US Marshals Service Suffers ‘Major’ Data Hack, Compromising Sensitive Information

The United States Marshals Service (USMS) suffered a “major” security breach earlier this month when hackers broke into a computer system and accessed sensitive information about employees and investigative targets, officials confirmed on Feb. 27.

In a statement, a spokesman for USMS—which is responsible for apprehending and handling federal prisoners, pursuing fugitives, and operating the Witness Security Program—said the law enforcement agency discovered the hack and theft of data from its network on Feb. 17.

Spokesman Drew Wade told The Hill that the agency found that the “ransomware and data exfiltration event” had impacted a “stand-alone” system.

After discovering the breach, the Marshals Service “disconnected” the system and the Department of Justice began a forensic investigation, according to Wade.

“The affected system contains law enforcement sensitive information, including returns from legal process, administrative information, and personally identifiable information pertaining to subjects of USMS investigations, third parties, and certain USMS employees,” Wade said.

Keep reading

2022 Biggest Year Ever For Crypto Hacking with $3.8 Billion Stolen, Primarily from DeFi Protocols and by North Korea-linked Attackers

2022 was the biggest year ever for crypto hacking, with $3.8 billion stolen from cryptocurrency businesses.

Hacking activity ebbed and flowed throughout the year, with huge spikes in March and October, the latter of which became the biggest single month ever for cryptocurrency hacking, as $775.7 million was stolen in 32 separate attacks.

Below, we’ll dive into what kinds of platforms were most affected by hacks, and take a look at the role of North Korea-linked hackers, who drove much of 2022’s crypto hacking activity and shattered their own yearly record for most cryptocurrency stolen. 

Keep reading

US No Fly List Leaked After It Was Found in Unsecured Server – Includes Over One Million Names

A Swiss hacker named “maia arson crimew” leaked a copy of the US No Fly list after it was discovered recently in an open server.

The list from 2019 included over 1.5 million names and aliases.

The list was leaked on The Daily Dot.

Because the list is from 2019, it will not include the thousands of names of US patriots who were added to the list following the Jan. 6, 2021, protests in Washington DC.

WalkAway Founder Brandon Straka told Tucker Carlson earlier this week that hundreds of Trump supporters were added to the “no fly list” following the 2021 DC protests.

Keep reading

The dark web’s criminal minds see Internet of Things as next big hacking prize

John Hultquist, vice president of intelligence analysis at Google-owned cybersecurity firm Mandiant, likens his job to studying criminal minds through a soda straw. He monitors cyberthreat groups in real time on the dark web, watching what amounts to a free market of criminal innovation ebb and flow.

Groups buy and sell services, and one hot idea — a business model for a crime — can take off quickly when people realize that it works to do damage or to get people to pay. Last year, it was ransomware, as criminal hacking groups figured out how to shut down servers through what’s called directed denial of service attacks. But 2022, say experts, may have marked an inflection point due to the rapid proliferation of IoT (Internet of Things) devices.

Attacks are evolving from those that shut down computers or stole data, to include those that could more directly wreak havoc on everyday life. IoT devices can be the entry points for attacks on parts of countries’ critical infrastructure, like electrical grids or pipelines, or they can be the specific targets of criminals, as in the case of cars or medical devices that contain software.

“What I wish is that the vulnerabilities of cybersecurity could never negatively affect human life and infrastructure,” says Meredith Schnur, cyber brokerage leader for US & Canada at Marsh & McLennan, which insures large companies against cyberattacks. “Everything else is just business.”

Keep reading

Researchers: California’s Digital License Plates Could Allow Hackers to Track Location

Security researchers were able to gain “super administrative access” to Reviver, the sole provider of California’s digital license plates, and track the GPS location of all of vehicles they are associated with.

A team of security researchers successfully obtained “full super administrative access,” which allowed them to perform a slew of tasks involving the company’s user accounts and vehicles, according to a blog post by researcher Sam Curry.

After gaining access, a hacker could track the physical GPS location of all license plates of Reviver customers, as well as change the slogan or personalized message at the bottom of the plates to arbitrary text.

The personalized messages on the license plates involves a feature that allows customers to digitally update the bottom section of their plates to display different messages, such as, “Go Team!” or “looking for a trail.”

Additionally, a hacker could update any vehicle status to “STOLEN,” which would alert authorities.

“An actual attacker could remotely update, track, or delete anyone’s REVIVER plate,” Curry wrote in his blog post, revealing that he and his team had found security vulnerabilities across the automotive industry, not just with Reviver.

Keep reading

Chinese Cybercriminal Hacker Group Stole $20 Million In COVID Relief Funds, Secret Service Says

U.S. Secret Service officials confirmed an exclusive report Monday alleging prolific cybercriminal hackers tied to the Chinese Communist Party have stolen nearly $20 million worth of COVID pandemic relief benefits.

Secret Service officials did not comment further upon corroborating the NBC News report. However, U.S. law enforcement officials and cybersecurity experts, who spoke on the condition of anonymity, said the pandemic fraud instance is the first publicly acknowledged example of theft linked to foreign and state-sponsored cybercriminals.

Officials said the hacker group in question is APT41, which they described as a “Chinese state-sponsored, cyber threat group that is highly adept at conducting espionage missions and financial crimes for personal gain” that operates out of the southwestern Chinese city of Chengdu.

APT41 — also known as Winnti, Barium, and Wicked Panda — allegedly began stealing COVID relief money in mid-2020 from approximately 2,000 accounts associated with more than 40,000 financial transactions, including Small Business Administration loans and unemployment insurance funds in more than at least a dozen states.

