Tag: hackers

Famous ‘cyberterrorist’ goes on TikTok to take credit for GiveSendGo hack

A self-described “cyberterrorist” who rose to infamy as a member of the hacktivist group Anonymous is taking credit for the recent breach of GiveSendGo that released the names of donors to the Canadian trucker convoy.

In a video posted to his TikTok account, Aubrey Cottle claimed he hacked the fundraising website that the “Freedom Convoy” truckers used to raise money for their protests.

“Yes, I tossed the trucker. I hacked GiveSendGo, and I’d do it again. I’d do it a hundred times. I did it. I did it. Come at me. What are you going to do to me?” Cottle, also known as “Kirtaner,” said in the video. “I’m literally a famous f***ing cyberterrorist, and you think that you can scare me?”

Cottle previously posted a TikTok video on Feb. 7 saying, “It would be a real shame if something were to happen to GiveSendGo.” On Sunday, GiveSendGo was hacked, and over 92,000 names of donors on the platform were leaked online. The hack also redirected the GiveSendGo.com visitors to a new webpage featuring an essay criticizing the platform posted over a video of Disney’s Frozen.

“The Canadian government has informed you that the money you a-holes raise to fund an insurrection is frozen,” the essay said. “You are committed to funding anything that keeps the raging fire of misinformation going until it burns the world’s collective democracies down.”

Keep reading

Hackers Just Leaked the Names of 92,000 ‘Freedom Convoy’ Donors

The Christian crowdfunding site that helped raise $8.7 million for the anti-vax “freedom convoy” in Canada was hacked on Sunday night, and the names and personal details of over 92,000 donors were leaked online.

The database of 92,845 donors is no longer available on the site, but VICE News was able to review a copy of the data.

While some of the donors did not provide their names—such as the person behind the current top donation of $215,000—the vast majority did provide them, including American software billionaire Thomas Siebel, who donated $90,000 to the “freedom convoy.”

While GiveSendGo does allow donors to make their donations public, many chose to use their company’s name or omit their names entirely, so the leaked database contains a lot of information that was never meant to be shared, data like donors’ full names, email addresses, and location.

Keep reading

South Korea: Hackers Steal ‘Naked Photos’ from over 700 Smart Home Devices, Sell for Bitcoin

An unknown party recently hacked at least 700 smart home devices across South Korea and sold explicit images and videos accessed through the devices on the dark web, South Korea’s National Police confirmed Monday when announcing a criminal investigation into the incident.

“After receiving a call from the Korea Internet & Security Agency and starting an inspection, it seems that there were about 700 shootings [recordings],” Nam Gu-Jun, the chief of South Korea’s National Investigation Headquarters — which is a branch of South Korea’s National Police Agency — told reporters on November 29.

“The police have requested the removal of the video from the website where it was posted,” Nam said, as quoted by South Korea’s Kukmin Ilbo newspaper.

“However, since it is a website with a server in a foreign country and a privately operated website, it is unclear whether the request for deletion will be accepted,” the official acknowledged.

“For this reason, the police are also discussing ways to prevent exposure on the domestic Internet with relevant domestic agencies,” he revealed.

The South Korean tech news website IT Chosun exclusively reported on November 15 that hundreds of smart home devices in apartments across Seoul, South Korea’s national capital, and on the southern Korean island of Jeju were recently hacked. Some of the video footage filmed during the hacking was later sold for “‘0.1 BTC” on the dark web. BTC stands for Bitcoin, a type of cryptocurrency. A sum of 0.1 BTC equals about 8 million South Korean won, or roughly USD $6,717.

Keep reading

Hackers Compromise FBI Email System, Spams at Least 100,000 Recipients

Hackers compromised an external email system of the Federal Bureau of Investigation (FBI), Spamhaus Project, a watchdog group tracking spam and similar cyber threats, announced Saturday.

“We have been made aware of “scary” emails sent in the last few hours that purport to come from the FBI/DHS [Department of Homeland Security],” announced the group on Twitter.

The messages came from a legitimate email address—eims@ic.fbi.gov—from the Law Enforcement Enterprise Portal (LEEP), which is owned by the FBI/DHS, the group said. It added, however, “our research shows that these emails *are* fake.”

The FBI, part of the Department of Justice, said in a statement that it and the Cybersecurity and Infrastructure Security Agency (CISA) are both “aware of the incident this morning involving fake emails from an @ic.fbi.gov email account.”

The agency added that although the impacted hardware was “taken offline quickly upon discovery of the issue,” the situation is an ongoing one and it will not be providing additional information for now.

Keep reading

Company That Routes Billions of Text Messages Quietly Says It Was Hacked

A company that is a critical part of the global telecommunications infrastructure used by AT&T, T-Mobile, Verizon and several others around the world such as Vodafone and China Mobile, quietly disclosed that hackers were inside its systems for years, impacting more than 200 of its clients and potentially millions of cellphone users worldwide. 

The company, Syniverse, revealed in a filing dated September 27 with the U.S. Security and Exchange Commission that an unknown “individual or organization gained unauthorized access to databases within its network on several occasions, and that login information allowing access to or from its Electronic Data Transfer (EDT) environment was compromised for approximately 235 of its customers.”

