Hacking, Security & Privacy News - Page 2

You may have heard about the Vault 7 leaks from WikiLeaks back in 2017, where I was reporting about it back then... a cache of tools and exploits that the US government-funded CIA (Central Intelligence Agency) use to hack into everyone's computers, iPhones and Android devices, Samsung smart TVs and more.

Well, a jury in New York convicted 33-year-old ex-CIA engineer Joshua Schulte on 9 charges, which has now become the single largest leak in CIA history. Schulte worked inside of the Operations Support Branch (OSB) of the CIA, where he reportedly built hacking tools, turning prototypes that he was working on into real exploits that were capable of monitoring, or stealing information from the device that it was on.

Investigators secured evidence against Schulte through his own holes in his personal security, where the ex-CIA engineer stored the passwords for his accounts on his phones, and then investigators used that to access his encrypted storage.

A group of hackers have announced a digital war has begun on anti-abortion states with gigabytes of data already reportedly stolen.

The hacking group is called SiegedSec, and according to reports, in the past, has concentrated on stealing/destroying portions of user data held by private companies. The group announced on its Telegram that it will be launching attacks against government bodies and organizations that don't hold their pro-choice views. Notably, the group declared that they are "pro-choice" and "one shouldn't be denied access to abortion".

Adding to the announcement, the group said that it has already hacked government servers in Arkansas and Kentucky, claiming that they have already stolen approximately 8 gigabytes of data that contains government workers' personal information. Taking to Telegram, SiegedSec declared that the attacks will continue and that their targets are any "pro-life entities", which will include any government servers within states that have anti-abortion laws.

Virginia Beach Police Department (VBPD) officers have apprehended two men responsible for illegally accessing gas pumps and selling the gasoline for cheap.

Officers responded to suspicious activity at a closed Citgo gas station, where several vehicles and people had gathered and were pumping gasoline. Their investigation revealed that individuals used devices to allow them to pump gas of their own accord and sell it to others at a discounted rate.

The suspects responsible, by the names of Rashane Griffith and Devon Drumgoole, both from Norfolk, were charged with Grand Larceny, Conspiracy, and Possession of Burglary Tools. They advertised their operation on social media to potential customers, allowing them to come and purchase gas through a smartphone application.

US researcher Christopher Balding has said that he has evidence that China is siphoning data from Americans' smart coffee machines.

IoT home appliances have absolutely ballooned in popularity and use over the last few years, with Balding's new report at New Kite Data Labs adding that China spying on Americans through smart coffee machines isn't the worst of it -- it's the issue with the always-connected, connect-everything, Internet of Things future we're living in.

The data collection from coffee machines is part of a larger effort of China, and I'm sure many other countries -- all behind the US and its alphabet agencies of course -- with low security and data policies that aren't clear to most people. Balding said: "China is really collecting data on really just anything and everything. As a manufacturing hub of the world, they can put this capability in all kinds of devices that go out all over the world".

A paper on the Bluetooth signal tracking titled "Evaluating Physical-Layer BLE Location Tracking Attacks on Mobile Devices" was recently presented at the IEEE Security & Privacy conference in Oakland, California, on May 24th, 2022.

Researchers from the University of California San Diego have found Bluetooth Low Energy (BLE) signals are constantly emitted by mobile devices, generating a unique fingerprint that attackers can use to track an individual's movements. This covers smartphones, smartwatches, and fitness trackers, all of which transmit roughly 500 "Bluetooth beacons" per minute.

The unique fingerprint results from minute manufacturing imperfections in device hardware, which uniquely distorts the Bluetooth signal, allowing attackers to bypass anti-tracking techniques like constantly changing network addresses. Across their experiments, they found that 40%-47% of devices were uniquely identifiable and could track a volunteer as they left their residence.

A hacking group has created a robot that's purpose is to troll the Russian government by making as many calls as possible.

