Archiv: hacks (real or fictitious)


03.11.2019 - 12:09 [ Consortium News ]

More Holes in Russia-gate Narrative

(20.09.2017)

How can we be so confident? Because NSA alumni now active in Veteran Intelligence Professionals for Sanity (VIPS) are intimately familiar with NSA’s capabilities and practice with respect to bulk capture and storage of fiber-optic communications. Two of us actually devised the systems still in use, and Edward Snowden’s revelations filled in remaining gaps. Today’s NSA is in position to clear up any and all questions about intrusions into the DNC.

(…)

The FBI could still redeem itself by doing what it should have done as soon as the DNC claimed to have been “hacked.” For reasons best known to former FBI Director James Comey, the Bureau failed to get whatever warrant was needed to confiscate the DNC servers and computers to properly examine them.

03.11.2019 - 11:25 [ Ray McGovern / Consortium News ]

RAY McGOVERN: A Non-Hack That Raised Hillary’s Hackles

(22.07.2019)

Independent forensic investigations demonstrated two years ago that the DNC emails were not hacked over the Internet, but had been copied onto an external storage device — probably a thumb drive. Additional work over recent months has yielded more evidence that the intrusion into the DNC computers was a copy, not a hack, and that it took place on May 23 and 25, 2016.

The DNC almost certainly knew what had happened — not only that someone with physical access to DNC computers had copied thousands of emails, but also which ones they had copied, and thus how prejudicial to the Clinton campaign they would be when they saw the light of day.

And so, candidate Clinton, the DNC, and the mainstream media (forever quoting anonymous “current and former intelligence officials”) appear to have colluded, deciding the best defense would be a good offense.

03.11.2019 - 11:14 [ CNN ]

Mueller interview notes obtained by CNN show Trump’s push for stolen emails

The release, received by CNN on Saturday, includes 274 pages of Mueller team interview notes, emails and other documents related to the cooperation of Gates, former top campaign official Steve Bannon and former Trump personal attorney Michael Cohen. Both Cohen and Gates pleaded guilty to criminal charges from Mueller.

30.10.2019 - 09:21 [ Haaretz ]

Facebook Sues Israel’s NSO Group Over Alleged WhatsApp Hack

Facebook is seeking to have NSO barred from accessing or attempting to access WhatsApp and Facebook’s services after hacking spree that targeted journalists, diplomats, activists and others

31.08.2019 - 08:38 [ Project Zero team at Google ]

Implant Teardown

The implant has access to all the database files (on the victim’s phone) used by popular end-to-end encryption apps like Whatsapp, Telegram and iMessage. We can see here screenshots of the apps on the left, and on the right the contents of the database files stolen by the implant which contain the unencrypted, plain-text of the messages sent and received using the apps:

(…)

There’s something thus far which is conspicuous only by its absence: is any of this encrypted? The short answer is no: they really do POST everything via HTTP (not HTTPS) and there is no asymmetric (or even symmetric) encryption applied to the data which is uploaded. Everything is in the clear. If you’re connected to an unencrypted WiFi network this information is being broadcast to everyone around you, to your network operator and any intermediate network hops to the command and control server.

This means that not only is the end-point of the end-to-end encryption offered by messaging apps compromised; the attackers then send all the contents of the end-to-end encrypted messages in plain text over the network to their server.

31.08.2019 - 08:26 [ Project Zero team at Google ]

A very deep dive into iOS Exploit chains found in the wild

I recommend that these posts are read in the following order:

31.08.2019 - 08:20 [ Gizmodo ]

Google Hackers Reveal Websites Hacked Thousands of iPhone Users Silently for Years

“To be targeted might mean simply being born in a certain geographic region or being part of a certain ethnic group,” he said. “All that users can do is be conscious of the fact that mass exploitation still exists and behave accordingly; treating their mobile devices as both integral to their modern lives, yet also as devices which when compromised, can upload their every action into a database to potentially be used against them.”

