Your iPhone Is Vulnerable to Hacking Even When Turned Off

A new report has revealed that iPhones are vulnerable to malware attacks even when they’re turned off.

Wired reports that according to a recent study from researchers at Germany’s Technical University of Darmstadt, iPhone devices are still vulnerable to malware attacks even when powered off. When turning an iPhone off, chips inside the device still run in a low-power state making it possible to locate the lost or stolen device using the Find My app.

Now, researchers have developed a method to run malware on iPhones even when the devices appear to be powered off. The Bluetooth chip in all iPhones has no way to digitally sign or encrypt the firmware it runs, researchers have now developed a method to exploit the lack of security on the chip and run malicious firmware allowing the researchers to track the iPhone’s location or run new features.

In a recently published paper, the researchers studied the risk posed by chips running in a low-power mode that allows chips responsible for NFC, ultra-wideband, and Bluetooth to run in a more that can remain active for 24 hours after a device is turned off.

Keep reading

Hacker group releases info on Mossad’s alleged involvement in Kazakhstan

The hacker group known as ‘Open Hands’ has once again released sensitive information about the Israeli Mossad and its activities.

Their recent data leak from 7 April was a mini-documentary film showing alleged Mossad activity in Kazakhstan. The film featured anonymous members of the hacker group whose faces were blacked out by shadows. They spoke English, Russian, and Arabic.

The film showcased how the Mossad secretly engages in business activity related to the mining of lithium and other rare earth ores through various front companies.

The film can be found on their Telegram channel.

While it is also found on YouTube, it is unclear for how long it will last until it is subject to YouTube’s censorship policies. Various Silicon Valley social media giants have been accused of bias towards the US, Israel, and their allies.

Keep reading

Apple and Meta Gave User Data to Hackers Who Used Forged Legal Requests

Apple and Meta provided basic subscriber details, such as a customer’s address, phone number and IP address, in mid-2021 in response to the forged “emergency data requests.” Normally, such requests are only provided with a search warrant or subpoena signed by a judge, according to the people. However, the emergency requests don’t require a court order.

Snap Inc. received a forged legal request from the same hackers, but it isn’t known whether the company provided data in response. It’s also not clear how many times the companies provided data prompted by forged legal requests.

Cybersecurity researchers suspect that some of the hackers sending the forged requests are minors located in the U.K. and the U.S. One of the minors is also believed to be the mastermind behind the cybercrime group Lapsus$, which hacked Microsoft Corp., Samsung Electronics Co. and Nvidia Corp., among others, the people said. City of London Police recently arrested seven people in connection with an investigation into the Lapsus$ hacking group; the probe is ongoing.

Keep reading

Anonymous hackers tell companies still operating in Russia to ‘pull out – or you’re next’ after Kremlin websites were hit by cyberattacks in retaliation for Ukraine war

International hacking collective Anonymous has warned Western companies who are continuing to operate in Russia to pull out or risk facing cyberattacks in light of the invasion of Ukraine.

Anonymous is responsible for several attacks of Russian state-controlled media and government websites in which it forcibly swapped Kremlin-directed programming for videos of the bloodshed on the ground in Ukraine and anti-war statements.

The collective has also conducted cyber raids on the likes of Russia’s media regulator Roskomnadzor and Russian intelligence and security service FSB, leaking thousands of classified documents to expose the details of Putin’s plans to conquer Ukraine and undermine the Kremlin’s domestic propaganda drive.

But now, the hacktivists are turning their attention to large corporations who have not yet suspended their operations in Russia amid the war.

Anonymous’ official Twitter account posted yesterday that companies had 48 hours to ‘pull out’ of Russia or face becoming a target of further attacks.

The same account declared on Thursday that its #OpRussia cyber campaign was ‘launching unprecedented attacks’ on Russian government websites and would double the capacity of its attacks.

Keep reading

Russian News Websites Hacked Purportedly by Anonymous Amid Ukraine Invasion

Several Russian state-controlled or state-aligned websites appeared to have been hacked early Monday.

The websites for the major Russian state-owned news agency, TASS, the Russian nationally distributed newspaper, Kommersant, and the daily broadsheet newspaper, Izvestia, which was founded in St. Petersburg during the Russian Revolution and was one of principal media outlets in the Soviet Union, all displayed a message signed purportedly by the notorious hacking collective Anonymous.

“Dear citizens. we call on you to stop this madness,” the message began.  “don’t send your sons and husbands to sure death. Putin is making us lie and puts us in danger.  We have been isolated from the world, no one is buying our oil & gas. In a few year’s time we’ll be living like in North Korea.  Why do we need this? For Putin to make it to history books? This is not our war, let’s stop it!”

It continued, “This message will be deleted and some of us will be fired and maybe put to jail. But we can’t tolerate this anymore. Russian journalists who care. Anonymous.”

The message comes several days after Anonymous, an international hacking collective that has carried out cyberattacks against governments and corporations, appeared to declare war against Russia and its president, Vladimir Putin, in response to Russia’s invasion of Ukraine.

