Tag: hackers

Hackers Can Silently Grab Your IP Through Skype — Microsoft Is In No Rush to Fix It

Hackers are able to grab a target’s IP address, potentially revealing their general physical location, by simply sending a link over the Skype mobile app. The target does not need to click the link or otherwise interact with the hacker beyond opening the message, according to a security researcher who demonstrated the issue and successfully discovered my IP address by using it.

Yossi, the independent security researcher who uncovered the vulnerability, reported the issue to Microsoft earlier this month, according to Yossi and a cache of emails and bug reports he shared with 404 Media. In those emails Microsoft said the issue does not require immediate servicing, and gave no indication that it plans to fix the security hole. Only after 404 Media contacted Microsoft for comment did the company say it would patch the issue in an upcoming update.

The attack could pose a serious risk to activists, political dissidents, journalists, those targeted by cybercriminals, and many more people. At minimum, an IP address can show what area of a city someone is in. An IP address can be even more revealing in a less densely populated area, because there are fewer people who could be associated with it.

“I think just about anybody could be harmed by this,” Cooper Quintin, a security researcher and senior public interest technologist at activist organization the Electronic Frontier Foundation (EFF), said when I explained the issue to him. Quintin said the major concern was “finding people’s location for physical escalations, and finding people’s IP address for digital escalations.”

To verify that the vulnerability has the impact that Yossi described, I asked him to test it out on me. To start, Yossi sent me a link via Skype text chat to google.com. The link was to the real Google site, and not an imposter.

I then opened Skype on an iPad and viewed the chat message. I didn’t even click the link. But very soon after, Yossi pasted my IP address into the chat. It was correct.

Keep reading

Researchers claim US-registered cloud host facilitated state-backed cyberattacks

A little-known cloud company provided web hosting and internet services to more than two dozen different state-sponsored hacking groups and commercial spyware operators, according to researchers at cybersecurity company Halcyon.

In a report released on Tuesday, Halcyon said it had identified that the U.S.-registered company Cloudzy was “knowingly or unwittingly” acting as a command-and-control provider (C2P) to well-known state-sponsored hacking groups. C2Ps are internet providers that allow hackers to host virtual private servers and other anonymized services used by ransomware affiliates to carry out cyberattacks and extortion.

Halcyon said that the two-dozen groups that rely on Cloudzy include the China-backed espionage group APT10; North Korea-backed hackers Kimsuky; and Kremlin-backed groups Turla, Nobelium and FIN12.

FIN12 was the subject of a joint FBI-CISA advisory in October 2020 after carrying out a spate of ransomware attacks targeting the U.S. healthcare industry. In its report, Halcyon said that Cloudzy — then doing business as Router Hosting — hosted at least 40 command and control servers used by FIN12 during its cyberattacks.

The list of groups facilitated by Cloudzy also includes hacking groups from Iran, Pakistan and Vietnam, along with Tel Aviv-based malware maker Candiru, which sells its phone-snooping spyware to government customers. Candiru was sanctioned by the U.S. government in 2021 for engaging in activities contrary to U.S. national security.

Halcyon says that about half of the total servers hosted by Cloudzy appear to be directly supporting malicious activity.

The cybersecurity firm concluded that although the cloud host is registered in the U.S., Halcyon says it has “high confidence” that the cloud host is a cutout for AbrNOC, a cloud host that operates out of the Iranian capital of Tehran, which could put American customers in conflict with U.S. government sanctions.

Cloudzy, which claims to operate out of New York City, is registered in Wyoming, while a support phone number listed by the company is linked to a different address in Las Vegas. AbrNOC shares the same logo as Cloudzy, albeit in a different color, and also shares the same fictitiously named employees, according to Halcyon researchers. A man named Hannan Nozari is listed as abrNOC’s CEO and identifies himself as the founder of both web hosts companies in his Twitter bio, as well as a “Noob on the Internet.”

Nozari did not respond to messages sent by TechCrunch via LinkedIn and email, and TechCrunch was unable to reach anyone at Cloudzy via the number listed on the company’s website.

Keep reading

US Marshals Service Suffers ‘Major’ Data Hack, Compromising Sensitive Information

The United States Marshals Service (USMS) suffered a “major” security breach earlier this month when hackers broke into a computer system and accessed sensitive information about employees and investigative targets, officials confirmed on Feb. 27.

