Froxfield -> Hungerford Marsh To Ham Bird action in Oak Hill World Press Freedom Index Oak Hill – Dun Aqueduct Oak Hill Little Bedwyn -> Oak Hill 5 popular destinations for travelling where disease is still rife Chased by sheep – Little Bedwyn Taking a long walk…. Great Bedwyn -> Little Bedwyn Sunday on the canal Crofton Meadows -> Great Bedwyn Wolf Hall -> Crofton Meadows Brimslade -> Wolf Hall My first Zander Wotton Rivers -> Brimslade Most visited sites on the internet ABS LP110 Leisure battery for a narrowboat Burbage wharf Mooring in Wootton Rivers, Wiltshire Sunday in Pewsey Measuring the draft Looking for moorings around Wootton River/Clench New button fitted! Milkhouse Water, Wiltshire Now in Pewsey, CRT mooring rules Get into Stonehenge free Flaperon from MH370; no story – 1 month on Skyrim V Connect/’sign in’ to ‘open network’ wifi on Windows 10 My personal Strava movie – 2016 The biggest hacks of 2016 – A year in hacking US vs Bullying China Russian Google and Reddit misdirects skewing Google Analytics First complaint Winter electricity usage Devizes The fight for freedom, Not In My Back Yard Donald Trump – Puppet masters, Parody to victory, and the march to nationalism US Presidential elections 2016 Taking a narrowboat on the Thames Giles Wood – Melksham Bonny Journey List of dead bankers 2016 – conspiracy update Day 38 – Taunton to Exeter Day 37 – Seend Park to Taunton Day 36 – Seend Park to Bradford on Avon Day 49 – Caen Hill Marina to Seend Park Bleeding a BMC 1800 marine engine 3 Reasons you won’t ever tell me 9/11 was not an inside job Day 48 – Caen Hill Locks Day 47 – Devizes – Caen Hill Locks Day 47 – Honey Street to Devizes Day 46 – Great Bedwyn to Honey Street Day 45 – Newbury to Great Bedwyn Day 43 – Theale to Newbury Day 42 – Goring to Theale Day 41 – Oxford to Goring Day 40 – Aynho to Oxford Day 39 – Claydon to Aynho Day 38 – Flecknoe to Claydon Day 37 – Ansty to Flecknoe Day 36 – Alvecote to Ansty Day 35 – Kings Bromley to Alvecote Day 34 – Little Haywood to Kings Bromley News Winter moorings Day 33 – Stone to Little Haywood Day 32 – Kidsgrove to Stone Day 31 – Wheelock to Kidsgrove Cask ale week – Use your mobile to claim free beer Chimney repairs Day 30 – Marston to Wheelock Day 29 – Dunham Massey to Marston Viewranger mapping app Day 28 – Plank Lane to Dunham Massey Day 27 – Crooke to Plank Lane The anti-Blair cometh…. Day 26 – Rufford to Crooke Day 25 – Morecambe to Rufford – 1,000th post eva! Six companies are about to merge into the biggest farm-business oligopoly in history Day 25 – Hawes to Morecambe Day 24 – Durham to Hawes Day 23 – Newcastle to Durham Day 22 – Norham to Newcastle Day 21 – Edinburgh to Norham Day 20 – Dundee to Edinburgh Day 19 – Aberdeen to Dundee Day 18 – Buckie to Aberdeen Day 17 – Inverness to Buckie Day 16 – Helmsdale to Inverness Day 15 – Helmsdale Day 14 – John O’Groats to Helmsdale Inverness and over the border Travelling by train with a bike UNESCO PLACES OF WORSHIP Day 11 – Tarleton to St. Mary’s Marina, Rufford Day 10 – Tarleton lock Day 9 – Crooke to Tarleton
adult-friend-finder-hacked

The biggest hacks of 2016 – A year in hacking

Michael Tyler

About

Owner and main contributor to the site.

It's only fair to share...Share on Facebook0Tweet about this on TwitterShare on Google+0

In case you didn’t know, in amongst the celebrity deaths, and the unraveling of the NWO bandwagon, 2016 was also a bumper year for hackers. Some of the biggest and most audacious hacks in history took place in 2016, including the hacking of the US elections, and the Mirai botnet DDOS attack, which took down some of the biggest sites on the internet including Amazon, Facebook and Twitter.

There have been the largest hacks of personal information in history. Also in 2016. Names such as Yahoo, with billions of accounts compromised.

So here’s my little run-down.

2016 – A year in hacking.

