Tag: hackers

Evidence Revealed Of Possible Massive Hack Of Florida Election System During Aug 20 Primary

Something seems FUBAR in Florida’s elections. A massive amount of information is coming to light about a possible breach of VR Systems during the August 20th primary election in the state. VR Systems maintains Florida’s election data.

Many of the ‘MAGA’ supervisor of election candidates lost by huge margins.

2 of the 13 MAGA SOE Candidates won — Monroe and Seminole. But to be really correct, it was 2 out of the 9 who had primaries. There are 4 remaining with only general elections.

In addition to hundreds of thousands of fake ballots likely inserted into the system, it seems the system may have been breached as well.

Keep reading

2016 Obama Unmasking Of Trump Officials Version 2.0? A Developing Story

If Iran has stolen documents from the Trump Campaign, who else may have them?

The United States Intelligence Community and the Five Eyes (UK, Canada, Australia, New Zealand, and the U.S.) possibly have the capability to see into Iranian networks.

If either element detected Trump Campaign documents on Iranian networks, they would likely copy these documents for analysis.

Who else would see these documents? Very likely senior Harris Administration Officials.

And who else would likely see these key Trump Campaign documents?

Just like the 2016 unmasking of Trump Campaign Officials by Susan Rice, the National Security Director for Obama – Jake the Snake Sullivan

And who else saw the 2016 unmasked names and their detailed conversations, shared by Jake Sullivan? The HRC Campaign.

And who helped exploit this unmasking and created Russia, Russia, Russia with Fusion GPS and Crossfire Hurricane?

Jake Sullivan

Who likely saw the Trump Campaign documents copied from the Iranian Networks?

Jake Sullivan

Who also likely also saw the 2024 Trump Campaign documents, shared by Jake?

The Harris Campaign

Keep reading

Red Alert! Virtually All Of Our Personal Information, Including Social Security Numbers, Has Been Stolen And Posted Online By Hackers

Most Americans don’t even realize that virtually all of their personal information has been stolen and posted online for free.  The personal records of 2.9 billion people were stolen from a major data broker known as National Public Data earlier this year, and this month almost of the information that was stolen was posted online for anyone to freely take.  We are talking about names, addresses, phone numbers, employment histories, birth dates and Social Security numbers.  This is one of the most egregious privacy violations in the history of the world, but hardly anyone knows what has happened.  So please share this article as widely as you possibly can.

USA Today is reporting that the original theft of this data occurred “in or around April 2024″…

An enormous amount of Social Security numbers and other sensitive information for millions of people could be in the hands of a hacking group after a data breach and may have been released on an online marketplace, The Los Angeles Times reported this week.

The hacking group USDoD claimed it had allegedly stolen personal records of 2.9 billion people from National Public Data, according to a class-action lawsuit filed in U.S. District Court in Fort Lauderdale, Florida, reported by Bloomberg Law. The breach was believed to have happened in or around April 2024, according to the lawsuit.

The company that this data was stolen from is a Florida-based background check company known as National Public Data.  The following is what Wikipedia has to say about this particular firm…

Jerico Pictures, Inc., doing business as National Public Data[1][2] is a data broker company that performs employee background checks. Their primary service is collecting information from public data sources, including criminal records, addresses, and employment history, and offering that information for sale.

Of course there are hordes of other data brokers out there these days.

They collect vast troves of information on as many people as they possibly can, and then they monetize that information in various ways.

Equifax, Epsilon and Acxiom are the three largest data brokers in existence today.  Each one of them brings in more than 2 billion dollars of revenue annually.

As you can see, collecting and selling our personal information is very big business.

Keep reading

Kamala Campaign Cheered On DDoS Attack On Musk-Trump ‘X’ Interview.

Vice President Kamala Harris‘ campaign cheered on a distributed denial-of-service (DDoS) targeting X—a leading American company—on Monday, as it disrupted a conversation between former President Donald J. Trump and tech mogul Elon Musk.

DDoS attacks involve flooding websites with bogus bot or botnet traffic to sabotage their functionality or knock them offline altogether. The one on the Trump-Musk X space comes as the Federal Bureau of Investigation (FBI) is investigating a recent hack of the Trump campaign, attributed to Iran, in which internal emails were accessed.

Nevertheless, the Vice President’s team appeared thrilled that her leading election arrival—and a top U.S. business—were targeted again on Monday, trolling him on his Truth Social platform. Once their conversation concluded, Harris‘ team put out a statement sneering at Trump and Musk as “self-obsessed rich guys… who cannot run a livestream in the year 2024.”

