Kecoak Elektronik Indonesia

Dear hackerz,

Kami kecoak elektronik sedang menyiapkan Terbitan Online Kecoak Elektronik (TOKET) Volume 7 sebagai kelanjutan kontribusi kami pada dunia underground serta upaya kami dalam pencapaian misi memberikan pendidikan keamanan jaringan komputer pada penggiat IT security. Adapun rencana penerbitan TOKET volume 7 adalah pada hari kemerdekaan NKRI tanggal 17 Agustus 2010 dengan detail berikut:

kecoak@yourserver~> head -5 cfp.sh
#
# !/bin/sh
# CALL FOR PAPER - CALL FOR PAPER - CALL FOR PAPER
# Terbitan Online Kecoak Elektronik (TOKET) volume 7
#
kecoak@yourserver~> sh cfp.sh

Dear all,
Kecoak elektronik sedang menyiapkan terbitnya TOKET volume 7 meng
harapkan partisipasi semua dalam menulis artikel.

Kirimkan artikel anda dengan tema seperti di bawah ini :

1. Sistem Operasi (Windows, UNIX, *NIX)
2. Penyandian (Cryptography)
3. Hacking
4. Phreaking
5. Cracking (Cracking the Operating System)
6. Pemrograman
7. Networking
8. Human Computer Interaction (Interaksi Manusia Komputer)
9. Teknologi Informasi dan Sistem Informasi

TOKET juga menerima artikel berupa underground & hacktivism news,
spirit of hacking, dan government spying. Segera kirimkan artikel
anda ke :

staff@kecoak-elektronik.net

Deadline pengiriman - 10/08/2010
Rilis TOKET Vol 07 - 17/08/2010

kami tunggu artikel dari anda !!!

Salam hangat dari sarang kecoak.

~eL Byteskrew

kecoak@yourserver~> date
Mon Jul 12 10:09:15 WIT 2010
kecoak@yourserver~> tail -5 cfp.sh

# CALL FOR PAPER - CALL FOR PAPER - CALL FOR PAPER
# Terbitan Online Kecoak Elektronik (TOKET) volume 7
# http://kecoak-elektronik.net
# EOF

So be ready to hack all the night and prepare your article! We wait yours and appreciate it as well.

From Creating aa proactive enterprise security incident response program

Information security incidents are a fact of life. We have witnessed them on the news and within our own organizations — attackers are getting into networks and stealing corporate secrets and customer data. It’s vital to take a proactive approach to incident response to be sure certain enterprises are equipped and ready for the next incident.

Incident preparation helps enterprises maintain controlled and efficient responses during chaotic incident response moments. While the ideal scenario would involve companies avoiding incidents altogether, it’s important to be realistic and make preparations that will allow for a brisk response in the event of a security incident. There are numerous steps to take in preparation, and in this tip, I outline several necessary steps for creating an efficient security incident response program.

Establish an incident response program and team

A security incident response team should set up a security incident response program in order to ensure there is an organized, management-approved plan in place. Management must support the team, and sign-off on the official charter, which should outline the mission, scope and objectives of the incident response program. Along with technical incident handlers, the incident response team should include operational and administrative support from IT, legal, HR and management.

Additionally, the security incident response team should work with management to set pre-defined thresholds for leaving systems infected for forensic analysis, isolating systems in “incident” VLANs, or completely disconnecting infected systems. It’s critical to be able to disconnect critical systems when dangerous situations occur, such as data exfiltration; it may be disruptive, but it’s better to disable a critical system as a last resort containment strategy, than to watch sensitive data fly out the door.

Once the plan is developed, the incident response team should create incident scenarios, test and practice pre-planned responses on an ongoing basis. This means providing resources for training response staff as well.

Establish a known good baseline

Detecting specific attack events — what files were accessed, deleted, added or modified, for example — is easier when enterprises already know what is on their networks. Establishing a known good baseline involves performing an inventory of all critical system files and obtaining their MD5 (Message-Digest algorithm 5) checksums. An MD5 checksum is a hash value of a file to perform validation against after an incident occurs. This enables responders to validate the integrity of files to see if any changes were made. For checking critical Windows files, a free utility called MD5 Deep can perform recursive checksum calculations in directories and subdirectories. For Unix and Linux flavors, the MD5sum command (e.g., # md5sum ) can be used. Other areas to baseline include network traffic, processes and services.

If having personnel watch logs all day is impossible due to limited resources or otherwise, administrators should dedicate time to reviewing logs on a regular basis. To make reviewing and correlating easier, all logs should be centralized to a syslog server and time should be synchronized across the enterprise using an NTP server. Place the syslog server on a separate segment (away from primary servers), with ACLs blocking all but syslog traffic to that server, typically UDP/514. In addition, log management tools such as ArcSight, Tenable Network Security’s Log Correlation Engine, and LogLogic can help make log analysis much easier. By reviewing server, application and infrastructure device logs regularly, analysts will develop a better understanding of what’s considered “normal” network traffic. The same is true of processes and services. Having a known good baseline will enable analysts to discern when new processes or services are introduced into systems.

