Tag: hackers

‘Extremely Alarming’ Election Threats Trigger Warning From FBI

An FBI official warned that state election systems are being targeted as the 2024 election approaches, describing them as “extremely alarming.”

“The threat environment, unfortunately, is very high,” said Tim Langan, executive assistant director for the Criminal, Cyber, Response, and Services Branch of the FBI during a Washington conference with secretaries of state, according to Stateline. “It is extremely alarming.”

Officials said that voter databases could be hacked via phishing or ransomware attacks. They also warned about the rising use of artificial intelligence (AI) that could be used to potentially trick voters, according to the report.

Eric Goldstein, the executive assistant director for cybersecurity at the Cybersecurity and Infrastructure Security Agency (CISA), told the news outlet that there have been significant advancements that could allow China, North Korea, and Russia to target election systems.

“We are in a really difficult cybersecurity environment right now,” he said. “Every single location is at risk regardless of size, regardless of sector,” he added

Neither official provided any concrete examples in the report. But during the event, Kentucky Republican Secretary of State Michael Adams said last month that a bomb threat was called into the state capitol in Frankfort, saying that explosives would “make sure you all end up dead.” No bombs were found, and eight other state capitols received threats.

Keep reading

AI will increase the number and impact of cyber attacks, intel officers say

The assessment, from the UK’s Government Communications Headquarters, predicted ransomware will be the biggest threat to get a boost from AI over the next two years. AI will lower barriers to entry, a change that will bring a surge of new entrants into the criminal enterprise. More experienced threat actors—such as nation-states, the commercial firms that serve them, and financially motivated crime groups—will likely also benefit, as AI allows them to identify vulnerabilities and bypass security defenses more efficiently.

“The emergent use of AI in cyber attacks is evolutionary not revolutionary, meaning that it enhances existing threats like ransomware but does not transform the risk landscape in the near term,” Lindly Cameron, CEO of the GCHQ’s National Cyber Security Centre, said. Cameron and other UK intelligence officials said that their country must ramp up defenses to counter the growing threat.

The assessment, which was published Wednesday, focused on the effect AI is likely to have in the next two years. The chances of AI increasing the volume and impact of cyber attacks in that timeframe were described as “almost certain,” the GCHQ’s highest confidence rating. Other, more-specific predictions listed as almost certain were:

  • AI improving capabilities in reconnaissance and social engineering, making them more effective and harder to detect
  • More impactful attacks against the UK as threat actors use AI to analyze exfiltrated data faster and more effectively, and use it to train AI models
  • Beyond the two-year threshold, commoditization of AI-improving capabilities of financially motivated and state actors
  • The trend of ransomware criminals and other types of threat actors who are already using AI will continue in 2025 and beyond.

The area of biggest impact from AI, Wednesday’s assessment said, would be in social engineering, particularly for less-skilled actors.

“Generative AI (GenAI) can already be used to enable convincing interaction with victims, including the creation of lure documents, without the translation, spelling and grammatical mistakes that often reveal phishing,” intelligence officials wrote. “This will highly likely increase over the next two years as models evolve and uptake increases.”

The assessment added: “To 2025, GenAI and large language models (LLMs) will make it difficult for everyone, regardless of their level of cyber security understanding, to assess whether an email or password reset request is genuine, or to identify phishing, spoofing or social engineering attempts.”

Keep reading

Hackers Exploit Third-Party Cookies to Access Google Accounts Without Passwords

Security experts at CloudSEK have reportedly identified a new form of malware that exploits third-party cookies, allowing unauthorized access to Google accounts without the need for passwords.

The Independent reports the alarming security breach, first announced on a Telegram channel by a hacker in October 2023, exploits vulnerabilities in third-party cookies. Specifically, it targets Google authentication cookies, which are normally used to streamline user access without repeated logins.

Hackers have devised a method to extract these cookies, allowing them to bypass password-based security and even two-factor authentication mechanisms to access user accounts.

This exploit is a major risk for all Google accounts as it allows for ongoing access to Google services, even after a user’s password has been changed. An analysis by the cybersecurity firm CloudSEK indicates that several hacking groups are actively experimenting with this technique.

Keep reading

How John Deere Hijacked Copyright Law To Keep You From Tinkering With Your Tractor

Discussions about the repairability of high-tech devices tend to focus on mass-market products: smartphones, laptops, video game consoles, and other commonplace devices. Less apparent is the repairability of tractors, cultivators, combines, and other heavy agricultural equipment that are equally reliant on computers and software. As with smartphone or laptop repairs, farmers and right-to-repair advocates have long complained that agricultural equipment manufacturers have used software to lock owners out of their products. To combat such restrictions, farmers and white-hat hackers have joined in an unlikely alliance to “liberate the tractors.”

