Binance’s ‘CZ’ Says Half Billion WhatsApp User Records For Sale On Dark Web

Nearly half a billion WhatsApp users’ mobile phone numbers are allegedly for sale on a dark web community forum, according to multiple sources, including Binance’s billionaire Changpeng “CZ” Zhao. 

“A new set of 487 million WhatsApp phone numbers for sales in the Dark Web,” CZ tweeted Sunday. He said a sample of hacked data “indicates the phone numbers are legit.”

CZ warned users on the Meta-owned platform that “threat actors downstream will use this data to conduct smishing (phishing messages) campaigns.” 

Cybernews initially confirmed the hack. They said: 

On November 16, an actor posted an ad on a well-known hacking community forum, claiming they were selling a 2022 database of 487 million WhatsApp user mobile numbers.

The dataset allegedly contains WhatsApp user data from 84 countries. Threat actor claims there are over 32 million US user records included.

Another huge chunk of phone numbers belongs to the citizens of Egypt (45 million), Italy (35 million), Saudi Arabia (29 million), France (20 million), and Turkey (20 million).

The dataset for sale also allegedly has nearly 10 million Russian and over 11 million UK citizens’ phone numbers.

The threat actor told Cybernews they were selling the US dataset for $7,000, the UK – $2,500, and Germany – $2,000.

Cybernews also posted a screenshot of the seller’s post on the forum featuring the total number of phone numbers per country. 

Keep reading

Hacker Sentenced to Probation, No Prison Time, for Data Breach Affecting 100 Million People

A former tech worker from Seattle who was convicted of multiple charges related to the massive hack of Capital One bank and other firms back in 2019 has been sentenced to five years of probation after pleading mental illness.

Paige A. Thompson, 37, used a tool to scan Amazon Web Services (AWS) accounts to identify those which were misconfigured. She then used these misconfigured accounts to hack into networks of over 30 entities and download data, obtaining the personal information of over 100 million people. The data breach forced Capital One to reach a tentative $190 million settlement with affected customers. Capital One was fined $80 million by the Treasury Department for failing to protect data.

Thompson also planted cryptocurrency mining software on the hacked servers, collecting the income generated from such mining. Arrested in July 2019, she was found guilty by a federal jury in June 2022 following a seven-day trial.

On Tuesday, U.S. District Judge Robert S. Lasnik sentenced Thompson to time served plus five years of probation, including location and computer monitoring.

During the sentencing, Lasnik noted that time in prison would be “particularly difficult” for Thompson due to her being transgender and having mental health issues.

U.S. Attorney Nick Brown said that he was “disappointed” with the court’s decision and insisted that this is not what “justice looks like.”

“Ms. Thompson’s hacking and theft of information of 100 million people did more than $250 million in damage to companies and individuals. Her cybercrimes created anxiety for millions of people who are justifiably concerned about their private information. This conduct deserves a more significant sanction,” Brown said.

Keep reading

‘Hundreds’ of secret NATO documents leaked – media

Portugal’s General Staff of the Armed Forces (EMGFA) has been targeted by a “prolonged and unprecedented” cyber attack, resulting in the leak of a raft of secret NATO documents, local media outlets reported on Thursday.

According to Diario de Noticias newspaper, the Portuguese government was not even aware of the attack until the US informed it of the breach, which has been classified by the nation’s authorities as “extremely serious.”

The outlet’s sources claim that it was the US intelligence community that found “hundreds” of confidential or secret NATO documents put up for sale on the dark web. According to the report, the notice on the discovery was sent directly to Antonio Costa, the nation’s prime minister, last August. 

A spokesperson for the US embassy in Lisbon would neither confirm nor deny the report, saying they do not comment on intelligence matters.

Keep reading

Biden’s Cybersecurity Czar Says ‘Systemic Racism’ Is Major Threat to US Security

President Joe Biden’s incoming cyber defense deputy has claimed that “systemic racism” is one of the greatest threats to U.S. cybersecurity.

Camille Stewart, a former Google strategist whom Biden reportedly tapped for White House deputy national cyber director, has argued that “our #NatSec apparatus must be a part of dismantling systemic racism,” and “pursuing anti-racist and anti-hate policy outcomes” should be a chief national security focus for the administration.

