Tag: hackers

Massive leak of US personal information shows up on hacking forum, including almost 2.7 billion records

Nearly 2.7 billion personal information records for people in the United States have been posted to a popular hacking forum, exposing names, addresses, and even Social Security numbers. The data allegedly comes from a company that collects and sells the data for legitimate use, but was stolen and put up for sale in April 2024.

Originally, a threat actor known as USDoD claimed to have stolen the information from National Public Data. National Public Data scrapes the information from public sources, uses it to compile individual profiles, and then sells those portfolios. The company serves private investigators as well as entities needing to conduct background checks and obtain criminal records.

When USDoD first obtained the data, it offered to sell it for $3.5 million. The hacker claimed it contained 2.9 billion records and consisted of personal information for every person in Canada, the United Kingdom, and the United States. In the past, USDoD has been linked to another database breach, trying to sell InfraGard’s user database for $50,000 in December 2023.

On Aug. 6, a user going by the alias Fenice posted what’s believed to be the most complete version of the stolen National Public Data information for free on the Breached hacking forum. Fenice says, however, that the data breach was actually done by a different hacker than USDoD, one known as SXUL.

This isn’t the first time the data from this leak has been released, but previous posts have only included partial copies of the data. These included different numbers of records and sometimes different data. Fenice has offered the most complete version of the National Public Data information and has provided it for free.

Keep reading

“GAY FURRY HACKERS” CLAIM CREDIT FOR HACKING HERITAGE FOUNDATION FILES OVER PROJECT 2025

SIEGEDSEC, A COLLECTIVE of self-proclaimed “gay furry hackers,” has claimed credit for breaching online databases of the Heritage Foundation, the conservative think tank that spearheaded the right-wing Project 2025 playbook. SiegedSec released a cache of Heritage Foundation material as part of a string of hacks aimed at organizations that oppose transgender rights, although Heritage disputed that its own systems were breached.

In a post to Telegram announcing the hack, SiegedSec called Project 2025 “an authoritarian Christian nationalist plan to reform the United States government.” The attack was part of the group’s #OpTransRights campaign, which recently targeted right-wing media outlet Real America’s Voice, the Hillsong megachurch, and a Minnesota pastor.

In his foreword to the Project 2025 manifesto, the Heritage Foundation’s president, Kevin Roberts, rails against “the toxic normalization of transgenderism” and “the omnipresent propagation of transgender ideology.” The playbook’s other contributors call on “the next conservative administration” to roll back certain policies, including allowing trans people to serve in the military.

“We’re strongly against Project 2025 and everything the Heritage Foundation stands for,” one of SiegedSec’s leaders, who goes by the handle “vio,” told The Intercept.

In its Telegram post, SiegedSec said it obtained passwords and other user information for “every user” of a Heritage Foundation database, including Roberts and some U.S. government employees. Heritage Foundation said in statement Wednesday that SiegedSec only obtained incomplete password information.

The remainder of more than 200GB of files the hackers obtained were “mostly useless,” SiegedSec said.

Keep reading

New Spectre-Style ‘Pathfinder’ Attack Targets Intel CPU, Leak Encryption Keys and Data

Researchers have discovered two novel attack methods targeting high-performance Intel CPUs that could be exploited to stage a key recovery attack against the Advanced Encryption Standard (AES) algorithm.

The techniques have been collectively dubbed Pathfinder by a group of academics from the University of California San Diego, Purdue University, UNC Chapel Hill, Georgia Institute of Technology, and Google.

“Pathfinder allows attackers to read and manipulate key components of the branch predictor, enabling two main types of attacks: reconstructing program control flow history and launching high-resolution Spectre attacks,” Hosein Yavarzadeh, the lead author of the paper, said in a statement shared with The Hacker News.

“This includes extracting secret images from libraries like libjpeg and recovering encryption keys from AES through intermediate value extraction.”

Spectre is the name given to a class of side-channel attacks that exploit branch prediction and speculative execution on modern CPUs to read privileged data in the memory in a manner that sidesteps isolation protections between applications.

The latest attack approach targets a feature in the branch predictor called the Path History Register (PHR) – which keeps a record of the last taken branches — to induce branch mispredictions and cause a victim program to execute unintended code paths, thereby inadvertently exposing its confidential data.

Specifically, it introduces new primitives that make it possible to manipulate PHR as well as the prediction history tables (PHTs) within the conditional branch predictor (CBR) to leak historical execution data and ultimately trigger a Spectre-style exploit.

