Products & Services
BLOG
LATEST BLOG POSTS

Take a hacker seriously: the story of Raphael Grey
You will take a hacker seriously after reading the story of Raphael Grey. Raphael Grey managed to hack several e-commerce sites, accessing the customers’ credit card data for a month in 2000 at the age of 18. This hack allowed him to steal several million dollars before he was arrested by the British police and the American FBI at his home in rural Wales on March 23, 2000. Prior to his arrest, Grey posted thousands of payment data on the web to highlight the inherent weaknesses of the e-commerce sites of the time. Today we explore the activities of the best known hackers in the history of computer science, known as “Curador”, “Custodian”, or “The Saint”. The attack What was Grey’s hacking activity? Grey hacked several store sites via a computer, that he paid £800 for, from his home in Clynderwen, Pembrokeshire, Wales. According to the investigations, “Curador” had got its hands on a total of 26,000 payment records from 9 e-commerce sites across the UK, Canada, US, Japan and Thailand. There, he later posted on blogs and consumer sites around the world. Grey exploited an inherent weakness in the merchants’ computer systems. The gateway was in fact a software that allowed anyone remotely to access the information contained in the computers that used it. This flaw also affected payment information. Prior to the breach, Grey reportedly notified these sites, highlighting this security flaw in their platforms. Gray also contacted Bill Gates. But everyone ignored him. The hunt and arrest of Grey Did he get away with it? The publication of the payment information took place on a site created by Grey himself. The aim was to inform the public about the non-security of payment systems. However, we don’t know if Grey’s intentions were genuine or not. In any case, the notoriety and the belief that he would never be taken for his crimes put him under the lens of the police. Investigators enlisted the services of a former hacker, Chris Davis, who felt insulted by Grey’s arrogance. Gray believed, in fact, to be impregnable thanks to the Internet. However, he turned out differently. Davis tracked down Grey in less than a day and passed the information to the FBI who, along with the British police, arrested Grey. Here you can find an interview from Davis about Grey’s tracking. Conclusions: the story of Raphael Grey What did this story teach us? First and foremost, Grey was certainly a talented young man. It is not uncommon to read similar stories to him. We recently talked about “Kirk”, the teenager who hacked Twitter on our blog. You may be wondering if it’s easy to steal sensitive information like this Welsh guy did. Do not worry! Indeed, the protection of payment data has improved over time and today the security standards are very high. Finally, what is the moral of this story? When it comes to cybersecurity, information exchange is valuable. “Whitehat” or “ethical” hackers are confronted every day to study and anticipate the most subtle threats. In conclusion, alarms such as those of Grey must be taken seriously, even if they do not justify the thefts of millions and the publication of sensitive data to the public, of course.

Fake vaccines online: beware of scams
The NAS Carabinieri blocked two sites advertising and offering fake vaccines for COVID-19 and flu. In the latter case, subject to the obligation of medical prescription and sold only in pharmacies by a qualified pharmacist. On the first site, the Authorities noted the sale of 3 alleged vaccines for COVID-19 potentially purchasable from Italy. The analysis of the second website allowed the Carabinieri to highlight the presence of 2 flu vaccines. The World Health Organization has indeed issued a “Medical product alert” relating to possible counterfeit matches of these vaccines. The context of the operation Is it just an isolated fact? Unfortunately not. The operation of the Italian military is the tip of the iceberg of a wider phenomenon. It is part of an investigation at a European level under the coordination of Europol. Indeed, it has vanquished an international network selling personal protective equipment and drugs on the web. In sum, investigators from 19 member countries of the European Union, as well as Albania, Bosnia and Herzegovina, Colombia, Moldova, Norway, Serbia, the Republic of North Macedonia, Ukraine and the European Anti-Fraud Office (OLAF) blocked about 450 websites and posted under 4,000 monitoring. After all, hackers and cybercriminals ride the fear generated by the ongoing pandemic to scam network users, companies and institutions. We have dedicated a blog to a recent vaccine-themed phishing campaign. Conclusions: fake vaccines and the web To conclude, given its ability to concealing their online activity, cybercrime uses the web to defraud the public. It promises the sale of drugs and medication online. These are well-oiled scams that use psychological manipulation mechanisms. Many such scams take place on the Dark Web. Therefore, we advise our readers not to enter this network space without the supervision of an expert. The Dark Web is in fact full of viruses, malware, spyware and Trojans. Indeed, they are very easy to come into contact with. Finally, we salute each other with a final appeal, having everyone’s health at heart: As for vaccinations, we invite you to follow the instructions provided by the Authorities. Please do consult the relative institutional sites, regarding the presence of offers on the web of unauthorized or dubious medicine.

