Cyber-ketju: verkkovakoilu,kännyköiden ja wlanien seuranta, hakkerointi, virukset, DoS etc

Three former US intelligence and military operatives broke America's weapons export and computer security laws by, among other things, helping the United Arab Emirates hijack and siphon data from people's iPhones, it emerged on Tuesday.

US citizens Marc Baier, 49, and Ryan Adams, 34, and ex-citizen Daniel Gericke, 40, were charged [PDF] with using "illicit, fraudulent, and criminal means, including the use of advanced covert hacking systems that utilized computer exploits obtained from the United States and elsewhere, to gain unauthorized access to protected computers in the United States and elsewhere and to illicitly obtain information ... from victims from around the world."

They also, according to the rap sheet, obtained and used people's passwords and authentication tokens to break into accounts and systems in the US and beyond. And they did all that "while evading the export control supervision of the United States government."

The three men also this week agreed to a first-of-its-kind deal [PDF] with Uncle Sam in which their prosecution will be dropped if they cough up $1,685,000 between them; cooperate fully with the Feds; give up all foreign and US security clearances, and never seek the latter again; and accept restrictions on future employment.
 
Suspected foreign government-backed hackers last month breached a computer network at one of the largest ports on the US Gulf Coast, but early detection of the incident meant the intruders weren't in a position to disrupt shipping operations, according to a Coast Guard analysis of the incident obtained by CNN and a public statement from a senior US cybersecurity official.

The incident at the Port of Houston is an example of the interest that foreign spies have in surveilling key US maritime ports, and it comes as US officials are trying to fortify critical infrastructure from such intrusions.

"If the compromise had not been detected, the attacker would have had unrestricted remote access to the [IT] network" by using stolen log-in credentials, reads the US Coast Guard Cyber Command's analysis of the report, which is unclassified and marked "For Official Use Only." "With this unrestricted access, the attacker would have had numerous options to deliver further effects that could impact port operations."
 
A day after news broke about REvil having screwed their own affiliates out of ransomware payments – by using double chats and a backdoor that let REvil operators hijack ransom payments – those affiliates took to the top Russian-language hacking forum to renew their demands for REvil to fork over their pilfered share of ransom payments.

Advanced Intelligence, the threat intelligence firm that disclosed the backdoor and double chats, told Threatpost on Thursday that a high-profile actor with an established reputation on the top Russian language hacking forum – Exploit – used AdvIntel’s report findings to revitalize a claim filed in May against REvil on the Russian underground.

The way that ransomware-as-a-service (RaaS) operations such as REvil or DarkSide work is that affiliates do all the dirty work of network compromise, in exchange for (in the case of the original REvil RaaS) 70 percent of whatever ransom that victims fork over.
 
At the SAS 2021 security conference today, analysts from security firm Kaspersky Lab have published details about a new Chinese cyber-espionage group that has been targeting high-profile entities across South East Asia since at least July 2020.

Named GhostEmperor, Kaspersky said the group uses highly sophisticated tools and is often focused on gaining and keeping long-term access to its victims through the use of a powerful rootkit that can even work on the latest versions of Windows 10 operating systems.

“We observed that the underlying actor managed to remain under the radar for months,” Kaspersky researchers explained today.

The entry point for GhostEmperor’s hacks were public-facing servers. Kaspersky believes the group used exploits for Apache, Oracle, and Microsoft Exchange servers to breach a target’s perimeter network and then pivoted to more sensitive systems inside the victim’s network.
 
Alkuviikosta meni insta/face/whatsapp nurin. En uskonut selitykseen "reititinviasta" alkuun ja vielä vähemmän nyt.

Eilen on hakkeroitu koko Twitchin lähdekoodi ja älytön määrä dataa.

Tänään illalla on mennyt nurin Steam ja Discord sekä mm. Nordea, Telia, OP ja moni muu. Yksi tuttu valitteli samaan hengenvetoon, ette hänellä toimi edes sähköt, mutta se voi olla sattumaakin.

Laajoja verkkohyökkäyksiä ilmeisesti käynnissä. Onko enempää tietoa missään, onko tässä jo valtiolliset toimijat takana?
 
Laajoja verkkohyökkäyksiä ilmeisesti käynnissä. Onko enempää tietoa missään, onko tässä jo valtiolliset toimijat takana?
Ei tietoa onko ne pelkkiä valtiollisia, vai muita. Olen puhunut aikaisemmin globaalista cybersodasta, siinä netti kärsisi kuten kuvasit, mutta päivästä toiseen pahentuvalla skaalalla.
 
An Israeli researcher has demonstrated that LAN cables' radio frequency emissions can be read by using a $30 off-the-shelf setup, potentially opening the door to fully developed cable-sniffing attacks.

Mordechai Guri of Israel's Ben Gurion University of the Negev described the disarmingly simple technique to The Register, which consists of putting an ordinary radio antenna up to four metres from a category 6A Ethernet cable and using an off-the-shelf software defined radio (SDR) to listen around 250MHz.

"From an engineering perspective, these cables can be used as antennas and used for RF transmission to attack the air-gap," said Guri.

