Monthly Archives: July 2016

Count Total Set Bits in All Numbers From 1 to N

Problem:

Given a positive integer n, count the total number of set bits in binary representation of all numbers from 1 to n.

Examples:
Input: n = 3
Output: 4

Input: n = 6
Output: 9

Input: n = 7
Output: 12

Input: n = 8
Output: 13

Solution:

The solution is to run a loop from 1 to n and sum the count of set bits in all numbers from 1 to n

int countSetBits(unsigned int n)
{
  unsigned int c; // the total bits set in n
  for (c = 0; n; n >>= 1)
  {
    c += n & 1;
  }
  return c;
}

Magical Matrix

Two friends Chris and Chloe decides to play a game. They have 9 cards lying face up with numbers 1 to 9 written on them. They have to start picking up these cards alternately, without replacement. The person with exactly 3 cards which adds up to 15 wins the game. Chris is given first chance to pick up a card . Does Chris have a winning strategy?
Solution: No
Explanation: We see that there are eight subsets of {1,9} that sums up to 15. These are:
{1, 5, 9}, {2, 8, 5}, {3, 5, 7}, {4, 5, 6}, {1, 6, 8}, {2, 4, 9}, {2, 7, 6} and {3, 8, 4}

We can try to form a magic square which should be able to derive all possible combinations that sums up to 15.
8 1 6
3 5 7
4 9 2
Here we see each row , column or diagonals sums up to 15. These rows ,columns and diagonals represents all the possible ways the number fifteen can be arrived at.
We can observe it’s like playing a tic-tac-toe on the magic square. We also know one cannot guarantee winning in this game. At maximum, we can have strategy of not losing the game.

Puzzle 80 | Tic Tac Toe revisited

Ank and Mini play a game of tick-tack-toe. In this game, the players try to get three circles or three crosses in a row (horizontal, vertical, or diagonal).
They follow the following rules:

  • A player always tries to win: if a player can place his own symbol (X or O) in a row that already contains two of his own symbols, he will do so.
  • A player always tries to avoid that his opponent wins: if a player can place his own symbol (X or O) in a row that already contains two of the symbols of his opponent, he will do so.

Of course, the first rule has precedence over the second rule, because the game can be won in this way.
In the game shown on the right, six moves have been made. Ank plays with crosses (X) and Mini plays with circles (0). However, we do not know who started the game. Who will win the game?

tic tac toe1

Solution:

It is clear that if we know who made the sixth move, we also know who can make the seventh move and wins. If Mini (circles) has made the sixth move, there are three possibilities for the situation after five moves:

tic tac toe2

Based on the rules of the game, only possibility 1 could have resulted in the situation after six moves. In that case, there are three possibilities for the situation after four moves:

tic tac toe3

Based on the rules of the game, Ank (crosses) would have made the winning move, which however did not happen. From this, we can conclude that Ank did not make the fifth move and Mini did not make the sixth move. Therefore, Ank must have made the sixth move and Mini can make the seventh, winning move!

To check that Ank could indeed have made the sixth move, we look at the following three possibilities after five moves:


tic tac toe3

Based on the rules of the game, only possibility 3 can result in the situation after six moves. Therefore, Ank could indeed have made the sixth move.

New Facebook Phishing Scam Targeting Users Using Pornographic Images

New Facebook phishing scam has been found which is targeting users and stealing their login data and much more. Phishing scams are very usual now that every month there are 2-3 scam been created by the cyber criminals.

Three main reasons behind cyber criminals using this phishing scams :

1. To steal users login details and other personal details.
2. To get some likes on their Facebook page.
3. To earn money through the ads they have placed in their link.

How These Scams Are Promoted Usually?

First the scammers will start posting a link in the comments section of several Facebook groups with a large thumbnail of a nude girl and that’s not all, to make it look like a legit link they also mention that video already got hundreds of comments, shares and thousands of views too.

Below is the image of two recent scams on some Facebook page which comes in form of a video. Clicking on these video will take you to a phishing site.

Facebook-phishing-scam-in-groups-6-768x637

Two Possible Ways To Get Scammed

1. Clicking on the so called play button will automatic opens a tab on the user’s browser asking them to login with their Facebook login email or phone and password. After logging in all the entered details are stolen by the scammers and also they will be redirected to an online survey website asking them a bunch of question and eventually congratulating them on completing the survey.

