Tag: hackers

AlphV ransomware site is “seized” by the FBI. Then it’s “unseized.” And so on.

The FBI spent much of Tuesday locked in an online tug-of-war with one of the Internet’s most aggressive ransomware groups after taking control of infrastructure the group has used to generate more than $300 million in illicit payments to date.

Early Tuesday morning, the dark-web site belonging to AlphV, a ransomware group that also goes by the name BlackCat, suddenly started displaying a banner that said it had been seized by the FBI as part of a coordinated law enforcement action. Gone was all the content AlphV had posted to the site previously.

Around the same time, the Justice Department said it had disrupted AlphV’s operations by releasing a software tool that would allow roughly 500 AlphV victims to restore their systems and data. In all, Justice Department officials said, AlphV had extorted roughly $300 million from 1,000 victims.

An affidavit unsealed in a Florida federal court, meanwhile, revealed that the disruption involved FBI agents obtaining 946 private keys used to host victim communication sites. The legal document said the keys were obtained with the help of a confidential human source who had “responded to an advertisement posted to a publicly accessible online forum soliciting applicants for Blackcat affiliate positions.”

“In disrupting the BlackCat ransomware group, the Justice Department has once again hacked the hackers,” Deputy Attorney General Lisa O. Monaco said in Tuesday’s announcement. “With a decryption tool provided by the FBI to hundreds of ransomware victims worldwide, businesses and schools were able to reopen, and health care and emergency services were able to come back online. We will continue to prioritize disruptions and place victims at the center of our strategy to dismantle the ecosystem fueling cybercrime.”

Within hours, the FBI seizure notice displayed on the AlphV dark-web site was gone. In its place was a new notice proclaiming: “This website has been unseized.” The new notice, written by AlphV officials, downplayed the significance of the FBI’s action. While not disputing the decryptor tool worked for 400 victims, AlphV officials said that the disruption would prevent data belonging to another 3,000 victims from being decrypted.

“Now because of them, more than 3,000 companies will never receive their keys.”

Keep reading

Lapsus$: GTA 6 hacker handed indefinite hospital order

An 18-year-old hacker who leaked clips of a forthcoming Grand Theft Auto (GTA) game has been sentenced to an indefinite hospital order.

Arion Kurtaj from Oxford, who is autistic, was a key member of international gang Lapsus$.

The gang’s attacks on tech giants including Uber, Nvidia and Rockstar Games cost the firms nearly $10m.

The judge said Kurtaj’s skills and desire to commit cyber-crime meant he remained a high risk to the public.

He will remain at a secure hospital for life unless doctors deem him no longer a danger.

The court heard that Kurtaj had been violent while in custody with dozens of reports of injury or property damage.

Doctors deemed Kurtaj unfit to stand trial due to his severe autism so the jury was asked to determine whether or not he committed the alleged acts – not if he did so with criminal intent.

A mental health assessment used as part of the sentencing hearing said he “continued to express the intent to return to cyber-crime as soon as possible. He is highly motivated.”

The jury was told that while he was on bail for hacking Nvidia and BT/EE and in police protection at a Travelodge hotel, he continued hacking and carried out his most infamous hack.

Despite having his laptop confiscated, Kurtaj managed to breach Rockstar, the company behind GTA, using an Amazon Firestick, his hotel TV and a mobile phone.

Kurtaj stole 90 clips of the unreleased and hugely anticipated Grand Theft Auto 6.

He broke into the company’s internal Slack messaging system to declare “if Rockstar does not contact me on Telegram within 24 hours I will start releasing the source code”.

He then posted the clips and source code on a forum under the username TeaPotUberHacker.

He was rearrested and detained until his trial.

Keep reading

Genetic testing company 23andMe admits hackers accessed data of more than 6.9 MILLION people – after claiming about 14,000 profiles had been breached

Genetic testing firm 23andMe has admitted that hackers accessed sensitive data on 6.9 million people – or 50 percent of its users.

The mammoth breach is the result of digital spies using old passwords to break into files belonging to 0.1 percent of customers – some 14,000 profiles – which are linked to millions more through ancestry tracing. 

On Friday, 23andMe admitted in a Securities and Exchange Commission disclosure that overall, a ‘significant number’ of files ‘containing profile information about other users’ ancestry’ had been stolen. 

The California-based company, which is a market-leader in the $17 billion genetic testing industry, later told TechCrunch that this amounted to around half of its 14 million users. 

It highlights how the explosion in popularity of at-home DNA testing kits which have led to hundreds of Americans uncovering shocking family secrets, could come with unexpected consequences. 

