Archive for the ‘hacking’ Category

Report: Bezos-hired sleuth suspects sexts stolen by “government entity”

February 8th, 2019
Jeff Bezos.

Enlarge / Jeff Bezos. (credit: Drew Angerer/Getty Images)

Yesterday Jeff Bezos alleged that David Pecker, CEO of the company that publishes the National Enquirer, attempted to blackmail Bezos by threatening to publish nude photos of Bezos. The married Bezos allegedly sent the explicit photos to another woman, broadcaster Lauren Sanchez.

One of the big unanswered questions in the story is how the National Enquirer obtained the photos. One obvious possibility is that someone hacked Bezos' phone—or possibly Sanchez's.

But in an interview on MSNBC, Washington Post reporter Manuel Roig-Franzia pointed to a different possibility. The Post is owned by Bezos, and while Roig-Franzia says he hasn't talked to Bezos directly, he has talked to Gavin De Becker, a legendary security consultant who is working for Bezos. "Gavin De Becker told us that he does not believe that Jeff Bezos' phone was hacked," Roig-Franzia said. "He thinks it's possible that a government entity might have gotten hold of his text messages."

Read 4 remaining paragraphs | Comments

Posted in AMI, blackmail, David Pecker, hacking, Jeff Bezos, national security, Policy | Comments (0)

Fire (and lots of it): Berkeley researcher on the only way to fix cryptocurrency

February 4th, 2019
Marines use flamethrower to spectacular effect in field.

Enlarge (credit: US Marine Corps)

Nicholas Weaver made no bones about it: he really, really dislikes cryptocurrencies.

Speaking at the Enigma security conference in Burlingame, California, last week, the researcher at UC Berkeley's International Computer Science Institute characterized bitcoin and its many follow-on digital currencies as energy-sucking leeches with no redeeming qualities. Their chief, if not only, function, he said, is to fund ransomware campaigns, online drug bazaars, and other criminal enterprises.

Meanwhile, Weaver said, there's no basis for the promises that cryptocurrencies' decentralized structure and blockchain basis will fundamentally transform commerce or economics. That means the sky-high valuations spawned by those false promises are completely unjustified. He also said investors' irrational exuberance just adds to the unviability of cryptocurrency.

Read 18 remaining paragraphs | Comments

Posted in Biz & IT, Blockchain, cryptocurrency, hacking, scams | Comments (0)

Nine defendants charged in SEC hacking scheme that netted $4.1 million

January 15th, 2019
Nine defendants charged in SEC hacking scheme that netted $4.1 million

Enlarge (credit: Brendan Smialowski / Getty Images)

Federal authorities have charged nine defendants with participating in a scheme to hack a Securities and Exchange Commission database to steal confidential information that netted $4.1 million in illegal stock trade profits.

Two of the defendants, federal prosecutors in New Jersey said, breached SEC networks starting in May 2016 by subjecting them to hacks that included directory traversal, phishing attacks, and infecting computers with malware. From there, the defendants allegedly accessed EDGAR (the SEC’s Electronic Data Gathering, Analysis, and Retrieval system) and stole nonpublic earnings reports that publicly traded companies had filed with the commission. The hackers then passed the confidential information to individuals who used it to trade in the narrow window between when the files were stolen and when the companies released the information to the public.

“Defendants’ scheme reaped over $4.1 million in gross ill-gotten gains from trading based on nonpublic EDGAR filings,” SEC officials charged in a civil complaint. It named Ukrainian nationalist Oleksandr Ieremenko as a hacker, along with six individual traders in California, Ukraine, and Russia, and it also named two entities. A criminal complaint filed by federal prosecutors in New Jersey charged Ieremenko and a separate Ukrainian named Artem Radchenko with carrying out the hack.

Read 5 remaining paragraphs | Comments

Posted in Biz & IT, edgar, hacking, SEC, Securities and Exchange Commission | Comments (0)

Pwn2Own contest will pay $900,000 for hacks that exploit this Tesla

January 15th, 2019
Image of a blue sedan against a white background.

Enlarge (credit: Tesla)

Pwn2Own has been the foremost hacking contest for more than a decade, with cash prizes paid for exploits that compromise the security of all manner of devices and software. Browsers, virtual machines, computers, and phones have all been fair game. Now in its 13th year, the competition is adding a new category—a Tesla Model 3, with more than $900,000 worth of prizes available for attacks that subvert a variety of its onboard systems.

The biggest prize will be $250,000 for hacks that execute code on the car’s gateway, autopilot, or VCSEC. A gateway is the central hub that interconnects the car’s powertrain, chassis, and other components and processes the data they send. The autopilot is a driver assistant feature that helps control lane changing, parking, and other driving functions. Short for Vehicle Controller Secondary, VCSEC is responsible for security functions, including the alarm.

These three systems represent the most critical parts of a Tesla, so it’s not hard to see why hacks that target them are eligible for such huge payouts. To qualify, the exploits must force the gateway, autopilot, or VCSEC to communicate with a rogue base station or other malicious entity. Meanwhile, a denial-of-service attack that takes out the car’s autopilot will pay $50,000.

Read 7 remaining paragraphs | Comments

Posted in Biz & IT, cars, hacking, PWN2OWN, Tesla | Comments (0)

Thousands of sensitive emails stolen in intrusion of Republican campaign arm

December 4th, 2018
Thousands of sensitive emails stolen in intrusion of Republican campaign arm

Enlarge (credit: Getty Images | Chris Clor)

An email intrusion targeting a key Republican campaign committee allowed unknown people to steal thousands of sensitive emails from four senior aides, Politico reported Tuesday.

