Tag: hacking

John Bolton’s personal email account was hacked by foreign entity, FBI docs reveal

Former National Security Adviser John Bolton allegedly used a private email account that was at one point hacked by a “foreign entity,” an FBI search warrant affidavit released Friday revealed. 

The 41-page document –  used by federal investigators to justify the raid of Bolton’s Maryland home last month – suggests the hacking incident gave the FBI reason to believe the former Trump administration official mishandled classified records. 

The Post previously reported that Bolton allegedly used his personal email account to send “highly sensitive” documents to his family while working in the White House.

“Hack of Bolton AOL Account by Foreign Entity,” reads a section of the affidavit, where investigators explained the probable cause for the searches. 

The roughly 10 pages detailing the hacking incident are completely redacted. It’s unclear which foreign nation may have been responsible. 

Keep reading

Will County Democrat Jacqueline Traynere — Who Once Struck a Child With Her Car — Now CHARGED With Three Counts of Computer Tampering After Allegedly Hacking Fellow Board Members’ Emails

The scandals surrounding Will County Democrat Jacqueline Traynere keep piling up.

Traynere, a Democrat Will County Board member serving Bolingbrook, Illinois, is now officially charged with three counts of computer tampering, according to documents filed in Will County Circuit Court this week, Patch reported.

The charges stem from an incident in March 2024 when Traynere allegedly accessed the private email account of Republican Board Chair Judy Ogalla without authorization. Prosecutors say Traynere then forwarded Ogalla’s conversations to Democrat County Executive Jennifer Bertino-Tarrant in an apparent attempt to undermine her political opponents.

Computer tampering is a Class B misdemeanor in Illinois.

More from the Chicago Tribune:

Traynere, a Bolingbrook Democrat, allegedly accessed the email account of board member Judy Ogalla, a Monee Republican, in March 2024 without Ogalla’s authorization, according to the charges.

The misdemeanor charges filed by special prosecutor William Elward state Traynere forwarded emails from Ogalla’s account to herself and others.

Ogalla, who was the Will County Board chairman at the time, said that Traynere knowingly accessed her email and knew it was unethical.

Ogalla questioned whether Traynere had opened her email more than once. She said she doesn’t know what all Traynere saw.

“Was she in my email other times and I just didn’t know?” Ogalla said. “She shouldn’t have done it.”

An email exchanged between board member Steve Balich, a Homer Glen Republican, and Ogalla regarding the controversial 143rd Street road widening project had been forwarded to the county executive, who replied to the email, Balich said during a July 2024 news conference with other County Board Republicans.

This isn’t Traynere’s first brush with controversy. Earlier this year, she was involved in a disturbing incident where she struck a child riding a bicycle with her car.

Keep reading

The Next Phase Of Surveillance? Getting Under Your Skin

AI and transhumanism: Hackable animals

My friends, let me introduce you to Yuval Noah Harari, a man chock-full of big ideas. He explained during the COVID crisis:

“COVID is critical because this is what convinces people to accept, to legitimize, total biometric surveillance. If we want to stop this epidemic, we need not just to monitor people, we need to monitor what’s happening under their skin.”

In a 60 Minutes interview with Anderson Cooper, Harari repeated this idea: “What we have seen so far is corporations and governments collecting data about where we go, who we meet, what movies we watch.

The next phase is the surveillance going under our skin … He likewise told India Today, when commenting on changes accepted by the population during COVID-19:

“We now see mass surveillance systems established even in democratic countries which previously rejected them, and we also see a change in the nature of surveillance. Previously, surveillance was mainly above the skin; now we want it under the skin.

“Governments want to know not just where we go or who we meet. They want to know what’s happening under our skin: what is our body temperature; what is our blood pressure; what is our medical condition?”

Harari is clearly a man who wants to … get under your skin. He just might succeed.

Another recent interview finds him waxing philosophical:

“Now humans are developing even bigger powers than ever before. We are really acquiring divine powers of creation and destruction. We are really upgrading humans into gods. We are acquiring, for instance, the power to re-engineer human life.”

As Kierkegaard once said of Hegel when he talks about the Absolute, when Harari talks about the future, he sounds like he’s going up in a balloon.

Forgive me, but a few last nuggets from professor Harari will round out the picture of his philosophy, and his lofty hopes and dreams:

Humans are now hackable animals. You know, the whole idea that humans have this soul or spirit, and they have free will and nobody knows what’s happening inside me, so, whatever I choose, whether in the election or in the supermarket, that’s my free will — that’s over.”

Harari explains that to hack human being, you need a lot of computing power and a lot of biometric data, which was not possible until recently with the advent of AI.

