Tag: hacking

Cyberattack on Ukraine Exposes The Dangers of Digital ID Systems

Ukraine’s reliance on its new digital identity systems has become a warning about the dangers of digital ID, as a recent cyberattack exposed critical vulnerabilities in the country’s digital infrastructure.

Last month, several key government databases were taken offline, disrupting essential services like legal filings and marriage registrations. Officials assured citizens that the controversial Diia, the government’s widely used e-governance app, would soon be restored, but the incident laid bare significant risks within the app’s centralized backend platform, Trembita.

This breach, the most serious since Trembita’s launch in 2020, raises urgent questions about the security of Ukraine’s growing dependence on digital IDs and is a clear warning to other countries that are rushing to embrace the controversial tech.

Trembita, the platform enabling Diia’s operations, functions as a digital network connecting government databases. While officials insisted it operated as designed during the breach, cybersecurity experts are sounding alarms. Mykyta Knysh, a former Ukrainian security official, described the platform’s centralized architecture as a dangerous “single point of failure.” Warnings about these risks had surfaced before — security analysts cautioned in 2021 that consolidating sensitive personal and administrative data under Diia would leave Ukraine exposed to large-scale attacks.

The Russian hacking group XakNet has claimed responsibility for the attack.

Keep reading

Researchers claim US-registered cloud host facilitated state-backed cyberattacks

A little-known cloud company provided web hosting and internet services to more than two dozen different state-sponsored hacking groups and commercial spyware operators, according to researchers at cybersecurity company Halcyon.

In a report released on Tuesday, Halcyon said it had identified that the U.S.-registered company Cloudzy was “knowingly or unwittingly” acting as a command-and-control provider (C2P) to well-known state-sponsored hacking groups. C2Ps are internet providers that allow hackers to host virtual private servers and other anonymized services used by ransomware affiliates to carry out cyberattacks and extortion.

Halcyon said that the two-dozen groups that rely on Cloudzy include the China-backed espionage group APT10; North Korea-backed hackers Kimsuky; and Kremlin-backed groups Turla, Nobelium and FIN12.

FIN12 was the subject of a joint FBI-CISA advisory in October 2020 after carrying out a spate of ransomware attacks targeting the U.S. healthcare industry. In its report, Halcyon said that Cloudzy — then doing business as Router Hosting — hosted at least 40 command and control servers used by FIN12 during its cyberattacks.

The list of groups facilitated by Cloudzy also includes hacking groups from Iran, Pakistan and Vietnam, along with Tel Aviv-based malware maker Candiru, which sells its phone-snooping spyware to government customers. Candiru was sanctioned by the U.S. government in 2021 for engaging in activities contrary to U.S. national security.

Halcyon says that about half of the total servers hosted by Cloudzy appear to be directly supporting malicious activity.

The cybersecurity firm concluded that although the cloud host is registered in the U.S., Halcyon says it has “high confidence” that the cloud host is a cutout for AbrNOC, a cloud host that operates out of the Iranian capital of Tehran, which could put American customers in conflict with U.S. government sanctions.

Cloudzy, which claims to operate out of New York City, is registered in Wyoming, while a support phone number listed by the company is linked to a different address in Las Vegas. AbrNOC shares the same logo as Cloudzy, albeit in a different color, and also shares the same fictitiously named employees, according to Halcyon researchers. A man named Hannan Nozari is listed as abrNOC’s CEO and identifies himself as the founder of both web hosts companies in his Twitter bio, as well as a “Noob on the Internet.”

Nozari did not respond to messages sent by TechCrunch via LinkedIn and email, and TechCrunch was unable to reach anyone at Cloudzy via the number listed on the company’s website.

Keep reading

Consumer Group Warns Smartphone Facial Recognition Apps Are Vulnerable to Spoofing

Smartphone face biometrics from many leading brands are vulnerable to spoof attacks with 2D photographs, according to a new report from UK-based consumer testing and review group Which?, according to Yahoo Finance UK.

