Hacking, Security & Privacy News - Page 5

US researcher Christopher Balding has said that he has evidence that China is siphoning data from Americans' smart coffee machines.

IoT home appliances have absolutely ballooned in popularity and use over the last few years, with Balding's new report at New Kite Data Labs adding that China spying on Americans through smart coffee machines isn't the worst of it -- it's the issue with the always-connected, connect-everything, Internet of Things future we're living in.

The data collection from coffee machines is part of a larger effort of China, and I'm sure many other countries -- all behind the US and its alphabet agencies of course -- with low security and data policies that aren't clear to most people. Balding said: "China is really collecting data on really just anything and everything. As a manufacturing hub of the world, they can put this capability in all kinds of devices that go out all over the world".

A paper on the Bluetooth signal tracking titled "Evaluating Physical-Layer BLE Location Tracking Attacks on Mobile Devices" was recently presented at the IEEE Security & Privacy conference in Oakland, California, on May 24th, 2022.

Researchers from the University of California San Diego have found Bluetooth Low Energy (BLE) signals are constantly emitted by mobile devices, generating a unique fingerprint that attackers can use to track an individual's movements. This covers smartphones, smartwatches, and fitness trackers, all of which transmit roughly 500 "Bluetooth beacons" per minute.

The unique fingerprint results from minute manufacturing imperfections in device hardware, which uniquely distorts the Bluetooth signal, allowing attackers to bypass anti-tracking techniques like constantly changing network addresses. Across their experiments, they found that 40%-47% of devices were uniquely identifiable and could track a volunteer as they left their residence.

A hacking group has created a robot that's purpose is to troll the Russian government by making as many calls as possible.

The hacking group called Obfuscated Dreams of Scheherazade is behind the hilarious robocaller, and explains on its website that it has collected the phone numbers of thousands of Duma employees, Ministry of War officials, high-ranking politicians, administrators, and more. The website, called Waste Russian Time, allows users to initiate a call which then activates the robocaller to make a call between two different random branches of Russia's government or officials within those branches.

The best part is the robocaller allows users to listen in on the conversation. It would definitely be helpful to know Russian, but I think all humans can tell when there is frustration or anger in someone's voice. The hacking group has written on its website that "If youʼre on the phone, you canʼt drop bombs or coordinate soldiers." At the time of writing, there have been 5204 calls made, and the group behind it all calls for a "peaceful intervention", and is described as "a form of civil resistance" against the war in Ukraine.

A study on the hack titled "Metasurface-in-the-Middle Attack: From Theory to Experiment" will be presented at the Proceedings of the 15th ACM Conference on Security and Privacy in Wireless and Mobile Networks (2022).

Researchers from Rice University have created a tool to eavesdrop on 6G wireless signals (which range from 110 to 170 gigahertz, or GHz), dubbed the "Metasurface-in-the-Middle." Metasurfaces are thin sheets of material with particular designs that allow them to manipulate light or other electromagnetic waves, while a "Man-in-the-middle" attack is a type of hack where an eavesdropper secretly intercepts communications between two parties.

"Awareness of a future threat is the first step to counter that threat. The frequencies that are vulnerable to this attack aren't in use yet, but they are coming and we need to be prepared," said study co-author Edward Knightly, Rice's Sheafor-Lindsay Professor of Electrical and Computer Engineering.

An unhappy IT worker that was employed by a real estate firm has hacked his company's database servers that contain sensitive financial information.

According to a recent report by Chinese news outlet Bejing Roar, former database administrator Han Bing had previously warned his employer, Lianjia, about a selection of holes in the company's online security for its databases. Failing to gain any traction on any of his requests, Bing decided to launch a full-scale attack on four of the company's servers, specifically targeting servers containing financial information. The attack worked, and Bing wiped out four severs and prevented Lianjia from being able to access its own financial system.

As you can probably imagine, an investigation was immediately launched into the online attack, which ended up being boiled down to five potential individuals with the appropriate administrator credentials. Investigators then cross-referenced server logs, MAC addresses, and IP addresses with CCTV footage and were able to determine that Bing was the culprit. After facing an appeal rejection in court, Bing has been sentenced to seven years in prison and a restitution bill of $30,000, or approximately 200,000 yuan.

