Police Charged British Teen, Aged 18, For Running DDoS-For-Hire Service

A teenage student has been charged with running a supplying malware that was used for launching distributed denial of service (DDoS) attacks against websites of some of the world's leading businesses.

Jack Chappell, an 18-year-old teenager from Stockport, is accused of helping cyber criminals with his DDoS booter service (DDoS-for-hire service) to flood millions of websites around the world with the massive amount of data and eventually bring them down, making them unavailable to their users. 

Among the victims that were allegedly attacked by Chappell's malware are the National Crime Agency (NCA), T-Mobile, O2, Virgin Media, the BBC, Amazon, Vodafone, BT, Netflix, and NatWest that had its online banking systems down in a 2015 cyber attack. 


Chappell is charged following an investigation led by the West Midlands Regional Cyber Crime Unit and assisted by Israeli Police, the Federal Bureau of Investigation (FBI) and Europol’s European Cybercrime Centre (EC3).

According to authorities, the teenager rented his DDoS-for-hire service to criminals and also ran an online helpdesk for would-be hackers as part of his operation.

"He has been charged with impairing the operation of computers under the Computer Misuse Act, plus encouraging or assisting an offense and money laundering crime proceeds together with an American national," West Midlands Police said in a statement.

Chappell is due to appear at Manchester Magistrates' Court on July 4, Tuesday.

Late last year, another 19-year-old student from Hertford (Town in the UK) was pled guilty for running Titanium Stresser DDoS-for-hire service, one of the most popular DDoS booter tool that was used to launch over 1.7 Million DDoS attacks worldwide and brought him an income of more than US$385,000.

Kaspersky Agrees To Allow US Government Take A Look At Its Source Code

Eugene Kaspersky, CEO of the Russian cybersecurity firm Kaspersky Lab, has publicly affirmed that he is willing to allow the government of the United States to inspect his firm’s source code to quell any questions and trust issues about Kaspersky’s antivirus and cybersecurity products.

Kaspersky’s invite comes after round upon round of sparring between the U.S. and Russian governments over potential election hacking. It carries on a long complaint about the Russian company that shares a name with its founder. Eugene Kaspersky attended a KGB-sponsored school and once worked for Russia’s Ministry of Defense. He also reportedly has many ties to Russia’s intelligence community. 


Senators suggested last week that Kaspersky Lab products should no longer be used by the U.S. military. Senator Jeanne Shaheen said there was “a consensus in Congress and among administration officials that Kaspersky Lab cannot be trusted to protect critical infrastructure.”

Kaspersky admits to having ex-Russian intelligence workers, primarily as sales staff in government liaison roles. But he claims his company only does defensive security work and has no ties to the Russian government.

The Russian government, notably, has asked for similar code access from American technology firms, and many – including IBM, Cisco, and SAP – have acquiesced.

This WordPress Plugin is Vulnerable To SQL Injection Attack And Its Been Used by Over 300,000 Sites

A SQL Injection vulnerability has been discovered in one of the most popular Wordpress plugins, installed on over 300,000 websites, which could be exploited by hackers to steal databases and possibly hijack the affected sites remotely.

The flaw has been discovered in the highly popular WP Statistics plugin, which allows site administrators to get detailed information related to the number of users online on their sites, the number of visits and visitors, and page statistics. 


Discovered by Sucuri team, WordPress plugin WP Statistics is vulnerable to SQL Injection flaw that allows a remote attacker, with at least a subscriber account, to steal sensitive information from the website's database and possibly gain unauthorized access to websites.

SQL Injection is a web application bug that allows hackers to inject malicious Structured Query Language (SQL) code to web inputs in order to determine the structure and location of key databases, which eventually allows stealing of the database.

The SQL injection vulnerability in WP Statistics plugin resides in multiple functions, including wp_statistics_searchengine_query().

"This vulnerability is caused by the lack of sanitization in user-provided data," researchers said. "Some attributes of the shortcode wpstatistics are being passed as parameters for important functions and this should not be a problem if those parameters were sanitized."
"One of the vulnerable functions wp_statistics_searchengine_query() in the file 'includes/functions/functions.php' is accessible through WordPress' AJAX functionality thanks to the core function wp_ajax_parse_media_shortcode()."


This function does not check for additional privileges, which allows website subscribers to execute this shortcode and inject malicious code to its attributes.

The researchers at Sucuri privately disclosed the flaw to the WP Statistics team and the team had patched the vulnerability in its latest version WP Statistics version 12.0.8.

So, if you have a vulnerable version of the plugin installed and your website allowing user registration, you are definitely at risk, and you should install the latest version as soon as possible.

Microsoft Outlined Steps To Detect and Prevent Petya Ransomware Via Microsoft Azure

Petya (or NotPetya) Ransomware (Or not ransomware) – it is the second major global Ransomware attack incident in the past two months. Petya, began in Ukraine and then it quickly spread further across Europe and the rest of the world. This Ransomware encrypts a hard drive’s index page until the victim pays the ransom of $300 in Bitcoins. Microsoft in a blog post shared the procedure to prevent and detect Petya through Azure Security Center for its customers.