As with other types of hardware, such as smart cars, the “techiness” of heavy agricultural machinery has become an impediment to meaningful ownership. Now, companies such as John Deere have vertically integrated the entire ecosystem for equipment, requiring customers to purchase repair services exclusively from dealers and using software to prevent independent repairs. 

Whenever software has been used to prevent the owners of products from altering or repairing their property, groups of ideologically driven individuals have used their skills to circumvent such constraints. Agricultural equipment is no different, and hackers have taken it upon themselves to “jailbreak” or open up the closed software systems that prevent independent repairs. In the words of one such hacker, “We want farmers to be able to repair their stuff for when things go wrong, and now that means being able to repair or make decisions about the software in their tractors.”

Hackers have now developed tools that would give power back to the owners of farm equipment, allowing farmers unversed in handling software to circumvent manufacturers’ software locks and independently make repairs and service their equipment. There’s only one problem with this movement to liberate the tractors: It’s a violation of federal copyright law.

Under Section 1201 of the Digital Millennium Copyright Act (DMCA), any individual who produces or uses a tool designed to circumvent software intended to keep them out of a system faces five years in federal prison and a fine of up to $500,000. Those penalties double for each subsequent infraction. This means software developers who build tools to get around John Deere’s software blocks could receive a 10-year prison sentence and a $1 million fine for each time they distribute their tool. Although the Copyright Office has implemented a narrow exception to the law for certain circumstances, a farmer who purchases such a tool could also end up in federal prison. 

The Copyright Office technically has the ability to implement broad, permanent exclusions to Section 1201 but has so far refused to act absent expressed congressional authorization. Fortunately, there are some in Congress that recognize this issue and have proposed solutions.

Keep reading

The Digital ID Rollout Is Becoming a Hacker’s Dream

Governments and corporations around the world are showing great enthusiasm in either already implementing, or planning to implement some form of digital IDs.

As it turns out ironically, these efforts are presented to citizens as not only making their lives easier through convenience, but also making sure their personal data contained within these digital IDs is safer in a world teeming with malicious actors.

Opponents have been warning about serious privacy implications, but also argue against the claim that data security actually gets improved.

It would appear they are right – at least according to a report by a cybersecurity firm issued after the hacker attacks happening around the Christmas holiday, something that’s now been dubbed “Leaksmas.”

Not only governments, but hackers as well love digital IDs and huge amounts of personal information all neatly gathered in one place, and, judging by what’s been happening recently, in many instances, sitting there pretty much easily available to them.

And hackers have expressed this love by making digital ID data their primary focus, the firm, Resecurity, said in its report. Resecurity claims that this is a clear fact, and that it was able to discern it by analyzing data dumps once they started appearing on the dark web after the Christmas-time “digital smash-and-grabs.”

In numbers, a staggering 50 million records containing personally identifiable information have surfaced on the dark web. The reason so many stolen datasets have made it to the black digital market all at once appear to be “technicalities” related to the time window during which most of it will be “sellable”.

Keep reading

AlphV ransomware site is “seized” by the FBI. Then it’s “unseized.” And so on.

The FBI spent much of Tuesday locked in an online tug-of-war with one of the Internet’s most aggressive ransomware groups after taking control of infrastructure the group has used to generate more than $300 million in illicit payments to date.

Early Tuesday morning, the dark-web site belonging to AlphV, a ransomware group that also goes by the name BlackCat, suddenly started displaying a banner that said it had been seized by the FBI as part of a coordinated law enforcement action. Gone was all the content AlphV had posted to the site previously.

Around the same time, the Justice Department said it had disrupted AlphV’s operations by releasing a software tool that would allow roughly 500 AlphV victims to restore their systems and data. In all, Justice Department officials said, AlphV had extorted roughly $300 million from 1,000 victims.

An affidavit unsealed in a Florida federal court, meanwhile, revealed that the disruption involved FBI agents obtaining 946 private keys used to host victim communication sites. The legal document said the keys were obtained with the help of a confidential human source who had “responded to an advertisement posted to a publicly accessible online forum soliciting applicants for Blackcat affiliate positions.”

“In disrupting the BlackCat ransomware group, the Justice Department has once again hacked the hackers,” Deputy Attorney General Lisa O. Monaco said in Tuesday’s announcement. “With a decryption tool provided by the FBI to hundreds of ransomware victims worldwide, businesses and schools were able to reopen, and health care and emergency services were able to come back online. We will continue to prioritize disruptions and place victims at the center of our strategy to dismantle the ecosystem fueling cybercrime.”

Within hours, the FBI seizure notice displayed on the AlphV dark-web site was gone. In its place was a new notice proclaiming: “This website has been unseized.” The new notice, written by AlphV officials, downplayed the significance of the FBI’s action. While not disputing the decryptor tool worked for 400 victims, AlphV officials said that the disruption would prevent data belonging to another 3,000 victims from being decrypted.