Keep reading

Private Contact Info and Passwords of Trump’s Top Security Officials — Including Mike Waltz, Tulsi Gabbard, and Pete Hegseth — Reportedly Found Online via Hacked Data and Search Engines

The private contact information of key members of President Donald Trump’s top security circle — including Mike Waltz, Tulsi Gabbard, and Pete Hegseth — has reportedly been exposed online through hacked databases and commercial people search engines.

The bombshell report comes from Germany’s Der Spiegel, which confirmed that the personal phone numbers, email addresses, and even passwords of these high-level officials can now be accessed by virtually anyone — including foreign intelligence agencies.

According to the news outlet, “The reporters used commercial people search engines along with hacked customer data that has been published on the web.”

According to the report, National Security Adviser Mike Waltz, Director of National Intelligence Tulsi Gabbard, and Secretary of Defense Pete Hegseth were among those whose personal data was discovered in online leaks.

Spiegel journalists say they were able to link the exposed phone numbers to active WhatsApp and Signal accounts, raising serious concerns that foreign adversaries may have had — or still have — access to critical communications.

“Hostile intelligence services could use this publicly available data to hack the communications of those affected by installing spyware on their devices. It is thus conceivable that foreign agents were privy to the Signal chat group in which Gabbard, Waltz and Hegseth discussed a military strike,” according to the German news outlet.

Keep reading

Cyberattack on Ukraine Exposes The Dangers of Digital ID Systems

Ukraine’s reliance on its new digital identity systems has become a warning about the dangers of digital ID, as a recent cyberattack exposed critical vulnerabilities in the country’s digital infrastructure.

Last month, several key government databases were taken offline, disrupting essential services like legal filings and marriage registrations. Officials assured citizens that the controversial Diia, the government’s widely used e-governance app, would soon be restored, but the incident laid bare significant risks within the app’s centralized backend platform, Trembita.

This breach, the most serious since Trembita’s launch in 2020, raises urgent questions about the security of Ukraine’s growing dependence on digital IDs and is a clear warning to other countries that are rushing to embrace the controversial tech.

Trembita, the platform enabling Diia’s operations, functions as a digital network connecting government databases. While officials insisted it operated as designed during the breach, cybersecurity experts are sounding alarms. Mykyta Knysh, a former Ukrainian security official, described the platform’s centralized architecture as a dangerous “single point of failure.” Warnings about these risks had surfaced before — security analysts cautioned in 2021 that consolidating sensitive personal and administrative data under Diia would leave Ukraine exposed to large-scale attacks.

The Russian hacking group XakNet has claimed responsibility for the attack.

Keep reading

Researchers claim US-registered cloud host facilitated state-backed cyberattacks

A little-known cloud company provided web hosting and internet services to more than two dozen different state-sponsored hacking groups and commercial spyware operators, according to researchers at cybersecurity company Halcyon.

In a report released on Tuesday, Halcyon said it had identified that the U.S.-registered company Cloudzy was “knowingly or unwittingly” acting as a command-and-control provider (C2P) to well-known state-sponsored hacking groups. C2Ps are internet providers that allow hackers to host virtual private servers and other anonymized services used by ransomware affiliates to carry out cyberattacks and extortion.

Halcyon said that the two-dozen groups that rely on Cloudzy include the China-backed espionage group APT10; North Korea-backed hackers Kimsuky; and Kremlin-backed groups Turla, Nobelium and FIN12.

FIN12 was the subject of a joint FBI-CISA advisory in October 2020 after carrying out a spate of ransomware attacks targeting the U.S. healthcare industry. In its report, Halcyon said that Cloudzy — then doing business as Router Hosting — hosted at least 40 command and control servers used by FIN12 during its cyberattacks.

The list of groups facilitated by Cloudzy also includes hacking groups from Iran, Pakistan and Vietnam, along with Tel Aviv-based malware maker Candiru, which sells its phone-snooping spyware to government customers. Candiru was sanctioned by the U.S. government in 2021 for engaging in activities contrary to U.S. national security.

Halcyon says that about half of the total servers hosted by Cloudzy appear to be directly supporting malicious activity.

The cybersecurity firm concluded that although the cloud host is registered in the U.S., Halcyon says it has “high confidence” that the cloud host is a cutout for AbrNOC, a cloud host that operates out of the Iranian capital of Tehran, which could put American customers in conflict with U.S. government sanctions.

Cloudzy, which claims to operate out of New York City, is registered in Wyoming, while a support phone number listed by the company is linked to a different address in Las Vegas. AbrNOC shares the same logo as Cloudzy, albeit in a different color, and also shares the same fictitiously named employees, according to Halcyon researchers. A man named Hannan Nozari is listed as abrNOC’s CEO and identifies himself as the founder of both web hosts companies in his Twitter bio, as well as a “Noob on the Internet.”

