Tag Archives: Hacker

Experts Warn of New Spyware Threat Targeting Journalists

Hacker

Security experts have warned about the emergence of previously unknown spyware with hacking abilities comparable to NSO Group’s Pegasus that has already been used by clients to target journalists, political opposition figures, and an employee of an NGO, The Guardian reported. 

Researchers at the Citizen Lab at the University of Toronto’s Munk School said the spyware, which is made by an Israeli company called QuaDream, infected some victim’s phones by sending an iCloud calendar invite to mobile users from operators of the spyware, who are likely to be government clients. Victims were not notified of the calendar invitations because they were sent for events logged in the past, making them invisible to the targets of the hacking. Such attacks are known as “zero-click” because users of the mobile phone do not have to click on any malicious link or take any action in order to be infected.

According to the Citizen Lab report, the hacking tool is marketed by QuaDream under the name Reign. The hacking attacks that have been discovered occurred between 2019 and 2021.

The research underscores that, even as NSO Group, the maker of one of the world’s most sophisticated cyber weapons, has faced intense scrutiny and been blacklisted by the Biden administration, probably curtailing its access to new customers, the threat posed by similar and highly sophisticated hacking tools continue to proliferate.

Microsoft posted information titled: “Standing up for democratic values and protecting stability of cyberspace: Principles to limit the threats posed by cyber mercenaries”. From the information:

The explosive growth of private “cyber mercenary” companies poses a threat to democracy and human rights around the world. Cyber mercenaries – private companies dedicated to developing, selling, and supporting offensive cyber capabilities that enable their clients to spy on the networks, computers, phones, or internet-connected devices of their targets – are are real cause for concern. These tools have been used to target elections, journalists, and human rights defenders and are increasingly accessible on the open market, enabling malicious actors to undermine our key democratic institutions.

At Microsoft, we believe that digital technology has incredible potential to improve lives across the world, support democracy, and protect and promote human rights. That is why, at the second Summit for Democracy, we were proud to join the international coalition of over 150 companies that make up the Cybersecurity Tech Accord individually and collectively pushing back on the cyber mercenary market by committing to a set of industry principles. 

Our collective commitment to limiting the threats posed by cyber mercenaries:

  • Take steps to counter cyber mercenaries’ use of products and services to harm people;
  • Identify ways to actively counter the cyber mercenary market;
  • Invest in cybersecurity awareness of customers, users, and the general public;
  • Protect customers and users by maintaining the integrity and security of products and services;
  • Develop processes for handling valid legal request for information.

Personally, I don’t see why cyber mercenaries need to exist at all. These groups do not have the right to hack into other people’s phones. If you haven’t updated your iOS devices in a while – now is a great time to do it.

Hacking Forum Shuts Down After Administrator Gets Arrested

Hacker,

Last week, the FBI arrested a man alleged to be “Pompompurin,” the administrator of the infamous and popular BreachForums, TechCrunch reported. Days after the arrest, the cybercrime website’s new administrator announced that they are shutting down the forum for good.

“Please consider this the final update for Breached,” the new admin, known as “Baphomet,” wrote in the official Telegram channel. “I will be taking down the forum, as I believe we can assume that nothing is safe anymore. I know that everyone wants the forum up, but there is no value in short term gain for what will likely be a long term loss by propping up Breached as it is.”

The new administrator Baphomet did not respond to TechCrunch’s request for comment.

According to TechCrunch, the apparent end of BreachForums comes roughly a year after a coalition of international law enforcement agencies led by the U.S. Department of Justice seized RaidForums, another notorious cybercrime forum where hacked databases would be advertised and sold. BreachForums was born in the aftermath of RaidForums’ demise, and served pretty much the same purpose and audience.

The Record reported that a hacker going by the name “Baphomet” initially said they were working through an emergency plan for the forum after the arrest of 21-year-old Conor Brian Fitzpatrick at his home last Wednesday. In court documents, Fitzpatrick is alleged to be the hacker known as pompompurin – the leading administrator of BreachForums.

The Record also reported an update was posted on Tuesday, the new administrator taking over BreachForums said they now plan to shut down the platform entirely.

Baphomet wrote that someone was able to access the backend of the platform through pompompurin’s account on Sunday afternoon, leading them to believe law enforcement may have access to the site’s source code and information about the forum’s users.