Keep reading

Scraped data of 1.5 BILLION Facebook users offered for sale on the dark web – reports

Facebook, Messenger, Instagram, and WhatsApp are all down, but CEO Mark Zuckerberg has another headache: The personal data of 1.5 billion customers, scraped from his platform, is reportedly being offered for sale on the dark web.

User IDs, real names, email addresses, phone numbers, and locations are among the data of more than 1.5 billion Facebook customers that’s up for sale, according to a report on the cybersecurity news outlet Privacy Affairs on Monday. The going price has been quoted as $5,000 for a million names.

The data “appears to be authentic” and was obtained through “scraping” – getting the information that users set to ‘public’ or allow quizzes or other questionable apps or pages to access.

It’s the “biggest and most significant Facebook data dump to date,” according to the publication – about three times greater than the April leak of 533 million phone numbers. Facebook said at the time this was “old data” and the security vulnerability responsible had been patched back in 2019.

Privacy Affairs reported that one purported buyer was quoted the price of $5,000 for a million entries. Another user claimed they had paid the seller but had received nothing, and the seller had not yet responded. The samples of data provided to the unnamed “popular hacking-related forum” appeared to be real, the outlet said.

Facebook, Messenger, WhatsApp, and Instagram, all owned by Zuckerberg’s social media behemoth, were struck by a serious global outage that began on Monday. However, the data dump doesn’t appear to be related to the outage itself.

Keep reading

Hackers claim to have stolen trove of data from Epik, web host for multiple right-wing platforms

A hacktivist group claims to have stolen a decade’s worth of data from web company Epik. The firm is known for hosting conservative platforms such as Parler and sites belonging to organizations like the Proud Boys.

On Monday, independent journalist Steven Monacelli shared a press release from hacking group Anonymous in which it claimed to have successfully infiltrated web domain registrar Epik. 

The group says it has stolen “a decade’s worth of data,” including information on Epik’s clients and users. The data, Anonymous claims, is “all that’s needed to trace actual ownership and management of the fascist side of the Internet that has eluded researchers, activists, and, well, just about everybody.” 

Anonymous said that the 180 gigabytes of data recovered by the hackers would be released for free public download. It has since been made available.

The group also claims that Epik did not encrypt any data, noting that everything including logins was there in plain text. They state that Russian developers allegedly used by Epik were bad at their jobs: “they probably enjoyed snooping through all your s**t just as much as we did.” The statement notes that credit card data wasn’t taken, adding, “FBI, we’re not in that game.”

Epik is no stranger to controversy. The firm hosts sites like free-speech focused Twitter competitor Gab, imageboard website 8chan, and Alex Jones’ InfoWars. It also hosts websites linked to the Proud Boys and Oath Keepers, a right-wing group that includes current and former military, law enforcement, and first-responder personnel who have sworn oaths to defend the US Constitution “from all enemies, foreign and domestic.” 

Keep reading

Secret terrorist watchlist with 2 million records exposed online

A secret terrorist watchlist with 1.9 million records, including classified “no-fly” records was exposed on the internet.

The list was left accessible on an Elasticsearch cluster that had no password on it.

Millions of people on no-fly and terror watchlists exposed

In July this year, Security Discovery researcher Bob Diachenko came across a plethora of JSON records in an exposed Elasticsearch cluster that piqued his interest.

The 1.9 million-strong recordset contained sensitive information on people, including their names, country citizenship, gender, date of birth, passport details, and no-fly status.

Keep reading

Hackers Hit Illinois Police Database Of Gun Owners

I suppose there’s one bit of good news for the tens of thousands of Illinois residents who’ve been waiting for a year or more for their Firearm Owner ID cards; thanks to the lengthy delays by the Illinois State Police their information wasn’t yet entered into a database that was the recent target of hackers attempting to gain access to the personal details of FOID card holders.

The official story from the Illinois State Police, at least at first, was that there was an “attempted” breach of personal information, but that hackers weren’t able to actually gain access. Over at The Truth About Guns, however, John Boch reported that he’s been hearing something different from a few local gun shops.

The Illinois State Police have reportedly told some gun dealers that hackers breached their security protocols. The gun dealers sharing this information with me wished to remain anonymous out of fear of retribution from the Governor’s office.

What’s more, according to those inside the ISP, an unspecified amount of gun owners’ personal data was reportedly downloaded by the hackers.

This past weekend, the website was shut down completely for an upgrade to remedy the security vulnerabilities that the hackers exploited.

And after keeping mum about the cyberattack for most of the week, on Friday afternoon, the Illinois State Police finally admitted that the personal details of more than 2,000 FOID holders have been “possibly” compromised.

Keep reading

Hackers Scrape 90,000 GETTR User Emails, Surprising No One

Hackers were able to scrape the email addresses and other data of more than 90,000 GETTR users.

On Tuesday, a user of a notorious hacking forum posted a database that they claimed was a scrape of all users of GETTR, the new social media platform launched last week by Trump’s former spokesman Jason Miller, who pitched it as an alternative to “cancel culture.” The data seen by Motherboard includes email addresses, usernames, status, and location. 

One of the people whose email is in the database confirmed to Motherboard that they are indeed registered to GETTR. Motherboard also verified the database by attempting to create an account with three email addresses that appear in the database. When doing that, the site displayed the message: “The email is taken,” suggesting it’s already registered. 

It’s unclear if the database contains the usernames and email addresses of all users on the site. 

Keep reading