hackers
Latest
SEC brings charges in connection with hack of its financial system
The United States Securities and Exchange Commission announced today that it is bringing charges against a Ukranian hacker for breaking into the agency's corporate filing system to access nonpublic information. The SEC is also charging a number of individual traders and entities who used that information to generate more than $4.1 million on illegal trades. The Attorney's Office for the District of New Jersey announced it will be bringing related criminal charges.
Hackers defeat vein authentication by making a fake hand
Biometric security has moved beyond just fingerprints and face recognition to vein-based authentication. Unfortunately, hackers have already figured out a way to crack that, too. According to Motherboard, security researchers at the Chaos Communication Congress hacking conference in Leipzig, Germany showed a model wax hand that they used to defeat a vein authentication system using a wax model hand.
Hackers hit The Wall Street Journal in support of PewDiePie
Hackers targeted The Wall Street Journal earlier today, posting a fake apology in support of PewDiePie. In a sponsored post, the hackers published a note that said the publication wanted to apologize to the YouTuber and "due to misrepresentation" by its journalists The Wall Street Journal would be sponsoring PewDiePie. The Wall Street Journal took down the page and a spokesperson told The Verge that the company would be investigating the incident. "The page was owned by WSJ. Custom Solutions, a unit of the advertising arm, which is not affiliated with The Wall Street Journal newsroom," said the representative.
Chinese hackers reportedly hit Navy contractors with multiple attacks
Chinese hackers have been targeting US Navy contractors, and were reportedly successful on several occasions over the last 18 months. The infiltrators stole information including missile plans and ship maintenance data, according to a Wall Street Journal report that cites officials and security experts.
Thousands of House GOP campaign committee emails were stolen in hack
The Republican Party's House campaign committee said it was a victim of "cyber intrusion" during the 2018 midterm campaign. Party officials told Politico that "thousands of sensitive emails" were stolen in the National Republican Congressional Committee hack. The party has reported the incident to the FBI.
Hackers targeted Dell customer information in attempted attack
Earlier this month, hackers attempted to breach Dell's network and obtain customer information, according to the company. While it says there's no conclusive evidence the hackers were successful in their November 9th attack, it's still possible they obtained some data.
Police arrest alleged Russian hacker behind huge Android ad scam
Police in Bulgaria have arrested an alleged Russian hacker who may be responsible for a huge Android ad scam that netted $10 million. The individual identified as Alexander Zhukov is a Saint Petersburg native who's been living in Varna, Bulgaria, since 2010 and was apprehended on November 6th after the US issued an international warrant for his arrest, according to ZDNet.
iPhone X bug lets hackers snag deleted photos
Whether it's because they're unflattering, inappropriate or just plain terrible, we've all deleted photos for one reason or another. But the drunken 3AM selfies that you thought you scrubbed from your phone might not be totally gone, and two researchers have found a vulnerability in iPhone X that could let hackers access supposedly-deleted photos and files.
US government accuses Chinese hackers of stealing jet engine IP
The Justice Department has charged ten Chinese nationals -- two of which are intelligence officers -- of hacking into and stealing intellectual property from a pair of unnamed US and French companies between January 2015 to at least May of 2015. The hackers were after a type of turbofan (portmanteau of turbine and fan), a large commercial airline engine, to either circumvent its own development costs or avoid having to buy it. According to the complaint by the Department of Justice, a Chinese aerospace manufacturer was simultaneously working on making a comparable engine. The hack afflicted unnamed aerospace companies located in Arizona, Massachusetts and Oregon.
With Khashoggi, tech confronts its blood money
In 2015 we laughed at Hacking Team for getting hacked. Their profit-driven facilitation of human rights abuses around the world was somehow barely competent, but notorious. They sold illegal hackware and surveillance tech to brutal regimes and trained them in attacking citizens and journalists. We knew they were evil clowns. We just didn't expect what happened next.
Americans fear they can’t identify social media bots
A new poll from the Pew Research Center, a nonpartisan fact tank that studies trends, found that many Americans fear they cannot discern a bot from an actual person on social media. This study did not tackle the percentage of people who have been fooled by bots, but more simply, what general knowledge and awareness Americans have. About half -- 47 percent -- of the people who've heard of bots feel confident or somewhat confident that they can recognize one on social media. Only seven percent felt they were very confident. This is contrast with another study done by Pew in December of 2016 that found 84 percent of Americans felt they could readily recognize fake news. According to the study, about 66 percent of Americans have heard of social media bots-- to at least some extent -- and are aware of their existence. Another 34 percent had never heard of bots at all. The margin of error for the 4,581-person sample was 2.4 percentage points.