The hacking group called Obfuscated Dreams of Scheherazade is behind the hilarious robocaller, and explains on its website that it has collected the phone numbers of thousands of Duma employees, Ministry of War officials, high-ranking politicians, administrators, and more. The website, called Waste Russian Time, allows users to initiate a call which then activates the robocaller to make a call between two different random branches of Russia's government or officials within those branches.

The best part is the robocaller allows users to listen in on the conversation. It would definitely be helpful to know Russian, but I think all humans can tell when there is frustration or anger in someone's voice. The hacking group has written on its website that "If youʼre on the phone, you canʼt drop bombs or coordinate soldiers." At the time of writing, there have been 5204 calls made, and the group behind it all calls for a "peaceful intervention", and is described as "a form of civil resistance" against the war in Ukraine.

A study on the hack titled "Metasurface-in-the-Middle Attack: From Theory to Experiment" will be presented at the Proceedings of the 15th ACM Conference on Security and Privacy in Wireless and Mobile Networks (2022).

Researchers from Rice University have created a tool to eavesdrop on 6G wireless signals (which range from 110 to 170 gigahertz, or GHz), dubbed the "Metasurface-in-the-Middle." Metasurfaces are thin sheets of material with particular designs that allow them to manipulate light or other electromagnetic waves, while a "Man-in-the-middle" attack is a type of hack where an eavesdropper secretly intercepts communications between two parties.

"Awareness of a future threat is the first step to counter that threat. The frequencies that are vulnerable to this attack aren't in use yet, but they are coming and we need to be prepared," said study co-author Edward Knightly, Rice's Sheafor-Lindsay Professor of Electrical and Computer Engineering.

An unhappy IT worker that was employed by a real estate firm has hacked his company's database servers that contain sensitive financial information.

According to a recent report by Chinese news outlet Bejing Roar, former database administrator Han Bing had previously warned his employer, Lianjia, about a selection of holes in the company's online security for its databases. Failing to gain any traction on any of his requests, Bing decided to launch a full-scale attack on four of the company's servers, specifically targeting servers containing financial information. The attack worked, and Bing wiped out four severs and prevented Lianjia from being able to access its own financial system.

As you can probably imagine, an investigation was immediately launched into the online attack, which ended up being boiled down to five potential individuals with the appropriate administrator credentials. Investigators then cross-referenced server logs, MAC addresses, and IP addresses with CCTV footage and were able to determine that Bing was the culprit. After facing an appeal rejection in court, Bing has been sentenced to seven years in prison and a restitution bill of $30,000, or approximately 200,000 yuan.

A US college has announced its closure after experiencing the COVID-19 pandemic and a grim cyberattack, ending 157 years of education.

Lincoln College has issued a goodbye note on its website that states the college has contacted the Illinois Department of Higher Education and Higher Learning Commission to inform them of the college's "permanent closure" that will become effective on May 13, 2022. The announcement states that the Board of Trustees has voted to stop all academic programming at the end of the spring semester following financial difficulties caused by the COVID-19 pandemic and a cyberattack that happened in December 2021.

The college explains that the COVID-19 pandemic forced large investments into "technology and campus safety measures", which coincided with a drop in enrollment. The cyberattack in December of last year prevented administrators from accessing institutional data, which stopped the college from being able to create clear projections for Fall 2022.

Hackers have taken aim at Russia once again, but this time they have targeted many of the nation's online platforms with a clear message.

On Monday, May 9, hackers infiltrated many Russian smart TVs by changing the channel names and descriptions to show a stark message. Notably, smart TVs weren't the only online platforms that were targeted, as reports indicate that Russian platforms such as Rutube, Russia's clone of YouTube, and even large internet companies such as Yandex. Rutube described the hack in its Telegram channel as a "powerful cyberattack" that caused the platform to not be accessible.

The message that was displayed on Russian smart TVs was, "The blood of thousands of Ukrainians and hundreds of murdered children is on your hands." These cyber attacks are hardly surprising as Russia has undergone many hacking attacks since it began its invasion of Ukraine on February 24. Notably, the Anonymous hacking collective has already performed many successful cyber attacks against Russia, claiming it has previously infiltrated the Russian space agency, Russia's Central Bank, and more.