Keep reading

Russian hackers steal US government emails with Microsoft, officials confirm

Russian state-backed hackers have stolen email correspondence between US government agencies and Microsoft via a breach of the software giant’s systems, US officials confirmed on Thursday.

Microsoft has notified “several” US federal agencies that the hackers may have stolen emails that Microsoft sent to those agencies that included login information such as usernames, or passwords, Eric Goldstein, a senior official at the US Cybersecurity and Infrastructure Security Agency (CISA), told reporters.

“At this time, we are not aware of any agency production environments that have experienced a compromise as a result of a credential exposure,” Goldstein said. In other words, a CISA official told CNN, there is no evidence yet that the hackers had used the stolen credentials to successfully break into federal computer systems that are actively in use.

But the breach of Microsoft emails is still forcing the tech giant and US cyber officials to scramble to ensure there is no further damage at the hands of the alleged Russian operatives.

CISA on Thursday publicly released an “emergency directive” that orders civilian agencies potentially affected by the hacking campaign to shore up their defenses. CISA described the potential exposure of agency login credentials as an “unacceptable risk to agencies.”

CNN has requested comment from the Russian Embassy in Washington, DC.

The hackers in question are an infamous cyber-espionage group that US officials have previously tied to Russia’s foreign intelligence service.

It’s the latest twist in a hacking incident that Microsoft first revealed in January but has only grown more serious as new details emerge. In March, Microsoft revealed that the hackers accessed some of Microsoft’s core software systems and were using that information for follow-on attacks on Microsoft customers.

Days after Microsoft disclosed the breach in January, another Big Tech company, Hewlett Packard Enterprise, said the same hackers had breached its cloud-based email systems. The full extent and exact purpose of the hacking activity isn’t clear, but experts say the group responsible has a history of wide-ranging intelligence gathering campaigns in support of the Kremlin.

The same Russian group was behind the infamous breach of several US agency email systems using software made by US contractor SolarWinds, which was revealed in 2020. The hackers had access for months to the unclassified email accounts at the departments of Homeland Security and Justice, among other agencies, before the spying operation was discovered.

Russia denied involvement in the activity.

Keep reading

Hackers can unlock over 3 million hotel doors in seconds

When thousands of security researchers descend on Las Vegas every August for what’s come to be known as “hacker summer camp,” the back-to-back Black Hat and Defcon hacker conferences, it’s a given that some of them will experiment with hacking the infrastructure of Vegas itself, the city’s elaborate array of casino and hospitality technology. But at one private event in 2022, a select group of researchers were actually invited to hack a Vegas hotel room, competing in a suite crowded with their laptops and cans of Red Bull to find digital vulnerabilities in every one of the room’s gadgets, from its TV to its bedside VoIP phone.

One team of hackers spent those days focused on the lock on the room’s door, perhaps its most sensitive piece of technology of all. Now, more than a year and a half later, they’re finally bringing to light the results of that work: a technique they discovered that would allow an intruder to open any of millions of hotel rooms worldwide in seconds, with just two taps.

Today, Ian Carroll, Lennert Wouters, and a team of other security researchers are revealing a hotel keycard hacking technique they call Unsaflok. The technique is a collection of security vulnerabilities that would allow a hacker to almost instantly open several models of Saflok-brand RFID-based keycard locks sold by the Swiss lock maker Dormakaba. The Saflok systems are installed on 3 million doors worldwide, inside 13,000 properties in 131 countries.

By exploiting weaknesses in both Dormakaba’s encryption and the underlying RFID system Dormakaba uses, known as MIFARE Classic, Carroll and Wouters have demonstrated just how easily they can open a Saflok keycard lock. Their technique starts with obtaining any keycard from a target hotel—say, by booking a room there or grabbing a keycard out of a box of used ones—then reading a certain code from that card with a $300 RFID read-write device, and finally writing two keycards of their own. When they merely tap those two cards on a lock, the first rewrites a certain piece of the lock’s data, and the second opens it.

“Two quick taps and we open the door,” says Wouters, a researcher in the Computer Security and Industrial Cryptography group at the KU Leuven University in Belgium. “And that works on every door in the hotel.”

Keep reading

Unpatchable vulnerability in Apple chip leaks secret encryption keys

A newly discovered vulnerability baked into Apple’s M-series of chips allows attackers to extract secret keys from Macs when they perform widely used cryptographic operations, academic researchers have revealed in a paper published Thursday.