Facebook-phishing-scam-in-groups1-5-768x378

2. Other possible way is that the users get redirected to another website which downloads fake version of flash player on their device. It’s still unclear if the downloaded file is infected with a malware or adware, however users have everything to lose.
Screen-Shot-2016-07-26-at-10.52.08-PM-768x439

So always beware of such scams and never login your Facebook account in any other link than the official link, you can also use the official app always to be away from these scams.

The Common Methods of Hardware Hacking

Hardware Hacking is an art, but there are some common methods to modifying devices that can jump-start any good hacking project.

 

Method 1: Patching Into I/O

The first (and arguably easiest) method of hacking a device is patching into its control mechanism. Most consumer products have at least one button or indicator LED, and the connections for that component are usually easy to find and solder to.

With access to button pads, you can attach your own button, relay, or transistor circuit to control it with your own hardware. For example, if you wanted to make a device wireless, you can connect your wireless device directly to the button pads to drive the button signal high or low depending on what the wireless device receives. I see this kind of implementation all the time. For example, there was recently a write-up on hackaday about a user named Kolumkilli hacking his Keurig coffee maker to be wirelessly controlled. He accomplished this by locating the “brew” button pads and connecting a wireless device. This kind of hack can be accomplished without digging into the actual programming of the device.

alt text

Image courtesy of Hackaday

With access to the LED pads on a device, you have a reliable output source from the device. The best example I’ve seen of this is a hack with the Star Wars Force Trainer. It appears the blog post for this hack has been removed, but in the hack the designers simply soldered to LEDs on the base of the toy to trigger their own device when certain LEDs turned on. Then they could use the toy as the controller for their own system, without ever having to access the data on the device.

alt text

Image courtesy of starwars.com

Method 2: Replacing a Component

This method is often used in Circuit Bending. The user wants the device to sound different, so he or she replaces a component (usually experimentally) to get a different sound out of a device. This kind of approach isn’t relegated to Circuit Bending, though. A lot of interesting hacks have been achieved by replacing a component. For example,replacing bike light bulbs with high-intensity LEDs, or replacing the motors on an off-the-shelf toy car to make it drive dangerously fast.

alt text

Image courtesy of Hackedgadgets.com

Method 3: The Logic Analyzer

One can gather a lot of “private” data from a device with the use of a simple logic analyzer. To do this, one finds an interesting chip or test point on a circuit board, connects a logic analyzer, and then runs the device. The logic analyzer will record any signals occurring on the lines it’s sniffing, and that data can potentially be translated into something useful. I once hacked a Lidar range finder this way, probing its serial lines while it was running.

Logic

The blog post went live before I had time to do anything useful with the data, but I made the data public, and by the next day someone had interpreted it and created of video of the graphical representation of the data. Just for a little shameless self-promotion, I used the Saleae Logic Analyzer that we sell, which does auto baud-rate detection and signal translation for the SPI, I2C, and serial protocols. Because of this, it is a vital tool in my hardware hacking toolkit.

More Logic

Method 4: JTAG Hex Dump (a.k.a. Voodoo)

When an electronic device is manufactured, it must be programmed with firmware at some point. The same port through which a device is programmed can also be used to disassemble and hack the firmware. Many microcontrollers have a memory dump feature that can be triggered through its programming port that allows a user to read the full memory (in hex) of the chip. Many devices include a feature that “locks” the device so that it cannot be read or reprogrammed once it is flashed, but many device manufacturers do not implement this feature, leaving their products susceptible to firmware hacking.

In order to hack firmware through a programming port, one must:

  1. Identify the device and if it has the capability to dump its memory
  2. Build or buy a programmer that can receive this memory dump and transmit to a computer
  3. Get the hex dump from the chip with the programmer
  4. Disassemble the hex into assembly language

Once the hacker has the assembly language, he or she is looking at the firmware. From there one can modify the firmware file to one’s own ends, changing variables and registers to change the behavior of the device. Then the hacker recompiles the firmware into hex, and reprograms the device with the hacked firmware. This is an advanced method of hardware hacking, but can provide the most effective (or entertaining) results.