Keep reading

Binance’s ‘CZ’ Says Half Billion WhatsApp User Records For Sale On Dark Web

Nearly half a billion WhatsApp users’ mobile phone numbers are allegedly for sale on a dark web community forum, according to multiple sources, including Binance’s billionaire Changpeng “CZ” Zhao. 

“A new set of 487 million WhatsApp phone numbers for sales in the Dark Web,” CZ tweeted Sunday. He said a sample of hacked data “indicates the phone numbers are legit.”

CZ warned users on the Meta-owned platform that “threat actors downstream will use this data to conduct smishing (phishing messages) campaigns.” 

Cybernews initially confirmed the hack. They said: 

On November 16, an actor posted an ad on a well-known hacking community forum, claiming they were selling a 2022 database of 487 million WhatsApp user mobile numbers.

The dataset allegedly contains WhatsApp user data from 84 countries. Threat actor claims there are over 32 million US user records included.

Another huge chunk of phone numbers belongs to the citizens of Egypt (45 million), Italy (35 million), Saudi Arabia (29 million), France (20 million), and Turkey (20 million).

The dataset for sale also allegedly has nearly 10 million Russian and over 11 million UK citizens’ phone numbers.

The threat actor told Cybernews they were selling the US dataset for $7,000, the UK – $2,500, and Germany – $2,000.

Cybernews also posted a screenshot of the seller’s post on the forum featuring the total number of phone numbers per country. 

Keep reading

Hacker Sentenced to Probation, No Prison Time, for Data Breach Affecting 100 Million People

A former tech worker from Seattle who was convicted of multiple charges related to the massive hack of Capital One bank and other firms back in 2019 has been sentenced to five years of probation after pleading mental illness.

Paige A. Thompson, 37, used a tool to scan Amazon Web Services (AWS) accounts to identify those which were misconfigured. She then used these misconfigured accounts to hack into networks of over 30 entities and download data, obtaining the personal information of over 100 million people. The data breach forced Capital One to reach a tentative $190 million settlement with affected customers. Capital One was fined $80 million by the Treasury Department for failing to protect data.

Thompson also planted cryptocurrency mining software on the hacked servers, collecting the income generated from such mining. Arrested in July 2019, she was found guilty by a federal jury in June 2022 following a seven-day trial.

On Tuesday, U.S. District Judge Robert S. Lasnik sentenced Thompson to time served plus five years of probation, including location and computer monitoring.

During the sentencing, Lasnik noted that time in prison would be “particularly difficult” for Thompson due to her being transgender and having mental health issues.

U.S. Attorney Nick Brown said that he was “disappointed” with the court’s decision and insisted that this is not what “justice looks like.”

“Ms. Thompson’s hacking and theft of information of 100 million people did more than $250 million in damage to companies and individuals. Her cybercrimes created anxiety for millions of people who are justifiably concerned about their private information. This conduct deserves a more significant sanction,” Brown said.

Keep reading

‘Hundreds’ of secret NATO documents leaked – media

Portugal’s General Staff of the Armed Forces (EMGFA) has been targeted by a “prolonged and unprecedented” cyber attack, resulting in the leak of a raft of secret NATO documents, local media outlets reported on Thursday.

According to Diario de Noticias newspaper, the Portuguese government was not even aware of the attack until the US informed it of the breach, which has been classified by the nation’s authorities as “extremely serious.”

The outlet’s sources claim that it was the US intelligence community that found “hundreds” of confidential or secret NATO documents put up for sale on the dark web. According to the report, the notice on the discovery was sent directly to Antonio Costa, the nation’s prime minister, last August. 

A spokesperson for the US embassy in Lisbon would neither confirm nor deny the report, saying they do not comment on intelligence matters.

Keep reading

Biden’s Cybersecurity Czar Says ‘Systemic Racism’ Is Major Threat to US Security

President Joe Biden’s incoming cyber defense deputy has claimed that “systemic racism” is one of the greatest threats to U.S. cybersecurity.

Camille Stewart, a former Google strategist whom Biden reportedly tapped for White House deputy national cyber director, has argued that “our #NatSec apparatus must be a part of dismantling systemic racism,” and “pursuing anti-racist and anti-hate policy outcomes” should be a chief national security focus for the administration.

Biden’s new hire is likely to stoke concerns from Republican legislators that his administration has been more focused on pushing a race-focused ideological agenda than on traditional national defense issues—such as the increasing risk of cyberattacks from Russia, Iran, and China. The Department of Justice said in June it is bracing for more cyberwarfare from adversarial countries. Last month, the FBI revealed it intercepted an Iranian-backed cyberattack against Boston Children’s Hospital, and Russian hackers targeted an American satellite company in Ukraine earlier this year.

Stewart, who served as policy adviser for the Obama administration’s Department of Homeland Security, has criticized the United States as an intrinsically racist society in her writing and on social media.

She claimed that the U.S. economy “lost $16 trillion b/c of Racism against Black Americans,” and warned in 2020 that “SYSTEMIC RACISM WILL RUIN THIS DEMOCRACY,” arguing that systemic racism was a part of “every institution not just the criminal justice system.”

“[Solutions] to cybersecurity challenges will never reach their full potential until systemic racism is addressed and diverse voices are reflected among our ranks at all levels,” Stewart wrote in a 2020 column for the Council on Foreign Relations titled “Systemic Racism Is a National Security Threat.”

She added that “communities of color are disproportionately affected by cyberattacks that target critical infrastructure.”

Keep reading