In a statement, a spokesman for USMS—which is responsible for apprehending and handling federal prisoners, pursuing fugitives, and operating the Witness Security Program—said the law enforcement agency discovered the hack and theft of data from its network on Feb. 17.

Spokesman Drew Wade told The Hill that the agency found that the “ransomware and data exfiltration event” had impacted a “stand-alone” system.

After discovering the breach, the Marshals Service “disconnected” the system and the Department of Justice began a forensic investigation, according to Wade.

“The affected system contains law enforcement sensitive information, including returns from legal process, administrative information, and personally identifiable information pertaining to subjects of USMS investigations, third parties, and certain USMS employees,” Wade said.

Keep reading

2022 Biggest Year Ever For Crypto Hacking with $3.8 Billion Stolen, Primarily from DeFi Protocols and by North Korea-linked Attackers

2022 was the biggest year ever for crypto hacking, with $3.8 billion stolen from cryptocurrency businesses.

Hacking activity ebbed and flowed throughout the year, with huge spikes in March and October, the latter of which became the biggest single month ever for cryptocurrency hacking, as $775.7 million was stolen in 32 separate attacks.

Below, we’ll dive into what kinds of platforms were most affected by hacks, and take a look at the role of North Korea-linked hackers, who drove much of 2022’s crypto hacking activity and shattered their own yearly record for most cryptocurrency stolen. 

Keep reading

US No Fly List Leaked After It Was Found in Unsecured Server – Includes Over One Million Names

A Swiss hacker named “maia arson crimew” leaked a copy of the US No Fly list after it was discovered recently in an open server.

The list from 2019 included over 1.5 million names and aliases.

The list was leaked on The Daily Dot.

Because the list is from 2019, it will not include the thousands of names of US patriots who were added to the list following the Jan. 6, 2021, protests in Washington DC.

WalkAway Founder Brandon Straka told Tucker Carlson earlier this week that hundreds of Trump supporters were added to the “no fly list” following the 2021 DC protests.

Keep reading

The dark web’s criminal minds see Internet of Things as next big hacking prize

John Hultquist, vice president of intelligence analysis at Google-owned cybersecurity firm Mandiant, likens his job to studying criminal minds through a soda straw. He monitors cyberthreat groups in real time on the dark web, watching what amounts to a free market of criminal innovation ebb and flow.

Groups buy and sell services, and one hot idea — a business model for a crime — can take off quickly when people realize that it works to do damage or to get people to pay. Last year, it was ransomware, as criminal hacking groups figured out how to shut down servers through what’s called directed denial of service attacks. But 2022, say experts, may have marked an inflection point due to the rapid proliferation of IoT (Internet of Things) devices.

Attacks are evolving from those that shut down computers or stole data, to include those that could more directly wreak havoc on everyday life. IoT devices can be the entry points for attacks on parts of countries’ critical infrastructure, like electrical grids or pipelines, or they can be the specific targets of criminals, as in the case of cars or medical devices that contain software.

“What I wish is that the vulnerabilities of cybersecurity could never negatively affect human life and infrastructure,” says Meredith Schnur, cyber brokerage leader for US & Canada at Marsh & McLennan, which insures large companies against cyberattacks. “Everything else is just business.”

Keep reading

Researchers: California’s Digital License Plates Could Allow Hackers to Track Location

Security researchers were able to gain “super administrative access” to Reviver, the sole provider of California’s digital license plates, and track the GPS location of all of vehicles they are associated with.

A team of security researchers successfully obtained “full super administrative access,” which allowed them to perform a slew of tasks involving the company’s user accounts and vehicles, according to a blog post by researcher Sam Curry.

After gaining access, a hacker could track the physical GPS location of all license plates of Reviver customers, as well as change the slogan or personalized message at the bottom of the plates to arbitrary text.

The personalized messages on the license plates involves a feature that allows customers to digitally update the bottom section of their plates to display different messages, such as, “Go Team!” or “looking for a trail.”

Additionally, a hacker could update any vehicle status to “STOLEN,” which would alert authorities.