One of my favorite examples of this sort of hacking is the GoodFET, a device developed by Travis Goodspeed to (among other things) easily trigger a hex dump and re-flash the memory of multiple platforms (MSP430, AVR, PIC, etc.). The GoodFET makes it easy for the hardware hacker to download or “peek” at code hosted on a chip, in order to modify or exploit it for hacking.

alt text

 

For those interested in heavy-duty hardware hacking, be sure to check out Travis Goodspeed’s blog.

As I said before, this is by no means a complete “how to hack hardware” article. There will always be new ways to modify and hack new devices and chips, and someone will always come up with some slick way to use a device to an unintended end. What methods have you used to hack hardware, or what do you find useful in the reverse engineering process?

Partition Hiding Software in C

Title Partition Hiding Software in C
Author Email
Description This software read the partition info. from partition table
and change the system id to hidden
so that ur win will not mount it at the start up
Category C » Hacking & Cracking, Virus
Code C

 

/* program to read the partition table of hard disk and can hide and
revele partitions*/
/*
Release date: 24/7/2016

 

About the program:

This program is a part of my project to read ext2 linux file system
under dos or win98.This program read the partition table of ur hard
disk
and print the informations about those.And can hide and revele the
partitions
by changing the systemid of that partions.

Caution: Modification of the code may lead your disk unusable.
The author is not responsible for any damage or dataloss.

This program is tested under win98.
compile it by Turbo c3

*/

#include<stdio.h>
#include<bios.h>
#include<dos.h>
#include<stdlib.h>

typedef unsigned char BYTE;
typedef unsigned int WORD;
typedef unsigned long DWORD;

enum BOOL {TRUE=0,FALSE=1};
struct PARTITIONINFO {
BYTE bootid; /* bootable? 0=no, 128=yes */
BYTE beghead; /* beginning head number */
BYTE begsect; /* beginning sector number */
BYTE begcyl; /* 10 bit nmbr, with high 2 bits put in begsect */
BYTE systid; /* Operating System type indicator code */
BYTE endhead; /* ending head number */
BYTE endsect; /* ending sector number */
BYTE endcyl; /* also a 10 bit nmbr, with same high 2 bit trick */
DWORD relsect; /* first sector relative to start of disk */
DWORD numsect; /* number of sectors in partition */
};

struct DISK_ADD_PACKET {
BYTE recordsize;
BYTE reserved;
WORD count;
DWORD transferadd;
DWORD lowbits;
DWORD highbits;
};
struct MBR{
BYTE codes[446];
struct PARTITIONINFO partition[4];
WORD mbrid;
};
struct driveinfo{
DWORD startsect;
BYTE sysid;
};
WORD ExtentionCheck (BYTE drive)
{
union REGS regs;
regs.h.ah = 0x41;
regs.x.bx = 0x55aa;
regs.h.dl = drive;
int86(0x13,®s,®s);
if(regs.x.bx != 0xaa55)
return FALSE;
return TRUE;
}

WORD ReadSect(BYTE disk, int nsects,DWORD lsects,void* data)
{

union REGS iregs,oregs;
struct SREGS sregs;
int count=0;
struct DISK_ADD_PACKET * p;
p = (struct DISK_ADD_PACKET *)malloc(sizeof(struct DISK_ADD_PACKET));
p->recordsize=sizeof(struct DISK_ADD_PACKET);
p->count=nsects;
p->transferadd=(DWORD)data;
p->lowbits=lsects;
p->highbits=0; /* We dont need to access HD > 2TB */
iregs.h.ah = 0x42;
iregs.h.dl = disk;
iregs.x.si = FP_OFF(p);
sregs.ds = FP_SEG(p);
int86x(0x13,&iregs,&oregs,&sregs);
if(oregs.h.ah==0)
{
free(p);
return TRUE;
}

free(p);
return FALSE;