Biden’s new hire is likely to stoke concerns from Republican legislators that his administration has been more focused on pushing a race-focused ideological agenda than on traditional national defense issues—such as the increasing risk of cyberattacks from Russia, Iran, and China. The Department of Justice said in June it is bracing for more cyberwarfare from adversarial countries. Last month, the FBI revealed it intercepted an Iranian-backed cyberattack against Boston Children’s Hospital, and Russian hackers targeted an American satellite company in Ukraine earlier this year.

Stewart, who served as policy adviser for the Obama administration’s Department of Homeland Security, has criticized the United States as an intrinsically racist society in her writing and on social media.

She claimed that the U.S. economy “lost $16 trillion b/c of Racism against Black Americans,” and warned in 2020 that “SYSTEMIC RACISM WILL RUIN THIS DEMOCRACY,” arguing that systemic racism was a part of “every institution not just the criminal justice system.”

“[Solutions] to cybersecurity challenges will never reach their full potential until systemic racism is addressed and diverse voices are reflected among our ranks at all levels,” Stewart wrote in a 2020 column for the Council on Foreign Relations titled “Systemic Racism Is a National Security Threat.”

She added that “communities of color are disproportionately affected by cyberattacks that target critical infrastructure.”

Keep reading

4chan users claim to have hacked Hunter Biden’s iCloud account

The contents of Hunter Biden’s iCloud account have allegedly been hacked by users of the 4chan community, who posted screenshots purported to be from his phone and computer on the website’s main political forum late Saturday night.

Administrators on the image board moved quickly in the hours after the content was posted to pull down threads that included materials from the alleged leak, leaving many on the site, which is known for featuring some of the most salacious subject matter on the internet, furious.

The content from the leak could not immediately be verified by the Washington Examiner, and a White House representative did not immediately respond to a request for comment.

It was also not immediately clear if the contents of the 4chan leak included any materials from the younger Biden’s infamous laptop, of which the Washington Examiner verified the authenticity earlier this year. The infamous laptop, which emerged into the public view in the final weeks of the 2020 election, contains details about the first son’s financial dealings and personal matters.

Hunter Biden’s financial affairs, including millions of dollars worth of dealings and money transfers tied to countries such as Ukraine, China, and Russia, have been under federal scrutiny since 2018. Hunter Biden, who revealed the existence of an inquiry into his tax affairs just after the 2020 election, previously claimed to be “100% certain” he will be cleared of wrongdoing.

The Washington Examiner was able to confirm the legitimacy of the laptop after obtaining a copy of the hard drive and having it examined by a former Secret Service agent who has testified as a cyber forensics expert in over 100 classified, criminal, and civil matters at the state, federal, and international levels.

Keep reading

Names, addresses of every concealed carry permit holder in California exposed

The names, addresses, and license types of every Concealed Carry Weapons (CCW) permit holder in California were exposed as part of a data breach suffered by the state Department of Justice, according to the Fresno County Sheriff’s Office.

Officials say the California State Sheriff’s Association informed the Fresno County Sheriff’s Office about the data breach, which followed the publication of the state’s 2022 Firearms Dashboard Portal on Monday, KTLA sister station KSEE/KPGE reports. At the time, state officials described it as improving “transparency and information sharing for firearms-related data.”

Sheriff’s Office officials say the information released included the CCW holders’ name, age, address, Criminal Identification Index (CII) number and license type (Standard, Judicial, Reserve and Custodial). The information included every CCW holder in the state.

In response to the information being released, Fresno County officials say the state disabled access to the website hosting the data – but there are concerns that the information was copied and remains in circulation on social media and other parts of the internet. It is unknown how long the information was publicly accessible on the Department of Justice’s website.