21.07.2019 - 14:21 [ CNN ]

An entire nation just got hacked

(21.07.2019)

Asen Genov is pretty furious. His personal data was made public this week after records of more than 5 million Bulgarians got stolen by hackers from the country’s tax revenue office.
In a country of just 7 million people, the scale of the hack means that just about every working adult has been affected.

09.07.2019 - 22:46 [ Reuters ]

Mozilla blocks UAE bid to become an internet security guardian after hacking reports

Reuters reported in January that Abu Dhabi-based DarkMatter provided staff for a secret hacking operation, codenamed Project Raven, on behalf of an Emirati intelligence agency. The unit was largely comprised of former U.S. intelligence officials who conducted offensive cyber operations for the UAE government.

26.06.2019 - 19:04 [ Techcrunch ]

Hackers are stealing years of call records from hacked cell networks

Call detail records — or CDRs — are the crown jewels of any intelligence agency’s collection efforts. These call records are highly detailed metadata logs generated by a phone provider to connect calls and messages from one person to another. Although they don’t include the recordings of calls or the contents of messages, they can offer detailed insight into a person’s life. The National Security Agency has for years controversially collected the call records of Americans from cell providers like AT&T and Verizon (which owns TechCrunch), despite the questionable legality.

01.04.2019 - 08:18 [ Times of Israel ]

Gantz said to ask Shin Bet to probe whether Mossad behind leak of phone hack

(today) The Mossad, Israel’s foreign intelligence agency, is currently headed by Yossi Cohen, who was chosen for the post by Prime Minister Netanyahu after serving as his national security adviser.

01.04.2019 - 08:04 [ Haaretz ]

Former Mossad Chief: Leaking Hack of Gantz’s Phone ‚An Attack on Democracy‘

(18.3.2019)

Even if Iran really turns out to be responsible, it does not amount to more than an embarrassment, Pardo said. „Anybody who understands anything about cyber security knows that if somebody wants to do harm – illegitimately and unethically – they can disseminate fake, fabricated information – and go prove that it’s wrong.“

01.04.2019 - 07:09 [ theGuardian.com ]

‘Any Palestinian is exposed to monitoring by the Israeli Big Brother’

(12.9.2014)

I assumed a role in which people are called “targets”, and those people who really interest us are in no sense terrorists, but rather generally normative people – who interest us because of their roles, so that we can obtain more intelligence and achieve greater access. We take advantage of the capabilities that we have over these people in order to put ourselves at ease. We take advantage of the impact that we have on their lives. Sometimes it involves truly harming a person’s life, or their soul. I mean extortion whereby they must hide things from people around them. It can really screw up their lives. It made me feel omnipotent.

01.04.2019 - 06:43 [ CBS News ]

CEO of Israeli spyware-maker NSO on fighting terror, Khashoggi murder, and Saudi Arabia

(24.3.2019)

An Israeli company licenses software around the world that can crack just about any smartphone, but is its use always on the side of good?

01.04.2019 - 06:40 [ Gizmodo ]

Hacking Lawyers or Journalists Is Totally Fine, Says Notorious Cyberweapons Firm

(25.3.2019)

Hulio’s company, worth hundreds of millions of dollars, first made global headlines in 2016 when its tools were used by the authoritarian government of the UAE in order to spy on Ahmed Mansoor, an award-winning human rights activist. The company has never fully addressed the spying; Mansoor currently sits, untried and unable to regularly contact his family, in an unidentified prison somewhere in the UAE on charges of criticizing the UAE government.

The spotlight did not dissuade the company. Instead, it served as an advertisement to other authoritarian governments about NSO Group’s exceptional ability …

01.04.2019 - 06:21 [ Washington Post ]

An Israeli tech firm is selling spy software to dictators, betraying the country’s ideals

(5.12.2018)

Saudi dissident Omar Abdulaziz, who lives in Canada, has filed a lawsuit against an Israeli technology company called the NSO Group accusing it of providing the Saudi government with the surveillance software to spy on him and his friends — including Jamal Khashoggi. The program, known as Pegasus, not only allows the monitoring of all communications from a phone — all texts, all emails, all phone calls — but can also hijack a mobile phone’s microphone and camera to turn it into a surveillance device.