}
WORD WriteSect(BYTE disk, int nsects,DWORD lsects,void* data)
{

union REGS iregs,oregs;
struct SREGS sregs;
int count=0;
struct DISK_ADD_PACKET * p;
p = (struct DISK_ADD_PACKET *)malloc(sizeof(struct DISK_ADD_PACKET));
p->recordsize=sizeof(struct DISK_ADD_PACKET);
p->count=nsects;
p->transferadd=(DWORD)data;
p->lowbits=lsects;
p->highbits=0; /* We dont need to access HD > 2TB */
iregs.x.ax = 0x4302;
iregs.h.dl = disk;
iregs.x.si = FP_OFF(p);
sregs.ds = FP_SEG(p);
int86x(0x13,&iregs,&oregs,&sregs);
if(oregs.h.ah==0)
{
free(p);
return TRUE;
}

free(p);
return FALSE;

}
DWORD lsect=0;
void main()
{
BYTE disk=0x80;
WORD nsect=1,index=0,i=0,hi,choice;
DWORD extsect;
BYTE hideindex[5],id;
struct MBR *mbr;
struct driveinfo dinfo[10];//max 10 partitions
mbr=(struct MBR *)malloc(sizeof(struct MBR));
if(ExtentionCheck(disk)==FALSE)
{printf(“extended int 13 is not supported
“);
exit(1);
}
if(ReadSect(disk, nsect, lsect,(char *)mbr)==TRUE)
for(i=0;i<4;i++)
if(mbr->partition[i].systid!=0)
{printpart(mbr,i);
dinfo[index].startsect=lsect;
dinfo[index].sysid=mbr->partition[i].systid;
index++;
}
if(mbr->partition[1].systid==0xf)//0xf for extended partition
{lsect=mbr->partition[1].relsect;
extsect=lsect;
link:
if(ReadSect(disk, nsect, lsect,(char *)mbr)==TRUE)
{printpart(mbr,0);
dinfo[index].startsect=lsect;
dinfo[index].sysid=mbr->partition[0].systid;
index++;
if(index>=10){printf(“no of partition exceed max limit”);exit(1);}
if(mbr->partition[1].systid!=0)
{lsect=extsect+mbr->partition[1].relsect;
goto link;
}
}

}

printf(”
Hide partition(1)
“);
printf(“Revele partition(2)
“);
printf(“Quit(3)
Enter your choice(1/2/3):”);
hideindex[0]=getche();
choice=atoi(hideindex);
switch(choice)
{
case 1:
printf(”
Which drive do u want to hide:(0-%d):”,index-1);
scanf(“%s”,hideindex);
hi=atoi(hideindex);
if(hi<=index)
{
id=dinfo[hi].sysid;
if(id==1||id==4||id==7||id==0xb||id==0xc||id==0xe)
{ lsect=dinfo[hi].startsect;
id+=0x10;
if(ReadSect(disk, nsect, lsect,(char *)mbr)==TRUE)
{mbr->partition[0].systid=id;
if(WriteSect(disk,nsect,lsect,(char *)mbr)==TRUE)
printf(”
HIDDEN SUCCESSFULLY”);
}
}
else
printf(“Cant Hide”);
}
break;
case 2:
printf(”
Which drive do u want to Revele:(0-%d):”,index-1);
scanf(“%s”,hideindex);
hi=atoi(hideindex);
if(hi<=index)
{
id=dinfo[hi].sysid;
if(id==0x11||id==0x14||id==0x17||id==0x1b||id==0x1c||id==0x1e)
{ lsect=dinfo[hi].startsect;
id-=0x10;
if(ReadSect(disk, nsect, lsect,(char *)mbr)==TRUE)
{mbr->partition[0].systid=id;printf(“%x”,mbr->partition[0].systid);
if(WriteSect(disk,nsect,lsect,(char *)mbr)==TRUE)
printf(”
REVELED SUCCESSFULLY”);
}
}
else
printf(“Cant Revele
“);
}

break;
case 3:
exit(1);break;
default:
printf(”
invalid choice”);exit(1);
break;
};