Keep reading

HOW THE NAZIS TEAMED UP WITH IBM FOR MASS MURDER, AND THE INCREDIBLE STORY OF THE FIRST ETHICAL HACKER

In the era of Big Data, few figures are more divisive as that of the hacker. On the one hand, malicious or “black hat” hackers cause billions of dollars of damage every year, breaking into private and public networks to steal money or personal data or simply to create chaos. On the other hand, so-called ethical or “white hat” hackers use their skills in service of the public good, either by probing computer systems for security weaknesses or leaking information on government corruption and other crimes. While mostly associated with the modern digital age, the art of hacking goes back nearly a hundred years. And one of the earliest hackers was also one of the most ethical, using his skills to save millions of French citizens from the Nazis during the Second World War. This is the remarkable story of René Carmille.

The era of Big Data is a lot older than you might think, tracing its origins back to the 1880s and a daunting problem facing the United States Government. The U.S. Constitution mandates that a census be taken every 10 years so that taxes and political representation can be updated according to the changing population. The first U.S. Census took place in 1790, and for the next 90 years census data was collected and processed entirely by hand. In 1880, however, the Census Bureau faced a major crisis: the U.S. population had grown so large that the 1880 census took a full 9 years to complete; by the time the data was ready to use, it was already time for the next census. At this rate, the Bureau feared, future censuses would never be able to catch up, rendering the whole exercise pointless.

Enter Herman Hollerith, an American engineer who had worked on the 1880 census. In 1889, Hollerith patented an ingenious system for speeding up the tabulating of census data, based on the technology of punched cards. While punched cards had previously been used to automate the weaving of complex textile patterns, Hollerith’s system was the first to apply them practically to the field of data processing. Hollerith was inspired by a system introduced by the railroads to help identify and catch train robbers and other criminals. As photography at the time was a slow, cumbersome process, train tickets were instead printed with a series of physical descriptors such as height, eye colour, and facial hair which the conductor could fill out using a standard ticket punch. In this manner, a rough description of each passenger could be recorded. Hollerith realized that this system could easily be adapted to the census, and designed his own punch cards to record census data and a piano-sized machine called a Tabulator to read and process it.

The Hollerith system worked as follows. Census takers would travel around the country and record data like the number, ages, and sex of the people in each household by punching holes in the corresponding fields on the Hollerith cards. These cards would then be sent back to the census bureau for processing. An operator would insert the cards into the Tabulator one by one through a hinged hatch rather like a modern flatbed scanner or photocopier. When the hatch was closed, a grid of spring-loaded metal pins was forced against the card. Where a hole had been punched the pin passed through and made contact with a pool of mercury, completing an electrical circuit. This data was counted and displayed on a series of clock-like dials on the face of the Tabulator, to be manually read and recorded by the operator. The genius of the Tabulator, however, lay in its ability to be rewired or “programmed” to count different combinations of data – for example, unmarried males under the age 30. Hollerith also invented a device called a Sorter consisting of 13 vertical metal bins with spring-loaded lids, each of which could be programmed to collect a different combination of data. So if, for example, the operator inserted a card which included an unmarried male under 30, the bin lid programmed with that combination would pop open so the operator could drop the card in.

The Hollerith system was adopted by the Census Bureau just in time for the 1890 census, and its impact was dramatic. The use of punched cards and tabulators cut the time required to process the census data from 9 down to two years. This dramatic improvement in efficiency lead to Hollerith machines becoming standard equipment at the Census Bureau, and in 1896 Hollerith founded the Hollerith Tabulating Machine Company to sell his machines commercially. Among his first clients were the Prudential Life Insurance Company and the New York Central Railroad, the latter of which processed nearly 4 million freight waybills every year and was an ideal fit for the Hollerith system. Over the next decade Hollerith introduced a number of key innovations which made his system increasingly more efficient and powerful, including redesigned punch cards, improved keypunches for filling out those cards, printers for automatically tabulating data, automatic card feeders and sorters, and plugboards to allow the tabulators to be reprogrammed without having to physically rewire the circuitry. These innovations created a brand-new industry, and Hollerith-style tabulators – now known as “unit record machines” – were adopted by a vast array of businesses for data-heavy tasks like processing invoices and payrolls. The Information Age had officially arrived.

But for Herman Hollerith, success was not to last. In 1903 the new director of the Census Bureau, Simon North, decided that Hollerith had too much of a monopoly on data processing and banned the company’s machines from the Bureau. Then, in 1911, through stock acquisition the Tabulating Machine Company was merged with four other companies to create the Computing-Tabulating Company. Finally, in 1923, this amalgamated company changed its name to International Business Machines – better known as IBM.