01.04.2019 - 05:51 [ Jerusalem Post ]

Netanyahu: If Gantz can’t protect his phone, how will he protect the country?

(18.3.2019)

“He was supposed to protect his phone. That is his personal failure. If Gantz can’t protect his phone, how will he protect the country?” Netanyahu asked. “Second, Gantz and Lapid supported the dangerous nuclear deal with Iran, the deal that I fought and I am glad that I acted successfully to convince the president of the US to leave and to renew sanctions on Iran.”

01.04.2019 - 05:30 [ Haaretz ]

Report: Gantz Demands Probe to See if Mossad Leaked News of Phone Hack

Speaking at a joint press conference with Brazilian President Jair Bolsonaro, Netanyahu responded to the report about Gantz’s request that the Shin Bet investigate, saying,“They [Kahol Lavan] are trying to drag the Mossad, that magnificent organization that protects Israeli security, into the political discourse. That mustn’t be done, and I don’t plan to let it pass. The leaks about Gantz came from the headquarters of [Yesh Atid Chairman Yair] Lapid and Gantz, so I am calling on them to show responsibility, be statesmanlike, and leave the Mossad and the Shin Bet out of politics. We have enough things to fight about.”

30.03.2019 - 09:23 [ Fefe.de ]

Antirassismus-Aktivisten haben anscheinend einen Trojaner gebaut, den sie jetzt als das Manifest des Massenmörders von Christchurch getarnt in Umlauf bringen.

Das ist wohl ein Word-Dokument mit Makros, und wer draufklickt (und ausreichend Rechte auf seinem Rechner hat), dem übernagelt das Ding den Bootbereich der Platte und rebootet. Beim nächsten Boot kommen dann irgendwelche antirassistischen Meldungen und die Kiste steht.

30.03.2019 - 09:12 [ theRegister.co.uk ]

Someone’s spreading an MBR-trashing copy of the Christchurch killer’s ‚manifesto‘ – and we’re OK with this, maybe?

Hacktivists are spreading booby-trapped copies of the New Zealand mass shooter’s Islamophobic rantings, in what is being described as an online „vigilante“ operation.

Security house Blue Hexagon claims it discovered a version of the killer’s manifesto doing the rounds online containing Windows malware that, when executed with the necessary privileges, reboots the system and leaves the user staring at an anti-racist message.

24.03.2019 - 10:19 [ Times of Israel ]

Gantz: I won’t quit prime minister race over Iranian phone hack

(19.3.2019) Blue and White leader challenges Netanyahu to debate, says there was nothing sensitive on device and his wife supports him; rules out coalition with Arab Israeli parties

24.03.2019 - 09:51 [ New York Times ]

A New Age of Warfare: How Internet Mercenaries Do Battle for Authoritarian Governments

Before NSO helped the Saudi government track its adversaries outside the kingdom, and helped the Mexican government hunt drug kingpins, and earned hundreds of millions of dollars working for dozens of countries on six continents, the company consisted of two high school friends in northern Israel with one relatively mundane idea.

Using technology developed by graduates of Intelligence Unit 8200 — Israel’s equivalent of the N.S.A.— Shalev Hulio and Omri Lavie started a company in 2008 that allowed cellphone firms to gain remote access to their customers’ devices to perform maintenance.

Word spread to Western spy services, whose operatives spotted an opportunity.

16.03.2019 - 03:26 [ Reuters ]

Israel election frontrunner Gantz dismisses report that Iran hacked his phone

Benny Gantz, Prime Minister Benjamin Netanyahu’s toughest rival in Israel’s upcoming parliamentary election, dismissed as “political gossip” on Friday media reports of allegations that his mobile phone had been hacked by Iranian intelligence… “We’re in the middle of an ongoing security event…and someone’s putting out a political gossip story,” Gantz said. “I do not think Benny Gantz is the story here. There’s no security issue there. No threat and no blackmail.”

