Tag: hacking

The Next Phase Of Surveillance? Getting Under Your Skin

AI and transhumanism: Hackable animals

My friends, let me introduce you to Yuval Noah Harari, a man chock-full of big ideas. He explained during the COVID crisis:

“COVID is critical because this is what convinces people to accept, to legitimize, total biometric surveillance. If we want to stop this epidemic, we need not just to monitor people, we need to monitor what’s happening under their skin.”

In a 60 Minutes interview with Anderson Cooper, Harari repeated this idea: “What we have seen so far is corporations and governments collecting data about where we go, who we meet, what movies we watch.

The next phase is the surveillance going under our skin … He likewise told India Today, when commenting on changes accepted by the population during COVID-19:

“We now see mass surveillance systems established even in democratic countries which previously rejected them, and we also see a change in the nature of surveillance. Previously, surveillance was mainly above the skin; now we want it under the skin.

“Governments want to know not just where we go or who we meet. They want to know what’s happening under our skin: what is our body temperature; what is our blood pressure; what is our medical condition?”

Harari is clearly a man who wants to … get under your skin. He just might succeed.

Another recent interview finds him waxing philosophical:

“Now humans are developing even bigger powers than ever before. We are really acquiring divine powers of creation and destruction. We are really upgrading humans into gods. We are acquiring, for instance, the power to re-engineer human life.”

As Kierkegaard once said of Hegel when he talks about the Absolute, when Harari talks about the future, he sounds like he’s going up in a balloon.

Forgive me, but a few last nuggets from professor Harari will round out the picture of his philosophy, and his lofty hopes and dreams:

Humans are now hackable animals. You know, the whole idea that humans have this soul or spirit, and they have free will and nobody knows what’s happening inside me, so, whatever I choose, whether in the election or in the supermarket, that’s my free will — that’s over.”

Harari explains that to hack human being, you need a lot of computing power and a lot of biometric data, which was not possible until recently with the advent of AI.

Keep reading

Private Contact Info and Passwords of Trump’s Top Security Officials — Including Mike Waltz, Tulsi Gabbard, and Pete Hegseth — Reportedly Found Online via Hacked Data and Search Engines

The private contact information of key members of President Donald Trump’s top security circle — including Mike Waltz, Tulsi Gabbard, and Pete Hegseth — has reportedly been exposed online through hacked databases and commercial people search engines.

The bombshell report comes from Germany’s Der Spiegel, which confirmed that the personal phone numbers, email addresses, and even passwords of these high-level officials can now be accessed by virtually anyone — including foreign intelligence agencies.

According to the news outlet, “The reporters used commercial people search engines along with hacked customer data that has been published on the web.”

According to the report, National Security Adviser Mike Waltz, Director of National Intelligence Tulsi Gabbard, and Secretary of Defense Pete Hegseth were among those whose personal data was discovered in online leaks.

Spiegel journalists say they were able to link the exposed phone numbers to active WhatsApp and Signal accounts, raising serious concerns that foreign adversaries may have had — or still have — access to critical communications.

“Hostile intelligence services could use this publicly available data to hack the communications of those affected by installing spyware on their devices. It is thus conceivable that foreign agents were privy to the Signal chat group in which Gabbard, Waltz and Hegseth discussed a military strike,” according to the German news outlet.

Keep reading

Cyberattack on Ukraine Exposes The Dangers of Digital ID Systems

Ukraine’s reliance on its new digital identity systems has become a warning about the dangers of digital ID, as a recent cyberattack exposed critical vulnerabilities in the country’s digital infrastructure.

Last month, several key government databases were taken offline, disrupting essential services like legal filings and marriage registrations. Officials assured citizens that the controversial Diia, the government’s widely used e-governance app, would soon be restored, but the incident laid bare significant risks within the app’s centralized backend platform, Trembita.

This breach, the most serious since Trembita’s launch in 2020, raises urgent questions about the security of Ukraine’s growing dependence on digital IDs and is a clear warning to other countries that are rushing to embrace the controversial tech.

Trembita, the platform enabling Diia’s operations, functions as a digital network connecting government databases. While officials insisted it operated as designed during the breach, cybersecurity experts are sounding alarms. Mykyta Knysh, a former Ukrainian security official, described the platform’s centralized architecture as a dangerous “single point of failure.” Warnings about these risks had surfaced before — security analysts cautioned in 2021 that consolidating sensitive personal and administrative data under Diia would leave Ukraine exposed to large-scale attacks.

