Lessons from the Hookers.nl breach: cracking 57% of the passwords in three days

Dutch website Hookers.nl — used by prostitutes, escorts and their customers — had been hacked. The site’s user database was stolen and is actively being traded in the underground, and sold for about 2 Euros. The dump contains data of — among others — employees of Dutch governmental intuitions like the department of defense, foreign affairs and law enforcement. Since data is now within virtually anyone’s reach, we expect scams to blackmail users soon.

Hookers.nl publicly stated that passwords were not stolen. Strictly speaking this is true: the database does not contain plain text passwords but hashed passwords. Scattered Secrets was able to crack 57% of the password hashes in three days. This is our story.

Door |2024-07-25T14:36:27+00:00oktober 31, 2019|Article, Artikel, Engels, Nederlands|Reacties uitgeschakeld voor Lessons from the Hookers.nl breach: cracking 57% of the passwords in three days

How to crack billions of passwords?

All kinds of online services get hacked. This includes services that you might be using. Scattered Secrets is a password breach notification and prevention service. We continuously collect publicly available hacked databases and try to crack the corresponding passwords. Verified account owners can access their own information and take appropriate action to keep their accounts safe and prevent against account takeovers. At the time of writing, our database includes nearly four billion — yes, that is with a B — plaintext passwords. Users occasionally ask us how we can crack passwords on such a large scale. To answer this, first we need to look at the basics.

Door |2024-02-17T11:04:28+00:00september 19, 2019|Article, Artikel, Engels, Nederlands|Reacties uitgeschakeld voor How to crack billions of passwords?

DeTT&CT: Mapping your Blue Team to MITRE ATT&CK™

A month ago we, Ruben and Marcus, released the first version of DeTT&CT. It was created at the Cyber Defence Centre of Rabobank, and built atop of MITRE ATT&CK. DeTT&CT stands for: DEtect Tactics, Techniques & Combat Threats. Today we released version 1.1, which contains multiple improvements: changelog. Most changes are related to additional functionality to allow more detailed administration of your visibility and detection.

By creating DeTT&CT we aim to assist blue teams using ATT&CK to score and compare data log source quality, visibility coverage, detection coverage and threat actor behaviours. All of which can help, in different ways, to get more resilient against attacks targeting your organisation.

In this blog we start off with an introduction on ATT&CK and continue with how DeTT&CT can be used within your organisation. Detailed information about DeTT&CT and how it can be used, is documented on the GitHub Wiki pages. Therefore, the explanation we give in this blog will be high-level.

Door |2024-08-26T15:03:54+00:00mei 16, 2019|Article, Artikel, Engels, Nederlands|Reacties uitgeschakeld voor DeTT&CT: Mapping your Blue Team to MITRE ATT&CK™

EFAIL: how to detect you are being attacked?

In an earlier blog, we discussed some implications of the newly found EFAIL attack on PGP and S/MIME. We concluded that CipherMail gateway was not directly vulnerable because the gateway does not load remote content from the email. The email only gets decrypted, validated and then forwarded.

The EFAIL paper describes two types of attack. The "Direct exfiltration" attack and the "Generic exfiltration" attack.

Door |2024-08-26T14:16:10+00:00juni 14, 2018|Article, Artikel, Engels, Nederlands|Reacties uitgeschakeld voor EFAIL: how to detect you are being attacked?

Yesterday’s non-issue, todays record breaker…

How open memcached quickly escalated to a record breaking DDoS vehicle.

In my previous column I already described the amplification phenomenon that is used in modern DDoS attacks to turn a small traffic stream into a large one. In short, the criminals that launch DDoS attacks send small requests to publicly exposed services and spoof the originating IP address. These services then reply to the spoofed source address with a reply that is much larger then the original request, therefor amplifying the attack traffic.

Door |2024-02-17T12:51:50+00:00maart 22, 2018|Article, Artikel, Engels, Nederlands|Reacties uitgeschakeld voor Yesterday’s non-issue, todays record breaker…

The cost of business vs the cost of crime…

If you live in The Netherlands you probably noticed that a series of DDoS attacks caused quite some uproar in our little corner of the world. One of the questions I get asked regularly is why we still cannot deal with these types of attacks.

We are at un unfair disadvantage, or more accurately phrased, the criminals have an unfair advantage. The cost, in terms of money, time, lost functionality, etc., of preventing a crime or attack are often higher than those the criminal or attacker needs to make to actually commit his deed.

Door |2024-02-17T12:55:40+00:00februari 15, 2018|Article, Artikel, Engels, Nederlands|Reacties uitgeschakeld voor The cost of business vs the cost of crime…

Security in historical perspective

Once you consider security in a historical perspective, it is easy to recognise that several security approaches evolved over time to protect information and IT against external and internal threats. And your security likely needs all of them..

Door |2024-02-17T06:32:33+00:00augustus 11, 2015|Artikel, Nederlands|Reacties uitgeschakeld voor Security in historical perspective
Ga naar de bovenkant