The flaw—a side channel allowing end-to-end key extractions when Apple chips run implementations of widely used cryptographic protocols—can’t be patched directly because it stems from the microarchitectural design of the silicon itself. Instead, it can only be mitigated by building defenses into third-party cryptographic software that could drastically degrade M-series performance when executing cryptographic operations, particularly on the earlier M1 and M2 generations. The vulnerability can be exploited when the targeted cryptographic operation and the malicious application with normal user system privileges run on the same CPU cluster.

Beware of hardware optimizations

The threat resides in the chips’ data memory-dependent prefetcher, a hardware optimization that predicts the memory addresses of data that running code is likely to access in the near future. By loading the contents into the CPU cache before it’s actually needed, the DMP, as the feature is abbreviated, reduces latency between the main memory and the CPU, a common bottleneck in modern computing. DMPs are a relatively new phenomenon found only in M-series chips and Intel’s 13th-generation Raptor Lake microarchitecture, although older forms of prefetchers have been common for years.

Security experts have long known that classical prefetchers open a side channel that malicious processes can probe to obtain secret key material from cryptographic operations. This vulnerability is the result of the prefetchers making predictions based on previous access patterns, which can create changes in state that attackers can exploit to leak information. In response, cryptographic engineers have devised constant-time programming, an approach that ensures that all operations take the same amount of time to complete, regardless of their operands. It does this by keeping code free of secret-dependent memory accesses or structures.

The breakthrough of the new research is that it exposes a previously overlooked behavior of DMPs in Apple silicon: Sometimes they confuse memory content, such as key material, with the pointer value that is used to load other data. As a result, the DMP often reads the data and attempts to treat it as an address to perform memory access. This “dereferencing” of “pointers”—meaning the reading of data and leaking it through a side channel—is a flagrant violation of the constant-time paradigm.

Keep reading

Beijing’s military hacked U.S. nuclear firm before Hunter Biden aided Chinese bid to acquire it

U.S. officials were acutely aware that Beijing was trying to obtain America’s premiere nuclear reactor technology, including through illicit hacking, months before Hunter Biden and his business partners sought to arrange a quiet sale of an iconic U.S. reactor company to a Chinese firm, according to court records and national security experts.

Hunter Biden’s unsuccessful efforts to help CEFC China Energy acquire Westinghouse, one of America’s most famous electricity and appliance brands, and its state-the-art AP1000 nuclear reactor began in early 2016 while Joe Biden was still a sitting vice president, memos published Wednesday by Just the News show.

Just 20 months earlier, his father’s Justice Department charged five members of a Chinese military hacking unit for breaching the company’s computer systems in search of intellectual property and internal strategy communications, according to a copy of the indictment.

In May 2014, the five operatives of the People’s Liberation Army’s Unit 61398 were charged with hacking into the systems of six U.S.-based companies across different industrial sectors, including Westinghouse Electric Co., SolarWorld, United States Steel Corp., and a union. The attorney general at the time, Eric Holder, called the breach a classic case of “economic espionage.”

One operative gained access to Westinghouse’s computers in 2010 and “stole proprietary and confidential technical and design specifications related to pipes, pipe supports, and pipe routing” pertaining to the company’s advanced AP1000 nuclear reactor design, according to an indictment filed by the Department of Justice.

“Among other things, such specifications would enable a competitor to build a plant similar to the AP1000 without incurring significant research and development costs associated with designing similar pipes, pipe supports, and pipe routing systems,” the indictment reads.

File

Criminal No. 14-118 USA vs. Wang Dong et al.pdf

National security experts said Thursday they were floored that the son of a sitting vice president would be involved in trying to help a Chinese firm get a leg up on the United States in the race for nuclear energy and that Hunter Biden’s involvement with CEFC almost certainly would have been detected by U.S. intelligence and prompted concern. 

Documents previously released by Congress in the Biden impeachment inquiry show the Biden family appeared to be acutely aware that CEFC was tied directly to the communist government in China.

While there is no evidence at the moment that Hunter Biden was aware of or involved in the hacking efforts by the Chinese, Hunter Biden wrote in one text message in 2017 that he believed one of the CEFC officials he worked with, Patrick Ho, was the “f—ing spy chief” of China (Ho was lated indicted in the U.S. and charged with corruption) while Joe Biden’s brother James told the FBI he believed CEFC Chairman Ye Jianming had a relationship with China’s communist president.