Under the direction of CEO Thomas Watson, IBM would go on to dominate the unit record and later the digital computer industry, controlling over 90% of all punch card equipment in the United States by 1950. One of the keys to IBM’s success was that they never sold their machines to clients; they only ever leased them. At one point IBM even considered charging its clients for every individual punch card they used, a practice which would have netted them even more obscene profits. However, for the United States Government this was a step too far, and in 1932 IBM was taken to court for violating the 1914 Clayton Antitrust Act. Though IBM argued that the cards – for which they held the patent – were technically a component of the machines they were already leasing to clients – in 1936 the Government ultimately ruled against them. While IBM was allowed to specify the design of the cards used in its machines, clients were free to acquire the cards themselves from any source they wanted – including manufacturing them themselves. However, even this attempt to extort clients over individual punch cards was far from the most unethical activity IBM would ever be involved in.

The outbreak of the Second World War saw a dramatic surge in business for IBM. Not only did millions of fighting men and tons of military equipment need to be processed for deployment overseas, but unit record equipment quickly found new applications in the field of cryptanalysis. IBM punch card equipment proved ideally suited to searching endless reams of enciphered enemy signals searching for the rare repeats that could help crack the cipher key – a tedious task that had previously been done entirely by hand. Dozens of IBM machines were used at Allied codebreaking centres like Bletchley Park in Buckinghamshire and Arlington Hall in Washington D.C, where they helped to penetrate enemy ciphers like the Nazi Germany’s Enigma and Imperial Japan’s “Purple” and shorten the war by an estimated two years.

But IBM equipment would also be put to far more sinister uses. Like dozens of American companies like Ford, General Motors, Chase Manhattan Bank, and Coca-Cola, IBM did not allow the outbreak of war to interfere with its international business dealings – even those with Nazi Germany. When the Nazis came to power in 1933, the new government put out a tender for a census of the German people. By this point the Nazis had already expelled all Jewish lawyers, doctors, scientists, and other professional from their jobs, and it was abundantly clear that the true goal of this census was to identify and persecute the remaining Jews and other undesirables in Germany. Indeed, in a public statement, Reinhard Koherr, a statistician working for the Nazi Government, sinisterly announced that: “…in using statistics the government now has the road map to switch from knowledge to deeds.”

Nonetheless, Thomas Watson, the CEO of IBM, instructed the company’s German subsidiary DEHOMAG to bid on the contract, which they ultimately won. Over the next decade, hundreds of IBM unit record machines along with spare parts and punch cards were shipped to Germany, where they were immediately put to use in organizing what would eventually become the Holocaust. Machines were set up in the headquarters of the SS’s Rassenamt or Race Office and even in concentration camps like Dachau, where millions of German Jews, Roma, Communists, Homosexuals and other groups deemed politically or racially inferior were systematically identified, categorized, and earmarked for arrest, imprisonment, deportation, forced labour, or extermination. Shockingly, IBM and its subsidiary did far more than simply provide the Nazis with equipment, also sending hundreds of technicians to Germany to train SS personnel how to use and maintain the temperamental equipment. These technicians also developed custom punch cards and special codes to help the SS designate and process concentration camps, prisoner types, and causes of death. For example, Auschwitz was 001, Buchenwald 002, Dachau 003, and so on; 3 designated a homosexual, 9 an anti-social, and 8 a Jew; while 3 represented death from natural causes, 4 summary execution, 5 death by suicide, and 6 by “special treatment” – the Nazi euphemism for extermination via gas chamber. Given this intimate involvement, it is highly unlikely that IBM was unaware of what its machines were being used for, yet the flow of equipment and personnel continued unabated. In fact, so instrumental was IBM to the Nazis’ policy of genocide that in 1937 Adolf Hitler awarded Thomas Watson the Order of the German Eagle for services to the Third Reich, an honour bestowed on several other American Nazi sympathizers including Henry Ford and Charles Lindbergh – and for more on the Lone Eagle’s relationship with the Nazis, please check out our sister channel’s, video “Lucky Lindy and Advancing Medical Science” on our channel Highlight History.

