Information Security – Data Breach

Alleged Yahoo hacker pleads not guilty to helping Russian agents conduct massive 2014 data breach

by

Alleged Yahoo hacker pleads not guilty to helping Russian agents conduct massive 2014 data breach.
Canadian Karim Baratov has pleaded not guilty to all charges in a US court that he helped Russian agents conduct the massive 2014 cyberattack on Yahoo that saw the data theft of more than 500 million Yahoo user accounts.
Belan also managed to gain illegal access to Yahoo’s Account Management Tool, which is a “proprietary means by which Yahoo made and logged changes to user accounts.”
Belan, Dokuchaev and Sushchin then used the stolen data to “locate Yahoo email accounts of interest and to mint cookies for those accounts, enabling the co-conspirators to access at least 6,500 such accounts without authorization.”
The others are among the FBI’s most-wanted cyber criminals.
Baratov has been charged with conspiring to commit computer fraud and abuse, conspiring to commit access device fraud, conspiring to commit wire fraud and aggravated identity theft.
If convicted, the alleged hacker-for-hire faces up to 20 years in prison.
After waiving his right to an extradition hearing last Friday, he was extradited from Canada on Tuesday and entered his plea during a brief appearance at a US Federal Court in the Northern District of California, his lawyer Andrew Mancilla said. “Silicon Valley’s computer infrastructure provides the means by which people around the world communicate with each other in their business and personal lives,” US Attorney Brian Stretch said in March. “The privacy and security of those communications must be governed by the rule of law, not by the whim of criminal hackers and those who employ them.

DMARC anti-phishing standard adoption is lagging even in big firms

by

We could cut down on e-mail spoofing, but we don’t Big-name companies are still leaving themselves and their customers open to phishing because they haven’t implemented the DMARC message validation standard.
In this year’s DMARC adoption report [PDF], phishing prevention specialist Agari reckons two-thirds of the Fortune 500 are yet to implement Domain-based Message Authentication, Reporting and Conformance (DMARC) yet.
Specified in RFC 7489 to combine Sender Policy Framework and DomainKeys Identified Mail techniques, DMARC’s aim is to defeat e-mail spoofing.
It was originally put forward by Google, Microsoft, AOL, Facebook, Yahoo!, PayPal and others.
The FTSE 100 had the same non-adoption rate of 67 per cent, while Australian companies care even less, with 73 per cent having no DMARC policy record.
Even among those who are aware of DMARC, hardly any are using it for anything more than monitoring (25 percent of the Fortune 500, 26 per cent of the FTSE 100, and 23 per cent of the ASX 100).
“Quarantine” or “reject” only appeared in eight per cent of Fortune 500 companies, 7 percent of FTSE 100 companies, and four per cent of ASX 100 companies.
To help things along, back in 2012 Agari made its Receiver Program free to try and encourage adoption.
The IT industry and telcos in particular can hang their heads in shame: apart from 21 per cent of US tech companies using DMARC, and a mere one per cent of US telcos, adoption is zero elsewhere (people, even Twitter thinks it’s a good idea).
Organisations must Quarantine, Reject and maintain strong email governance to reap the benefits of DMARC”, the report concludes.

Hackers Are Coming for Your Cell-Phone Number

by

Hackers Are Coming for Your Cell-Phone Number.
Yesterday If you suddenly lose control of a host of Web services at once, there could be a simple root cause: hackers have taken control of your phone number.
The New York Times reports that hackers have been increasingly able to convince carriers to transfer customer phone numbers to devices in their control.
That allows them to reset passwords for sites secured using two-factor authentication, a feature that is now used widely by sites like Twitter and Facebook.
You might be particularly concerned if you’re an early adopter of cryptocurrencies, as attackers appear to be focusing attentions on commandeering logins for currency lockers and then draining them.
The Times points to the particularly troubling experience of Joby Weeks, a Bitcoin entrepreneur who lost “about a million dollars’ worth of virtual currency” last year via this kind of scam, even though he had alerted his cell carrier that he might have been targeted.
Earlier this month, Wired published an interesting piece highlighting the newfound status of the phone number as “the only username that matters.” From the article: WhatsApp was among the first apps to equate your account with your phone number.
Now apps like Snapchat, Twitter, and Facebook Messenger do it too.
Starting this fall, setting up your iPhone will be as easy as punching in your number.
The supposedly super-secure way of logging into apps involves texting you a secret code to verify your identity.

Android malware can steal data from more than 2,000 apps

by

Android malware can steal data from more than 2,000 apps.
Faketoken – a type of Android malware that was first identified a year ago – can steal private user data from more than 2,000 apps.
The malicious software can also read and record victims’ text messages and phone calls.
Faketoken is especially dangerous because it’s virtually undetectable after it’s been downloaded.
The Trojan can create fake overlays that grab information from apps like the Google Play Store, Android Pay and apps used to book flights, taxis and hotel rooms.
Once a victim launches an application, Faketoken covers the interface with a fraudulent overlay that records anything the user types. “All of the apps attacked by this malware sample have support for linking bank cards in order to make payments,” cybersecurity firm Kaspersky Lab said. “However, the terms of some apps make it mandatory to link a bank card in order to use the service.
As millions of Android users have these applications installed, the damage caused by Faketoken can be significant.”
Last year, SophosLabs processed more than 8.5 million suspicious Android applications, and more than 50 percent were a form of malicious software or adware.