Keep reading

Hackers who targeted the private hospital that treated Kate Middleton are threatening to release the Royal Family’s private medical information

Hackers who targeted the private hospital which treated Kate, Princess of Wales, are threatening to release private medical information belonging to members of the Royal Family.

The gang broke into the computer systems of the King Edward VII’s Hospital and warned they aim to release ‘data from the Royal Family’ on Tuesday unless they are paid £300,000 in the cyber currency Bitcoin.

The ransom demand was made on the dark web, where the hackers posted images of what they claim are stolen files including X-rays, letters from consultants, registration forms, handwritten clinical notes, and pathology forms.

GCHQ and police are investigating the attack by hacking gang Rhysida – named after a venomous tropical centipede.

The 56-bed private hospital in Marylebone has been used by the Royal Family for more than a century. The late Queen Elizabeth II was a patient and so was Prince Philip who spent almost a month being treated there before he died aged 99 in 2021.

The Princess of Wales was admitted there in 2012 with prolonged bouts of acute morning sickness during her first pregnancy. 

During her stay, two Australian radio DJs placed a hoax call and obtained private medical information about Kate – then the Duchess of Cambridge – which they then broadcast, forcing hospital bosses into an embarrassing apology. 

The nurse who unwittingly took the call later took her own life over the prank.

Last night, Philip Ingram, former British military intelligence colonel, said: ‘Given the highly sensitive nature of the patients, there will be a degree of pressure on the hospital to try to stop any of this data being released. 

And therefore I would expect them to explore the possibility of paying the ransom.

Keep reading

I’m a professional hacker – and these are the 5 things that would allow me to crack into your smartphone within SECONDS

Many of us would feel lost without our smartphones in hand – but what if that same device became a tool for criminals?

Kieran Burge, a security consultant at Prism Infosec, has revealed the five common mistakes that could let him crack into your smartphone within seconds.

As a penetration tester – a legal hacker who tests companies’ cybersecurity to find weaknesses before criminals do – Kieran knows what he’s talking about. 

And he says that simple mistakes such as reusing passwords, clicking on dodgy links and sharing too much information on social media could land you in hot water. 

So, are you guilty of these security blunders? Read on to find out.  

Keep reading

Guccifer, the Hacker Who Launched Clinton Email Flap, Speaks Out After Nearly a Decade Behind Bars

ARCEL LEHEL LAZAR walked out of Federal Correctional Institute Schuylkill, a Pennsylvania prison, in August 2021. The 51-year-old formerly known only as Guccifer had spent over four years incarcerated for an email hacking spree against America’s elite. Though these inbox disclosures arguably changed the course of the nation’s recent history, Lazar himself remains an obscure figure. This month, in a series of phone interviews with The Intercept, Lazar opened up for the first time about his new life and strange legacy.

Lazar is not a household name by unauthorized access standards — no Edward Snowden or Chelsea Manning — but people will be familiar with his work. Throughout 2013, Lazar stole the private correspondence of everyone from a former member of the Joint Chiefs of Staff to “Sex and the City” author Candace Bushnell.

There’s an irony to his present obscurity: Guccifer’s prolific career often seemed motivated by an appetite for global media fame more than any ideology or principle. He acted as an agent of chaos, not a whistleblower, and his exploits provided as much entertainment as anything else. It’s thanks to Guccifer’s infiltration of Dorothy Bush Koch’s AOL account that the world knows that her brother — George W. Bush — is fond of fine bathroom self-portraiture.

“I knew all the time what these guys are talking about,” Lazar told me with a degree of satisfaction. “I used to know more than they knew about each other.”

Ten years after his email rampage, Lazar said that, back then, he’d hoped not for celebrity but to find some hidden explanation for America’s 21st century slump — a skeleton key buried within the emails of the rich and famous, something that might expose those causing our national rot and reverse it. Instead, he might have inadvertently put Donald Trump in the White House.

Keep reading

In a first, cryptographic keys protecting SSH connections stolen in new attack

For the first time, researchers have demonstrated that a large portion of cryptographic keys used to protect data in computer-to-server SSH traffic are vulnerable to complete compromise when naturally occurring computational errors occur while the connection is being established.

Underscoring the importance of their discovery, the researchers used their findings to calculate the private portion of almost 200 unique SSH keys they observed in public Internet scans taken over the past seven years. The researchers suspect keys used in IPsec connections could suffer the same fate. SSH is the cryptographic protocol used in secure shell connections that allows computers to remotely access servers, usually in security-sensitive enterprise environments. IPsec is a protocol used by virtual private networks that route traffic through an encrypted tunnel.