A US college has announced its closure after experiencing the COVID-19 pandemic and a grim cyberattack, ending 157 years of education.

Lincoln College has issued a goodbye note on its website that states the college has contacted the Illinois Department of Higher Education and Higher Learning Commission to inform them of the college's "permanent closure" that will become effective on May 13, 2022. The announcement states that the Board of Trustees has voted to stop all academic programming at the end of the spring semester following financial difficulties caused by the COVID-19 pandemic and a cyberattack that happened in December 2021.

The college explains that the COVID-19 pandemic forced large investments into "technology and campus safety measures", which coincided with a drop in enrollment. The cyberattack in December of last year prevented administrators from accessing institutional data, which stopped the college from being able to create clear projections for Fall 2022.

Hackers have taken aim at Russia once again, but this time they have targeted many of the nation's online platforms with a clear message.

On Monday, May 9, hackers infiltrated many Russian smart TVs by changing the channel names and descriptions to show a stark message. Notably, smart TVs weren't the only online platforms that were targeted, as reports indicate that Russian platforms such as Rutube, Russia's clone of YouTube, and even large internet companies such as Yandex. Rutube described the hack in its Telegram channel as a "powerful cyberattack" that caused the platform to not be accessible.

The message that was displayed on Russian smart TVs was, "The blood of thousands of Ukrainians and hundreds of murdered children is on your hands." These cyber attacks are hardly surprising as Russia has undergone many hacking attacks since it began its invasion of Ukraine on February 24. Notably, the Anonymous hacking collective has already performed many successful cyber attacks against Russia, claiming it has previously infiltrated the Russian space agency, Russia's Central Bank, and more.

The Department of Justice has announced its charged three individuals for acting as an illegal agents of the Russian government within the United States.

Russian business man Aleksandr Mikhaylovich and Russian President Vladimir Putin.

The news was announced via a press release found on the Department of Justice website and states that a Russian legislator Aleksandr Mikhaylovich Babakov and two staff members, Aleksandr Nikolayevich Vorobev and Mikhail Alekseyevich Plisyuk, have been charged for running a multi-year propaganda network designed to "influence and gain access to U.S. elected officials" and "advance Russia's malevolent political designs against Ukraine and other countries, including the United States", said U.S. Attorney Damian Williams for the Southern District of New York.

A hacking group affiliated with the Anonymous hacking collective claimed that it had infiltrated Russia's space agency systems and seized control.

The hacking group called Network Battalion 65 (NB65) took to its Twitter account to post screenshots of server information that they then claimed was displaying the group had infiltrated the Russian space agency "Roscosmos" control system. The head of Roscosmos refuted the claims by NB65, Dmitry Rogozin, who called NB65 "scammers and petty swindlers", and said that "All our space activity control centers are operating normally."

Now reports are surfacing that state a file containing the source of the hack has been analyzed, revealing that the hacking group used 66% of the same code as Conti, a Russian crime hacking group that used ransomware to steal millions from Western companies. As NB65 used the majority of Conti's ransomware to hack Roscosmos systems, it seems that NB65 has changed Russia's own ransomware code and used it to attack the Kremlin.

Anonymous announced the beginning of its cyberwar with Russia when Putin's forces started invading Ukraine, and now the collective has another update for the public.

Taking to its official Anonymous Twitter account, the hacking collective vowed that it would not stop its cyberwar with the Kremlin until Russia stops its aggression altogether. The recent update follows many previous updates of Anonymous revealing it had leaked the personal data of 120,000 Russian soldiers (April 3), and that it hacked the central bank of Russia and stole 35,000 files (March 24).

Notably, Anonymous has also claimed that it had hacked Russian streaming services Wink and Ivi and live TV channels such as Russia 24, Channel One, and Moscow 24 to broadcast war footage from Ukraine to show Russian citizens the horrors of Putin's invasion. Furthermore, the hacking collective said that it had infiltrated a censorship agency, government, corporate, and news websites.