How China grabbed NSA hacking tools and used them to attack U.S. allies

Chinese spies got a hold of NSA hacking tools, and “repurposed them in 2016 to attack American allies and private companies in Europe and Asia,” reports the NYT. How'd they get those cyberweapons? Symantec researchers “believe the Chinese did not steal the code but captured it from an N.S.A. attack on their own computers — like a gunslinger who grabs an enemy’s rifle and starts blasting away.” Read the rest

Ex-NSA American mercenaries for UAE used 'Karma' to hack journalists and human rights activists

Former NSA spies have been working for the government of the United Arab Emirates as hacker mercenaries, helping the UAE attack journalists, dissidents, and human rights activists. This is a great read, and a shocking story from Reuters. Read the rest

DHS issues security order after DNS hijack attacks from Iran, 6 agency domains already affected

The Department of Homeland Security on Tuesday issued an “emergency” security alert urging federal civilian agencies to secure login credentials for their respective internet domain records. Read the rest

Marriott hack update: Hotel now admits hackers got passport numbers

The Marriott hotel chain today said that a smaller number of customers were affected by a recent hack than initially estimated, but admitted that the hackers got customer passport numbers. Read the rest

NASA got hacked

It seems that we can't have nice, unhacked things. According to Gizmodo, someone has hacked NASA's personnel database to gain access to social security numbers and other personal information of the space agency's staff.

News of the security breach was only disseminated via memo to NASA's employees on December 18th, despite the fact that the agency became aware of the hack back on October 23rd.

From Gizmodo:

According to the memo, NASA is working with federal investigators to determine the extent of the breach and who might be responsible. It said that servers were accessed that contained the personal information of employees that worked at the agency between July 2006 and October 2018. The message was sent to inform employees to take the necessary precautions to prevent possible identity theft. It seems that investigators still haven’t narrowed down the employees who may have been effected, however the agency promised to notify individuals as that information becomes available.

When contacted for comment by Gizmodo, a NASA spokesperson could not say exactly how many employees’ information was potentially exposed, but they did confirm that the agency “does not believe that any agency missions were jeopardized by the intrusions.”

If anyone knows who's responsible for the hack, they're keeping their mouths shut about it. Hacking's so hot right now -- the breach could have been pulled off by anyone from a code-savvy lone-acting lady at a coffee shop to a high-falootin' government sponsored collective in Eastern Europe. Also, China. It'll be interesting to see what, if anything, is done with information that was obtained during the hack. Read the rest

Sandsifter program finds bugs, secret instructions and other oddities in computer processors

Sandsifter throws random machine code instructions at microprocessors, just to see what happens.

The sandsifter audits x86 processors for hidden instructions and hardware bugs, by systematically generating machine code to search through a processor's instruction set, and monitoring execution for anomalies. Sandsifter has uncovered secret processor instructions from every major vendor; ubiquitous software bugs in disassemblers, assemblers, and emulators; flaws in enterprise hypervisors; and both benign and security-critical hardware bugs in x86 chips.

With the multitude of x86 processors in existence, the goal of the tool is to enable users to check their own systems for hidden instructions and bugs.

I demand to see this scene in technothrillers pronto. Read the rest

Russian agents allegedly tried to hack lab associated with Skirpal poisoning investigation

The Organization for the Prohibition of Chemical Weapons (OPCW) has been elbows-deep in the investigation of the Novichok nerve agent attack on Sergei and Yulia Skirpal. As part of their investigation into where the nerve agent may have originated, the OPCW sent samples of the chemical weapon to a number of independent labs.

Using multiple labs provides a fail safe against false positive results and bias – two things you'd want to avoid considering the fact that the results of the tests could trigger a significant international incident. One of the labs that the OPCW may have used (I mean, they're not going to come right out and say that this is where they're sending dangerous shit) was Switzerland's Spiez Laboratory. Since Russia has denied that it had any role in the poisoning of the Skirpals and the other collateral victims of the Novichok attack, it's really really surprising to be surprised by the surprise expulsion of two Russian intelligence agents (surprise!) from The Hague, where OPCW is based. Apparently, they were trying to tinker with Spiez Laboratory's computers.

From NPR:

Swiss and Dutch authorities did not immediately respond to NPR's request for comment. Andreas Bucher, a spokesperson for Spiez Laboratory, also declined to comment on the deportations. However, he confirms the laboratory's computer systems have been probed by unknown hackers in recent months.

"We've had indications that we were in the crosshairs," Bucher says. No data has been stolen from the lab, he adds.

Although Spiez Laboratory has not officially acknowledged receiving a sample, it is widely believed to have done so, according to Jean Pascal Zanders, an independent chemical weapons expert based in France.

