Archive for the ‘hacking’ Category

Hacker site’s incriminating database published online by rival group

August 13th, 2019
Hacker site’s incriminating database published online by rival group

Enlarge (credit: DeviantArt100ManoWar / MAD Magazine)

Hackers from Raidforums recently breached the site of rival hacking forum Cracked.to and spilled data for more than 321,000 of its members. The hackers did so while some of their victims were discussing cracking Fortnite accounts, selling software exploits, and engaging in other potentially illegal activities.

In all, the dump posted on Friday to Raidforums.com exposed 749,161 unique email addresses, breach-notification service HaveIBeenPwned reported. The published data also included users' IP addresses, usernames, private messages, and passwords stored as bcrypt hashes. The database was generated by website forum application myBB. Cracked.to describes itself as a forum that provides "cracking tutorials, tools, combolists, marketplace and many more stuff!" Raidforums, meanwhile, offers forums on many of the same topics.

Ars reviewed a 2.11 gigabyte file published by Raidforums and found it contained nearly 397,000 private messages, many that aired the kinds of details most hackers strenuously avoid disclosing. The details included the usernames, email addresses, and IP addresses of people looking to buy, sell, or support software or services for cracking accounts for popular video game Fortnite.

Read 9 remaining paragraphs | Comments

Posted in Biz & IT, breaches, cracked.to, databases, hacking, raidforums.com | Comments (0)

Microsoft warns 10,000 customers they’re targeted by nation-sponsored hackers

July 18th, 2019
Glass and steel skyscraper with flags of multiple nations in front of it.

Enlarge / United Nations HQ in New York. (credit: Javier Carbajal)

Microsoft said on Wednesday that it has notified almost 10,000 customers in the past year that they’re being targeted by nation-sponsored hackers.

According to a post from Microsoft Corporate Vice President of Customer Security & Trust Tom Burt, about 84% of the attacks targeted customers that were large, “enterprise” organizations such as corporations. The remaining 16% of attacks targeted consumer email accounts. Burt said some of the 10,000 customers were successfully compromised while others were only targeted, but he didn’t provide figures.

“This data demonstrates the significant extent to which nation-states continue to rely on cyberattacks as a tool to gain intelligence, influence geopolitics, or achieve other objectives,” Burt wrote. Microsoft presented the figures Wednesday at the Aspen Security Forum.

Read 5 remaining paragraphs | Comments

Posted in Biz & IT, elections, hacking, microsoft, nations, Policy | Comments (0)

Penetration testing takes on new meaning when cyber meets Harlequin

July 5th, 2019
You had me at "cyber."

Enlarge / You had me at "cyber."

This week, my wife and favorite librarian Paula brought home a new acquisition specially for me: An Innocent to Tame the Italian, a recent book from the Harlequin Presents imprint. Author Tara Pammi's previous books—which include Sicilian's Bride for a Price and Sheikh's Baby of Revenge—share a somewhat politically incorrect leitmotif of foreign sexual intrigue. If you're wondering: no, romance novels are generally not my speed.

But the back-of-the-book tease for this work declared otherwise:

For brooding tech billionaire Massimo Brunetti, a cyberattack on his company is unacceptable. After tracking down the savvy Manhattan hacker, he's stunned to find gorgeous genius Natalie Crosetto. Yet naive Nat isn't the saboteur. To uncover who she's protecting, Massimo returns to Italy—with Nat playing his fake fiancée! But this untamable Italian might have met his match in innocent Nat, who challenges him... and tempts him beyond reason!

"You had me at cyber," I told Paula.

Read 8 remaining paragraphs | Comments

Posted in Biz & IT, Gaming & Culture, hacking, Harlequin, Penetration Testing, romance | Comments (0)

Nation-sponsored hackers likely carried out hostile takeover of rival groups’s servers

June 20th, 2019
Nation-sponsored hackers likely carried out hostile takeover of rival groups’s servers

Enlarge

If nation-sponsored hacking was baseball, the Russian-speaking group called Turla would not just be a Major League team—it would be a perennial playoff contender. Researchers from multiple security firms largely agree that Turla was behind breaches of US Department at Defense in 2008, and more recently the German Foreign Office and France’s military.  The group has also been known for unleashing stealthy Linux malware and using satellite-based Internet links to maintain the stealth of its operations.