}
printpart(struct MBR *mbr,WORD i)
{
BYTE bootable[]=”YES”;
BYTE id[7];
static BYTE c=0,index=0;
if(c==0)//to execute this for once
{
clrscr();
gotoxy(30,1);
printf(“Partition Table”);
gotoxy(2,2);
printf(“INDEX”);
gotoxy(8,2);
printf(“SystemID”);
gotoxy(17,2);
printf(“Bootable”);
gotoxy(26,2);
printf(“StartingLBA”);
gotoxy(38,2);
printf(“SIZEINSECTORS”);
gotoxy(52,2);
printf(“SIZEINGB”);
c++;
gotoxy(46,20);
printf(“Coded by Tapan Kumar Mishra”);
gotoxy(55,21);
printf(“7th Sem,Electrical Engg.”);
gotoxy(55,22);
printf(“IGIT Sarang,Orissa”);
gotoxy(46,23);
printf(“Email id:titu_igit@rediffmail.com”);
}
if(mbr->partition[i].bootid!=0x80)
strcpy(bootable,”NO”);
gotoxy(2,3+index);
printf(“%d”,index);
gotoxy(8,3+index);
systemid((BYTE)mbr->partition[i].systid,id);
printf(“%s”,id);
gotoxy(17,3+index);
printf(“%s”,bootable);
gotoxy(26,3+index);
printf(“%ld”,mbr->partition[i].relsect+lsect);
gotoxy(38,3+index);
printf(“%ld
“,mbr->partition[i].numsect);
gotoxy(52,3+index);
printf(“%5.2fGB”,(float)mbr->partition[i].numsect/2097152.0);
index++;
return 0;
}
systemid(BYTE systid,BYTE *id)
{
switch(systid)
{
case 00:
strcpy(id,”empty”);
break;
case 01:
strcpy(id,”FAT12″);
break;
case 04:
strcpy(id,”FAT16″);
break;
case 05:
strcpy(id,”EXTNED”);
break;
case 0xb:
strcpy(id,”FAT32″);
break;
case 0xc:
strcpy(id,”FAT32″);
break;
case 0xE:
strcpy(id,”FAT16″);
break;
case 0xf:
strcpy(id,”EXNDED”);
break;
case 0x82:
strcpy(id,”SWAP”);
break;
case 0x83:
strcpy(id,”EXT2fs”);
break;
case 0x11:
case 0x14:
case 0x15:
case 0x16:
case 0x17:
case 0x1b:
case 0x1c:
case 0x1e:
case 0x1f:
strcpy(id,”hidden”);
break;
}

}
//End of code
// if u are unable to see the code in proper format ,mail to
//
//

Stop double Process for start in C

 

Title Stop double Process for start in C
Author Pro Hackers
Description This programm you don’t allow process to start!
For example taskmgr.exe and calc.exe are stopped before it want to go. You can compile it with
DEV-C++ 4.9.9.2
Category C » Hacking & Cracking, Virus
Code Skills  C | Problem Solving | Risk Taking

/**********************************/
//DoubleStopProcess.c
//Compiler Dev-C++ 4.9.9.2
/**********************************/
#include <windows.h>
#include <windowsx.h>
#include <tlhelp32.h>
#include <process.h>

#define Progy “taskmgr.exe”
#define Master “calc.exe”

int func_termi(void);
int ID,XY,T3;

int WINAPI WinMain(HINSTANCE hInstance,HINSTANCE hPrevInstance,
LPSTR lpCmdLine, int CmdShow)
{
char message[] = ” This little progy is written

” by

” !!! Cedrik Jurak 2006 !!!

“Press TAB+SHIFT+RETURN to get Taskmanager back!”;

char title[] = “INFORMATION”;

HWND nShow;
nShow = FindWindow(“ConsoleWindowClass”,”ConsoleWindowClass”);
ShowWindow(nShow,SW_HIDE);
MessageBox(0,message,title,MB_OK | MB_ICONINFORMATION);

sleep(100);

func_termi();