“Now because of them, more than 3,000 companies will never receive their keys.”

Keep reading

Lapsus$: GTA 6 hacker handed indefinite hospital order

An 18-year-old hacker who leaked clips of a forthcoming Grand Theft Auto (GTA) game has been sentenced to an indefinite hospital order.

Arion Kurtaj from Oxford, who is autistic, was a key member of international gang Lapsus$.

The gang’s attacks on tech giants including Uber, Nvidia and Rockstar Games cost the firms nearly $10m.

The judge said Kurtaj’s skills and desire to commit cyber-crime meant he remained a high risk to the public.

He will remain at a secure hospital for life unless doctors deem him no longer a danger.

The court heard that Kurtaj had been violent while in custody with dozens of reports of injury or property damage.

Doctors deemed Kurtaj unfit to stand trial due to his severe autism so the jury was asked to determine whether or not he committed the alleged acts – not if he did so with criminal intent.

A mental health assessment used as part of the sentencing hearing said he “continued to express the intent to return to cyber-crime as soon as possible. He is highly motivated.”

The jury was told that while he was on bail for hacking Nvidia and BT/EE and in police protection at a Travelodge hotel, he continued hacking and carried out his most infamous hack.

Despite having his laptop confiscated, Kurtaj managed to breach Rockstar, the company behind GTA, using an Amazon Firestick, his hotel TV and a mobile phone.

Kurtaj stole 90 clips of the unreleased and hugely anticipated Grand Theft Auto 6.

He broke into the company’s internal Slack messaging system to declare “if Rockstar does not contact me on Telegram within 24 hours I will start releasing the source code”.

He then posted the clips and source code on a forum under the username TeaPotUberHacker.

He was rearrested and detained until his trial.

Keep reading

Genetic testing company 23andMe admits hackers accessed data of more than 6.9 MILLION people – after claiming about 14,000 profiles had been breached

Genetic testing firm 23andMe has admitted that hackers accessed sensitive data on 6.9 million people – or 50 percent of its users.

The mammoth breach is the result of digital spies using old passwords to break into files belonging to 0.1 percent of customers – some 14,000 profiles – which are linked to millions more through ancestry tracing. 

On Friday, 23andMe admitted in a Securities and Exchange Commission disclosure that overall, a ‘significant number’ of files ‘containing profile information about other users’ ancestry’ had been stolen. 

The California-based company, which is a market-leader in the $17 billion genetic testing industry, later told TechCrunch that this amounted to around half of its 14 million users. 

It highlights how the explosion in popularity of at-home DNA testing kits which have led to hundreds of Americans uncovering shocking family secrets, could come with unexpected consequences. 

Keep reading

Hackers who targeted the private hospital that treated Kate Middleton are threatening to release the Royal Family’s private medical information

Hackers who targeted the private hospital which treated Kate, Princess of Wales, are threatening to release private medical information belonging to members of the Royal Family.

The gang broke into the computer systems of the King Edward VII’s Hospital and warned they aim to release ‘data from the Royal Family’ on Tuesday unless they are paid £300,000 in the cyber currency Bitcoin.

The ransom demand was made on the dark web, where the hackers posted images of what they claim are stolen files including X-rays, letters from consultants, registration forms, handwritten clinical notes, and pathology forms.

GCHQ and police are investigating the attack by hacking gang Rhysida – named after a venomous tropical centipede.

The 56-bed private hospital in Marylebone has been used by the Royal Family for more than a century. The late Queen Elizabeth II was a patient and so was Prince Philip who spent almost a month being treated there before he died aged 99 in 2021.

The Princess of Wales was admitted there in 2012 with prolonged bouts of acute morning sickness during her first pregnancy. 

During her stay, two Australian radio DJs placed a hoax call and obtained private medical information about Kate – then the Duchess of Cambridge – which they then broadcast, forcing hospital bosses into an embarrassing apology. 

The nurse who unwittingly took the call later took her own life over the prank.

Last night, Philip Ingram, former British military intelligence colonel, said: ‘Given the highly sensitive nature of the patients, there will be a degree of pressure on the hospital to try to stop any of this data being released. 

And therefore I would expect them to explore the possibility of paying the ransom.

Keep reading

I’m a professional hacker – and these are the 5 things that would allow me to crack into your smartphone within SECONDS

Many of us would feel lost without our smartphones in hand – but what if that same device became a tool for criminals?

Kieran Burge, a security consultant at Prism Infosec, has revealed the five common mistakes that could let him crack into your smartphone within seconds.

As a penetration tester – a legal hacker who tests companies’ cybersecurity to find weaknesses before criminals do – Kieran knows what he’s talking about. 

And he says that simple mistakes such as reusing passwords, clicking on dodgy links and sharing too much information on social media could land you in hot water. 

So, are you guilty of these security blunders? Read on to find out.  

Keep reading