The vulnerability occurs when there are errors during the signature generation that takes place when a client and server are establishing a connection. It affects only keys using the RSA cryptographic algorithm, which the researchers found in roughly a third of the SSH signatures they examined. That translates to roughly 1 billion signatures out of the 3.2 billion signatures examined. Of the roughly 1 billion RSA signatures, about one in a million exposed the private key of the host.

While the percentage is infinitesimally small, the finding is nonetheless surprising for several reasons—most notably because most SSH software in use—including OpenSSH—has deployed a countermeasure for decades that checks for signature faults before sending a signature over the Internet. Another reason for the surprise is that until now, researchers believed that signature faults exposed only RSA keys used in the TLS—or Transport Layer Security—protocol encrypting Web and email connections. They believed SSH traffic was immune from such attacks because passive attackers—meaning adversaries simply observing traffic as it goes by—couldn’t see some of the necessary information when the errors happened.

The researchers noted that since the 2018 release of TLS version 1.3, the protocol has encrypted handshake messages occurring while a web or email session is being negotiated. That has acted as an additional countermeasure protecting key compromise in the event of a computational error. Keegan Ryan, a researcher at the University of California San Diego and one of the authors of the research, suggested it may be time for other protocols to include the same additional protection.

Keep reading

Almost Entire US State Becomes Victim of Major Data Breach

A significant data breach in Maine has compromised the personal information of at least 1.3 million residents.

This breach, reported by The Hill, occurred earlier this year and involved a cyberattack on the MOVEit file transfer system. This system is widely used by various government agencies at both state and federal levels. The breach resulted in the exposure of names, dates of birth, social security numbers and government IDs of potentially all 1.38 million residents in Maine.

The cyberattack, initiated by a Russian ransomware group, had a global impact, affecting at least 70 million people. The Maine government, in a press release, stated, “Since the onset of the incident, the cybercriminals involved claimed their primary targets were businesses, with a promise to erase data from certain entities, including governments.” However, despite assurances from the cybercriminals that data obtained from governments has been erased, the state is urging individuals to protect their personal information.

Keep reading

Is a Cyber 9/11 Coming?

Talk of a “Cyber 9/11” has been circulating for years.  With the next presidential election twelve months away now, some folks are predicting that a major cyber event will happen before then, throwing a monkey wrench into the 2024 election process.

What the heck is Cyber 9/11?

What does Cyber 9/11 mean?  Is there a real risk?  What should we be preparing for?

There are two aspects to the Cyber 9/11 concept.  The first is the disaster itself; 9/11 was a catastrophe that ended the lives of over 3000 people in one day.  There are fears that if power grids were hacked or enough damage was done to logistical centers, the ensuing chaos would cause deaths.

Quite memorably, back in 2000, a disgruntled public works employee in Australia hacked into the water treatment system and caused raw sewage to pour into public areas, flooding a Hyatt hotel.  One man acting alone caused a disgusting, expensive mess. Of course security experts are concerned with what a team of angry individuals could do.

The second aspect to a potential Cyber 9/11 is the change in the regulatory landscape that occurred after 9/11 in 2001.  I remember flying as a teenager in the 90s. So many things changed later.  The airport changes were most obvious to regular citizens, but the passage of the Patriot Act in October 2001 was far more consequential.  It dramatically changed the way surveillance was conducted.

Under the Fourth Amendment, private citizens are supposed to be protected from warrantless search and seizures.  The Patriot Act really weakened that. Law enforcement is now allowed to delay the notice of search warrants.  They don’t need nearly as much oversight from judges to conduct phone and internet surveillance.

These Constitution-weakening changes occurred after 9/11 in 2001.

Keep reading

The World’s Largest Biometric Digital ID System, India’s Aadhaar, Just Suffered Its Biggest Ever Data Breach

In one fell swoop, roughly 10% of the global population appears to have had some of their most valuable personal identifiable information (PII) compromised. Yet Aadhaar continues to receive plaudits from Silicon Valley. 

An anonymous hacker claims to have breached the digital ID numbers, as well as other sensitive personal data, of around 815 million Indian citizens.

To put that number in perspective, it is more than 60% of the 1.3 billion Indian people enrolled in the government’s Aadhaar biometric digital identity program, and roughly 10% of the entire global population. Thanks to the breach — the largest single one in the country’s history, according to the Hindustan Times — the personal data of hundreds of millions of Indians are now up for grabs on the dark web, for as little as $80,000.

To register for an Aadhaar card, Indian residents have to provide basic demographic information, including name, date of birth, age, address and gender, as well as biometric information, including ten fingerprints, two eyeball scans and a facial photograph. Much of that data has apparently been compromised.

Media reports suggest that the source of the leak was the Covid-19 test data of the Indian Council of Medical Research (ICMR), which is linked to each individual’s Aadhaar number.

Keep reading