08.02.2019 - 09:25 [ Benjamin Carr / Twitter ]

#Japan to hack 200million devices to prepare for #Olympics2020 #NICT received legal permission to hack Japanese citizens’ devices in Nov, citing need to ramp up #cybersecurity for 2020 #Tokyo #SummerOlympics & #Paralympics. Plan is to attack some 200m #IoT

(28.1.2019)

07.01.2019 - 07:10 [ eccouncil.org ]

Top British Intelligence Agency, GCHQ, Recognizes EC-Council’s Certified Ethical Hacker and Certified Security Analyst Training Programs

(21.8.2018) In a showcase of trust and confidence, GCHQ provided the GCT (GCHQ Certified Training) accreditation to EC-Council’s globally renowned Certified Ethical Hacker (C|EH) and Certified Security Analyst (ECSA) programs. This recognition is a feather in the cap for EC-Council’s much sought-after credentials, which are among the most comprehensive programs in the field of Vulnerability Assessment and Penetration Testing.

Many intelligence agencies including the Pentagon, FBI, the US Army, and most Fortune 500 companies prefer the C|EH program to enhance the knowledge and skills of their security personnel. Over the years, more than 200,000 cyber professionals were trained and certified with what has become the standard norm for hiring authorities as well as security champions.

04.01.2019 - 11:03 [ legalinsurrection.com ]

Israel Helped 30 Countries Foil Terror Attacks in 2017, Says Economy Minister

(28.2.2018) Israeli military’s intelligence branch, known as “Unit 8200,” told the Australian authorities about a hidden explosive device destined for an Etihad Airways flight leaving Sydney for Abu Dhabi last July.

Earlier this month, the German weekly Der Spiegel reported on Israel’s role in helping Germany and European countries in combating Islamist terror. It revealed that Israel is part of a covert multinational counter-terrorism operation named “Gallant Phoenix” that gathers intelligence on Islamic State war criminals returning from the Middle East to Europe.

04.01.2019 - 10:36 [ Haaretz ]

Top Secret Israeli Cyberattack Firm, Revealed

Unlike NSO, Candiru is more conservative in its choice of customers. Most of them are in Western Europe and none of them are from Africa. In fact, the company reportedly doesn’t sell equipment to Israel, although that is for business – not political – reasons, they say.

“For example, if Germany needs offensive cyber equipment for some national security matter, it will develop it in-house without question,” explained one source, who asked not to be identified. “But if it needs to contend with human trafficking from Turkey, for instance, it will buy cyber gear from an outside source where the issue is less sensitive.”

03.01.2019 - 16:39 [ theGuardian.com ]

‘Any Palestinian is exposed to monitoring by the Israeli Big Brother’

(12.9.2014) I assumed a role in which people are called “targets”, and those people who really interest us are in no sense terrorists, but rather generally normative people – who interest us because of their roles, so that we can obtain more intelligence and achieve greater access. We take advantage of the capabilities that we have over these people in order to put ourselves at ease. We take advantage of the impact that we have on their lives. Sometimes it involves truly harming a person’s life, or their soul. I mean extortion whereby they must hide things from people around them. It can really screw up their lives. It made me feel omnipotent.

03.01.2019 - 14:25 [ Haaretz ]

Top Secret Israeli Cyberattack Firm, Revealed

Candiru, named after an Amazon fish known to parasitize the human urethra, recruits heavily from 8200 intelligence unit and sells offensive tools for hacking computer systems

20.12.2018 - 20:20 [ theGuardian.com ]

US and UK accuse China of sustained hacking campaign

A US indictment unsealed on Thursday in unison with a series of British statements accused Chinese hackers of obtaining unauthorised access to the computers of at least 45 entities, including commercial and defence technology companies and US government agencies such as Nasa and the US navy.

23.08.2018 - 09:49 [ Consortium News ]

US Intel Vets Dispute Russia Hacking Claims

(12.12.2016) we draw on decades of senior-level experience – with emphasis on cyber-intelligence and security – to cut through uninformed, largely partisan fog. Far from hiding behind anonymity, we are proud to speak out with the hope of gaining an audience appropriate to what we merit – given our long labors in government and other areas of technology. And corny though it may sound these days, our ethos as intelligence professionals remains, simply, to tell it like it is – without fear or favor.

