GOT(IT) #9: Billion accounts in the black market, AVGater flaw gives full system control, plus Boeing 757 hacked

Boeing_757-223_-_American_Airlines_(N199AN).jpgYou know what doesn’t sound fun? Missing Thanksgiving because your plane got hacked, hell of an excuse though.

GOT(IT) #9 Wohoo! we’re reaching number ten very soon… Discussing IT security news, which isn’t always good news, but it is crucial to stay updated on the latest “Oh F***” in security breaches. So it’s time to see what this week’s got for us.

It seems Google’s research found out that 1.9 billion usernames and passwords are currently available in the black market; it was discovered that Anti-Virus can be exploited to help malware persist; and a Boeing 757 has been hacked while it was on the runway.

1.9 Billion Accounts Available in the Black Market


Google has been working with the University of California on a study that focuses on data breaches, and stolen credentials in underground ecosystems. The results? It was revealed that about 1.9 billion credentials were available in the black market for purchase.

How? Any conceivable method: Key loggers, phishing, malware. Google also showcased how their accounts were affected: about 25% of the stolen credentials can give access to Google user accounts. This data was obtained by matching the credentials, stolen from thousands of online services, with Google’s database.

This fuels the reinvention of passwords and how security on multiple accounts is handled; password managers is the new “hip” thing, because the main issues is that users are failing to create different keys for different services. 


AVGater Exploited to Protect Malware

AVGator.jpgA researcher named Bogner published an article on a new vulnerability: an exploit that can potentially restore a malware from AV quarantine and give the local user full control over the endpoint. In a nutshell, once the malware is put into quarantine, an attacker can manage to relocate the file into sensitive directories like C:Program Files.

Using NTFS directory junctions abuse, the file is restored and loaded by a different process; thus it executed its payload freely. Who was affected? Top-tier brands like Kaspersky, Malwarebytes, Ikarus, and a few dozen that are probably not going to be disclosed until the fix is applied. Most of these vendors, now public, have patched the issue after the researcher gave private notice.



Boeing 757 Hacked Remotely While on Runway 


Scary, right? The US Department of Homeland Security was hacked by security professionals on an exercise that looked to breach the aircraft as it sat on the runway. The results were successful and the method classified.

Luckily, we’re talking about an intended event. The DHS’s Cyber Security Division representative, Robert Hickey, explained that the breach was conducted through radio frequency communications and that it managed to “establish a presence on the systems of the aircraft”.

The good thing: newer aircraft were designed with these kind of events in mind; the bad thing is that older ones weren’t. The risk isn’t just the proper security of the system, but the financial effort an update would mean to any airline. As the article explains, a single line of code and its implementation would cost about $1 million to achieve.


Remember to turn your phone off during flights, keep your seat up when hacking occurs, and (for the love of god) have different passwords for your accounts.


Nicolas Poggi

Nicolas Poggi

Nicolas Poggi is the head of mobile research at Prey, Inc., provider of the open source Prey Anti-Theft software protecting eight million mobile devices. Nic’s work explores technology innovations within the mobile marketplace, and their impact upon security. Nic also serves as Prey’s communications manager, overseeing the company’s brand and content creation. Nic is a technology and contemporary culture journalist and author, and before joining Prey held positions as head of indie coverage at TheGameFanatics, and as FM radio host and interviewer at IndieAir.