Nozari did not respond to messages sent by TechCrunch via LinkedIn and email, and TechCrunch was unable to reach anyone at Cloudzy via the number listed on the company’s website.

Keep reading

Consumer Group Warns Smartphone Facial Recognition Apps Are Vulnerable to Spoofing

Smartphone face biometrics from many leading brands are vulnerable to spoof attacks with 2D photographs, according to a new report from UK-based consumer testing and review group Which?, according to Yahoo Finance UK.

The group says the vulnerability is “unacceptable,” and has “worrying implications” for user’s security.

On-device biometrics are used for device unlocking and local authentication, while KYC processes for customer onboarding and strong remote identity verification is typically carried out with server-side biometrics and other signals, with a layer of liveness or presentation attack detection.

The phones tested include Honor, Motorola, Nokia, Oppo, Samsung, Vivo and Xiaomi handsets. Apple’s 3D FaceID biometrics were not fooled by the photos. The devices tested range in price from £89.99 to nearly £1,000 (approximately US$112 to $1,244), but the majority of phones that failed the test are lower-cost or mid-range models.

Out of 48 new smartphone models tested, 60 percent were not vulnerable to spoofing with a photograph.

Keep reading

FLASHBACK: WikiLeaks Released ‘Vault 7’ Disclosures Showing CIA’s Terrifying Hacking Capabilities Six Years Ago Today

On this day six years ago, the WikiLeaks released its “Vault 7” disclosures showing the hacking capabilities of the CIA.

The disclosures showed that the CIA is capable of hacking smartphones, computer operating systems, automobiles, messenger apps and smart TVs.

The release consisted of 8,761 documents reportedly coming from the CIA’s Center of Cyber Intelligence. It showed how the CIA could hack phones in order to bypass encrypted apps by accessing the information before the user can send the data. They can also tap into the microphone and video recording devices on phones even when they are powered off.

The CIA also developed a hack that puts Samsung Smart TVs in a fake off mode, which deceives an individual into thinking they are not being recorded when they actually are. The CIA can also leave false bread crumbs that will make it look like the hack is done by an adversary, such as Russia or China, if they are caught after the fact.

All of the Vault7 files can be found here.

Keep reading

Journalist Uses AI Voice to Break into Own Bank Account

In a recent experiment, Vice.com writer Joseph Cox used an AI-generated voice to bypass Lloyds Bank security and access his account.

To achieve this, Cox used a free service of ElevenLabs, an AI-voice generation company that supplies voices for newsletters, books and videos.

Cox recorded five minutes of speech and uploaded it to ElevenLabs. After making some adjustments, such as having the AI read a longer body of text for a more natural cadence, the generated audio outmaneuvered Lloyds security.

“I couldn’t believe it had worked,” Cox wrote in his Vice article. “I had used an AI-powered replica of a voice to break into a bank account. After that, I accessed the account information, including balances and a list of recent transactions and transfers.”

Multiple United States and European banks use voice authentication to speed logins over the phone. While some banks claim that voice identification is comparable to a fingerprint, this experiment demonstrates that voice-based biometric security does not offer perfect protection.

ElevenLabs did not comment on the hack despite multiple requests, Cox says. However, in a previous statement, the firm’s co-founder, Mati Staniszewski, said new safeguards reduce misuse and support authorities in identifying those who break the law.

Keep reading

New Zealand spy agency uses ‘computer network exploitation’ to take digital information

One of the country’s two spy agencies has revealed it retrieves information directly from where it is stored or processed on computers.

The “computer network exploitation” operations have been a highly-classified secret at the GCSB until now.

US commentators refer to computer network exploitation as a form of cyber warfare, or the “theft of data”.

“Our legislation … allows us to access information infrastructures, which is more than just interception,” the Director-General of the Government Communications Security Bureau, Andrew Hampton, said.

It “also allows us to retrieve digital information directly from where it is stored or processed”.

The GCSB refers to this as “accessing information infrastructures”.

The spy watchdog, the Inspector-General of Intelligence and Security, Brendan Horsley, cited Hampton’s speech to the Institute of International Affairs in May, for making the revelation.

This had freed Horsley up to be able to assure the public that the exploitation operations were scrutinised, he said in his annual report released on Friday.

Previously, he had had to refer to “certain operations”.

“Although it was subject to oversight, it was not possible to provide any clear public assurance of this.”

In fact, he had conducted a review that found the compliance systems around CNE “to be generally effective and appropriate”.

However, he was still not allowed to go into details “on the bureau’s use of this important capability”.

Keep reading