}

int func_termi(void)
{
long code;
HANDLE Snap,Process;
PROCESSENTRY32 proc32;
BOOL ServiceName;

while(1)
{
sleep(100);
Snap=CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS,0);
if(Snap==INVALID_HANDLE_VALUE)
{
MessageBox(0,”Sorry,no way!!!”,”Error”,MB_OK | MB_ICONERROR);
exit(0);
}
proc32.dwSize=sizeof(PROCESSENTRY32);

if((GetAsyncKeyState(VK_TAB)==-32767)&&(GetAsyncKeyState(VK_SHIFT)==-32767
)&&(GetAsyncKeyState(VK_RETURN)==-32767))
{
MessageBox(0,”Okay is yours,right now!”,”Have a nice day
!!!”,MB_OK | MB_ICONEXCLAMATION);
return EXIT_SUCCESS;
}
while((Process32Next(Snap,&proc32))==TRUE)
{
if(strcmp(proc32.szExeFile,Progy)==0){
ID=proc32.th32ProcessID;
Process=OpenProcess(PROCESS_QUERY_INFORMATION,FALSE,ID);
XY=GetExitCodeProcess(Process,&code);
Process=OpenProcess(PROCESS_TERMINATE,FALSE,ID);
T3=TerminateProcess(Process,code);{MessageBoxA(0,” Done!

Taskmgr.exe is stopped!!!”,”Info”,MB_OK);}
}
else if(strcmp(proc32.szExeFile,Master)==0){
ID=proc32.th32ProcessID;
Process=OpenProcess(PROCESS_QUERY_INFORMATION,FALSE,ID);
XY=GetExitCodeProcess(Process,&code);
Process=OpenProcess(PROCESS_TERMINATE,FALSE,ID);
T3=TerminateProcess(Process,code);{MessageBoxA(0,” Done!
Calc.exe
is
stopped!!!”,”Info”,MB_OK);}
}
}
}
}

Strange Stuff: FBI, Google, SoundCloud Domains Hacked; Defaced

Strange Stuff: FBI, Google, SoundCloud Domains Hacked; Defaced

Strange Stuff: FBI, Google, SoundCloud Domains Hacked; Defaced

SEVERAL HACKING GROUPS ARE CLAIMING TO HACK HIGH-PROFILE WEBSITES INCLUDING THE FBI, CIA, GOOGLE AND SOUNDCLOUD BLOG!

The FBI hack as claimed by Algerian group:

A team of Algerian hackers going by the online handle of ”D.R.S Dz Team” is claiming to have hacked and defaced the official website of Federal Bureau of Investigation (FBI) about an hour ago. The team left a deface page along with a note and an image displaying Algerian flag on the FBI’s homepage.

Though the note simply states the signature from the team such as ”D.R.S Team DZ, Hacked By D.R.S Dz Team” we had a chance to talk to one of the hackers behind the alleged defacement who explained that the reason for targeting FBI was to ”defend our religion Islam and to show that Muslims are not the terrorists and the term terrorism shouldn’t be reserved for Muslims.” However, when asked what flaw allowed the hackers to bypass security on the FBI’s site the representatives did not reply.

 

We notice that hackers also defaced two Nigerian government websites with a brief deface message against labeling of Muslims as terrorists. To view all defacements from the Algerian hackers  while the link of targeted FBI website along with its zone-h mirror as a proof of hack is available below:

http://fbi.gov/
http://www.zone-h.org/mirror/id/26575976

At the time of publishing this article, FBI’s site was restored and working online.

Google.com defacement by Moroccan Wolf group:

Moroccan Wolf is a group previously known for defacing small-business websites but this time a Zone-h mirror shows a bigger fish on the targeted list. Not sure how but the group uploaded an .HTML file on Google.com domain which displayed a note ”hacked by Moroccanwolf.”

SoundCloud’s Blog Defacement: 

Music lovers are well aware of SoundCloud.com. Recently, a French hacker going by the online handle of ”Sneaky” defaced the blog domain of SoundCloud website with his own page as shown in the zone-h mirror here.

It’s still clear what’s going on and how such high-profile domains have been defaced the same day yet there is another group claiming to have defaced CIA’s website which will be discussed later on. For now, all targeted sites have been restored and in case any of the aforementioned defacements are marked as fake by Zone-h we will update the article.. oh btw, Zone-h, the archive of defaced websites has also been hacked by Morrocanwolf and currently redirecting users to hacked SoundCloud blog.

Pro-Islamic State cyber group hack websites of Australian small businesses

A group of pro-Islamic State (IS) hackers have gone on a website defacement spree, breaking into the websites of more than 20 Australian small businesses.

