Turkish Hacking Group Cyber Warrior’s e-Magazine : TeknoDE

Cyber Warrior is one of the biggest hacker groups in Turkey. The group was established in 1999. Their first significant cyber-attack was in 2003, when they launched a massive operation against 1,500 U.S. websites in protest against the American invasion of Iraq and a specific incident where Turkish military personnel in northern Iraq were captured and interrogated by the U.S. Army.

Turkish Hacking Group Cyber Warrior
Turkish Hacking Group Cyber Warrior

Cyber Warrior (CW) comprises teams for strategy, intelligence, logistics, R&D and a dedicated unit for waging cyber-attacks named Akincilar. In recent weeks, for examples, Akincilar has attacked official government websites of countries that discriminate against their Muslim populations, in their opinion.

Additionally, CW has been active developing cyber tools and improving others. They even write instructional manuals on cyber security and have established a Cyber Academy, where they provide online training.

In September 2014, the group published their first monthly e-Magazine. The magazine is published on their online platforms and it includes cyber news items from the IT world, new technologies, cyber security, hacking news, programming and more.

September 2014 issue of TeknoDE
September 2014 issue of TeknoDE

In their first issue, they featured a cryptography contest with the top prize of a book, mug and mouse pad.

Cryptography Contest
Cryptography Contest

In their October issue, they reviewed the recently discovered Shellshock vulnerability, shared information on how to locate a lost mobile phone and discussed ways to hack into Gmail accounts, and aircraft and satellite systems.

October 2014 issue of TeknoDE
October 2014 issue of TeknoDE

A couple of weeks ago, they produced the November 2014 issue, featuring articles about credit card frauds, new Android malware and interviews with Cyber Warrior founders.

November 2014 issue of TeknoDE

 

Currently, the magazine is in Turkish and it increases awareness of the Cyber world for users, while promoting an interest in cyber security among them.

Members of the website and readers of CWTeknoDE will not only be motivated to hack, but with this magazine they will have chance to learn more about the cyber world, and methods and vulnerabilities.

Related Posts


Did Turkish Hackers Actually Hack the Israeli “Iron Dome”? on August 18, 2014 by Sheila Dahan

Turkish Government Bans Twitter and Hijacks IP Addresses for Popular DNS Providers on March 31, 2014 by Sheila Dahan

RedHack – A Turkish Delight on February 5, 2014 by Sheila Dahan

Our New SenseCy.com is Here!

We are happy to announce the launch of the new version of our portal!

After many sleepless hours and minor hiccups along the way, we have launched our new website this past week. Let’s have a quick tour and introduce the new changes:

Firstly, we shifted our approach to accommodate our customers’ needs. Instead of focusing on our sources, we now focus on five main sectors. This enables you to choose the sector of your interest and get information from all available sources (whether if it’s OSINT, Hacktivism or Deep-Web).

1st

Our feed representation has also changed. It’s much more intuitive and user friendly. We’ve expanded the search capabilities which enables you to conduct various correlations and to locate the proper information that you require.

2nd

We’ve also introduced our all new bundles. Get substantial discounts and our unique reports when purchasing one of our cyber intelligence feed bundles.

3rd

What’s next? We are now working hard on our next release which will add more features and improvements.

So definitely stay tuned and stay connected!

“Patching” the Gender Gap – the SenseCy Ladies Talk Cyber

It is no secret that the Infosec industry is predominantly male, with almost 90% of employees being men (according to a recent survey.) But even as we write this post, things are slowly changing and there is more talk about the “gender gap” than there is about the “skills gap” (a quick question for an industry filled with bright minds – if there is a skills gap and not enough male employees to fill it, doesn’t it make sense to recruit and train more women?) At least in our small company, things are very different. In fact, at SenseCy, women comprise over 50% of the workforce and we are recruiting more every month.

We gathered our female cyber analysts for a joint interview to discuss their views on the industry, the challenges they face and to decide once and for all why should women find Infosec interesting?

legsMeet Tanya, our cybercrime analyst; Tatiana, our OSINT analyst; Hila, our hacktivism analyst; Sheila, our customer relations manager; and Gal, our technological projects manager.