Develop an incident response program toolkit

A combination of software and hardware tools can make responding to an incident easier and more efficient. A readily available bag should house all of these tools in a convenient spot for when an incident must be responded to on a moment’s notice. That bag should contain cables (cross-over, straight-through and console, just to name a few ), a network tap to passively collect data, blank CDs and hard drives, a laptop, pens and pads. Some good open source tools include Helix (a Linux bootable disc for system analysis), the dd copying program for making binary backups, netcat and cryptcat for moving data across the network, and the Sleuth Kit forensics software. Some commercial forensics tools include EnCase by Guidance Software Inc. and FTK 3 by AccessData Corp. Other useful open source tools include Fport by Foundstone Inc., Sysinternals by Microsoft and Mandiant Corp.’s Memoryze.

Develop security incident response program cheat sheets

When the pressure is on and chaos increases, it may be difficult to remember all the details for an efficient security incident response, especially with an audience of executives and other concerned stakeholders. Cheat sheets can help ease this pressure. A security incident cheat sheet should contain the proper commands and command switches that aren’t used on a daily basis, the questions to ask administrators upon arrival at the scene, and the proper steps for forensic evidence preservation. Security expert Lenny Zeltser and SANS have some excellent cheat sheets to get started.

The above steps touch on a few of the necessary activities for efficient security incident response preparation. However, no plan should remain static for too long. Organizations must be proactive in developing new countermeasures and response actions to emerging threats. Start collaborating and sharing incident information with both your organizaton’s ISPs and law enforcement. Develop escalation and notification procedures. It’s essential to stay current and track attack trends — especially those within the company’s sector. Preparation ensures that responses are planned, understood and executed properly by all members of the organization.

Beberapa minggu yang lalu ada sebuah posting yang menyatakan bahwa situs kecoak elektronik menyimpan trojan, trojan tersebut akan masuk kedalam komputer pengunjung situs yang membuka halaman website kecoak-elektronik.net. Sayangnya, walaupun sang newbie memberikan penyataan yg cukup panjang lebar (sekaligus mempromosikan suatu website), namun tidak dapat memberikan detail masalah yang dia alami dengan baik. Dan posting tersebut adalah satu-satunya posting hingga saat ini dari user yang bersangkutan (wonder why?).

Beberapa hari yang lalu, seorang rekan memberitahu bahwa AV yang dia gunakan memberikan pesan bahwa terdapat ‘known attack’ dari situs www.kecoak-elektronik.net/log berupa RCE (Remote Code Execution) dalam VBScript. Pola serangan tersebut berasal dari aplikasi FIREFOX.EXE yang merupakan browser dia ketika mengakses situs kecoak elektronik. Dari analisis lebih lanjut didapatkan bahwa VBScript tersebut merupakan bagian dari isi blog kecoak elektronik (http://www.kecoak-elektronik.net/log/2010/03/06/malicious-hlp-kitrap0d-system-shell/) ketika membahas CVE2010-0483. Prinsip dasar web browser adalah mendownload isi suatu website dan menginterpretasikan berdasarkan engine-nya masing-masing. Untuk beberapa AV seperti Norton yang ‘cengkraman’ nya cukup kuat, maka isi website tersebut dapat dikenali sebagai ‘known attack pattern’. Bahasa kerennya untuk kasus ini adalah False Positive.

Berikut ini adalah contoh screenshot untuk kasus tersebut.

Berhubung orang yang pertama kali memberitahu kami melalui forum diatas tidak mampu menyuguhkan informasi detail yang membuat dia bisa ‘mengoceh’ bahwa situs kecoak elektronik dipasang trojan, maka kasus yang dia alami kami anggap sama dengan kasus False Positive AV. Kami tidak akan setolol itu menghosting suatu trojan pada website milik sendiri yang notabene ditujukan untuk share informasi kepada publik. Kami tidak mengambil keuntungan apapun dari publik dengan keberadaan website ini, bahkan sama sekali tidak memperdulikan masalah page rank ataupun melakukan instalasi adsense maupun meminta donasi demi kelancaran hosting, menyemangati utk menulis sesuatu yg berguna, sharing info dll.

Apakah mungkin website kecoak elektronik telah di-hack dan dimasukan suatu trojan?well, we’re livin in underground. Serang dan diserang adalah hal yang wajar, dan kemungkinan tersebut akan tetap ada. Tidak ada yang sempurna dalam dunia security. Untuk itu jika kalian memang merasa mampu memberikan petunjuk yang mengindikasikan bahwa telah terinstall trojan ataupun crimeware dalam website kecoak elektronik bisa mengirimkan email kepada kami untuk dianalisis lebih lanjut. Otherwise, we don’t f*ckin care ’bout ur f*ckin sh*t.