The group says the vulnerability is “unacceptable,” and has “worrying implications” for user’s security.

On-device biometrics are used for device unlocking and local authentication, while KYC processes for customer onboarding and strong remote identity verification is typically carried out with server-side biometrics and other signals, with a layer of liveness or presentation attack detection.

The phones tested include Honor, Motorola, Nokia, Oppo, Samsung, Vivo and Xiaomi handsets. Apple’s 3D FaceID biometrics were not fooled by the photos. The devices tested range in price from £89.99 to nearly £1,000 (approximately US$112 to $1,244), but the majority of phones that failed the test are lower-cost or mid-range models.

Out of 48 new smartphone models tested, 60 percent were not vulnerable to spoofing with a photograph.

Keep reading

FLASHBACK: WikiLeaks Released ‘Vault 7’ Disclosures Showing CIA’s Terrifying Hacking Capabilities Six Years Ago Today

On this day six years ago, the WikiLeaks released its “Vault 7” disclosures showing the hacking capabilities of the CIA.

The disclosures showed that the CIA is capable of hacking smartphones, computer operating systems, automobiles, messenger apps and smart TVs.

The release consisted of 8,761 documents reportedly coming from the CIA’s Center of Cyber Intelligence. It showed how the CIA could hack phones in order to bypass encrypted apps by accessing the information before the user can send the data. They can also tap into the microphone and video recording devices on phones even when they are powered off.

The CIA also developed a hack that puts Samsung Smart TVs in a fake off mode, which deceives an individual into thinking they are not being recorded when they actually are. The CIA can also leave false bread crumbs that will make it look like the hack is done by an adversary, such as Russia or China, if they are caught after the fact.

All of the Vault7 files can be found here.

Keep reading

Journalist Uses AI Voice to Break into Own Bank Account

In a recent experiment, Vice.com writer Joseph Cox used an AI-generated voice to bypass Lloyds Bank security and access his account.

To achieve this, Cox used a free service of ElevenLabs, an AI-voice generation company that supplies voices for newsletters, books and videos.

Cox recorded five minutes of speech and uploaded it to ElevenLabs. After making some adjustments, such as having the AI read a longer body of text for a more natural cadence, the generated audio outmaneuvered Lloyds security.

“I couldn’t believe it had worked,” Cox wrote in his Vice article. “I had used an AI-powered replica of a voice to break into a bank account. After that, I accessed the account information, including balances and a list of recent transactions and transfers.”

Multiple United States and European banks use voice authentication to speed logins over the phone. While some banks claim that voice identification is comparable to a fingerprint, this experiment demonstrates that voice-based biometric security does not offer perfect protection.

ElevenLabs did not comment on the hack despite multiple requests, Cox says. However, in a previous statement, the firm’s co-founder, Mati Staniszewski, said new safeguards reduce misuse and support authorities in identifying those who break the law.

Keep reading

New Zealand spy agency uses ‘computer network exploitation’ to take digital information

One of the country’s two spy agencies has revealed it retrieves information directly from where it is stored or processed on computers.

The “computer network exploitation” operations have been a highly-classified secret at the GCSB until now.

US commentators refer to computer network exploitation as a form of cyber warfare, or the “theft of data”.

“Our legislation … allows us to access information infrastructures, which is more than just interception,” the Director-General of the Government Communications Security Bureau, Andrew Hampton, said.

It “also allows us to retrieve digital information directly from where it is stored or processed”.

The GCSB refers to this as “accessing information infrastructures”.

The spy watchdog, the Inspector-General of Intelligence and Security, Brendan Horsley, cited Hampton’s speech to the Institute of International Affairs in May, for making the revelation.

This had freed Horsley up to be able to assure the public that the exploitation operations were scrutinised, he said in his annual report released on Friday.

Previously, he had had to refer to “certain operations”.

“Although it was subject to oversight, it was not possible to provide any clear public assurance of this.”

In fact, he had conducted a review that found the compliance systems around CNE “to be generally effective and appropriate”.