Keep reading

Russian news websites hacked purportedly by Anonymous amid Ukraine invasion

Several Russian state-controlled or state-aligned websites appeared to have been hacked early Monday. 

The websites for the major Russian state-owned news agency, TASS, the Russian nationally distributed newspaper, Kommersant, and the daily broadsheet newspaper, Izvestia, which was founded in St. Petersburg during the Russian Revolution and was one of principal media outlets in the Soviet Union, all displayed a message signed purportedly by the notorious hacking collective Anonymous. 

“Dear citizens. we call on you to stop this madness,” the message began.  “don’t send your sons and husbands to sure death. Putin is making us lie and puts us in danger.  We have been isolated from the world, no one is buying our oil & gas. In a few year’s time we’ll be living like in North Korea.  Why do we need this? For Putin to make it to history books? This is not our war, let’s stop it!”

Keep reading

Google Maps Location Data of Freedom Convoy Donors Posted Online

Precise Google Maps locations of people in Ontario, Canada who donated to the Freedom Convoy was posted online as a result of the GiveSendGo hack that was incited by the media.

Following the legacy media-led demonization of the Canadian truckers and their supporters, the names of 90,000 people who donated to the cause were leaked.

Now a Google Maps link was posted, “pointing to locations of donors throughout the Canadian province, with each pin listing their names, donor ID, email address, and the amount they donated, including those as low as $10,” reports Breitbart.

After being public for hours, Google finally terminated the link, which has now been replaced with a message that states, “This map is no longer available due to a violation of our Terms of Service and/or policies.”

Keep reading

Famous ‘cyberterrorist’ goes on TikTok to take credit for GiveSendGo hack

A self-described “cyberterrorist” who rose to infamy as a member of the hacktivist group Anonymous is taking credit for the recent breach of GiveSendGo that released the names of donors to the Canadian trucker convoy.

In a video posted to his TikTok account, Aubrey Cottle claimed he hacked the fundraising website that the “Freedom Convoy” truckers used to raise money for their protests.

“Yes, I tossed the trucker. I hacked GiveSendGo, and I’d do it again. I’d do it a hundred times. I did it. I did it. Come at me. What are you going to do to me?” Cottle, also known as “Kirtaner,” said in the video. “I’m literally a famous f***ing cyberterrorist, and you think that you can scare me?”

Cottle previously posted a TikTok video on Feb. 7 saying, “It would be a real shame if something were to happen to GiveSendGo.” On Sunday, GiveSendGo was hacked, and over 92,000 names of donors on the platform were leaked online. The hack also redirected the GiveSendGo.com visitors to a new webpage featuring an essay criticizing the platform posted over a video of Disney’s Frozen.

“The Canadian government has informed you that the money you a-holes raise to fund an insurrection is frozen,” the essay said. “You are committed to funding anything that keeps the raging fire of misinformation going until it burns the world’s collective democracies down.”

Keep reading

Hackers Just Leaked the Names of 92,000 ‘Freedom Convoy’ Donors

The Christian crowdfunding site that helped raise $8.7 million for the anti-vax “freedom convoy” in Canada was hacked on Sunday night, and the names and personal details of over 92,000 donors were leaked online.

The database of 92,845 donors is no longer available on the site, but VICE News was able to review a copy of the data.

While some of the donors did not provide their names—such as the person behind the current top donation of $215,000—the vast majority did provide them, including American software billionaire Thomas Siebel, who donated $90,000 to the “freedom convoy.”

While GiveSendGo does allow donors to make their donations public, many chose to use their company’s name or omit their names entirely, so the leaked database contains a lot of information that was never meant to be shared, data like donors’ full names, email addresses, and location.

Keep reading

South Korea: Hackers Steal ‘Naked Photos’ from over 700 Smart Home Devices, Sell for Bitcoin

An unknown party recently hacked at least 700 smart home devices across South Korea and sold explicit images and videos accessed through the devices on the dark web, South Korea’s National Police confirmed Monday when announcing a criminal investigation into the incident.

“After receiving a call from the Korea Internet & Security Agency and starting an inspection, it seems that there were about 700 shootings [recordings],” Nam Gu-Jun, the chief of South Korea’s National Investigation Headquarters — which is a branch of South Korea’s National Police Agency — told reporters on November 29.

“The police have requested the removal of the video from the website where it was posted,” Nam said, as quoted by South Korea’s Kukmin Ilbo newspaper.

“However, since it is a website with a server in a foreign country and a privately operated website, it is unclear whether the request for deletion will be accepted,” the official acknowledged.

“For this reason, the police are also discussing ways to prevent exposure on the domestic Internet with relevant domestic agencies,” he revealed.

The South Korean tech news website IT Chosun exclusively reported on November 15 that hundreds of smart home devices in apartments across Seoul, South Korea’s national capital, and on the southern Korean island of Jeju were recently hacked. Some of the video footage filmed during the hacking was later sold for “‘0.1 BTC” on the dark web. BTC stands for Bitcoin, a type of cryptocurrency. A sum of 0.1 BTC equals about 8 million South Korean won, or roughly USD $6,717.

Keep reading