“An actual attacker could remotely update, track, or delete anyone’s REVIVER plate,” Curry wrote in his blog post, revealing that he and his team had found security vulnerabilities across the automotive industry, not just with Reviver.

Keep reading

Chinese Cybercriminal Hacker Group Stole $20 Million In COVID Relief Funds, Secret Service Says

U.S. Secret Service officials confirmed an exclusive report Monday alleging prolific cybercriminal hackers tied to the Chinese Communist Party have stolen nearly $20 million worth of COVID pandemic relief benefits.

Secret Service officials did not comment further upon corroborating the NBC News report. However, U.S. law enforcement officials and cybersecurity experts, who spoke on the condition of anonymity, said the pandemic fraud instance is the first publicly acknowledged example of theft linked to foreign and state-sponsored cybercriminals.

Officials said the hacker group in question is APT41, which they described as a “Chinese state-sponsored, cyber threat group that is highly adept at conducting espionage missions and financial crimes for personal gain” that operates out of the southwestern Chinese city of Chengdu.

APT41 — also known as Winnti, Barium, and Wicked Panda — allegedly began stealing COVID relief money in mid-2020 from approximately 2,000 accounts associated with more than 40,000 financial transactions, including Small Business Administration loans and unemployment insurance funds in more than at least a dozen states.

Keep reading

Binance’s ‘CZ’ Says Half Billion WhatsApp User Records For Sale On Dark Web

Nearly half a billion WhatsApp users’ mobile phone numbers are allegedly for sale on a dark web community forum, according to multiple sources, including Binance’s billionaire Changpeng “CZ” Zhao. 

“A new set of 487 million WhatsApp phone numbers for sales in the Dark Web,” CZ tweeted Sunday. He said a sample of hacked data “indicates the phone numbers are legit.”

CZ warned users on the Meta-owned platform that “threat actors downstream will use this data to conduct smishing (phishing messages) campaigns.” 

Cybernews initially confirmed the hack. They said: 

On November 16, an actor posted an ad on a well-known hacking community forum, claiming they were selling a 2022 database of 487 million WhatsApp user mobile numbers.

The dataset allegedly contains WhatsApp user data from 84 countries. Threat actor claims there are over 32 million US user records included.

Another huge chunk of phone numbers belongs to the citizens of Egypt (45 million), Italy (35 million), Saudi Arabia (29 million), France (20 million), and Turkey (20 million).

The dataset for sale also allegedly has nearly 10 million Russian and over 11 million UK citizens’ phone numbers.

The threat actor told Cybernews they were selling the US dataset for $7,000, the UK – $2,500, and Germany – $2,000.

Cybernews also posted a screenshot of the seller’s post on the forum featuring the total number of phone numbers per country. 

Keep reading

Hacker Sentenced to Probation, No Prison Time, for Data Breach Affecting 100 Million People

A former tech worker from Seattle who was convicted of multiple charges related to the massive hack of Capital One bank and other firms back in 2019 has been sentenced to five years of probation after pleading mental illness.

Paige A. Thompson, 37, used a tool to scan Amazon Web Services (AWS) accounts to identify those which were misconfigured. She then used these misconfigured accounts to hack into networks of over 30 entities and download data, obtaining the personal information of over 100 million people. The data breach forced Capital One to reach a tentative $190 million settlement with affected customers. Capital One was fined $80 million by the Treasury Department for failing to protect data.

Thompson also planted cryptocurrency mining software on the hacked servers, collecting the income generated from such mining. Arrested in July 2019, she was found guilty by a federal jury in June 2022 following a seven-day trial.

On Tuesday, U.S. District Judge Robert S. Lasnik sentenced Thompson to time served plus five years of probation, including location and computer monitoring.

During the sentencing, Lasnik noted that time in prison would be “particularly difficult” for Thompson due to her being transgender and having mental health issues.

U.S. Attorney Nick Brown said that he was “disappointed” with the court’s decision and insisted that this is not what “justice looks like.”

“Ms. Thompson’s hacking and theft of information of 100 million people did more than $250 million in damage to companies and individuals. Her cybercrimes created anxiety for millions of people who are justifiably concerned about their private information. This conduct deserves a more significant sanction,” Brown said.

Keep reading