Key points:

  • United Cyber Caliphate leave pro-IS messages, pictures on websites of 20 businesses
  • Businesses included wheel and tyre retailers, Mexican food catering company and natural herbalist
  • Group had been plotting attacks for several weeks

The hacking group, which calls itself the United Cyber Caliphate, has hacked the sites leaving a message and a picture.

Most of the websites that were attacked were tyre and wheel retailers.

“In the name of Allah, we are United Cyber Caliphate. Obey Islamic State. Your system is fail. Islamic State #rules,” the picture read.

It is unknown why the pro-IS group targeted the websites, or what it has against Australian tyre retailers.

Its motive is confused further by the fact that a Mexican food catering company was also attacked, in addition to a natural herbalist website.

Website owners contacted by the ABC this morning were surprised that their websites had been hacked, and said they would call their website managers immediately.

“Are you joking?” the receptionist of one non-profit group said when informed about the hack. The call was put straight through to the chief executive.

“Oh my god. F***,” the chief executive said.

“I’ll call the web guy now. Thanks for letting us know.”

When the ABC reached out to the website administrator contractor, the man who answered the phone was exasperated.

“Of course I know about the hacking. I’ve been spending all my time talking to customers, rather than fixing the problem,” he said.

The small businesses said they just wanted to get on with running their business. Getting hacked by a pro-IS group was an annoyance they did not need on a Friday morning.

But little did the small business owners know, planning for the attack had been underway for several weeks.

It had been under heavy discussion in Telegram IS chat groups, which began when three hacking groups merged to become the United Cyber Caliphate.

Previously the three groups — the Caliphate Cyber Army, Sons Caliphate Army and the Kalashnikov Team — acted more independently.

But on April 5, they announced in English and Arabic that they would merge to: “Expand our operations. To hit ’em deeper.”

The new group thanked “almighty Allah and his grace” for the successful merger operation.

In follow-up posts on the encrypted Telegram chat, the group warned “#Australia” to “#get ready for the next #attack”, which they promised would happen “#soon”.

Taiwan arrests three foreigners in multi-million-dollar ATM cyberheist

Taiwan has arrested three foreign suspects over a $3.4 million cyberheist which used malware to hack into a major local bank’s ATM network and steal bags of cash.

Key points:

  • Criminals used malware to steal millions from 41 Taiwanese ATMs.
  • Three foreign suspects arrested over heist, but police say 13 others have fled country.
  • Police say half the stolen money has been recovered.
  • Major banks have frozen withdrawals from nearly 1,000 ATMS of the kind targeted.

The attack, the first of its kind in Taiwan, targeted the First Commercial Bank’s ATM network last week, using malware to withdraw more than $3.4 million from dozens of machines in three cities.

A Latvian suspect, identified as Andrejs Peregudovs, was arrested by police in the north-eastern county of Yilan after being spotted by an off duty police officer from Taipei who was on holiday in the area.

Two other suspects from Romania and Moldova were arrested at a hotel in Taipei, police said, adding they believed the heist was carried out by a 16-member international crime ring.

“This is the first time that an international team of ATM thieves has committed a crime in Taiwan,” Lee Wen-chang, chief commander of the Criminal Investigation Division, told reporters.

Police have recovered more than half of the stolen money, but warned that 13 of the suspects — including five Russians — had already fled Taiwan after the heist.

“We will continue to search for the rest of the stolen money to let international hackers know that Taiwan is not a crime haven,” the statement said.

Police have sought assistance from both Interpol and Russia’s de facto embassy in Taiwan.

Surveillance images released by the bank showed masked robbers working in two-man teams targeting 41 ATMs belonging to the First Commercial Bank in three cities.

It is not clear how the thieves installed malware on the ATMs, but within five to 10 minutes, the thieves are seen walking away with bags full of stolen cash, the bank said.

Police say they may have used a mobile phone to target the ATMs, and investigators have identified three different malware programmes that were used to trigger withdrawals.

Since discovering the theft, Taiwan’s major state-run banks have frozen withdrawals from nearly 1,000 ATMs of the kind targeted in the heist, which are supplied by Germany’s Wincor Nixdorf.

In May, a gang stole $13 million from Japanese ATMs in a three-hour spree.