Go homepage(回首页)
Upload pictures (上传图片)
Write articles (发文字帖)

The author:(作者)
published in(发表于) 2016/8/9 14:19:30
Hacking: taking aim at the Rio games,

English

中文

Hacker: targeting the Rio-Rio Olympic Games, hack-IT information

In Rio, Carnival is not only athletes, fans, or Samba, a group of hiding in the corner showing smile online fraudsters.

Earlier, the Rio police have warned tourists wary of potential criminal and terrorist incidents, but more have to be wary of is the number of information security.

More than 500,000 tourists visiting the Rio target, together with the International Olympic Committee (IOC) Sponsor: Coca Cola, General Electric, McDonald's, Visa, Samsung, well-known companies such as Bridgestone, even lay people who watch Olympic video, fraudsters were "gold."

Let us look at these online fraudsters are full of malicious "routines" are there?

Routine, pre-race tickets (target audience: planning a trip to Rio to watch fans)

"Attracted many people to the Olympic Games. To hackers, the main question is, ' how can these people pay some money '? "United States Digital Guardian security company researcher Thomas Fischer said.

As early as this spring, Russia Kaspersky reports through the online fraudsters selling fake tickets have won Rio the first bucket of gold. Report: "phishing Web site to sell fake tickets as an excuse to ask users for personal information such as bank account details. Criminals after extracting this information, steal money from the victims ' bank accounts. In order to obtain the trust each other, criminals also promised in the specified event will receive tickets before two or three weeks. ”

Plan to visit the Rio Olympic fans, is phishing "oily fish", because of the large number of such groups, hackers succeed more often it could be quite.

Series II, malicious Ransomware (target audience: lay people who watched the game at home)

Major sports competitions are malicious Ransomware paradise. Even those who do not intend to go to Rio, quietly watching videos of people at home are not immune. During the games, email, post on social media will provide a lot of video links, App, games and other content, once you hit by a malicious virus infects, causes the computer to not use would be forced to pay the ransom. On the Sochi Winter Olympics in 2014 FIFA World Cup and in the same year, a similar situation occurred. (For this, small friends remind such blackmailing virus, you can view the article "against hackers blackmail! This website helps you to decrypt hack file for free "to get some self-help measures. )

In addition, the scammers will also invite the audience to participate in the Olympic games gambling. And who is involved in illegal gambling, even if aware of the problem, and to report to the police.

"The first thing to do is always wary of such links. If something looks like a ' pie in the sky ' thing, then surely it is. "Symantec network security services Senior Vice President Samir Kapuria says.

Series three, steal credit card information (target group: local tourists in Rio)

Of course, the card reader and ATM machines, must be focus areas for attacks. In one case, swindlers scanner implanted plastic ATM machine, read the chip on the card information and the user enter your four-digit PIN code. In another case, swindlers modified a bank card in a regular card reader, to plant malicious software in the machine after using bank card information will be automatically transferred to the crooks, cheats and thereby reproduce the same bank card to steal money.

This is a sports reporter to Rio to watch their own bitter experience. "Rio welcomes the moment: at the IOC Press Center convenience store, using credit cards after just a few minutes of time, my card was hacked. ”

Last year, 49% of Brazil who claim to have suffered credit card fraud, the rate 19% higher than in the previous year. According to ACI Worldwide and Aite Group's survey, only Mexico to 56% fraud rate than Brazil ranked first. United States ratio was 47%, ranking third.

Series four, a Wi-Fi hotspot (target audience: favorite self portrait of visitors)

Finally came a trip to Rio, and of course had to self-timer, which means visitors are inevitably in the outdoor network, to share their photos on social networks. Scammers found this very good "pain points", deliberately set up Wi-Fi for visitors to use, and then records visitor of network activity and data.

Last month, Kaspersky, near Rio more than 4,500 wireless network hotspots analysis found that some one-fourth have security vulnerabilities, which either use the old encryption algorithm, or simply are not encrypted.

Fischer said: "hackers can record all data communication and analysis in real time, or leave it to later analyze, find your user name and password. ”

Close to the Olympic Stadium, workers can monitor suspicious wireless hotspots on and off, but tourists gathered outside of the stadium, from home.