Facebook says recent data breach wasn't 'related to the midterms'
Even though the number of users affected by Facebook's most recent hack was lowered to 29 million, from 50 million, it's still safe to say the attack was worse than originally thought. That's because we now know that the breach, which Facebook revealed a couple of weeks ago, exposed very detailed information of 14 million of those users, including their username, birthdate, gender, location, relationship status, religion, hometown, self-reported current city, education, work, the devices they used to access Facebook and the last 10 places they checked into (or were tagged in) on the site. The attackers, whose identities Facebook won't reveal because of an ongoing FBI investigation, were also able to view which people/Pages were followed by these 14 million users, as well as their 15 most recent searches on Facebook.
Mirai botnet hackers will serve their time working for the FBI
In December, three individuals behind the Mirai botnet pleaded guilty to federal charges that carried sentences of up to five years in prison and $250,000 in fines. But at a hearing held Tuesday, the three men -- Paras Jha, Josiah White and Dalton Norman -- were sentenced instead to five years of probation and 2,500 hours of community service. The catch though is that the community service has to include work with FBI.
FBI warns banks about ATM cash-out scheme
The FBI is warning banks about a fraud scheme called an ATM cash-out, Krebs on Security reports. With this type of heist, attackers typically compromise a bank or payment card processor with malware, disable fraud controls and withdraw large sums of money -- sometimes millions of dollars -- with cloned bank cards. The FBI reportedly sent an alert to banks last week. "The FBI has obtained unspecified reporting indicating cyber criminals are planning to conduct a global Automated Teller Machine (ATM) cash-out scheme in the coming days, likely associated with an unknown card issuer breach and commonly referred to as an 'unlimited operation'," said the notice.
Anonymous deals with its QAnon branding problem
When you're a notorious hacking entity like Anonymous, and a pro-Trump conspiracy cult (QAnon) steals your branding (while claiming you're the impostor), the obvious thing to do is declare cyberwar. That's exactly what Anonymous did this past week in a press announcement, followed by a social media and press offensive. So far Anonymous has managed to take over QAnon's hashtags (while adding #OpQAnon and others) and dox a couple hundred members of Trump's pedophilia-obsessed, "deep state" doomsday cult. QAnon's mouthpieces responded exactly as we'd expect, with taunts and tweets saying: "These people are STUPID!! They have no brains and no skills. Typical 'empty threat' terrorists! But DO NOT click their links!! Virus city baby!!"
When your Uber driver is a spy
Like other migrating beasts, hackers travel huge distances for feeding, breeding, and breaking things every summer -- at Defcon in Las Vegas. The way they move about the city is driven primarily by the availability of free booze at corporate parties or the convenience of air-conditioned infosec habitats; the heat makes them torpid. As such, everyone takes taxis, Ubers, and Lyfts everywhere, day and night.
Russian hackers are inside US utility networks
Russian hackers infiltrated the control rooms of US utility companies last year, reaching a point where they "could have thrown switches," The Wall Street Journal reports. The paper cites officials from the Department of Homeland Security (DHS) confirming that the hackers -- from a state-sponsored group previously known as Dragonfly or Energetic Bear -- gained access to allegedly secure networks, where they could have caused blackouts.
The bogus expert and social media chicanery of DC’s top cyber think tank
Like viruses, cybersecurity charlatans are incidental guests in the body of infosec. These men sell false expertise, conspiracy theories, and invisible security potions and they are as unintentionally hilarious as they are alarming. Case in point: BuzzFeed's exposé of James Scott, cofounder of Washington DC's big cybersecurity think tank, ICIT (Institute for Critical Infrastructure Technology).
Russia denies planning botnet cyberattack on Ukraine
Russia has denied planning a major cyberattack that would disrupt soccer's Champions League final this weekend. Ukraine's SBU security service said on Wednesday that malware infecting hundreds of thousands of routers was the work of Russian hackers preparing for an assault on the country. The attackers were accused of targeting Saturday's match in Kiev. According to Reuters, the Kremlin has strongly denied these accusations.
Ukraine claims it’s the target of a massive Russian cyberattack
Cisco says hackers have infected more than 500,000 routers and other devices with malware to prepare for a cyberattack, and Ukraine could be the target. The country's SBU security service claims the malware is evidence Russia is preparing for a major attack "aimed at destabilising the situation" during the Champions League soccer final in Kiev Saturday, Reuters reported. Ukraine's annual Constitution Day celebrations may also be a target, according to the AP.