The outbreak of the Second World War in 1939 should have ended the company’s dealings with Nazi Germany, and indeed in June 1940 Thomas Watson returned his Order of the German Eagle. But while IBM publicly feigned remorse for its pre-war actions, in the background their collaboration with the Nazis carried on as before. In 1939 Watson authorized the shipment to Germany of special IBM alphabetizing machines, which were used to round up and execute millions of Jews, intellectuals, and other undesirables during the Nazi conquest of Poland. So complicit was Watson in this policy that he even bankrolled the construction of concrete bunkers at Dachau to protect its IBM machines from British air raids. The Nazi government also offered to buy DEHOMAG outright, giving IBM the opportunity to make a clean break from its subsidiary. But Watson refused, and DEHOMAG remained under the direct control of IBM headquarters in New York. In 1940, Watson directly managed the establishment of a Dutch subsidiary tasked with identifying and rounding that country’s Jews. Aided by the Netherland’s existing Hollerith machine infrastructure and a long Dutch tradition of recording religion in the national census, this effort succeeded in murdering 102,000 of the Netherland’s 140,000 Jews – an extermination rate of 73%. In every territory they conquered, the Nazis immediately carried out a census to identify and round up its racial and political enemies – a process made all the more efficient by IBM equipment. But when the Nazis rolled into France in June 1940, they finally met their match in an unassuming civil servant named René Carmille.

Keep reading

Your iPhone Is Vulnerable to Hacking Even When Turned Off

A new report has revealed that iPhones are vulnerable to malware attacks even when they’re turned off.

Wired reports that according to a recent study from researchers at Germany’s Technical University of Darmstadt, iPhone devices are still vulnerable to malware attacks even when powered off. When turning an iPhone off, chips inside the device still run in a low-power state making it possible to locate the lost or stolen device using the Find My app.

Now, researchers have developed a method to run malware on iPhones even when the devices appear to be powered off. The Bluetooth chip in all iPhones has no way to digitally sign or encrypt the firmware it runs, researchers have now developed a method to exploit the lack of security on the chip and run malicious firmware allowing the researchers to track the iPhone’s location or run new features.

In a recently published paper, the researchers studied the risk posed by chips running in a low-power mode that allows chips responsible for NFC, ultra-wideband, and Bluetooth to run in a more that can remain active for 24 hours after a device is turned off.

Keep reading

Hacker group releases info on Mossad’s alleged involvement in Kazakhstan

The hacker group known as ‘Open Hands’ has once again released sensitive information about the Israeli Mossad and its activities.

Their recent data leak from 7 April was a mini-documentary film showing alleged Mossad activity in Kazakhstan. The film featured anonymous members of the hacker group whose faces were blacked out by shadows. They spoke English, Russian, and Arabic.

The film showcased how the Mossad secretly engages in business activity related to the mining of lithium and other rare earth ores through various front companies.

The film can be found on their Telegram channel.

While it is also found on YouTube, it is unclear for how long it will last until it is subject to YouTube’s censorship policies. Various Silicon Valley social media giants have been accused of bias towards the US, Israel, and their allies.

Keep reading

Apple and Meta Gave User Data to Hackers Who Used Forged Legal Requests

Apple and Meta provided basic subscriber details, such as a customer’s address, phone number and IP address, in mid-2021 in response to the forged “emergency data requests.” Normally, such requests are only provided with a search warrant or subpoena signed by a judge, according to the people. However, the emergency requests don’t require a court order.

Snap Inc. received a forged legal request from the same hackers, but it isn’t known whether the company provided data in response. It’s also not clear how many times the companies provided data prompted by forged legal requests.

Cybersecurity researchers suspect that some of the hackers sending the forged requests are minors located in the U.K. and the U.S. One of the minors is also believed to be the mastermind behind the cybercrime group Lapsus$, which hacked Microsoft Corp., Samsung Electronics Co. and Nvidia Corp., among others, the people said. City of London Police recently arrested seven people in connection with an investigation into the Lapsus$ hacking group; the probe is ongoing.

Keep reading