Now, researchers with security firm Symantec have uncovered evidence of Turla doing something that would be a first for any nation-sponsored hacking group. Turla, Symantec believes, conducted a hostile takeover of an attack platform belonging to a competing hacking group called OilRig, which researchers at FireEye and other firms have linked to the Iranian government. Symantec suspects Turla then used the hijacked network to attack a Middle Eastern government OilRig had already penetrated. Not only would the breach of OilRig be an unprecedented hacking coup, it would also promise to make the already formidable job of attribution—the term researchers use for using forensic evidence found in malware and servers to pin a hack on a specific group or nation—considerably harder.

A murkier world

“The fact that we’ve seen one advanced group taking over the infrastructure of anther nation-backed group changes a lot of policy discussions that are going on because it complicates attribution,” Jonathan Wrolstad, principal cyber intelligence analyst in Symantec’s Managed Adversary and Threat Intelligence group, told Ars. “This does make us live in the world now that’s a bit murkier.”

Read 18 remaining paragraphs | Comments

Posted in apt34, Biz & IT, crambus, espionage, hacking, OilRig, Turla, waterbug | Comments (0)

Hackers behind dangerous oil and gas intrusions are probing US power grids

June 15th, 2019
Power Lines in Page, Arizona

Enlarge / Power Lines in Page, Arizona (credit: IIP Photo Archive)

In a new troubling escalation, hackers behind at least two potentially fatal intrusions on industrial facilities have expanded their activities to probing dozens of power grids in the US and elsewhere, researchers with security firm Dragos reported Friday.

The group, now dubbed Xenotime by Dragos, quickly gained international attention in 2017 when researchers from Dragos and the Mandiant division of security firm FireEye independently reported Xenotime had recently triggered a dangerous operational outage at a critical-infrastructure site in the Middle East. Researchers from Dragos have labeled the group the world's most dangerous cyber threat ever since.

The most alarming thing about this attack was its use of never-before-seen malware that targeted the facility’s safety processes. Such safety instrumented systems are a combination of hardware and software that many critical infrastructure sites use to prevent unsafe conditions from arising. When gas fuel pressures or reactor temperatures rise to potentially unsafe thresholds, for instance, an SIS will automatically close valves or initiate cooling processes to prevent health- or life-threatening accidents.

Read 10 remaining paragraphs | Comments

Posted in Biz & IT, electric utilities, hacking, Industrial Control Systems, triconex, xenotime | Comments (0)

Hack on Stack Overflow exposes private data for ~250 users

May 17th, 2019
Image of ones and zeros with the word

(credit: Pixabay)

Stack Overflow said hackers obtained private data for about 250 users after breaching the site and spending the next week escalating their access.

“While our overall user database was not compromised, we have identified privileged Web requests that the attacker made that could have returned IP address, names, or emails for a very small number of Stack Exchange users,” Mary Ferguson, Stack Overflow VP of Engineering, wrote in a blog post published Friday. “Our team is currently reviewing these logs and will be providing appropriate notifications to any users who are impacted.”

In an update, Ferguson said investigators now estimate the number at 250 public network users. Officials for the developer community site will notify those affected. The company first disclosed the breach on Thursday in a four-sentence post that said “some level of production access was gained on May 11."

Read 4 remaining paragraphs | Comments

Posted in Biz & IT, breach, hacking, stack overflow | Comments (0)

28 years later, hacker fixes rampant slowdown on SNES‘ Gradius III

May 10th, 2019

Behold, slowdown destroyed!

Many gamers of a certain age (this author included) remember the early '90s disappointment of buying the SNES version of hit arcade shmup Gradius III. In magazine screenshots, the game's huge, colorful sprites were a sight to behold, comparable to the 1989 arcade original. In action, though, any scene with more than a handful of enemies would slow to a nearly unplayable crawl on the underpowered SNES hardware.

Now, Brazilian ROM hacker Vitor Vilela has righted this nearly three-decade-old wrong with a ROM patch that creates a new, slowdown-free version of the game for play on SNES emulators and standard hardware.

The key to Vilela's efforts is the SA-1 chip, an enhancement co-processor that was found in some late-era SNES cartridges like Super Mario RPG and Kirby Super Star. Besides sporting a faster clock speed than the standard SNES CPU (up to 10.74 Mhz versus 3.58 Mhz for the CPU), SA-1 also opens up faster mathematical functions, improved graphics manipulation, and parallel processing capabilities for SNES programmers.