What Do You Like About Your Job?

Most of us agree that we like working in this dynamic field, where we find ourselves learning something new every day. It is exciting to work in such a fast-paced environment. We love accumulating more knowledge and feel that each feed, project, post, etc. contributes to our understanding of the field.

We also love that everything we do here is also relevant and applicable to our personal daily lives.

“Even” the technical stuff is becoming more interesting to those of us who do not have a technological background as it is put into context and the more we learn, the more interesting it gets. We also feel that we are part of the “good guys” (/girls), fighting for a good cause.

Sheila: “I am the first Turkish cyber analyst at SenseCy; I tell everybody this and I am very proud to hold this title. Over time, as I delve deeper into topics and follow the news on these issues, then the technological knowledge helps me and becomes more interesting. When I do not understand something, I find it boring, but when I understand it is more interesting, because it makes sense to me.

Do You Think You Are Viewed Differently As a Woman Working in This Industry?

Tanya: “We moved offices the other day and while I was using an electric screwdriver to disassemble my desk, three guys came up to me offering to do the exact same job I was already doing…”

While we agree that it is true that most computer classes are taken by boys, and even though most of us come from Intelligence and have less of a technological background, we still take courses and learn all the time, so it is not something that is “impossible” for women to learn. On the contrary, there is so much information, so many forums, blogs and tutorials, where one can learn and ask questions. Information is readily available for those having the motivation to learn.

Sadly, there is a preconception today amongst youth – both boys and girls – that STEM (Science, Technology, Engineering, and Mathematics) professions are “just too hard.” This should change. We should bring computer science to “the people”, so that more people will strive to acquire knowledge in the field, and women can really contribute toward achieving this goal (for example in projects like “Girls Who Code“.)

As evidenced in our team composition, “Cyber” is a very broad term and there are many different opportunities in the field for people with different expertise and backgrounds.

Tanya: “I think that part of the social differences are biologically inherent, but at the same time, from a younger age girls are less drawn or encouraged to study computers.”

Gal: “I do not think computers require masculine thinking; women used to be the predominant workforce in the field before things changed.”

There is no doubt that men and women are viewed differently. There are subtle assumptions that we all make, even if we are not fully aware of them. So it is important to be more aware of our behavior and underlying assumptions. Therefore, such posts and conversations can raise awareness and contribute to advancing women in the field.

It is sometimes a matter of perception – when we think about an Infosec professional, the image that comes to mind is that of the uber-geek typing complex code lines on the computer. But this could change to accommodate other images that include women. This could change the mind-set of girls and women pursuing a career path in Information Security and also the perception of employers of possible candidates for the job.

From this:

DudeTo this?

 

Girl

Balancing Home and Office

Today’s global markets and the mobile BYOD technological environment have both advantages and disadvantages. For mothers (and fathers) it allows more flexibility as they can work from home. That said, for some of us it helps to disconnect once we are home, like for Hila. Gal says she needs the balance between home and work, and going back to work after childbirth kept her sane: “SenseCy (then Terrogence) is a great workplace for new mothers. They offered me a lot of flexibility and really did their best to accommodate my needs. I worked from home for two months and now I work a half day and clock more hours in the evening. They also hired me when I was seven months pregnant. I think it pays companies to invest in mothers, as they will be very committed to their job.”

Nine-to-five working hours are outdated and managers should look at achievements at work rather than just the hours employees put in. Unless there is something urgent, our managers do not mind when and where we do our job, as long as we do it well and meet deadlines.

The two mothers in the group agree that work is their resting time (we can drink coffee, use the restroom and talk to adults.)

Do We Actually Need More Women in Cyber? And if so, How Can We Encourage Them to Join Us?

Tatiana says that the requirements for the job are sometimes very high and it is not suitable for everyone. You have to invest a lot of time studying and always stay updated on what is going on.

Hila says we need more people in general in IS, while Tanya thinks it is best to have a 50%-50% work environment.