Adultfriendfinder hack

5) Adultfriendfinder hack – November 14th, 2016

Friend Finder Network Inc is a company that operates a wide range of 18+ services and was hacked in November of 2016 for over 400 million accounts representing 20 years of customer data.

A list of sites verified and how many affected accounts and a brief description:

  • Adultfriendfinder.com
    339,774,493 users
    “World’s largest sex & swinger community”
  • Cams.com
    62,668,630 users
    “Where adults meet models for sex chat live through webcams”
  • Penthouse.com
    7,176,877 users
    Adult magazine akin to Playboy
  • Stripshow.com
    1,423,192 users
    Another 18+ webcam site
  • iCams.com
    1,135,731 users
    “Free Live Sex Cams”
  • Unknown domain
    35,372 users

Total: 412,214,295 affected users

Most of the passwords hacked from the Friendfinder network were stored either as plain text, or lightly encrypted, (in the SHA1 protocol).

Once the accounts were modified and the encrypted passwords hacked, they were made available for sale on the Darkweb.

Here’s a list of the passwords most commonly used:-

RankPasswordFrequency
1123456900,420
212345635,995
3123456789585,150
412345678145,867
51234567890133,414
61234567112,956
7password101,046
8qwerty86,050
9qwertyuiop43,755
1098765432140,627
1112312339,614
1211111138,848
13pussy37,938
14fuckme36,008
15asdfghjkl35,021
1600000034,631
17fuckyou34,498
18abc12334,080
190000033,796
201111133,263
215555531,524
225432131,278
2312345230,111
2465432129,624
25pwd123428,061
26zxcvbnm27,237
27iloveyou24,155
28qwert22,499
2966666621,629
30asdfg20,696
31012345678920,485
32azerty19,700
33098765432119,641
34france19,559
35abcd123419,056
36password118,677
37fffff18,461
3811223318,152
3969696918,150
4012332117,703
4112121217,302
42asdfgh16,400
43football16,080
441234567891016,054
45abcde15,789
46qwerty12315,286
471qaz2wsx14,885
4812312312314,691
49pakistan14,173
50aaaaa13,543

Source: Leaked source.


Yahoo user accounts hacked4) Yahoo hacks – A case of false cookies – 2014 to 2016

Allegedly spanning back to 2014, Yahoo has been leaking information to what it called ‘state sponsored hacking’. The most serious breach occurred in December 2016, when it emerged that up to 1billion accounts had been exposed to a breach in security.

Previously that year, all users had been asked to change and update their security passwords following a widely publicised hack.

Turns out Yahoo was being hacked all along. Right back to 2014. (source)

Forged cookies

What the hackers where doing was creating ‘forged’ cookies.

A cookie sits on the users machine and allows him to look at his own email account, change settings, and have general access to the account without having to enter any details…

What these so called, ‘state sponsored’ cyber-criminals through malicious script on website landing pages, was read and duplicate the authentic cookies from Yahoo, and create duplicates.

These duplicates were then processed into a format to give access to multiple accounts simultaneously.

The information beached included names, email addresses, telephone numbers, dates of birth, hashed passwords and, in some cases, encrypted or un-encrypted security questions and answers.

Payment card data and bank account information were not stored in the system believed to be affected.


Tesco bank hacked3) Tesco bank – Daylight robbery – November 7th, 2016

This is the first instance of a bank having actual live accounts compromised on a large scale.

 ‘The most serious cyber-attack launched against a UK bank’

Tesco Bank manages around 136,000 current accounts, this hack involved the theft of £2.5m from 9,000 customers’ accounts.

Tesco reimbursed the customers.

It represents a landmark hacking in that:

  1. A successful breach of a financial institutions security: Previously, customers had been placed at risk through their own activity, or mis-activity, through phishing sites, fake emails or online scams.
  2. The size of the attack: Over 9,000 customers.

Most customers had around £600 stolen, although one reported a sum of £2,400 removed from their bank during the incident.

More here.


Marai botnet internet attack2) Miria botnet DDoS attack – October 21st, 2016

Although the previous attacks claim ‘state sponsored’ knowhow behind the attacks, this, what is know as the ‘Maria botnet’ DDOS or brute force attack was a first both in terms of scale and methodology.

DDOS are common in the world of internet. The idea is simple; spam a site with so many requests that the servers overheat and stop serving up the traffic.

The solution has been mostly the use of CDN’s or content distribution networks’s. These create a ‘cache’ of content live on the cloud, taking the content of websites away from individual servers, and distributing it among a worldwide network of servers, each serving content to it’s locality.