His experimental technique consisted of slowing UDP packet transmissions over the target cable to a very low speed and then transmitting single letters of the alphabet. The cable's radiations could then be picked up by the SDR (in Guri's case, both an R820T2-based tuner and a HackRF unit) and, via a simple algorithm, be turned back into human-readable characters.

Nicknamed LANtenna, Guri's technique is an academic proof of concept and not a fully fledged attack that could be deployed today. Nonetheless, the research shows that poorly shielded cables have the potential to leak information which sysadmins may have believed were secure or otherwise air-gapped from the outside world.

He added that his setup's $1 antenna was a big limiting factor and that specialised antennas could well reach "tens of metres" of range.
 
The UK's Government Communications Headquarters (GCHQ) boss Sir Jeremy Fleming has outlined a plan to pursue criminal actors who deploy ransomware as well as the state actors that are aware of their efforts.

Speaking remotely to The Cipher Brief Annual Threat Conference on Monday, Fleming discussed the increasing threat of cybercrime – in particular ransomware – and GCHQ's strategy to reduce threats.

"We have to be clear on the red lines and behaviours that we want to see. We've got to go after those links between criminal actors and state actors and impose costs," Fleming argued, in order to make ransomware and other cybercrime less profitable.

Fleming revealed that GCHQ is not afraid to go on the offensive in pursuit of that goal, but added "we're quite a long way off really addressing the profit model which is making this just so easy for criminals to exploit at the moment."

In wide-ranging remarks, Fleming described the current geopolitical situation as offering what he called a "moment of reckoning" that represents a chance for "like-minded Western liberal nations to make sure that the technologies on which we all rely encompass our values, are secured by design, have been subject to the standards and regulations that we approve of, because we think that they do promote our prosperity and our values."
 
Following the recent international law enforcement effort that dismantled the infrastructure for the REvil ransomware group, fellow cybercrime group Groove called for revenge — encouraging the wider cyber extortionist community to band together to target U.S. interests.

At a time when the U.S. is leading the international law enforcement effort to make splashy busts and shows of force against cybercriminals, this seems like a bold bet by Groove. But they have a plan.

BleepingComputer published a translation of the Russian blog post from Groove, filled with chest-thumping threats against the “US public sector, show this old man who is the boss here who is the boss and who will be on the Internet.”

The language gets vaguely military in tone from there.

“While our boys were dying on honeypots, the nets from rude aibi squeezed their own… but he was rewarded with higher and now he will go to jail for treason, so let’s help our state fight against such ghouls as cybersecurity firms that are sold to amers, like US government agencies,” Groove’s post read.

The threat letter goes on to instruct against attacks on Chinese interests in case the sanction-strapped Russian government should decide to hand them over.

“I urge not to attack Chinese companies, because where do we pinch if our homeland suddenly turns away from us, only to our good neighbors – the Chinese!”
 
German investigators have identified a deep-pocketed, big-spending Russian billionaire whom they suspect of being a core member of the REvil ransomware gang.

He lolls around on yachts, wears a luxury watch with a Bitcoin address engraved on its dial, and is suspected of buying it all with money he made as a core member of the REvil ransomware gang.
The showy billionaire goes by “Nikolay K.”on social media, and German police are hoping he’ll cruise out of Russia on his next vacation – preferably, to a country with a cooperation agreement with Germany so they can arrest him. In case he decides to kick back somewhere other than sunny Crimea, they’ve got an arrest warrant waiting for him.

According to a joint investigation by the German media outlet Zeit Online and the German public broadcaster Bayerischer Rundfunk, investigators from Germany’s Baden-Württemberg State Criminal Police Office (LKA) are convinced that Nikolay K. is part of the core group that operate the ransomware-as-a-service (RaaS) player REvil, aka Sodinokibi.
 
Apps that track the locations of phones have proven to be useful in so many ways. Apple's Find My app for finding a misplaced phone, for example, or for contact tracing COVID-19 transmissions during the pandemic. But a group of researchers at the University of California San Diego has discovered a troublesome security flaw in the Bluetooth hardware that apps such as these rely on, which they estimate may affect roughly 40 percent of mobile devices. The findings, first reported in a story by the Register, will be presented at the IEEE Symposium on Security and Privacy in 2022.

"These applications require frequent and constant transmission of Bluetooth beacons to be detected by nearby devices," explains Nishant Bhaskar, a PhD student at the University of California San Diego who was involved in the research. "Unfortunately, this also means that an adversary can also find out where we are at all times by simply listening to the Bluetooth transmissions from our personal devices."

The security flaw originates from defects or imperfections that occur during the manufacturing process. As a result, the Bluetooth signals from an individual device can be slightly distorted, creating a unique signature.
 
There's some unusual activity brewing on Russian-speaking cybercrime forums, where hackers appear to be reaching out to Chinese counterparts for collaboration.

These attempts to enlist Chinese threat actors are mainly seen on the RAMP hacking forum, which is encouraging Mandarin-speaking actors to participate in conversations, share tips, and collaborate on attacks.
 
Back
Top