Yotam (SenseCy’s Sales and Marketing manager, who helped record the interview, but could not resist jumping in) says: “Women must be part of the solution, because cyber security is a global issue that affects all of us. We are all targets for hackers, so if 50% of the population is excluded from the discussion, it will be very difficult to make a difference. Also, I think women are more patient and responsible, so they are up for the job.”

Cyber security is a problem in all sections of the population and in different industries, so we must all be aware of the dangers.

Gal (responding to Tatiana’s comment): “I think most women underestimate themselves and do not apply for jobs with high requirements, while men try anyway. Also, we ask for lower salaries.”

Tanya: “It is not just us; sometimes employers have a lower motivation to hire women of child-bearing age, because they know they will have to deal with maternity leave and children, etc.”

Gal: “It is also our mind-set that must change; women today often start families in their thirties, so we have a decade to invest in our career and to gain an advantage in our field of occupation. Sandberg said ‘Don’t leave before you leave.’ I see a lot of young women already planning their career path according to their pre-existing children. I think that is a mistake. Make use of this time to acquire an interesting well-paid profession.”

Tanya: “I think that sometimes women should carefully plan the balance between career and family life, as in our competitive society slowing down in the career race can put future promotions at risk. This is especially true for women who want to have more than one child and allocate time to stay home with them.”

Tanya continues: “I feel that today women are encouraged to invest more in their careers and if I talk about children, they look at me awkwardly. A lot of women postpone having families because of their careers. For me, ‘feminism’ is more about being able to make your own choice, and not about doing everything that a man does.”

Hila: “There are financial considerations – sometimes it has nothing to do with feminism. Today, in most families both parents have to work to survive financially.”

To Summarize

Sheila: “I came here because of my Turkish skills, but stayed and learned other skills.”

Hila: “I came straight from the military, where I felt that men ran everything. Here at SenseCy, I do not feel that this is the case.”

Tatiana: “I think we should start educating our girls from an early age.”

Gal: “I feel that SenseCy has more diversity compared to other Israeli hi-tech companies. It is very interesting and inspiring to work in such a heterogeneous company with so many different language speakers and a balance between men and women. What I would love to see more of in the future is more women taking a role in leading this field as managers and entrepreneurs.”

Mobile Redefines Mobility in Cyber Realm

Mobile vendors invest a lot of effort into their products. Usually, “bigger and faster” is their motto. And I have to admit that the last Mobile World Congress introduced some very interesting models, such as the Sony Xperia Z2. I am not into sales, so I will not get into every little spec detail, but I would like to point out the following:

  1. Memory: 3 GB RAM
  2. CPU: Quad-core 2.3 GHz Krait 400

(As published on GSM Arena).

Now if you ask me that looks like the specs of a pretty damn good laptop. And with a decent machine, you can do some serious damage. Assuming you have the proper tools, of course.

Anyone who knows me will tell you I am a fan of open source. I think that the concept is great and, simply put, sharing is caring. Most of the greatest tools that I have ever worked with were based on Linux and were shared freely by their authors.

One such bundle that was created and is now considered THE Swiss army knife for security purposes is the BackTrack. It is a combo of various tools that you can use to test your systems, networks and applications. Needless to say, this tool is not only used by security professionals, but also by less noble groups.

A particular aspect of open source that I admire is the flexibility, scalability, and ability to modify pretty much anything you want. It allows you to shape a better product or tailor one to suit your needs. I mention this because I have personally encountered various versions of BackTrack that had other tools and features.

So what do BackTrack and mobile phone companies have in common? Apparently a lot more than I expected.

We have encountered a suite of tools based on BackTrack capabilities but modified to operate on an Android phones. It is essentially a managing app that downloads various modules according to your tests. So if you want a DDoS app, all you need to do is download it and take it for a spin.

This suite is offered by a legitimate company and can be downloaded after paying a certain fee. Alas, as I mentioned, not everyone likes to play by the rules. We discovered that the suite was cracked and modified to include more features. You can download it for free, install it on your Android and execute a series of attacks – DDoS, network mapping or an injection of various sorts.

Samsung Ssomething

Going back to what I started with, you do not need serious equipment any more. All you need is good smartphone and a cracked app, and you are good to go.