The Russian hacking group XakNet has claimed responsibility for the attack.

Keep reading

Researchers claim US-registered cloud host facilitated state-backed cyberattacks

A little-known cloud company provided web hosting and internet services to more than two dozen different state-sponsored hacking groups and commercial spyware operators, according to researchers at cybersecurity company Halcyon.

In a report released on Tuesday, Halcyon said it had identified that the U.S.-registered company Cloudzy was “knowingly or unwittingly” acting as a command-and-control provider (C2P) to well-known state-sponsored hacking groups. C2Ps are internet providers that allow hackers to host virtual private servers and other anonymized services used by ransomware affiliates to carry out cyberattacks and extortion.

Halcyon said that the two-dozen groups that rely on Cloudzy include the China-backed espionage group APT10; North Korea-backed hackers Kimsuky; and Kremlin-backed groups Turla, Nobelium and FIN12.

FIN12 was the subject of a joint FBI-CISA advisory in October 2020 after carrying out a spate of ransomware attacks targeting the U.S. healthcare industry. In its report, Halcyon said that Cloudzy — then doing business as Router Hosting — hosted at least 40 command and control servers used by FIN12 during its cyberattacks.

The list of groups facilitated by Cloudzy also includes hacking groups from Iran, Pakistan and Vietnam, along with Tel Aviv-based malware maker Candiru, which sells its phone-snooping spyware to government customers. Candiru was sanctioned by the U.S. government in 2021 for engaging in activities contrary to U.S. national security.

Halcyon says that about half of the total servers hosted by Cloudzy appear to be directly supporting malicious activity.

The cybersecurity firm concluded that although the cloud host is registered in the U.S., Halcyon says it has “high confidence” that the cloud host is a cutout for AbrNOC, a cloud host that operates out of the Iranian capital of Tehran, which could put American customers in conflict with U.S. government sanctions.

Cloudzy, which claims to operate out of New York City, is registered in Wyoming, while a support phone number listed by the company is linked to a different address in Las Vegas. AbrNOC shares the same logo as Cloudzy, albeit in a different color, and also shares the same fictitiously named employees, according to Halcyon researchers. A man named Hannan Nozari is listed as abrNOC’s CEO and identifies himself as the founder of both web hosts companies in his Twitter bio, as well as a “Noob on the Internet.”

Nozari did not respond to messages sent by TechCrunch via LinkedIn and email, and TechCrunch was unable to reach anyone at Cloudzy via the number listed on the company’s website.

Keep reading

Consumer Group Warns Smartphone Facial Recognition Apps Are Vulnerable to Spoofing

Smartphone face biometrics from many leading brands are vulnerable to spoof attacks with 2D photographs, according to a new report from UK-based consumer testing and review group Which?, according to Yahoo Finance UK.

The group says the vulnerability is “unacceptable,” and has “worrying implications” for user’s security.

On-device biometrics are used for device unlocking and local authentication, while KYC processes for customer onboarding and strong remote identity verification is typically carried out with server-side biometrics and other signals, with a layer of liveness or presentation attack detection.

The phones tested include Honor, Motorola, Nokia, Oppo, Samsung, Vivo and Xiaomi handsets. Apple’s 3D FaceID biometrics were not fooled by the photos. The devices tested range in price from £89.99 to nearly £1,000 (approximately US$112 to $1,244), but the majority of phones that failed the test are lower-cost or mid-range models.

Out of 48 new smartphone models tested, 60 percent were not vulnerable to spoofing with a photograph.

Keep reading

FLASHBACK: WikiLeaks Released ‘Vault 7’ Disclosures Showing CIA’s Terrifying Hacking Capabilities Six Years Ago Today

On this day six years ago, the WikiLeaks released its “Vault 7” disclosures showing the hacking capabilities of the CIA.

The disclosures showed that the CIA is capable of hacking smartphones, computer operating systems, automobiles, messenger apps and smart TVs.

The release consisted of 8,761 documents reportedly coming from the CIA’s Center of Cyber Intelligence. It showed how the CIA could hack phones in order to bypass encrypted apps by accessing the information before the user can send the data. They can also tap into the microphone and video recording devices on phones even when they are powered off.

