True story about the CubeCart Hack

For those of you following the CubeCart Hack that has left roughly 64,000 ecommerce businesses open to full database leaks, including personal details like credit card data.

It was not my intention to publish intimate the details of this case to the world as the truth will very likely create ripples through the shopping cart vendor CubeCart. We have made multiple requests to contact us regarding this issue, all of which had been received, but not replied to.

Rather than allow a company lie to their customers about the privacy of their data, we feel that the truth is the number one priority for any business dealing in sotware that holds consumer data.

The founder of CubeCart made a public statment on their company forums

"Just after Christmas, a script kiddie hacker managed to get a malicious file on our server from a security hole in our bug tracker. They then attempted to blackmail us in the usual low life way these people do. However we refused and quickly patched all the servers software and tightened our server security settings locking them out by closing any back door access they created. We were not aware of any breech of data until now and it appears that they have data up to the first few days of January 2012.

The hacker was furious that we didn't pay them and it looks like he/she managed to steal some data from the license system database from our company server and has irresponsibly posted this information online. To add insult to injury they are twisting the facts in an attempt to scare our customers and impact our business.

Please note that;
- the hacker stole data from OUR database. They have no means or method to access any part of your stores data at all.
- most importantly we do NOT store any credit card data on our servers.
- all software license keys remain in the hands of their original owners. No 3rd party is able to unlock or reset them so they have no control or power over your storewhatsoever.
- 64,000 shopping carts are NOT vulnerable. The article title is incredibly misleading and there is no reason to be alarmed as they do not have access to your stores database.
- our server is continually scanned by McAfee Secure for vulnerabilities and we do our very best to keep all software secure and up-to-date... however keeping a server totally bullet proof is never 100% possible and from time to time companies including high profile household names such as Sony have suffered similar exploits.

The only thing we can do is to sincerely apologise and continue and to review our security policies."

They claim that they were originally hacked Christmas of 2011, and blackmailed by the hacker, but failed to warn their customers of their data being compromised. They also claim the data we have obtained was dated 2012, which would make this the 2nd hack, one that they were not aware of.

They make mention of the hacker irresponsibly posted the information online, this is in reference to a now removed link to our website. a false accusation that we are the hacker only proving they are even more clueless about what really has happed than we thought.

They claim that the hacker stole data from only the cubecart company database, we have reason to suggest otherwise. but we will get to that later in this article.

They claim that they do not store credit card data on their servers,

no? then what is this?

"they have no control or power over your storewhatsoever." "64,000 shopping carts are NOT vulnerable"

False. Anonymous Hackers have a new ZeroDay attack they can use against CubeCart to gain full Database Access using what is called SQLi, They can even use google to locate roughly 64,000 websites running your software that the vulnribility currently works on and has been verified by highly skilled security professionals.

We find your remarks to be slanderous, and a down right lie to your customers. if you contacted us rather than avoiding the issue, you would have learned this information before your customers did.

How did we learn of this massive security breech of a leading ecommerce software solution?

We have previously investigated the hacker that tried to blackmail your company, and we have information on who he is, and even his IP address right now, but i guess you're not interested in that. right?

This was submitted to us by the hacker that molested your database.

One thing we know for sure, is he does not stop at one database, and he is all about automation. this means he most likely already has all 64,000 databases sitting on his servers while he buys bulk cheetos off ebay.

Also I love how you try and place blame on McAfee, You are the effing software developer, it was your code that got 64,000 of your customers owned. don't try to spread the blame. because all blame is on you.

Next time, just email us, and we won't have to bash you in a public forum like you did to us.

There is a ton of data to add to this, documented proof, names, hackers involved, groups, etc, but I think we have invested enough time and energy into a worthless cause of defending ourselves against a company that lies to their customers.

Cheers.

Read More

Anonymous Hackers Discuss total Satellite Takeover

Anonymous Hackers discussed what to do with information obtained from NASA computer systems after they were able to gain access to sensitive information. the hackers now have the ability to access communication systems that control most satellite systems for broadcast media, weather, and military equipment.

Some ideas were shuffled around as to crash them all into the lower earth atmosphere and let them burn up, other ideas were to ram them into each other to create a spectacle that the world will be able to gaze up at the sky and see explosions above their heads.

Regardless of the method of destruction, the idea is all the same. show the world that Anonymous hackers have the ability to shutdown the entire world in a matter of minutes, and even launch satellite based nuclear missiles at government targets world wide.

Anonymous could succeed at such a bold attack against the Corporate world if protocols are not put into action to destroy every byte of information related to their movement, and everyone involved should be silenced to prevent the spread of the radical ideology anonymous stands for.

Who's to say they will stop at the satellites, what if they decide to fire the International Space station's engines and force it plummeting into the earth.

If the rich people around the world are unable to watch their Big Brother, Marry some rich guy, and shows making money off humiliation of would-be American Idols, maybe they would be more likely to get in the streets and protest the end to government.

This trend of Anonymous members integrating themselves into Occupy Wall street/your town movements is a dangerous move that could lead millions of Americans to be misdirected into violence creating riots and burning commercial property to the ground. this has already been experienced in California with a serious of fires. death by fire is the way they envision the end of modern society.

There have been rumors that the Hackers behind the NASA security breach were also behind the giant fireball seen over the UK. they may be using the documents to destroy satellites used by major corporations and Governments.

On the other hand, I guess we all have the right to talk about and discuss what you want to. it just makes it difficult to know who is really going to do something, and who is just BSing.

Read More

Anonymous Hackers will strike soon with Drones

There are many reasons why Anonymous Hackers pose a danger to the general population. in the underground world where the hackers pray on the innocent and sharpen their skills. there are members of Anonymous working to create home made drones. these drones can be used to gain intelligence against the United States Military and Government Agencies. 

Being small and light with long range, they will hover just above the tree line while they crack encrypted communications, then relay that data to a safe location where the one controlling the drone is never found.

There have been people seeking more information on what vulnerabilities the drones operated by the united states can be exploited. one method they are using is called GPS Spoofing, this allows the hacker to trick the drone into thinking it is somewhere else, and it can be made to crash into a building, or land in a secret location so it can be stolen.

If hackers gain control of our drones, they could easily turn them against the general public who are unaware of the lurking danger right above them. the dangers I have spoken about are real, and drones have already been hacked. anyone seeking information on drones, their communications, limitations, and how to build them should be considered a threat to national security.

Read More

Anonymous Hackers plan Prison Takeover

 Anonymous Hackers plan Prison Takeover.

The hacker group Anonymous is now discussing what to do with the information they have obtained from the Prison Database stolen from GEO Group. some have discussed staging a hack against the Prison system where the Hackers would open all doors and gates to the facility. once power has been disabled, they would target backup power systems to prevent the doors from being closed.

"people are not animals and should not be caged like a rat." said rac00n in a private IRC discussion. The risk to public safety is great if such an attack is successful. While there are somewhat harmless prisoners, there are also the Hardcore killers and Terrorists that would be set free. Local Government is not equipped or staffed to handle such a large jail break.

Read More