This trend of modified applications that harness the hardware potential of smartphones is expanding rapidly. Cross-platform attacks are a growing phenomenon and smartphones play a vital role in them.

What can I say? It’s a brand new world out there.. and it only gets more interesting…

SenseCy is Hiring! Come Join Our Growing Team of Cyber and Technical Security Analysts

We are looking for two analysts to join our growing Cyber Intelligence Team: Native English Speaker (JB-309) and Technical Security Analyst (JB-311).

Cyber Intelligence Analyst:

1. Collect Open-Source Intelligence (OSINT), mainly on cyber security

2. Analyze technical intelligence and produce reports in English

3. Good understanding of cyber security

4. Ability to analyze technical data and extract crucial details

5. Ability to work independently and lead complex projects

6. Experience in Web Intelligence (WEBINT) methodologies – advantage

7. Knowledge of foreign languages – advantage

8. Knowledge of cyber security – advantage

Technical Security Analyst:

1. Concrete technological background

2. Preferably with cyber intelligence units/technical experience

3.Concrete knowledge of basic concepts within the following spheres:

  • Networks
  • Operating systems
  • DB

Please send your CV to careers [at] sensecy.com (and indicate the job number).

Chinese Hackers Leverage World-Cup Buzz

On May 14th we brought you a report regarding hacktivists threatening to wage cyber attacks against the Brazilian government and FIFA. This time, we are publishing yet another World-Cup-related post, but from a slightly different angle.

China, the world’s most populous country, is also the world’s leader in terms of number of cellphone users. The smartphone revolution did not skip China, and oh boy did it make an impact! Chinese people love their phones. No, Chinese people are obsessed with their phones might be a more precise choice of words.

As you probably know, Chinese cities are not small (quite an understatement!), and commute time has to be killed somehow. That’s why riding the subway in China, except for being overwhelmingly crowded at times, is also just the perfect timing for many passengers to indulge in intensive game-playing! While some prefer to fiercely ride a digital motorcycle, shoot intruding aliens, or grow vegetables in a farm, others have a liking for sports games, perhaps as a compensation for rotting in front of a computer desk all-day-long. The latter will inevitably come across a bundle of World-Cup related game apps available on all application markets.

Image

World-Cup is a buzz-word, no doubt about it, and as such, it attracts not only the gamers’ attention, but the hackers’ as well, and the Chinese hackers know their onions, all right. They leverage the buzz and try to con unwary mobile users into downloading and installing infected apps. The hackers use the “repacking” method – they download a legit and innocent game app, plant a malicious code within it, and upload it once again to the app market, or to a forum. The compromised app looks just the same – it has the same icon, its name is almost identical, and the user has virtually no way of noticing any abnormality after having it installed.

Actually, this is not the first time we see this method being practiced – Chinese hackers use just the same mischief whenever a national holiday is being celebrated, a major event (be it national or international) takes place, or just when some application garners a lot of popularity.

There is a famous story in China about a farmer in the Spring and Autumn Period (approx. 771 to 476 BC) who was working in the fields, when a rabbit was running by and suddenly dashed into a tree stump. The joyful farmer brought the dead rabbit home and cooked it for dinner exclaiming that there is no need for him to work any longer, as he can simply sit by that stump and wait for more rabbits to knock dead into it. This story gave birth to the idiom 守株待兔(literally “to watch the stump and wait for rabbits”) meaning “to trust chance and luck rather than go working”. The Chinese hackers who use this “repacking” method are just modern lazy farmers, patiently awaiting unlucky mobile-users to fall prey to their hands.

Even though this post is China-focused, it is important for you to bear in mind that this “repacking” method can be easily implemented anywhere. We urge you to download applications only from official sites and app-markets, and to install an antivirus on your mobile device.

Don’t be a rabbit!

And with all that being said, we wish safe-gaming to all World-Cup enthusiasts, and good luck to all participating countries!

SenseCy Update

Hi all, it has been a busy month for us here at SenseCy and it’s time to share a quick update of what the team has been up to.

