Tag: hacking

FLASHBACK: WikiLeaks Released ‘Vault 7’ Disclosures Showing CIA’s Terrifying Hacking Capabilities Six Years Ago Today

On this day six years ago, the WikiLeaks released its “Vault 7” disclosures showing the hacking capabilities of the CIA.

The disclosures showed that the CIA is capable of hacking smartphones, computer operating systems, automobiles, messenger apps and smart TVs.

The release consisted of 8,761 documents reportedly coming from the CIA’s Center of Cyber Intelligence. It showed how the CIA could hack phones in order to bypass encrypted apps by accessing the information before the user can send the data. They can also tap into the microphone and video recording devices on phones even when they are powered off.

The CIA also developed a hack that puts Samsung Smart TVs in a fake off mode, which deceives an individual into thinking they are not being recorded when they actually are. The CIA can also leave false bread crumbs that will make it look like the hack is done by an adversary, such as Russia or China, if they are caught after the fact.

All of the Vault7 files can be found here.

Keep reading

Journalist Uses AI Voice to Break into Own Bank Account

In a recent experiment, Vice.com writer Joseph Cox used an AI-generated voice to bypass Lloyds Bank security and access his account.

To achieve this, Cox used a free service of ElevenLabs, an AI-voice generation company that supplies voices for newsletters, books and videos.

Cox recorded five minutes of speech and uploaded it to ElevenLabs. After making some adjustments, such as having the AI read a longer body of text for a more natural cadence, the generated audio outmaneuvered Lloyds security.

“I couldn’t believe it had worked,” Cox wrote in his Vice article. “I had used an AI-powered replica of a voice to break into a bank account. After that, I accessed the account information, including balances and a list of recent transactions and transfers.”

Multiple United States and European banks use voice authentication to speed logins over the phone. While some banks claim that voice identification is comparable to a fingerprint, this experiment demonstrates that voice-based biometric security does not offer perfect protection.

ElevenLabs did not comment on the hack despite multiple requests, Cox says. However, in a previous statement, the firm’s co-founder, Mati Staniszewski, said new safeguards reduce misuse and support authorities in identifying those who break the law.

Keep reading

New Zealand spy agency uses ‘computer network exploitation’ to take digital information

One of the country’s two spy agencies has revealed it retrieves information directly from where it is stored or processed on computers.

The “computer network exploitation” operations have been a highly-classified secret at the GCSB until now.

US commentators refer to computer network exploitation as a form of cyber warfare, or the “theft of data”.

“Our legislation … allows us to access information infrastructures, which is more than just interception,” the Director-General of the Government Communications Security Bureau, Andrew Hampton, said.

It “also allows us to retrieve digital information directly from where it is stored or processed”.

The GCSB refers to this as “accessing information infrastructures”.

The spy watchdog, the Inspector-General of Intelligence and Security, Brendan Horsley, cited Hampton’s speech to the Institute of International Affairs in May, for making the revelation.

This had freed Horsley up to be able to assure the public that the exploitation operations were scrutinised, he said in his annual report released on Friday.

Previously, he had had to refer to “certain operations”.

“Although it was subject to oversight, it was not possible to provide any clear public assurance of this.”

In fact, he had conducted a review that found the compliance systems around CNE “to be generally effective and appropriate”.

However, he was still not allowed to go into details “on the bureau’s use of this important capability”.

Keep reading

America’s Drinking Water Is Surprisingly Easy to Poison

On Feb. 16, less than two weeks after a mysterious attacker made headlines around the world by hacking a water treatment plant in Oldsmar, Florida, and nearly generating a mass poisoning, the city’s mayor declared victory.

“This is a success story,” Mayor Eric Seidel told the City Council in Oldsmar, a Tampa suburb of 15,000, after acknowledging “some deficiencies.” As he put it, “our protocols, monitoring protocols, worked. Our staff executed them to perfection. And as the city manager said, there were other backups. … We were breached, there’s no question. And we’ll make sure that doesn’t happen again. But it’s a success story.” Two council members congratulated the mayor, noting his turn at the press conference where the hack was disclosed. “Even on TV, you were fantastic,” said one.

