Securus is the widely abused location-tracking tool that exploits a loophole in privacy law to allow police to extract realtime and historical cellphone location data without a warrant or any accountability.
Such a tool has enormous power for abuse by criminals as well as dirty cops: it's a stalker-rapist's best friend, an all-clear system for housebreakers, and the perfect snoop for blackmailers and voyeurs. So let's hope they've got really good security!
A hacker has provided Motherboard's Joseph Cox with login credentials for Securus. The hacker says it was very easy to obtain these, because Securus has really bad security.
The hacker who breached Securus provided Motherboard with several internal company files. A spreadsheet allegedly from a database marked “police” includes over 2,800 usernames, email addresses, phone numbers, and hashed passwords and security questions of Securus users, stretching from 2011 up to this year. A hash is a cryptographic representation of a piece of data, meaning a company doesn’t need to store the password itself. But the hashes themselves were created using the notoriously weak MD5 algorithm, meaning attackers could learn a user’s real password in many cases. Indeed, some of the passwords have seemingly been cracked and included in the spreadsheet. It is not immediately clear if the hacker that provided the data to Motherboard cracked these alleged passwords or if Securus stored them this way itself.
Most of the users in the spreadsheet are from US government bodies, including sheriff departments, local counties, and city law enforcement. Impacted cities include Minneapolis, Phoenix, Indianapolis, and many others. The data also includes Securus staff members, as well as users with personal email addresses that aren’t explicitly linked to a particular government department.
Hacker Breaches Securus, the Company That Helps Cops Track Phones Across the US [Joseph Cox/Motherboard]
VPNFilter is a sophisticated, multi-stage malware package, part of the new breed of boot-persistent malware (software that can survive a reboot); it targets home routers and network-attached storage devices, then steals passwords and logins that traverse the network and exfiltrates it to the creators' servers.
The White House Communications Agency, staffed with military information security experts, is in charge of making sure that the President's cellular phone isn't getting hacked by adversaries who might otherwise be able to listen in on his calls, capture his messages, intercept his search history, and remotely operate his camera and microphone. Donald Trump routinely […]
The revelation that encrypted email is vulnerable to a variety of devastating attacks (collectively known as "Efail") has set off a round of soul-searching by internet security researchers and other technical people -- can we save email?
The workday is long, and inevitably, you’re going to find yourself needing to take a break from the daily grind. With Mini Materials Miniature Cinder Blocks, you can take some time for yourself and decompress by turning your desk into a miniature construction site. They’re available today in the Boing Boing Store for $22.49. Handmade […]
Handheld radios might seem a bit archaic, but in an emergency situation, few things will keep you as reliably connected to the outside world. This Emergency Multi-Function Radio & Flashlight takes the utility of the tried-and-true radio and combines it with a powerful flashlight and self-sufficient energy system. It’s available in the Boing Boing Store for […]
Few programming languages boast the versatility and user-friendliness of Python, which is why it’s the first language of choice for many aspiring programmers. Regardless of your experience level, you can take the first step to becoming Python-savvy with the Python 3 Bootcamp Bundle, available in the Boing Boing Store for $35 this week. Featuring more than […]