Keep reading

Musk Says Massive Cyberattack Delayed Trump Interview

Elon Musk’s planned Aug. 12 interview with Former President Donald Trump hit a roadblock after the owner said the site was facing a distributed denial-of-service (DDOS) attack, preventing the X Space from going live.

“There appears to be a massive DDOS attack on X. Working on shutting it down,” Musk, the owner of X, said in a post.

“Worst case, we will proceed with a smaller number of live listeners and post the conversation later.”

Nearly 40 minutes past the planned start time, Musk’s voice finally broadcast in the Spaces room dedicated to the interview with more than a million users listening live.

Musk said the attack demonstrated that there are those who want to prevent the public hearing from Trump.

Twitter tested its Spaces platform with 8 million concurrent users earlier in the day, according to Musk.

Keep reading

Massive leak of US personal information shows up on hacking forum, including almost 2.7 billion records

Nearly 2.7 billion personal information records for people in the United States have been posted to a popular hacking forum, exposing names, addresses, and even Social Security numbers. The data allegedly comes from a company that collects and sells the data for legitimate use, but was stolen and put up for sale in April 2024.

Originally, a threat actor known as USDoD claimed to have stolen the information from National Public Data. National Public Data scrapes the information from public sources, uses it to compile individual profiles, and then sells those portfolios. The company serves private investigators as well as entities needing to conduct background checks and obtain criminal records.

When USDoD first obtained the data, it offered to sell it for $3.5 million. The hacker claimed it contained 2.9 billion records and consisted of personal information for every person in Canada, the United Kingdom, and the United States. In the past, USDoD has been linked to another database breach, trying to sell InfraGard’s user database for $50,000 in December 2023.

On Aug. 6, a user going by the alias Fenice posted what’s believed to be the most complete version of the stolen National Public Data information for free on the Breached hacking forum. Fenice says, however, that the data breach was actually done by a different hacker than USDoD, one known as SXUL.

This isn’t the first time the data from this leak has been released, but previous posts have only included partial copies of the data. These included different numbers of records and sometimes different data. Fenice has offered the most complete version of the National Public Data information and has provided it for free.

Keep reading

“GAY FURRY HACKERS” CLAIM CREDIT FOR HACKING HERITAGE FOUNDATION FILES OVER PROJECT 2025

SIEGEDSEC, A COLLECTIVE of self-proclaimed “gay furry hackers,” has claimed credit for breaching online databases of the Heritage Foundation, the conservative think tank that spearheaded the right-wing Project 2025 playbook. SiegedSec released a cache of Heritage Foundation material as part of a string of hacks aimed at organizations that oppose transgender rights, although Heritage disputed that its own systems were breached.

In a post to Telegram announcing the hack, SiegedSec called Project 2025 “an authoritarian Christian nationalist plan to reform the United States government.” The attack was part of the group’s #OpTransRights campaign, which recently targeted right-wing media outlet Real America’s Voice, the Hillsong megachurch, and a Minnesota pastor.

In his foreword to the Project 2025 manifesto, the Heritage Foundation’s president, Kevin Roberts, rails against “the toxic normalization of transgenderism” and “the omnipresent propagation of transgender ideology.” The playbook’s other contributors call on “the next conservative administration” to roll back certain policies, including allowing trans people to serve in the military.

“We’re strongly against Project 2025 and everything the Heritage Foundation stands for,” one of SiegedSec’s leaders, who goes by the handle “vio,” told The Intercept.

In its Telegram post, SiegedSec said it obtained passwords and other user information for “every user” of a Heritage Foundation database, including Roberts and some U.S. government employees. Heritage Foundation said in statement Wednesday that SiegedSec only obtained incomplete password information.

The remainder of more than 200GB of files the hackers obtained were “mostly useless,” SiegedSec said.

Keep reading

New Spectre-Style ‘Pathfinder’ Attack Targets Intel CPU, Leak Encryption Keys and Data

Researchers have discovered two novel attack methods targeting high-performance Intel CPUs that could be exploited to stage a key recovery attack against the Advanced Encryption Standard (AES) algorithm.

The techniques have been collectively dubbed Pathfinder by a group of academics from the University of California San Diego, Purdue University, UNC Chapel Hill, Georgia Institute of Technology, and Google.

“Pathfinder allows attackers to read and manipulate key components of the branch predictor, enabling two main types of attacks: reconstructing program control flow history and launching high-resolution Spectre attacks,” Hosein Yavarzadeh, the lead author of the paper, said in a statement shared with The Hacker News.

“This includes extracting secret images from libraries like libjpeg and recovering encryption keys from AES through intermediate value extraction.”

Spectre is the name given to a class of side-channel attacks that exploit branch prediction and speculative execution on modern CPUs to read privileged data in the memory in a manner that sidesteps isolation protections between applications.