Once a webpage has been accessed once, that content is moved from the host servers to the cloud servers, and from then on, any repeat requests are dealt with from there.

Miria botnet was a denial of service attack. Unlike previous denial of service attacks, it didn’t use PC or mobile web requests but requests from web-enabled devices. We’re talking routers, DVRs, CCTV cameras, and any other ‘smart’, internet-connected appliances, baby cameras etc.

These items are now collectively know as the Internet Of Things (IOT).

DYN

DYN provides the mapping for Domain Name Servers, that is: it addresses the requests you type into your browser and serves them up converting them from a raw ip, to a recognisable, alphabetical domain name.

According to Dyn, a distributed denial-of-service (DDoS) attack began at 7:00 a.m. (EDT) and was resolved by 9:20 a.m. A second attack was reported at 11:52 a.m. and Internet users began reporting difficulties accessing websites. A third attack began in the afternoon, after 4:00 p.m. At 6:11 p.m., Dyn reported that they had resolved the issue.

Affected websites:-

  • Airbnb
  • Amazon.com
  • Ancestry.com
  • The A.V. Club
  • BBC
  • The Boston Globe
  • Box
  • Business Insider
  • CNN
  • Comcast
  • CrunchBase
  • DirecTV
  • The Elder Scrolls Online
  • Electronic Arts
  • Etsy
  • FiveThirtyEight
  • Fox News
  • The Guardian
  • GitHub
  • Grubhub
  • HBO
  • Heroku
  • HostGator
  • iHeartRadio
  • Imgur
  • Indiegogo
  • Mashable
  • National Hockey League
  • Netflix
  • The New York Times
  • Overstock.com
  • PayPal
  • Pinterest
  • Pixlr
  • PlayStation Network
  • Qualtrics
  • Quora
  • Reddit
  • Roblox
  • Ruby Lane
  • RuneScape
  • SaneBox
  • Seamless
  • Second Life
  • Shopify
  • Slack
  • SoundCloud
  • Squarespace
  • Spotify
  • Starbucks
  • Storify
  • Swedish Civil Contingencies Agency
  • Swedish Government
  • Tumblr
  • Twilio
  • Twitter
  • Verizon Communications
  • Visa
  • Vox Media
  • Walgreens
  • The Wall Street Journal
  • Wikia
  • Wired
  • Wix.com
  • WWE Network
  • Xbox Live
  • Yammer
  • Yelp
  • Zillow

Not a large outage, but a significant disruption. Dyn stated that they were receiving malicious requests from tens of millions of IP addresses totaling 1.2Tbps at it’s peak.

Following the attacks, the code behind botnet was released on Hackforums by a user called Annie-senpai.

The Marai virus continues to grow and mutate, and has made one further, smaller appearance later this year.

No doubt it will be back.


1) Hacking of the US elections – November 2016

Following the election of Donald Trump, it emerged that undue influence in the form of leaked emails provided Trump with the apparatus to bring claims against his competitor which were both true, and supported by admissible evidence.

The fact that this evidence had been unearthed by a group of hackers from a foreign and hostile power, means in essence, the US election had been hacked.

Cozy Bear and Fancy Bear

Intelligence reports an appointed independent group concluded that the attacks had been carried out by two separate, state sponsored Soviet hacking groups; one called Cozy Bear, one called Fancy Bear.

Post-election information led to “a high level of confidence” that Putin “personally directed” the operation.

To read more about Cozy Bear and Fancy Bear.

Donald Trump, the incumbent, continues to refuse to acknowledge the significance of the hack, which involved intercepting the emails of Ms Hillary Clinton, who was using an illegal server with which to conduct White House business of a sensitive nature.
This included a dirty tricks campaign to remove her running partner Bernie Saunders from the race, the details of which were all corroborated by emails and data stored on the illegal server.

The information was then passed to a popular wiki website, where it was published and subsequently to the FBI, where it was investigated.

Both the owner of the popular website and the incumbent US president, deny the emails originated from Russia, or Russian intelligence.


Thankyou goodbye

So there’s the list.

If you thought 2016 was the year of anti-establishment ‘populism’ and dead celebrities, you were wrong.

The list just proves…..

2016 was the year of the hack……

Click here for reuse options!
Copyright 2016 Michael Tyler Sailor's Almanac: Further Narrowboat Adventures
(Visited 6 times, 1 visits today)

2 comments:

Leave a Reply

Your email address will not be published. Required fields are marked *

Facebook Auto Publish Powered By : XYZScripts.com