We have gone through the various claims about hacking. For us, it is child’s play to dismiss them. The email disclosures in question are the result of a leak, not a hack.

23.08.2018 - 09:46 [ CBS News ]

FBI, DNI back CIA judgment that Russia meddled in election and favored Trump

(16.12.2016) “Earlier this week, I met separately with (Director) FBI James Comey and DNI Jim Clapper, and there is strong consensus among us on the scope, nature, and intent of Russian interference in our presidential election,” Brennan wrote, U.S. intelligence sources confirmed. “The three of us also agree that our organizations, along with others, need to focus on completing the thorough review of this issue that has been directed by President Obama and which is being led by the DNI.”

23.08.2018 - 09:42 [ CBS News ]

Obama, GOP senators call for probe to examine Russia’s meddling in U.S. election

(9.12.2016) “See, the problem with hacking is that if they’re able to disrupt elections, then it’s a national security issue, obviously,” McCain told the Post.

Sen. Lindsey Graham, R-South Carolina, who’s close with McCain, told CNN earlier this week that he thinks Russia “did interfere with our elections.”

“It’s pretty clear to me that Wikileaks was designed to hurt [Democratic presidential nominee Hillary] Clinton and it could be us tomorrow,” Graham said. “I’m going after Russia in every way you can go after Russia.”

23.08.2018 - 09:00 [ Washington Post ]

Russian government hackers penetrated DNC, stole opposition research on Trump

(14.6.2016) One group, which CrowdStrike had dubbed Cozy Bear, had gained access last summer and was monitoring the DNC’s email and chat communications, Alperovitch said.

The other, which the firm had named Fancy Bear, broke into the network in late April and targeted the opposition research files. It was this breach that set off the alarm. The hackers stole two files, Henry said. And they had access to the computers of the entire research staff — an average of about several dozen on any given day.

The computers contained research going back years on Trump.

20.08.2018 - 20:50 [ Jimmy Schulz ]

Verfassungsbeschwerde gegen den Staatstrojaner

Die Große Koalition greift mit der Überwachung von Computern und Smartphones massiv in die Grundrechte ein! Der Einsatz des Staatstrojaners verstößt laut vielen Experten nicht nur gegen die Verfassung der Bundesrepublik, er hat außerdem das Potential die Sicherheit (kritischer) IT-Infrastruktur in ganz Deutschland zu bedrohen: Durch das gezielte Ausnutzen von Schwachstellen zur Installation des Trojaners, beteiligt sich der Staat am Handel und der Verbreitung von Sicherheitslücken und verhindert deren effektive Behebung. Dies kann zu gefährlichen Kollateralschäden auch an vollkommen unbescholtenen Bürgerinnen und Bürgern sowie Unternehmen führen.

Weil sich der Einsatz von sog. Staatstrojanern, die von Sicherheitsbehörden zur Überwachung eingesetzt werden, nicht mit unseren in der Verfassung garantierten Grundrechten vereinbaren lässt, hat die FDP Klage vor dem Bundesverfassungsgericht eingereicht, die ich als Beschwerdeführer unterstütze. Damit kommt auch endlich Bewegung in die Diskussion über den Einsatz von Staatstrojanern.

21.07.2018 - 10:52 [ Netzpolitik.org ]

Singapur: Angreifer erbeuten Gesundheitsdaten von 1,5 Millionen Menschen

„Durchdacht, gezielt und gut geplant“ soll der Angriff gewesen sein. Die Regierung meldete heute, dass eine staatliche Gesundheitsdatenbank gehackt wurde.

17.07.2018 - 06:09 [ Consortium News ]

US Intel Vets Dispute Russia Hacking Claims

(12.12.2016) we draw on decades of senior-level experience – with emphasis on cyber-intelligence and security – to cut through uninformed, largely partisan fog. Far from hiding behind anonymity, we are proud to speak out with the hope of gaining an audience appropriate to what we merit – given our long labors in government and other areas of technology. And corny though it may sound these days, our ethos as intelligence professionals remains, simply, to tell it like it is – without fear or favor.