Petya Ransomware Cyber Attack

Petya ransomware is very similar to the Wannacry attack, in fact, it follows the same pattern. The ransomware locks up a computer’s files and demands $300 Bitcoins as ransom to unlock the data. So far it has hit over 12,000 machines in around 65 countries. Once a system has been compromised, the ransomware takes the following steps:

• Pens a message to the raw disk partition.
• Clears the Windows Event log using Wevtutil
• Restarts the machine
• Encrypts files matching a list of file extensions (including .3ds, .7z, .accdb, .ai, .asp, .aspx, .avhd, .back, .bak, .c, .cfg, .conf, .cpp, .cs, .ctl, .dbf, .disk, .djvu, .doc, .docx, .dwg, .eml, .fdb, .gz, .h, .hdd, .kdbx, .mail, .mdb, .msg, .nrg, .ora, .ost, .ova, .ovf, .pdf, .php, .pmf .ppt, .pptx, .pst, .pvi, .py .pyc, .rar, .rtf, .sln, .sql, .tar, .vbox, .vbs, .vcb, .vdi, .vfd, .vmc, .vmdk, .vmsd, .vmx, .vsdx, .vsv, .work, .xls, .xlsx, .xvd, and .zip)
• Leverages WMI or PsExec to spread
• Presents a text message on the screen of the user, demanding ransom for files recovery.

Prevention Of Petya In Microsoft Azure Security Center

• Deploy Endpoint Protection

Azure Security Center runs a scan against the virtual machines across an Azure subscription. It then makes a recommendation to deploy endpoint protection where an existing solution is not detected, this can be accessed via Prevention section.

• Compute pane

The Compute pane displays the endpoint protection status in detail. This include recommendation for installing Endpoint Protection.

• Selection Of And Installation

Upon clicking on the recommendations on Compute Pane, the user leads to a dialog that allows the selection and installation of an endpoint protection solutions, including Microsoft’s own antimalware solution.

• Availability

Azure Security Center Free tier customers have access to these recommendations and connected mitigation steps.

Detection Of Petya In Microsoft Azure Security Center

• Detection Feature For Standard-Tier Azure Security Center

Standard-Tier Azure Security Center customers can reap the benefits of a recently added new detection feature. This feature specifically alerts on specific indicators related to the Petya ransomware running on an infected host. The security alerts can be accessed by the users through the Detection pane.

• Alert For Petya Ransomware

Alert for Petya ransomware displays as shown in the picture. To view the details of the impacted VM and suspicious process or commandline user needs to click on the alert.

Apply Remediation Steps To All

While the detection alert relates to a specific host, Microsoft advices to apply remediation steps to all on all hosts on the network. This is Petya attempt to spread to other nearby machines.

Microsoft Azure Security Center customers can follow the remediation steps from Microsoft Malware Protection Center (MMPC) blog.

Wikileaks Reveals How CIA Track Windows Users by Gauging Wi-Fi Signal

On Wednesday, WikiLeaks released the latest issue in its ongoing Vault 7series—a trove of secret or otherwise classified US Central Intelligence Agency files from 2013 to 2016 describing previously undisclosed malware and viruses.

Today’s release includes documentation on “ELSA,” a purported CIA project for tracking human targets carrying wi-fi-enabled devices. The malware involved in this project is specifically for devices running Microsoft Windows. 


As with the rest of the Vault 7 material, the 42-page “ELSA” manual
was allegedly stolen from the agency’s Center for Cyber Intelligence in Langley, Virginia. The method “ELSA” supposedly employs to determine a Windows user’s location is pretty ingenious, though not an entirely new idea.

The first step involves injecting the target’s laptop with geo-location malware. Once installed, the malware begins scanning for and collecting metadata from nearby wi-fi networks. This information can be collected from the surrounding networks as long as wi-fi is enabled on the device—a connection is not required.

Using this data, it is possible—with varying degrees of success, no doubt—to locate a target using what’s called trilateration. Basically, the signal strength of the wi-fi network is used to approximate the distance of the target from the network device’s wi-fi transmitter. This is very similar to how law enforcement locates a suspect via his or her cellphone by measuring the signal strength of multiple nearby cell towers.


A standard wi-fi transmitter has a range of about 105 feet. Measured by the target’s device, the signal strength will, therefore, tell the “ELSA” operator (CIA) approximately where the target is. If the signal is very strong, then the target is probably within 10 to 15 yards of the transmitter; as the signal begins to fade, the operator can conclude that the target is moving away from the transmitter. If the person is within the range of multiple wi-fi networks, you can combine the data collected from various networks to generate a more accurate picture of the target’s relative location.

There’s no indication as to how often the “ELSA” program was or is used, but it’s easy to see how this would be a useful tool for the nation’s clandestine agency. For instance, it seems like a fairly effective way to identify a person’s relative location—say, if you were planning a drone strike.

As part of its Vault 7 series, WikiLeaks has previously revealed similar documents showing how CIA performs various man-in-the-middle (MitM) attacks and hacks cellphones and Samsung smart TVs. According to WikiLeaks, the quantity of the Vault 7 leak, which the publisher is doling out month by month, “already eclipses the total number of pages published over the first three years of the Edward Snowden NSA leaks.”