Get Our Top Investigations

Subscribe to the Big Story newsletter.Email address:

“Success” is not the word that cybersecurity experts use to describe the Oldsmar episode. They view the breach as a case study in digital ineptitude, a frightening near-miss and an example of how the managers of water systems continue to downplay or ignore years of increasingly dire warnings.

The experts say the sorts of rudimentary vulnerabilities revealed in the breach — including the lack of an internet firewall and the use of shared passwords and outdated software — are common among America’s 151,000 public water systems.

“Frankly, they got very lucky,” said retired Adm. Mark Montgomery, executive director of the federal Cyberspace Solarium Commission, which Congress established in 2018 to upgrade the nation’s defenses against major cyberattacks. Montgomery likened the Oldsmar outcome to a pilot landing a plane after an engine caught fire during a flight. “They shouldn’t celebrate like Tom Brady winning the Super Bowl,” he said. “They didn’t win a game. They averted a disaster through a lot of good fortune.”

Keep reading

Journalist Can’t Sue Rod Rosenstein for Alleged Illegal Spying on Her Family During Obama Admin Because of Qualified Immunity

Television journalist Sharyl Attkisson and her family sued former deputy attorney general Rod Rosenstein for illegally spying on them in violation of the Fourth Amendment and federal law during the Obama administration. A federal court dismissed the lawsuit earlier this week by finding that Rosenstein is entitled to qualified immunity.

The controversy has taken numerous paths through the legal system since the Attkissons claimed they discovered that the government had hacked into their computers and cellphones in 2014—first filing a lawsuit against former U.S. Attorney General Eric Holder, former U.S. Postmaster General Patrick Donahoe, and numerous “John Doe” agents with the U.S. Department of Justice (DOJ) based on alleged violations of the First and Fourth Amendments.

Keep reading

Controversial COVID-19 Data Scientist’s Home Raided, Guns at Pointed Family, Computers Seized

Earlier this year in May, Rebekah Jones, the data scientist working for Florida, who put together that state’s COVID-19 database, made national headlines when she was fired by the state over a disagreement in reporting the numbers. Jones says she was fired for refusing to manipulate data that showed a higher number of deaths while the state claimed she was fired for insubordination. Fast-forward to this month, and what started as a firing ended with armed agents of the state allegedly pointing guns at an entire family, during a raid on their Florida home.

After she was fired in May, Jones made the following claim:

I was asked by DOH leadership to manually change numbers. This was a week before the reopening plan officially kicked off into phase one. I was asked to do the analysis and present the findings about which counties met the criteria for reopening. The criteria followed more or less the White House panel’s recommendations, but our epidemiology team also contributed to that as well. As soon as I presented the results, they were essentially the opposite of what they had anticipated. The whole day while we’re having this kind of back and forth changing this, not showing that, the plan was being printed and stapled right in front of me. So it was very clear at that point that the science behind the supposedly science-driven plan didn’t matter because the plan was already made.

After she was fired, Jones continued her work reporting the numbers by starting the website Florida COVID Action, which is a dashboard of Florida COVID information, like the one she used to run for the state. Since then, she’s been running this site without much resistance from the state — until now.

Keep reading

The Tool That Took Over Twitter

If you were staring at your Twitter feed last week, you probably saw a bunch of famous people and brands post a Bitcoin wallet address, asking people to send in money. 

Elon Musk, Bill Gates, Barack Obama, Joe Biden, Apple, Jeff Bezos, Kanye West, Uber, Wiz Khalifa, Floyd Mayweather, were all among 130 accounts that hackers took control of in a brazen hack. 

Joseph Cox was the first to report that the hackers had pulled off the hack leveraging an internal Twitter tool used by company employeesThe New York Times later confirmed the story, talking directly to some of the hackers involved. 

On this week’s CYBER, we spoke to Joseph, who broke down how the hack actually happened, and what we can all learn from it.

Keep reading

Knowing Or Distributing This Illegal Prime Number Could Get You Arrested

What if I told you that there exist few numbers that will get you arrested in America if your write them down or publish them on some website? Well, this isn’t some kind of April Fools’ Day joke and even some casual affair with these number could get you in trouble in States.

If your knowledge extends deep into the waters of security and cryptography, you might be knowing that prime numbers are really important in the field of encryption. Earlier this year in January, cryptographers were elated when a new world’s largest prime number was discovered.

Keep reading