We have gone through the various claims about hacking. For us, it is child’s play to dismiss them. The email disclosures in question are the result of a leak, not a hack.

15.05.2018 - 12:27 [ Consortium News ]

US Intel Vets Dispute Russia Hacking Claims

(12.12.2016) we draw on decades of senior-level experience – with emphasis on cyber-intelligence and security – to cut through uninformed, largely partisan fog. Far from hiding behind anonymity, we are proud to speak out with the hope of gaining an audience appropriate to what we merit – given our long labors in government and other areas of technology. And corny though it may sound these days, our ethos as intelligence professionals remains, simply, to tell it like it is – without fear or favor.

We have gone through the various claims about hacking. For us, it is child’s play to dismiss them. The email disclosures in question are the result of a leak, not a hack.

15.05.2018 - 12:27 [ Spiegel.de ]

US-Präsidentschaftswahlkampf: Demokraten sind mithilfe deutscher E-Mails gehackt worden

(24.3.2018) Der Hackerangriff auf das Nationale Komitee der US-Demokraten (DNC) war offenbar global organisiert. So nutzten die Hacker nach SPIEGEL-Informationen für ihren Angriff auch deutsche E-Mail-Adressen. Das geht aus einem Rechtshilfeersuchen der US-Behörden an die Bundesrepublik hervor.

07.05.2018 - 09:23 [ DailyDot.com ]

What is Black Cube, the Cambridge Analytica-linked intelligence firm?

(7.4.2018) In his testimony last month to the U.K. Parliament, Cambridge Analytica whistleblower Christopher Wylie threw an Israeli private intelligence firm known as Black Cube under the bus.

Wylie claimed that Cambridge Analytica hired Black Cube to hack Nigerian president Muhammadu Buhari.

29.04.2018 - 12:25 [ New York Times ]

Joy Reid Says She Did Not Write ‘Hateful Things’ but Cannot Prove Hacking

(28.4.2018) The MSNBC host Joy Reid has come under fire for decade-old posts from her former blog that contain homophobic sentiments. “I genuinely do not believe I wrote those hateful things, because they are completely alien to me,” she said on Saturday.

24.04.2018 - 13:59 [ Consortium News ]

US Intel Vets Dispute Russia Hacking Claims

(12.12.2016) we draw on decades of senior-level experience – with emphasis on cyber-intelligence and security – to cut through uninformed, largely partisan fog. Far from hiding behind anonymity, we are proud to speak out with the hope of gaining an audience appropriate to what we merit – given our long labors in government and other areas of technology. And corny though it may sound these days, our ethos as intelligence professionals remains, simply, to tell it like it is – without fear or favor.

We have gone through the various claims about hacking. For us, it is child’s play to dismiss them. The email disclosures in question are the result of a leak, not a hack.

20.04.2018 - 22:30 [ Consortium News ]

US Intel Vets Dispute Russia Hacking Claims

(12.12.2016) All signs point to leaking, not hacking. If hacking were involved, the National Security Agency would know it – and know both sender and recipient.

In short, since leaking requires physically removing data – on a thumb drive, for example – the only way such data can be copied and removed, with no electronic trace of what has left the server, is via a physical storage device.

06.04.2018 - 09:37 [ MercuryNews.com ]

YouTube shooting brings burst of fake news, hacking

(3.4.2018) A hacker targeted YouTube employee Vadim Lavrusik’s Twitter account a few hours after he tweeted that he’d heard shots and was barricaded in a room with colleagues. A number of fake tweets were posted on his timeline, one of them a homophobic insult. Twitter CEO Jack Dorsey tweeted, “We’re on it.” Lavrusik later tweeted that he had his account “back.” (…)

A reporter who took to Twitter to call out fake-news tweets identifying as the shooter a range of people — including Hillary Clinton and several YouTube performers — was herself identified as the attacker.