Unable to get a domain, racist Daily Stormer retreats to the Dark Web

by

Ever since Charlottesville, the neo-Nazi site Daily Stormer has been struggling to stay on the Internet.
The last registrar the Daily Stormer tried was Namecheap, and its CEO, Richard Kirkendall, explained his decision to refuse service to the Daily Stormer in a recent blog post.
While I feel I made the right decision, I also thought about what this meant for us as a business,” Kirkendall wrote. “Could I have made any other decision here?
Now the Daily Stormer’s CTO, notorious Internet troll Andrew “weev” Auernheimer, is acknowledging that the site might have run out of options for getting a conventional domain name.
Auernheimer has concluded that’s not likely to happen.
So the Daily Stormer has retreated to the Dark Web, operating as a Tor hidden service.
A Tor hidden service uses the Tor network to camouflage the location of a Web server, making it practically impossible for anyone to figure out where the server is physically located.
Because no one will be able to identify who is providing the Daily Stormer with its hosting service, activists won’t be able to organize a boycott to get the service shut down.
Accessing a Tor hidden service isn’t difficult, but it’s significantly more work than going to a conventional website.

Barcelona Twitter account hacked as club ‘announce’ signing of Angel Di Maria

by

Barcelona Twitter account hacked as club ‘announce’ signing of Angel Di Maria.
Getty Images FC Barcelona’s Twitter was hacked in the early hours of Wednesday morning, with the club “announcing” the signing of Angel Di Maria from Paris Saint-Germain.
It had been a trying 24 hours for the Blaugrana, as on Tuesday the club announced they were suing Neymar after alleging the Brazilian failed to fulfill his agreement with the team.
And things only got worse later as the club’s official Twitter account sent out a tweet saying, “Welcome Angel Di Maria to FC Barcelona!”
Over the course of the next hour, the tweets would disappear and reappear on Barcelona’s timeline, as a back-and-forth battle between the hackers and the club ensued.
Later, the club tweeted: “Our accounts have been hacked tonight.
We’re working to solve the problem as soon as possible. “Thanks for your patience.”
Credit for the hack was claimed by OurMine, a Saudi Arabian group who have also hacked the Facebook account of CNN, and Twitter accounts of Netflix, Marvel and Facebook CEO Mark Zuckerberg among many others.

Hackers can take control of smashed Android phones using replacement screens

by

Hackers can take control of smashed Android phones using replacement screens.
Researchers at the University of the Negev have shown that replacement screens for Android smartphones can be manipulated to steal personal information and take control of a repaired device.
The attack, which is almost undetectable, can be used to “severely compromise” a victims’ smartphone, the researchers said.
It works through a malicious chip that is embedded within the replacement display.
They were able to record what was typed on the affected devices, such as passwords, download apps onto it, and send users to malicious websites.
The researchers could order the compromised device to take a photo of the user and forward it to hackers in an email.
With a small amount of additional work they were also able to use the manipulated screen to access the operating system of the affected devices.
They said the hack could work on an iPhone as well, but did not demonstrate this.
The researchers urged smartphone manufacturers to create a physical defence system that would prevent such a hack from being possible.
Australia’s consumer watchdog sued Apple earlier this year over claims it purposefully stopped devices working after cracked screens were replaced by third parties.

PlayStation social media accounts briefly hacked

PlayStation social media accounts briefly hacked

by

PlayStation social media accounts briefly hacked.
Sony became the latest entertainment company to suffer at the fingertips of hackers after their PlayStation social media channels were temporarily hacked on Sunday evening.
A group called OurMine claimed credit for the compromise that targeted the company’s Facebook and Twitter accounts.
Sony quickly regained control of the accounts but not before the hackers had posted a series of messages on the social media accounts.
OurMine is a well-known Saudi Arabian security hacker group that have previously hacked other celebrity accounts.
However, they claim to be an ethical hacking group and are only interested in helping the groups that they hack with claims that they only want to “show you all available vulnerabilities, and fix them all!” The hacking group have labelled themselves as an “elite hacker group known for many hacks showing vulnerabilities in major systems,” on their website, along with a list of services/promises that they promote.
A hack on PlayStation is nothing new having previously suffered at the hands of hackers in 2011 when the PlayStation Network was attacked leaving millions of PS3 users unable to access the network for 23 days.
Xbox, the gaming industry’s other leader, has also suffered from the unwanted intrusion of hackers back in 2014 when its Xbox Support account was taken over for 45 minutes by the Syrian Electronic Army.
While the intentions behind the hack seem to be very much based on the promotion of the hacking group, it must be a major concern for both Sony and PlayStation alike, that private user information, including credit card details, may have been compromised.
Sony have yet to make an official statement regarding the hack but you would imagine it is only a matter of time before they address the issue.

The HBO Hackers Are Beginning to Win: Here’s Why

The HBO Hackers Are Beginning to Win: Here’s Why

by

The rash of hacking crimes that have been plaguing major healthcare and other business corporations has been trending for the last decade and is picking up the pace.
While some businesses refuse to negotiate, others quietly resolve the ransom demands without saying much to the press.
Security breach for HBO Hackers were able to access the HBO system and steal 1.5 terabytes of data, according to their claim.
We’ve seen some proof of this as there was a release of content exclusive to HBO including “Room 104” and “Ballers.” They also took a month’s worth of emails which they hacked from a programming executive and the summary of a script for “Game of Thrones.” The demand video The hackers’ original demands were forwarded to HBO in the form of a video letter.
It informed the company that their huge network was successfully breached.
They demanded a monetary sum from the network, but the original figure was later changed.
HBO does not want to acknowledge any payments made because it would set a precedent for cyber criminals that would give them a green light.
It is uncertain if the network has actually paid the amount stated, it could be the case that they are stalling for more time to research the breach.
This information has not yet been confirmed, but rather is the rumor that has leaked out about the case.
HBO execs are making an attempt to disguise the payment as a reward for pointing out vulnerabilities in their system as this is more palatable than giving in to blackmail.