from people who have found it hilarious, while some have raised their concerns, including our competitors, and a lot of people in the industry are aghast at how difficult it is to stop these people.”
Russian hacker jailed for nine years
A prolific Russian hacker who stole tens of thousands of credit cards via a banking trojan botnet has been sentenced to nine years in prison, the Washington Post reported.
Alexander Tverdokhlebov, 29, born in Russia but now a US citizen who lives in Los Angeles, operated a botnet controlling half a million computers, according to US investigators, and put up for sale the details of at least 40,000 stolen credit cards between 2009 and 2013.
Tverdokhlebov lived an expensive lifestyle as a result, said prosecutors, keeping $272,000 in cash in safety deposit boxes in LA and Las Vegas. He told the federal court in Alexandria that he would “try to redeem myself”. The judge, TS Ellis, told Tverdokhlebov: “You’re a talented young man. You never thought you would be caught.”
Catch up with all of today’s stories on Naked Security
Mahhn
Alexander should spend no less than one day in jail for each PC and CC he hacked. :)