Wi-Fi way is against these malicious: VPN. Kapuria suggested, those in the outdoors using a public wireless network through the VPN connection to protect your privacy. Because when you use a VPN, their network data will be encrypted before it is sent.

In this regard, Brazil is also working to improve the situation. Aptilo Networks wireless technology vendor in Stockholm said he is cooperating and telecom operators for the Olympics venues, transportation hubs, beach and cafes and other areas to provide Wi-Fi. Brazil Linktel communications companies said they were cooperating and Aptilo and with Boingo Wi-Fi operators, AT&T and other international cooperation, enabling the customers of these companies to use Linktel local network.

Series five, botnets (target audience: all of you)

Some radical hacks or extremely evil man may by attacking the network infrastructure of the games, to confuse this world event.

Hackers may be the greatest attack is "denial of service" attack. Used to communicate by disrupting the referee scores or other data networks, interrupt the tense race. An attack is blocked official Wi-Fi or implant malicious packets to force the network keeps disconnecting, make the data difficult to pass.

Denial of service attacks often depends on a "botnet", hackers who commandeer a large number of servers, generating huge amounts of data requests to attack the target server, lead to overload failure. As far as 2016 Symantec Internet security report shows that Brazil world's botnet spread among the top ten countries.

Fischer said: "If the hackers launched a denial of service attack, the game would be interrupted. This is a lot worse than any other attack. ”

Ideally, the Olympics organizers will be able to record these types of attacks, by signal detection equipment to find the source of the attack.

France Atos SE company is official information technology partner of the International Olympic Committee, the company said in a statement to Bloomberg News, network security is very important, they have "uses the latest technology to protect the game's IT facilities and systems from attack. ”

The games have meant, may God bless the Rio.


黑客:瞄准里约奥运会 - 里约奥运会,黑客 - IT资讯

在里约,狂欢的不仅是运动健将、粉丝或是桑巴舞者,还有一群躲在角落里的露出坏笑的网络诈骗犯。

早前,里约警察已经发出警告,让游客警惕可能发生的犯罪和恐怖主义事件,但是更加需要警惕的是数字信息安全。

不仅50万前往里约的游客会成为攻击目标,连同国际奥委会(IOC)的赞助商们:可口可乐、通用电气、麦当劳、Visa、三星、普利斯通等知名公司,甚至是在家躺着观看奥运会比赛视频的人,也是诈骗犯们的“金矿”。

让我们来看看,这些网络诈骗犯满怀恶意“套路”到底都有哪些?

套路一、赛前预售门票(目标人群:计划前往里约观赛的粉丝)

奥运会吸引了很多人前来。对于黑客来说,主要的问题就是‘怎么能让这些人掏些钱出来呢’?”美国Digital Guardian安全公司研究员Thomas Fischer说道。

早在今年春季,俄罗斯卡巴斯基公司就出过相关报告,网络诈骗犯们通过售卖假门票已经获得了里约第一桶金。报告指出:“钓鱼网站以售卖假票为借口,要求用户提供像银行账号细节这样的私人信息。之后罪犯提取这些信息,从受害者的银行账户里偷取钱财。为了取得对方信任,罪犯还会允诺在指定赛事两三周之前就会收到门票。”

打算前往里约奥运粉丝,是钓鱼邮件的“肥鱼”,因为这类群体的数量实在庞大,黑客得手的次数也会相当多。

套路二、恶意勒索软件(目标人群:在家躺看比赛的人)

大型体育比赛是恶意勒索软件的乐土。连那些不打算去里约,在家乖乖看视频的人也不能幸免。在奥运会期间,邮件、社交媒体上的帖子上会提供大量的视频链接、App、游戏等内容,人们一旦点击就会被恶意病毒感染,导致计算机无法使用只能被迫交赎金。在2014年世界杯及同年的索契冬奥会上,都发生过类似情况。(对于此,小编提醒碰到此类勒索病毒的旁友,可查看这篇文章“反击黑客勒索!这家网站帮你免费解密被黑文件”来获得一些自救办法。)

另外,骗子们还会邀请观众参加奥运会赌博。而且算准了这些涉及非法赌博的人,就算意识到出问题,也不敢报警。

“首先要做到的是,时刻对此类链接保持警惕。如果有些东西看起来像是‘天上掉馅饼’的事情,那么那肯定就是陷阱。”赛门铁克网络安全服务部门的高级副总裁Samir Kapuria说道。