Image

We have participated in Infosec Europe conference, held in London (read all about it here), and in the GOVSEC conference in Washington D.C. where we’ve met with industry leading vendors and potential partners. Following these we ventured to Barcelona to participate in the Check Point Experience (CPX) conference, where it was announced that we, along with six other prestigious vendors, will be taking part in the Check Point’s ThreatCloud Intellistore, which will allow us to offer our intelligence feeds to Check Point’s massive clientele.

you can find the press release and related information in the following link: http://www.checkpoint.com/press/2014/check-point-pioneers-revolutionary-cyber-intelligence.html

Later this week Mr. Assaf Keren, our CTO, will deliver a speech about Cyber Intelligence at the Cybercrime Security Forum 14, held in Hilton Cyprus, Nicosia, followed by a talk by Mr. Gilad Zahavi,Director of Cyber intelligence at ISS World Europe, Prague, where he will present SenseCy methodology for tracking hackers using Virtual HUMINT methodology on June 4, 2014. 

Last but not least we have some very exciting personnel changes – this month we have welcomed Dimitry, our Director of Technical Intelligence, and Nir, an analyst who will be handling the Chinese arena. Ms. Sheila Dahan will be taking the role of Customer Relations Manager and will assist the sales and marketing various activities. Stay tuned for more updates.

Meet SenseCy at GovSec/Trexpo (May 13 – May 14, Walter E. Washington Convention Center, Washington, DC)

SenseCy will be present at GovSec/Trexpo (May 13 – May 14, Walter E. Washington Convention Center,  Washington, DC) at the Israeli Pavilion (#2223). Come by and learn about our Cyber Intelligence solutions.

Image

GovSec is the nation’s premier event for Government, Homeland Security, and Law Enforcement professionals looking for proven strategies and cost effective technology so they can achieve their mission of protecting our critical infrastructures, key assets, communities and the nation. GovSec features TREXPO,  the definitive law enforcement conference for tactical training, equipment, technology, and services for law enforcement which offers products that empower law enforcement to fulfill their role as the first line of defense against threats to their communities and agencies.

for registration see: http://govsecinfo.com/events/govsec-2014/home.aspx

Why Scaring Is NOT an Effective Technique for Increasing Cyber Security?

There is a big hole in the Internet and it’s bleeding passwords. Or at least that is what one would understand from following various media reports about “Heartbleed”, that ominous flaw in the design of the Internet’s basic encryption method, the SSL. Just by reading (and listening to and watching) the media, one could be excused of thinking that the Internet as we know it has come to an end. Slogans like “Internet safety is gone” and “Replace all your passwords now!” were being shouted repeatedly (didn’t they tell us that passwords were useless anyway? and didn’t they say that 99.9% of the passwords are 123456 anyway?)

Regardless of the actual severity of this flaw, two things come to mind when analyzing the public and media’s behavior regarding Heartbleed. The first is that the media is thirsty for cyber-related stories, and is willing to blow any story out of proportion just to make the headlines – especially if it can be said to be “relevant to everyone” and “puts us all in danger.” But this is not surprising – there is a very unhealthy relationship between the media, the Cybersec industry and the public – each doing its share to evoke panic and misinformation.

What I find more disconcerting is that some people and organizations use such incidents to increase awareness of cyber threats and turn this into a call for action. While there is nothing wrong with raising awareness, I do believe that using it too much – i.e scaring people – achieves the opposite effect. Want an easy way of verifying this? Just ask the people around you (normal folk, not industry techies) if they have heard of Heartbleed. Many of them (especially in the U.S.) will probably say yes. Then ask how many of them have changed their passwords as a result of this being made public. I can almost guarantee that the answer will be zero. The explanation for this is simple – when people are presented with a catastrophe, they tend to do absolutely nothing. If nothing is safe anymore, than why bother doing something?

And that is exactly the problem. By creating panic, we also create apathy, when we should evoke emotion and move people to act – seek professional advice, check their systems for breaches, whatever. We should be stating very clearly the REAL threats and the REAL remedies, even if they make less appealing headlines. Only then do we stand the slightest chance that the “Average Joe” will stop, listen and act differently than before. “Make them aware, not scared” should be our motto.

heatbleed stop