According to The Record, Bahomet wrote: “This will be my final update on Breached, as I’ve decided to shut it down. I’m aware this news will not please anyone, but its the only safe decision now that I’ve confirmed that the glowies likely have access to Poms machine,” the hacker said.

The Record also reported that BreachForums became the go-to site for cybercriminals stolen data and market troves of information leaked during hacks and attacks. The forum was most recently in the news after hackers posted data stolen from Washington, D.C’s healthcare exchange platform on the site, including the sensitive information of Congress members and staff.

CNBC reported on March 21, at least 17 current or former members of Congress had personal information exposed in the hack of the District of Columbia health insurance data system, according to a top Democrat investigating the matter. And that number is expected to rise, he said. According to multiple reports, the breach might have impacted more than 56,000 people.

In my opinion, hackers cause problems for everyone – including themselves. They run the risk of going to jail due to their decision to grab data that does not belong to them. It is good that BreachForums is going down.

Europol Announced the Arrest of Two Ransomware Hackers

Hacker,

Eurpol announced in a press release that a coordinated strike between several law enforcement agencies resulted in the arrest in Ukraine of “two prolific ransomware operators known for their extortionate demands (between €5 and €70 million)”.

The law enforcement groups involved included the French National Gendarmerie, the Ukranian National Police Force, and the United States Federal Bureau of Investigation, with the coordination of Europol and INTERPOL.

According to Europol, the results of this included: 2 arrests and 7 property searches; seizure of US $375,000 in cash; seizure of two luxury vehicles worth €217,000 and asset freezing of $1.3 million in cryptocurrencies.

From the Europol press release:

The organized crime group is suspected of having committed a string of targeted attacks against very large industrial groups in Europe and North America from April 2020 onwards. The criminals would deploy malware and steal sensitive data from these companies, before encrypting they files.

They would then proceed to offer a decryption key in return for a ransom payment of several millions of euros, threatening to leak the stolen data on the dark web should their demands not be met.

The Record reported the arrests of the two members of a ransomware gang took place on September 28, in Kyiv, Ukraine’s capital. Of the two suspects who were arrested, one is a 25-year-old believed to be a crucial member of a large ransomware operation.

The names of the two suspects who were arrested have not been released. The Record reported that officials declined to name the suspect’s affiliation to any particular ransomware gang, citing an ongoing investigation. That information came from a Europol spokesperson.

It seems to me that this investigation is just beginning, and that Europol (and the rest of the assisting law enforcement agencies) are intending to continue their efforts. If the agencies are able to determine who else was involved in these crimes, I hope that those people face whatever legal consequences are appropriate.

272 million emails and passwords leaked from Gmail, Hotmail and more

Information, Security, ,

It seems that not a day goes by without some security news, usually in the form of a breach. There have been some big ones too, from Target to Home Depot, as well as online ones, including the embarrassing Ashley Madison one.

Now we have the latest news, and it’s up there with the largest in history. 272 million emails and passwords from the likes of Gmail, Hotmail and others have been leaked.

Before you panic too much, realize that the data obtained consisted largely of data that had been seen before. Hold Security, which broke this news, claims that “Only 0.45 percent is new, meaning that only 1 out of 200 credentials are ones we have never seen before”.

The hacker was simply trying to unload the data and contacted the security firm asking only 50 rubles, which is less than $1 US. Not wanting to contribute anything to this cause the Hold Security company negotiated and received the information for free.

Hold claims “When we peel back the layers and dig deeper, we find that the hacker is holding something back from us. Within several days of communication and after a couple more strategically timed votes on his social media pages, he shared more useful information. At the end, this kid from a small town in Russia collected an incredible 1.17 Billion stolen credentials from numerous breaches that we are still working on identifying. 272 million of those credentials turned out to be unique, which in turn, translated to 42.5 million credentials — 15 percent of the total, that we have never seen before”.

Yes, this has the potential to be very bad, but right now we just don’t know. We also don’t know why the hacker was trying to unload it so quickly and then ended up giving it away. Stay tuned as this unfolds.