However, he was still not allowed to go into details “on the bureau’s use of this important capability”.

Keep reading

America’s Drinking Water Is Surprisingly Easy to Poison

On Feb. 16, less than two weeks after a mysterious attacker made headlines around the world by hacking a water treatment plant in Oldsmar, Florida, and nearly generating a mass poisoning, the city’s mayor declared victory.

“This is a success story,” Mayor Eric Seidel told the City Council in Oldsmar, a Tampa suburb of 15,000, after acknowledging “some deficiencies.” As he put it, “our protocols, monitoring protocols, worked. Our staff executed them to perfection. And as the city manager said, there were other backups. … We were breached, there’s no question. And we’ll make sure that doesn’t happen again. But it’s a success story.” Two council members congratulated the mayor, noting his turn at the press conference where the hack was disclosed. “Even on TV, you were fantastic,” said one.

Get Our Top Investigations

Subscribe to the Big Story newsletter.Email address:

“Success” is not the word that cybersecurity experts use to describe the Oldsmar episode. They view the breach as a case study in digital ineptitude, a frightening near-miss and an example of how the managers of water systems continue to downplay or ignore years of increasingly dire warnings.

The experts say the sorts of rudimentary vulnerabilities revealed in the breach — including the lack of an internet firewall and the use of shared passwords and outdated software — are common among America’s 151,000 public water systems.

“Frankly, they got very lucky,” said retired Adm. Mark Montgomery, executive director of the federal Cyberspace Solarium Commission, which Congress established in 2018 to upgrade the nation’s defenses against major cyberattacks. Montgomery likened the Oldsmar outcome to a pilot landing a plane after an engine caught fire during a flight. “They shouldn’t celebrate like Tom Brady winning the Super Bowl,” he said. “They didn’t win a game. They averted a disaster through a lot of good fortune.”

Keep reading

Journalist Can’t Sue Rod Rosenstein for Alleged Illegal Spying on Her Family During Obama Admin Because of Qualified Immunity

Television journalist Sharyl Attkisson and her family sued former deputy attorney general Rod Rosenstein for illegally spying on them in violation of the Fourth Amendment and federal law during the Obama administration. A federal court dismissed the lawsuit earlier this week by finding that Rosenstein is entitled to qualified immunity.

The controversy has taken numerous paths through the legal system since the Attkissons claimed they discovered that the government had hacked into their computers and cellphones in 2014—first filing a lawsuit against former U.S. Attorney General Eric Holder, former U.S. Postmaster General Patrick Donahoe, and numerous “John Doe” agents with the U.S. Department of Justice (DOJ) based on alleged violations of the First and Fourth Amendments.

Keep reading

Controversial COVID-19 Data Scientist’s Home Raided, Guns at Pointed Family, Computers Seized

Earlier this year in May, Rebekah Jones, the data scientist working for Florida, who put together that state’s COVID-19 database, made national headlines when she was fired by the state over a disagreement in reporting the numbers. Jones says she was fired for refusing to manipulate data that showed a higher number of deaths while the state claimed she was fired for insubordination. Fast-forward to this month, and what started as a firing ended with armed agents of the state allegedly pointing guns at an entire family, during a raid on their Florida home.

After she was fired in May, Jones made the following claim:

I was asked by DOH leadership to manually change numbers. This was a week before the reopening plan officially kicked off into phase one. I was asked to do the analysis and present the findings about which counties met the criteria for reopening. The criteria followed more or less the White House panel’s recommendations, but our epidemiology team also contributed to that as well. As soon as I presented the results, they were essentially the opposite of what they had anticipated. The whole day while we’re having this kind of back and forth changing this, not showing that, the plan was being printed and stapled right in front of me. So it was very clear at that point that the science behind the supposedly science-driven plan didn’t matter because the plan was already made.

After she was fired, Jones continued her work reporting the numbers by starting the website Florida COVID Action, which is a dashboard of Florida COVID information, like the one she used to run for the state. Since then, she’s been running this site without much resistance from the state — until now.

Keep reading