Read the rest

Former NSA contractor Reality Winner sentenced to 5+ years in prison for leaking secret report on Russian election hacking to The Intercept

Former Air Force language specialist and intelligence contractor Reality Winner has been sentenced to 63 months in prison. Read the rest

DNC alerts FBI to phishing attack on its voter database

The Democratic National Committee called the FBI Tuesday, after discovering what the DNC says was the early phase of a sophisticated phishing attempt to hack its voter database. Read the rest

Facebook kills 652 more political disinformation accounts, Russia and Iran blamed

Facebook announced today they are taking down 652 pages, groups and fake accounts for "coordinated inauthentic behavior." Read the rest

'I've had Twitter sex with 12 Russian hackers,' nude model who sexted Guccifer 2.0 tells tabloids

A former nude model and “Bond girl” exchanged sexual messages via Twitter with the online persona now believed to be an unknown number of Russian spies who are accused of attacking the 2016 US elections, the UK tabloid Sun Online posted today.

They're really awful and I don't want to link to them, but this is too rich, you guys. Motherboard has a more credible piece up, you should read that one, too.

In today's garbage interview, Robbin Young told The Sun she "fell madly in love" with Twitter user Guccifer 2.0, and sent him photographs of her breasts and exchanged sexually explicit messages with him or them.

Excerpt:

She was left stunned last week after the US government announced it had indicted 12 Russian spies who they believe ran the Guccifer 2.0 account, hacked into Democratic party computers and leaked stolen documents in a bid to interfere with the 2016 election result.

In an exclusive interview, Robbin, 63, told Sun Online: "I thought he was one Romanian man and I fell in love with him - now to be told it could have been 12 Russian spies running that account - I'm shocked.

"If this is all true it's like I've had Twitter sex with 12 Russian hackers."

Robbin Young once starred with ​007 Roger Moore in 'For Your Eyes Only.'

Guccifer is no Roger Moore.

Get a load of this shit.

In one message he wrote: "Wow u r making me breath harder .. ur soul's so pure and unspoiled ..

Read the rest

WATCH: U.S. intel chief warns of new cyberattacks on U.S. infrastructure by Russia, North Korea, Iran, China

The “warning lights are blinking red again,” said the American government's top intelligence official on Friday.

Director of National Intelligence Dan Coats warned of newly resurgent threats by Russia, Iran, North Korea, and China on critical U.S. infrastructure while speaking at the Hudson Institute think tank.

Coats happened to be speaking at the event just after the Department of Justice revealed an indictment against 12 Russian military agents for hacking the 2016 U.S. presidential elections. Read the rest

John Kelly's phone was hacked

NEW REPORTING CONFIRMS what previous stories speculated: chief of staff John Kelly's phone was hacked, and now they know where. They still don't know by whom, or how, or why, or what the damage was. Read the rest

FBI says to reboot your router ASAP to avoid Russia malware VPNFilter

Have you tried turning it off and on again?

The FBI sent out an urgent bulletin advising anyone with a home or small office internet router to immediately turn it off and then turn it on again as a way to help stop the spread of a malware outbreak with origins in Russia. Read the rest

Security researchers demonstrate inexpensive one-minute method to clone master hotel key cards

Finnish security researchers Tomi Tuominen and Timo Hirvonen can clone many master hotel keys very quickly using their clever cryptography, an expired keycard from the hotel trash, and a $300 Proxmark RFID card reading and writing device. It takes them about one minute to create a master hotel key. Video demo below. From Wired:

The two researchers say that their attack works only on Vingcard's previous-generation Vision locks, not the company's newer Visionline product. But they estimate that it nonetheless affects 140,000 hotels in more than 160 countries around the world; the researchers say that Vingcard's Swedish parent company, Assa Abloy, admitted to them that the problem affects millions of locks in total. When WIRED reached out to Assa Abloy, however, the company put the total number of vulnerable locks somewhat lower, between 500,000 and a million. They note, though, that the total number is tough to measure, since they can't closely track how many of the older locks have been replaced. Tuominen and Hirvonen say that they've collected more than a thousand hotel keycards from their friends over the last 10 years, and found that roughly 30 percent were Vingcard Vision locks that would have been vulnerable to their attack.

Tuominen and Hirvonen quietly alerted Assa Abloy to their findings a year ago, and the company responded in February with a software security update that has since been available on its website. But since Vingcard's locks don't have internet connections, that software has to be installed manually by a technician, lock by lock.

Read the rest

SEC fines Yahoo (now Altaba) $35 million over massive data breach

How the once mighty have fallen. Read the rest

FBI, DHS, and UK cyber agency warn of Russia internet attack that targets routers

The United States and Britain today accused Russia of launching a new wave of internet-based attacks targeting routers, firewalls and other computer networking equipment used by government agencies, businesses and critical infrastructure operators around the globe. Read the rest

More posts