The attack on the National Republican Congressional Committee, the main group that works to elect Republicans to the US House of Representatives, allowed the person or group responsible to monitor the aides’ email accounts for several months, Politico said. The intrusion was detected in April by a managed security services provider the NRCC had retained to monitor the security of its network.

The unnamed provider informed NRCC officials, who in turn alerted security firm Crowdstrike. Crowdstrike, which was called in to investigate the Russian government’s 2016 hack of the Democratic National Committee, had already been retained by the NRCC when the intrusion was discovered in April, Politico said.

Read 5 remaining paragraphs | Comments

Posted in email, hacking, National Republican Congressional Committee, Policy, republicans, unauthorized access | Comments (0)

Feds: Chinese spies orchestrated massive hack that stole aviation secrets

October 31st, 2018
An alleged hacking conspiracy targeted designs for a turbofan engine similar to this one.

An alleged hacking conspiracy targeted designs for a turbofan engine similar to this one. (credit: Ashley Dace)

Federal prosecutors on Tuesday unsealed charges that accused two Chinese government intelligence officers and eight alleged co-conspirators of conducting sustained computer intrusions into 13 companies in an attempt to steal designs for a turbofan engine used in commercial jetliners.

A 21-page indictment filed in US District Court in the Southern District of California said the Jiangsu Province Ministry of State Security, an arm of the People’s Republic of China’s Ministry of State Security, directed the five-year campaign. According to the indictment, between January 2010 to May 2015, the team allegedly used a wide range of methods to break into the computer networks of companies involved in aerospace and turbine manufacturing and Internet and technology services. Their primary goal was stealing data that would allow a Chinese government-owned company to design its own jetliner. With the exception of Capstone Turbines, a Los Angeles-based gas turbine maker, other targeted companies weren’t identified by name and were referred to only as companies A through L.

"Members of the conspiracy targeted, among other things, data and information related to a turbofan engine used in commercial jetliners,” prosecutors wrote in the superseding indictment. “At the time of the intrusions, a Chinese state-owned aerospace company was working to develop a comparable engine for use in commercial aircraft manufactured in China and elsewhere.” The indictment continued:

Read 6 remaining paragraphs | Comments

Posted in espionage, hacking, malware, Policy, Spear Phishing, watering holes | Comments (0)

Grand Theft Auto V hack exposed single-player games to malicious trolls

October 22nd, 2018
Hackers could briefly create a scene like this at will even in targets' single-player games of <em>Grand Theft Auto V</em>.

Hackers could briefly create a scene like this at will even in targets' single-player games of Grand Theft Auto V.

Over the years, we've written a lot about the apparently easy-to-hack Grand Theft Auto Online and Rockstar's many, many, many attempts to prevent cheaters from ruining the online experience for legitimate players. Last week, though, players reported that trolls were briefly able to mess with the single-player portion of Grand Theft Auto V through an exploit targeting players' Rockstar Social Club accounts.

You can see an example of the single-player hacking in action in this Twitch clip, where a troll follows user SnowieLive after kicking him from an online session and continually kills his avatar in the single-player mode. "You're not safe in single player," the hacker says in a somewhat on-the-nose message in the clip. Similar clips from GTA speedrunner FriendlyBaron show hackers loading jets into his path and simply killing his character in mid-drive during a run.

Players that track the state of cheating tools in the Grand Theft Auto universe noted last week that one popular "mod menu" was advertising the newfound ability to discover an online player's Rockstar ID, a hidden string of numbers associated with their Rockstar Social Club account. With that number, hackers using that tool could take control of an online user's single-player games, with new abilities including "Rockstar admin kick, Network kick, Ragdoll, Fake money correction, Kill, Spawn vehicle, and send crew message."

Read 2 remaining paragraphs | Comments

Posted in Gaming & Culture, grand theft auto v, gta v, hacking, rockstar | Comments (0)

Fortnite, GTA V hackers face legal action for online cheating

October 17th, 2018
Fortnite, GTA V hackers face legal action for online cheating

Enlarge

It's pretty standard for game developers to use a variety of technical and community management methods to try to stop cheaters from ruining the online experience for legitimate players. But some game makers are increasingly using the courts to try to stop the spread of mods that give players an unfair advantage, as highlighted by a pair of stories this week.

The first such story comes from Rockstar and Take-Two, which have convinced an Australian court to freeze the assets of five people believed to be behind Grand Theft Auto V cheating software known as "Infamous." The full court order, as reported by TorrentFreak, also allows authorities to search the homes and computers of Christopher Anderson, Cycus Lesser, Sfinktah, Koroush Anderson, and Koroush Jeddian. Authorities are looking for evidence of the creation or distribution of "any software that provides a player of Grand Theft Auto V access to unauthorized features..."

The Infamous "mod menu" gives users pretty much full control over the world of Grand Theft Auto universe, online or off, granting abilities that include teleportation, flying, and full environmental manipulation. Perhaps most distressingly for Rockstar and Take-Two, the mod also let players generate arbitrary amounts of virtual currency for themselves or other players online, which could have a direct effect on the game's microtransaction-driven bottom line.

Read 9 remaining paragraphs | Comments

Posted in cheating, courts, Gaming & Culture, hackers, hacking, lawsuit, warrant | Comments (0)