AiR-ViBeR: the hack that exploits PC fans
Cyber risks, as we know, have always been around the corner. They are insidious and can even silently affect the data of companies and individuals quite easily, if not adequately protected. Some threats are “louder” than others: Mordechai Guri, an Israeli researcher at Ben Gurion University of the Negev, managed to steal data from a PC, not connected to any network connection, by exploiting the vibration of the fans. The hack is called AiR-ViBeR and in order to work it needs to gain access to a PC and a second device that is in close proximity, such as a smartphone. But how does it work? The intrusion method is very simple. The PC works as a vibration transmitter and the smartphone as a receiver. Once installed on the PC, a malware regulates the level of mechanical vibrations generated by the computer by controlling the rotation speed of the fan. This data is transferred to a smartphone positioned a handful of centimeters away via the accelerometer sensor. Through this expedient, the attack allows the hacker to extract files from the computer by converting them into signals emitted in the form of binary code (0-1) to a specific web page or to a recipient and then decrypted. Security Risks Is there anything to worry about? Yes, and no. Why you should be concerned. This intrusion technique has many advantages for hackers. The most convenient port of entry they could take advantage of is that of accelerometers: No authorizations are required. The accelerometers of smartphones operating on IOS and Android systems are safety sensors, therefore they do not require user permission.No detection of accelerometer activity.JavaScript access. Access to the accelerometer can be done on a web browser using a standard JavaScript code. This implies that the hacker can access the accelerometers without tampering with the receiving smartphone with malware. Why not to worry (too much): this technique has many limitations. AiR-ViBeR has inherent drawbacks involving the small amount of data that can be transferred and the need to control two infected devices in the same environment for several hours, the time required to transfer a medium-sized file. The smartphone must be placed within a radius of 5 meters and the transmission speed is only 50 bits per second. It is roughly equivalent to 22.5 kb per hour, so you will only be able to transmit textual data. And even in this case we are talking about 10,000 words per hour. Therefore, the software could be more effective if it were used to steal a specific file with a low weight, such as a text document or a single image. Furthermore, being conceived in the context of research, the attack was carried out for purely experimental purposes. Conclusions For many security experts, it is not worth securing what is not connected to the network, because it is not vulnerable to attack. Guri and his colleagues proved them wrong. It is fascinating that sound could be used to steal data from systems with no data connection (Wi-Fi, wired or Bluetooth) and speakers. The slowness and limitations that we have listed are enough in themselves to understand that such an attack remains unlikely. For the moment, of course.

SolarWinds Attack: Italy activates the Cyber Security Nucleus
Following a tampering with a number of SolarWinds Orion platform updates in March, hackers have infiltrated the networks and computer systems of government and private entities around the world by spying on their moves and, in some cases, stealing highly sensitive data assets. The attack has also affected our country, unfortunately. From the early stages of the discovery, Italy activated the Cyber Security Nucleus, the collegiate body entrusted with the task of managing cyber incidents that could have a potential impact on national security. The Cyber Security Nucleus What is this? According to the current legislation that regulates the activities of the Information Security Department (DIS) of the Presidency of the Council of Ministers, the NSC is responsible for coordinating national cybersecurity architecture, as well as the response to any crises as a result of cyber-attacks . This structure was created as a permanent body of the Presidency of the Council of Ministers in 2017. The core response to the SolarWinds crisis How did the Nucleus respond to the SolarWinds crisis? The NCS has collaborated with “CyCLONe“, the newly established European connection network. “CyCLONE” aims to facilitate cooperation between national cybersecurity authorities in the event of destabilizing cyber incidents. Furthermore, all support and contact activities have been launched with the national subjects responsible for managing the essential functions and services of the State (included in the National Cyber Security Perimeter), the operators of essential services (provided for by the European NIS Directive – Network information System) and public administration bodies. Conclusions and advice The Nucleus has shown itself ready to take action to mitigate this emergency: our country is well protected and surveillance is high. Never let your guard down, however. For those who have suffered an intrusion via SolarWinds, we suggest a series of mitigation measures: Disconnect all systems on which SolarWinds has been installed and download any available updatesConduct a forensic analysis of the host and the networkEvaluate Indicators of Compromise (IoC) In any case, the NSC recommends that all organizations using the SolarWinds Orion platform use the appropriate section created on the CSIRT website (https://csirt.gov.it) containing advice, updates and possible accident mitigation measures.