The latest attack approach targets a feature in the branch predictor called the Path History Register (PHR) – which keeps a record of the last taken branches — to induce branch mispredictions and cause a victim program to execute unintended code paths, thereby inadvertently exposing its confidential data.

Specifically, it introduces new primitives that make it possible to manipulate PHR as well as the prediction history tables (PHTs) within the conditional branch predictor (CBR) to leak historical execution data and ultimately trigger a Spectre-style exploit.

Keep reading

Russian hackers steal US government emails with Microsoft, officials confirm

Russian state-backed hackers have stolen email correspondence between US government agencies and Microsoft via a breach of the software giant’s systems, US officials confirmed on Thursday.

Microsoft has notified “several” US federal agencies that the hackers may have stolen emails that Microsoft sent to those agencies that included login information such as usernames, or passwords, Eric Goldstein, a senior official at the US Cybersecurity and Infrastructure Security Agency (CISA), told reporters.

“At this time, we are not aware of any agency production environments that have experienced a compromise as a result of a credential exposure,” Goldstein said. In other words, a CISA official told CNN, there is no evidence yet that the hackers had used the stolen credentials to successfully break into federal computer systems that are actively in use.

But the breach of Microsoft emails is still forcing the tech giant and US cyber officials to scramble to ensure there is no further damage at the hands of the alleged Russian operatives.

CISA on Thursday publicly released an “emergency directive” that orders civilian agencies potentially affected by the hacking campaign to shore up their defenses. CISA described the potential exposure of agency login credentials as an “unacceptable risk to agencies.”

CNN has requested comment from the Russian Embassy in Washington, DC.

The hackers in question are an infamous cyber-espionage group that US officials have previously tied to Russia’s foreign intelligence service.

It’s the latest twist in a hacking incident that Microsoft first revealed in January but has only grown more serious as new details emerge. In March, Microsoft revealed that the hackers accessed some of Microsoft’s core software systems and were using that information for follow-on attacks on Microsoft customers.

Days after Microsoft disclosed the breach in January, another Big Tech company, Hewlett Packard Enterprise, said the same hackers had breached its cloud-based email systems. The full extent and exact purpose of the hacking activity isn’t clear, but experts say the group responsible has a history of wide-ranging intelligence gathering campaigns in support of the Kremlin.

The same Russian group was behind the infamous breach of several US agency email systems using software made by US contractor SolarWinds, which was revealed in 2020. The hackers had access for months to the unclassified email accounts at the departments of Homeland Security and Justice, among other agencies, before the spying operation was discovered.

Russia denied involvement in the activity.

Keep reading

Hackers can unlock over 3 million hotel doors in seconds

When thousands of security researchers descend on Las Vegas every August for what’s come to be known as “hacker summer camp,” the back-to-back Black Hat and Defcon hacker conferences, it’s a given that some of them will experiment with hacking the infrastructure of Vegas itself, the city’s elaborate array of casino and hospitality technology. But at one private event in 2022, a select group of researchers were actually invited to hack a Vegas hotel room, competing in a suite crowded with their laptops and cans of Red Bull to find digital vulnerabilities in every one of the room’s gadgets, from its TV to its bedside VoIP phone.

One team of hackers spent those days focused on the lock on the room’s door, perhaps its most sensitive piece of technology of all. Now, more than a year and a half later, they’re finally bringing to light the results of that work: a technique they discovered that would allow an intruder to open any of millions of hotel rooms worldwide in seconds, with just two taps.

Today, Ian Carroll, Lennert Wouters, and a team of other security researchers are revealing a hotel keycard hacking technique they call Unsaflok. The technique is a collection of security vulnerabilities that would allow a hacker to almost instantly open several models of Saflok-brand RFID-based keycard locks sold by the Swiss lock maker Dormakaba. The Saflok systems are installed on 3 million doors worldwide, inside 13,000 properties in 131 countries.

By exploiting weaknesses in both Dormakaba’s encryption and the underlying RFID system Dormakaba uses, known as MIFARE Classic, Carroll and Wouters have demonstrated just how easily they can open a Saflok keycard lock. Their technique starts with obtaining any keycard from a target hotel—say, by booking a room there or grabbing a keycard out of a box of used ones—then reading a certain code from that card with a $300 RFID read-write device, and finally writing two keycards of their own. When they merely tap those two cards on a lock, the first rewrites a certain piece of the lock’s data, and the second opens it.

“Two quick taps and we open the door,” says Wouters, a researcher in the Computer Security and Industrial Cryptography group at the KU Leuven University in Belgium. “And that works on every door in the hotel.”

Keep reading