Two Million Passwords Stolen by Hackers

Facebook, google, Hacker, LinkedIn, Security, Twitter, Yahoo, , , , , , ,

Trustwave logoOn November 24, 2013, researchers at Trustwave discovered that hackers have obtained up to 2 million passwords for websites like Facebook, Google, Yahoo!, Twitter (and others). Researchers learned this after digging into source code from Pony bonnet. It appears that information about this has only been made public very recently.

Here’s some quick stats about some of the domains from which the passwords were stolen:

* Facebook – 318,121 (or 57%)
* Yahoo! – 60,000
* Google Accounts – 54,437
* Twitter – 21,708
* Google.com – 16,095
* LinkedIn – 8,490
* ADP (a payroll provider) – 7,978

In total, Pony botnet stole credentials for: 1.58 million websites, 320,000 email accounts, 41,000 FTB accounts, 3,000 remote desktops, and 3,000 secure shell accounts.

According to Trustwave, around 16,000 accounts used the password “123456”, 2,221 used “password” and 1,991 used “admin”. Now is a good time to go change your passwords into something strong and secure.

Doing so won’t make it entirely impossible for hackers to crack it, but it could make it more difficult. Trustwave noted that only 5% of the 2 million passwords that were stolen had excellent passwords (meaning the passwords had all four character types and were longer than 8 characters).

Twitter banning Bit.ly, other URL Shortners on Direct Messages (DM)

spam, Twitter, , , , , ,

Twitter logoToday I was trying to send a direct message to a friend. Included was a bit.ly link to a page I needed him to see. For some reason, Twitter kept saying there was an error and cannot send the DM. After checking his page to make sure he was still following me and sending a couple test DMs successfully, I realized the problem was the bit.ly link.

I did a search and found that indeed – Twitter was blocking DMs with bit.ly links. They found many different links could not be sent via DMs. CBS.com was one of those who were blocked by Twitter DMs.

Of course, this is because of Twitter allowing n0n-followers to DM people. You have to opt-in to the option, but with this you can get messages from many different people.

The Twitter error Message Needs to Be Fixed

So direct messaging with a link could come back saying the person might not be following you. That could be totally confusing – especially if you know they are. I almost chalked it up as a twitter database error but decided to check and see if there was any changes.

The only advantage of allowing non-followers to DM is if your Twitter account is a corporate one or you have over 10,000 followers and don’t want to follow them all back.

The Problem with Blocking Bit.ly – the Mask-Around

Spammers are smart and/or intuitive. Instead of using bit.ly, they’ll use another system that gets around the twitter issue. Twitter might then block that, but in the meantime, you don’t see a bit.ly link – you see a My.website link. Give a spammer/hacker 2-3 days with an $8 /year website domain and they could make enough to buy another $8 domain and start the process over again.

Of course this is a very common problem with url shorteners. Tiny URL added spam block and virus protect tools shortly after they started. Bit.ly also has some preventative measures (using companies like Sophos, Verisign, Websense and more). Still, they are not responsible for 3rd party content using their links.

Bottom Line – Don’t click on unknown links

Usually bad links start with “Hey, is this you” or “I got a way you can make money” which really translates to “I got a way for ME to make money using you”. If you choose to opt-in to letting anyone DM you, keep in mind you will get spam in your message box. If you don’t feel confident you can sniff out the good from bad, then simply don’t check the box.

SpyEye hacker extradited to the U.S.

Security,

bigstock-Computer-Hacker-in-suit-and-ti-31750772

The United States has had little luck with landing Kim Dotcom or Julian Assange, but it has managed to grab a hacker. Hamza Bendelladj, known online as Bx1 is an Algerian hacker who was captured and extradited from Thailand. He was arrested back in January while moving through the Bangkok airport on his way from Malaysia.

Bendelladj stands accused of hijacking customer accounts at more than 200 financial institutions using the SpyEye program. Alleged totals of more than 100 million USD over the past five years have been indicated. SpyEye allowed the attacker to alter web pages displayed in a person’s web browser and trick them into entering personal data.

Variants of both SpyEye and Zeus have been used by criminals to automate the process of transferring money.  Bendelladj faces 23 charges from a 2011 indictment. He arrived in Atlanta on Thursday and was arraigned on Friday. He faces up to 30 years in prison and as much as a 14 million USD fine. Security researcher Brian Krebs has posted a PDF of the indictment on his site.

Image: Computer Hacker by BigStock