Read 7 remaining paragraphs | Comments

Posted in enhancement, Gaming & Culture, gradius 3, hacking, SA-1, slowdown, SNES, speed, super nes | Comments (0)

Feds charge Chinese national in 2015 breach of health insurer Anthem

May 9th, 2019
Screenshot from a page titled

Enlarge (credit: FBI.gov)

Federal prosecutors have indicted a Chinese national they say carried out sophisticated network intrusions on four US companies, including one on health insurer Anthem that stole personal information belonging to close to 80 million people.

Fujie Wang—a 32-year-old resident of Shenzhen, China, who sometimes used the first name Dennis—was part of a hacking group that gained entry to Anthem and three other unnamed companies, according to an indictment unsealed on Thursday. Along with other members of the group, he carried out the hacks using spear-phishing emails that lured employees of the companies to malicious websites. The websites, in turn, installed backdoors on the employees’ computers. The defendants allegedly used the compromised computers to penetrate the networks.

In some cases, the indictment alleged, the hackers would wait months before identifying and harvesting sensitive data stored on the networks, presumably to prevent calling attention to the breaches. The series of intrusions spanned from February 2014 to January 2015. Two of the three unnamed US companies were in the technology and basic materials industries. The third provided communications services.

Read 6 remaining paragraphs | Comments

Posted in Anthem, Biz & IT, black vine, breaches, hacking | Comments (0)

A mysterious hacker gang is on a supply-chain hacking spree

May 4th, 2019
Stylized photo of desktop computer.

Enlarge (credit: Lino Mirgeler/picture alliance via Getty Images)

A software supply-chain attack represents one of the most insidious forms of hacking. By breaking into a developer's network and hiding malicious code within apps and software updates that users trust, supply-chain hijackers can smuggle their malware onto hundreds of thousands—or millions—of computers in a single operation, without the slightest sign of foul play. Now what appears to be a single group of hackers has managed that trick repeatedly, going on a devastating supply-chain hacking spree—and the hackers have become more advanced and stealthy as they go.

Over the past three years, supply-chain attacks that exploited the software distribution channels of at least six different companies have now all been tied to a single group of likely Chinese-speaking hackers. The group is known as Barium, or sometimes ShadowHammer, ShadowPad, or Wicked Panda, depending on which security firm you ask. More than perhaps any other known hacker team, Barium appears to use supply-chain attacks as its core tool. Its attacks all follow a similar pattern: seed out infections to a massive collection of victims, then sort through them to find espionage targets.

Read 18 remaining paragraphs | Comments

Posted in Biz & IT, china, hacking | Comments (0)

A mystery agent is doxing Iran’s hackers and dumping their code

April 21st, 2019
Stylized photo of desktop computer.

Enlarge (credit: Lino Mirgeler/picture alliance via Getty Images)

Nearly three years after the mysterious group called the Shadow Brokers began disemboweling the NSA's hackers and leaking their hacking tools onto the open Web, Iran's hackers are getting their own taste of that unnerving experience. For the last month, a mystery person or group has been targeting a top Iranian hacker team, dumping its secret data, tools, and even identities onto a public Telegram channel—and the leak shows no signs of stopping.

Since March 25, a Telegram channel called Read My Lips or Lab Dookhtegan—which translates from Farsi as "sewn lips"—has been systematically spilling the secrets of a hacker group known as APT34 or OilRig, which researchers have long believed to be working in service of the Iranian government. So far, the leaker or leakers have published a collection of the hackers' tools, evidence of their intrusion points for 66 victim organizations across the world, the IP addresses of servers used by Iranian intelligence, and even the identities and photographs of alleged hackers working with the OilRig group.

"We are exposing here the cyber tools (APT34 / OILRIG) that the ruthless Iranian Ministry of Intelligence has been using against Iran's neighboring countries, including names of the cruel managers, and information about the activities and the goals of these cyber-attacks," read the original message posted to Telegram by the hackers in late March. "We hope that other Iranian citizens will act for exposing this regime's real ugly face!"

Read 10 remaining paragraphs | Comments

Posted in Biz & IT, hacking, Iran | Comments (0)