The CIA also developed a hack that puts Samsung Smart TVs in a fake off mode, which deceives an individual into thinking they are not being recorded when they actually are. The CIA can also leave false bread crumbs that will make it look like the hack is done by an adversary, such as Russia or China, if they are caught after the fact.

All of the Vault7 files can be found here.

Keep reading

Journalist Uses AI Voice to Break into Own Bank Account

In a recent experiment, Vice.com writer Joseph Cox used an AI-generated voice to bypass Lloyds Bank security and access his account.

To achieve this, Cox used a free service of ElevenLabs, an AI-voice generation company that supplies voices for newsletters, books and videos.

Cox recorded five minutes of speech and uploaded it to ElevenLabs. After making some adjustments, such as having the AI read a longer body of text for a more natural cadence, the generated audio outmaneuvered Lloyds security.

“I couldn’t believe it had worked,” Cox wrote in his Vice article. “I had used an AI-powered replica of a voice to break into a bank account. After that, I accessed the account information, including balances and a list of recent transactions and transfers.”

Multiple United States and European banks use voice authentication to speed logins over the phone. While some banks claim that voice identification is comparable to a fingerprint, this experiment demonstrates that voice-based biometric security does not offer perfect protection.

ElevenLabs did not comment on the hack despite multiple requests, Cox says. However, in a previous statement, the firm’s co-founder, Mati Staniszewski, said new safeguards reduce misuse and support authorities in identifying those who break the law.

Keep reading

New Zealand spy agency uses ‘computer network exploitation’ to take digital information

One of the country’s two spy agencies has revealed it retrieves information directly from where it is stored or processed on computers.

The “computer network exploitation” operations have been a highly-classified secret at the GCSB until now.

US commentators refer to computer network exploitation as a form of cyber warfare, or the “theft of data”.

“Our legislation … allows us to access information infrastructures, which is more than just interception,” the Director-General of the Government Communications Security Bureau, Andrew Hampton, said.

It “also allows us to retrieve digital information directly from where it is stored or processed”.

The GCSB refers to this as “accessing information infrastructures”.

The spy watchdog, the Inspector-General of Intelligence and Security, Brendan Horsley, cited Hampton’s speech to the Institute of International Affairs in May, for making the revelation.

This had freed Horsley up to be able to assure the public that the exploitation operations were scrutinised, he said in his annual report released on Friday.

Previously, he had had to refer to “certain operations”.

“Although it was subject to oversight, it was not possible to provide any clear public assurance of this.”

In fact, he had conducted a review that found the compliance systems around CNE “to be generally effective and appropriate”.

However, he was still not allowed to go into details “on the bureau’s use of this important capability”.

Keep reading

America’s Drinking Water Is Surprisingly Easy to Poison

On Feb. 16, less than two weeks after a mysterious attacker made headlines around the world by hacking a water treatment plant in Oldsmar, Florida, and nearly generating a mass poisoning, the city’s mayor declared victory.

“This is a success story,” Mayor Eric Seidel told the City Council in Oldsmar, a Tampa suburb of 15,000, after acknowledging “some deficiencies.” As he put it, “our protocols, monitoring protocols, worked. Our staff executed them to perfection. And as the city manager said, there were other backups. … We were breached, there’s no question. And we’ll make sure that doesn’t happen again. But it’s a success story.” Two council members congratulated the mayor, noting his turn at the press conference where the hack was disclosed. “Even on TV, you were fantastic,” said one.

Get Our Top Investigations

Subscribe to the Big Story newsletter.Email address:

“Success” is not the word that cybersecurity experts use to describe the Oldsmar episode. They view the breach as a case study in digital ineptitude, a frightening near-miss and an example of how the managers of water systems continue to downplay or ignore years of increasingly dire warnings.

The experts say the sorts of rudimentary vulnerabilities revealed in the breach — including the lack of an internet firewall and the use of shared passwords and outdated software — are common among America’s 151,000 public water systems.

“Frankly, they got very lucky,” said retired Adm. Mark Montgomery, executive director of the federal Cyberspace Solarium Commission, which Congress established in 2018 to upgrade the nation’s defenses against major cyberattacks. Montgomery likened the Oldsmar outcome to a pilot landing a plane after an engine caught fire during a flight. “They shouldn’t celebrate like Tom Brady winning the Super Bowl,” he said. “They didn’t win a game. They averted a disaster through a lot of good fortune.”

Keep reading