套路三、盗取银行卡信息(目标人群:里约当地游客)

当然了,银行卡读卡器和ATM机,肯定是被攻击的重点领域。在一起案件中, 骗子们把塑料扫描器植入ATM机中,读取银行卡上芯片信息以及用户输入四位PIN密码。在另一起案件里,骗子们把一个经过修改的银行卡插入正规的读卡器里,向其植入恶意软件,之后在这个机器上使用过的银行卡信息,将会自动传输到骗子们那里,骗子由此再复制出相同的银行卡,窃取钱款。

这是一个去里约观赛的体育记者描述自己的惨痛经历。“里约欢迎我的时刻:在IOC主新闻中心的便利店里,使用信用卡之后仅仅几分钟的时间,我的卡就被黑了。”

去年,49%的巴西人声称自己曾遭到信用卡诈骗,这个比率比前一年高了19个百分点。根据ACI Worldwide公司和艾特集团的调查,只有墨西哥以56%的受诈骗率超过巴西位列第一。美国的比率是47%,位居第三。

套路四、Wi-Fi热点(目标人群:喜爱自拍的游客)

好不容易来一趟里约,当然要自拍了,这就意味着游客们不可避免地要在户外连网,到社交网络上分享自己的照片。骗子们很好地找到了这个“痛点”, 故意搭建Wi-Fi供游客使用,然后偷偷记录游客的网络活动和数据。

上个月,卡巴斯基公司对里约附近超过4500个无线网络热点进行分析,发现其中大约四分之一的都存在安全漏洞,这些网络要么使用老式的加密算法,要么干脆没有加密。

Fischer表示:“黑客们可以记录下所有数据通讯,并实时分析,或者留到后来进行分析,从中寻找用户名和密码。”

奥运会场馆附近,工作人员可以监测并关闭可疑的无线热点,但是在场馆之外的游客聚集处,就鞭长莫及了。

抵抗这些恶意Wi-Fi的办法就是:VPN。Kapuria建议,那些在户外使用公共无线网络的人可以通过VPN连接来保护自己的隐私。因为当使用VPN时,他们的网络数据在发送出去之前就会加密。

对此,巴西方面也在努力改善这一情况。斯德哥尔摩的无线技术供应商Aptilo Networks表示,自己正在和电信运营商合作,为奥运会场馆、交通枢纽、海滩和咖啡馆等地区提供无线网络连接。巴西通讯公司Linktel表示他们正在和Aptilo开展合作,并且与Boingo、AT&T等国际Wi-Fi运营商合作,让这些公司的客户能够使用Linktel本地网络。

套路五、僵尸网络(目标人群:你们所有人)

某些激进的黑客或极恶之徒,可能会通过攻击奥运会的网络基础设施,来搞乱这个世界性盛会。

黑客们可能做到最大的攻击就是“拒绝服务攻击”。通过扰乱裁判用来沟通比赛得分或其他数据的网络,打断紧张的赛程。一种攻击方式就是堵塞官方无线网络,或者植入恶意数据包强迫网络不停地断开连接,让数据难以通过。

拒绝服务攻击通常依赖“僵尸网络”进行,黑客们强占大量服务器,产生海量的数据请求来攻击目标服务器,导致对方过载宕机。而据2016年赛门铁克公司互联网安全报告显示,巴西是全球僵尸网络最泛滥的前十名国家之一。

Fischer表示:“如果黑客发起一次拒绝服务攻击,比赛进程就会被打断。这比任何其它攻击的影响要恶劣的多。”

理想情况下,奥运会主办方会能够记录这些攻击类型,通过信号探测设备找到攻击的源头。

法国Atos SE公司,是国际奥委会官方信息技术合作伙伴,该公司在给彭博社的一份声明中说道,网络安全是非常重要的,他们已经“采用最新的技术来保护比赛的IT设施和系统不受攻击。”

这次奥运会已经命运多舛了,希望上帝保佑里约。






If you have any requirements, please contact webmaster。(如果有什么要求,请联系站长)





QQ:154298438
QQ:417480759