“It’s beyond outrageous that Hunter Biden would be involved in any such deal with Communist China while his father is the sitting vice president,” former Trump-era Deputy National Security Advisor Victoria Coates told the “Just the News, No Noise” television show. “I mean just the glaring conflicts of interest are hard to wrap your brain around. But particularly with Westinghouse.”

Keep reading

Hackers can read private AI assistant chats even though they’re encrypted

AI assistants have been widely available for a little more than a year, and they already have access to our most private thoughts and business secrets. People ask them about becoming pregnant or terminating or preventing pregnancy, consult them when considering a divorce, seek information about drug addiction, or ask for edits in emails containing proprietary trade secrets. The providers of these AI-powered chat services are keenly aware of the sensitivity of these discussions and take active steps—mainly in the form of encrypting them—to prevent potential snoops from reading other people’s interactions.

But now, researchers have devised an attack that deciphers AI assistant responses with surprising accuracy. The technique exploits a side channel present in all of the major AI assistants, with the exception of Google Gemini. It then refines the fairly raw results through large language models specially trained for the task. The result: Someone with a passive adversary-in-the-middle position—meaning an adversary who can monitor the data packets passing between an AI assistant and the user—can infer the specific topic of 55 percent of all captured responses, usually with high word accuracy. The attack can deduce responses with perfect word accuracy 29 percent of the time.

Keep reading

Feds Target Journalist Tim Burke With Law Intended for Hackers

People engaged in journalism frequently acquire information others wish would never see the light of day. This often means gathering tips in violation of workplace rules or through other people’s carelessness. That can result in legal battles and, in the age of technology and cybercrime, in governments coming after the curious with tools crafted for malicious hackers. All this appears to be the case with Tim Burke, who has been targeted with a controversial law by the feds after gathering information through electronic means.

“Federal prosecutors in Florida have obtained a disturbing indictment against well-known journalist Tim Burke,” the Freedom of the Press Foundation (FPF) warned last week. “The indictment could have significant implications for press freedom, not only by putting digital journalists at risk of prosecution but by allowing the government to permanently seize a journalist’s computers.”

Specifically, in the February 15 indictment, federal prosecutors say that Burke “intentionally intercepted, endeavored to intercept, and procured another person to intercept and to endeavor to intercept, the contents of a wire, oral, and electronic communication as it was occurring, by means of a device, namely a computer.”

Burke’s home was raided last year after he distributed intercepted video, including outtakes of the rapper Ye (formerly Kanye West) making antisemitic comments during an interview with Tucker Carlson while the host was still with Fox News. Burke has built a reputation with his very online presence and distinctive style. He has also rubbed some people the wrong way with his reporting and, perhaps, the means by which he acquires material. But the prosecutors going after Burke are also accused of resorting to questionable tactics, including invoking the Computer Fraud and Abuse Act, an anti-hacking law.

Keep reading

Your fingerprints can be recreated from the sounds made when you swipe on a touchscreen — Chinese and US researchers show new side channel can reproduce fingerprints to enable attacks

An interesting new attack on biometric security has been outlined by a group of researchers from China and the US. PrintListener: Uncovering the Vulnerability of Fingerprint Authentication via the Finger Friction Sound [PDF] proposes a side-channel attack on the sophisticated Automatic Fingerprint Identification System (AFIS). The attack leverages the sound characteristics of a user’s finger swiping on a touchscreen to extract fingerprint pattern features. Following tests, the researchers assert that they can successfully attack “up to 27.9% of partial fingerprints and 9.3% of complete fingerprints within five attempts at the highest security FAR [False Acceptance Rate] setting of 0.01%.” This is claimed to be the first work that leverages swiping sounds to infer fingerprint information.

Biometric fingerprint security is widespread and widely trusted. If things continue as they are, it is thought that the fingerprint authentication market will be worth nearly $100 billion by 2032. However, organizations and people have become increasingly aware that attackers might want to steal their fingerprints, so some have started to be careful about keeping their fingerprints out of sight, and become sensitive to photos showing their hand details.

Without contact prints or finger detail photos, how can an attacker hope to get any fingerprint data to enhance MasterPrint and DeepMasterPrint dictionary attack results on user fingerprints? One answer is as follows: the PrintListener paper says that “finger-swiping friction sounds can be captured by attackers online with a high possibility.” The source of the finger-swiping sounds can be popular apps like Discord, Skype, WeChat, FaceTime, etc. Any chatty app where users carelessly perform swiping actions on the screen while the device mic is live. Hence the side-channel attack name – PrintListener.

Keep reading