Last, beberapa hari yang lalu dilakukan perbincangan singkat antara beberapa staff kecoak elektronik. Sepertinya sudah beberapa kali kami menerima kabar ada individu yang ‘ngaku-ngaku’ anggota kecoak elektronik ketika melamar suatu pekerjaan, khususnya lowongan pekerjaan yang berbau IT Security. FYI, kami berusaha sebaik mungkin untuk menjaga kemurnian kecoak elektronik yang sifatnya underground dan non-profit community. Dan sepanjang yang kami tau, staff kecoak elektronik tidak pernah menyatakan status keanggotaan dalam kelompok kecoak elektronik kepada publik dengan tujuan profit oriented, khususnya dalam hal melamar pekerjaan.

Huh, that’s all folks. Sori jika ternyata pada postingan ini tidak ada hal berbau teknikal yang bisa dinikmati ataupun menjadi bahan diskusi. We’ll keep them posted later…

Cheers,

KEI

Sesuai rencana, Terbitan Online Kecoak ElekTronik (TOKET) diterbitkan pada hari ini, 15 February 2010. Toket edisi ke-6 ini berisi 6 buah artikel, diantaranya:

0x00-Introduction .................................	BytesKrew
0x01-Exploiting Future Internet - Defeating IPv6...	Ph03n1X
0x02-Fun with Elf and Ptrace.......................	Elz
0x03-Tale stories behind pop+pop+ret...............	!@#$%^&*()
0x04-RTLD FreeBSD Bugs Analysis....................	Elz
0x05-Modifying Source Code - Stealing Password.....	BytesKrew
0x06-Eleonore and The Crimeware Myth...............	G.S

We just had valentine yesterday, so I don’t wanna give bad words following this release. We already have pretty much ‘bad stuff’ within this edition, that’s enough .

So, enjoy, undergr0und…and be a ‘good’ boy.

I just want to say hello to everyone ! long time no see, I have been busy with exams, school, and university applications. I promise I will be back soon ! – Sp1d3r-73

scut: kalau ada seseorang yang mengaku sebagai scut dan meminta uang atau pinjam uang dengan modus saya kecelakaan atau sakit, ignore saja dan laporkan nomer telponnya ke polisi. scut gak mungkin minta duit
scut: tadi barusan dapat berita dari jogja
scut: kalau ada orang mengaku sebagai saya dan meminta uang, dan pas gak di kasih, temenku yang dimintain duit malah di maki2
scut: no nya 081396532323
scut: thx

This is from our old pals, scut of kecoak elektronik. He’s fine currently, so…it’s a scam.

Hello Hackerz, Demi mempertahankan budaya berbagi dan bentuk dedikasi kami terhadap dunia IT Indonesia, khususnya di bidang security, dengan ini kami me-relese CFP (Call For Paper) untuk eZinE ToKet (Terbitan Online Kecoak Elektronik) Volume 6.

kecoak@yourserver~> head -5 cfp.sh
#
# !/bin/sh
# CALL FOR PAPER - CALL FOR PAPER - CALL FOR PAPER
# Terbitan Online Kecoak Elektronik (TOKET) volume 6
#
kecoak@yourserver~> sh cfp.sh

Dear all,
Kecoak elektronik sedang menyiapkan terbitnya TOKET volume 6 meng
harapkan partisipasi semua dalam menulis artikel.

Kirimkan artikel anda dengan tema seperti di bawah ini :

1. Sistem Operasi (Windows, UNIX, *NIX)
2. Penyandian (Cryptography)
3. Hacking
4. Phreaking
5. Cracking (Cracking the Operating System)
6. Pemrograman
7. Networking
8. Human Computer Interaction (Interaksi Manusia Komputer)
9. Teknologi Informasi dan Sistem Informasi

TOKET juga menerima artikel berupa underground & hacktivism news,
spirit of hacking, dan government spying. Segera kirimkan artikel
anda ke :

staff@kecoak-elektronik.net

Deadline pengiriman - 31/01/2010
Rilis TOKET Vol 06  - 15/02/2010

kami tunggu artikel dari anda !!!

Salam hangat dari sarang kecoak.

~eL Byteskrew

kecoak@yourserver~> date
Sat Dec  5 05:01:27 WIT 2009
kecoak@yourserver~> tail -5 cfp.sh

# CALL FOR PAPER - CALL FOR PAPER - CALL FOR PAPER
# Terbitan Online Kecoak Elektronik (TOKET) volume 6
# http://kecoak-elektronik.net
# EOF

I bet this volume will be different if you guys make some contribution, even you explain the old technique or modification old stuff, just submit it.

Info lebih lengkap mengenai acara dan lain-lain bisa langsung menuju situs resmi idsecconf 2009. Kami dari kecoak elektronik masih tetap mendukung event kumpul-kumpul bagi komunitas security ini. Beberapa staff kecoak elektronik juga akan hadir, but don’t expect they will use known identity there .

So, let’s meetup and see ya there guys…

Not an important post actually, excuse for this. Just another temporary themes, somehow the old one broken with something . Fix it later when I had time…

*sigh*

Well, eZine toket Volume 05 has been released. We love writing anonymously, and still do. Catch them from here.