close
  • Ar chevron_right

    FBI, others crush REvil using ransomware gang’s favorite tactic against it

    news.movim.eu / ArsTechnica · 2 days ago - 17:24

FBI, others crush REvil using ransomware gang’s favorite tactic against it

Enlarge (credit: Aurich Lawson)

Four days ago, the REvil ransomware gang’s leak site, known as the “Happy Blog,” went offline. Cybersecurity experts wondered aloud what might have caused the infamous group to go dark once more.

One theory was that it was an inside job pulled by the group’s disaffected former leader. Another was that law enforcement had successfully hacked and dismantled the group. “Normally, I am pretty dismissive of ‘law enforcement’ conspiracy theories, but given that law enforcement was able to pull the keys from the Kaseya attack, it is a real possibility,” Allan Liska, a ransomware expert, told ZDNet at the time.

“Rebranding happens a lot in ransomware after a shutdown,” he said. “But no one brings old infrastructure that was literally being targeted by every law enforcement operation not named Russia in the world back online. That is just dumb.”

Read 9 remaining paragraphs | Comments

index?i=FoAH93ucJrM:LLLJQzBM0Wg:V_sGLiPBpWUindex?i=FoAH93ucJrM:LLLJQzBM0Wg:F7zBnMyn0Loindex?d=qj6IDK7rITsindex?d=yIl2AUoC8zA
  • Ar chevron_right

    How hackers hijacked thousands of high-profile YouTube accounts

    news.movim.eu / ArsTechnica · 3 days ago - 15:00

How hackers hijacked thousands of high-profile YouTube accounts

Enlarge (credit: Future Publishing | Getty Images)

Since at least 2019, hackers have been hijacking high-profile YouTube channels. Sometimes they broadcast cryptocurrency scams , sometimes they simply auction off access to the account. Now, Google has detailed the technique that hackers-for-hire used to compromise thousands of YouTube creators in just the past couple of years.

Cryptocurrency scams and account takeovers themselves aren’t a rarity; look no further than last fall’s Twitter hack for an example of that chaos at scale. But the sustained assault against YouTube accounts stands out both for its breadth and for the methods the hackers used, and an old maneuver that’s nonetheless incredibly tricky to defend against.

Read 11 remaining paragraphs | Comments

index?i=k2kv68GXn8g:ylysJWzIAPM:V_sGLiPBpWUindex?i=k2kv68GXn8g:ylysJWzIAPM:F7zBnMyn0Loindex?d=qj6IDK7rITsindex?d=yIl2AUoC8zA
  • Ar chevron_right

    Millionaire Twitch streamers react to their leaked earnings

    news.movim.eu / ArsTechnica · Saturday, 9 October - 11:10 · 1 minute

According to the leaked data, 81 streamers have earned over $1 million each through Twitch since late 2019.

Enlarge / According to the leaked data, 81 streamers have earned over $1 million each through Twitch since late 2019. (credit: Getty Images)

Usually on Twitch, the rallying cry “Let’s get top five, baby!” refers to a video game leaderboard. Now, in the wake of a cataclysmic data breach , the gaming world is focused on a new leaderboard: one that ranks streamers according to how much money they make from Twitch.

A circus of controversy washed over the Internet Wednesday after an anonymous 4chan user leaked 125 GB of data from the streaming platform, which included payout information for over 10,000 Twitch streamers. Twitch confirmed the breach later that day, saying that a server configuration change had allowed a “malicious third party” to access the data. The revenue data, which spanned subscriptions, donations, and ads from August 2019 to October 2021, immediately went viral on 4chan, Twitter, Reddit, and other social media. (Several streamers have stated that the information is mostly accurate, although the Twitch payments do not represent their only income source.) And while streamers are understandably concerned about potential privacy risks associated with the data breach, many have also been meme-ing on the money and, as always, making money on the memes.

“NUMBA 6 BEGS FOR PRIMES,” top streamer Ludwig Ahgren titled his livestream Wednesday, referring to Twitch’s Prime subscriptions. Twenty-four thousand viewers tuned in. Scrolling through a website that organized the payout information into a leaderboard, Ahgren typed in various streamers’ usernames to find what they made. (The website has since been taken down.) At one point, Ahgren called another streamer, Matthew “Mizkif” Rinaudo, to continue the gossip fest. “Number six!” Rinaudo yelled in a greeting to Ahgren. “You have to scroll to see my number. That’s embarrassing.”

Read 12 remaining paragraphs | Comments

index?i=ywmOULFTkhM:i8d7Q9qmOuw:V_sGLiPBpWUindex?i=ywmOULFTkhM:i8d7Q9qmOuw:F7zBnMyn0Loindex?d=qj6IDK7rITsindex?d=yIl2AUoC8zA

This is interesting:

A company that is a critical part of the global telecommunications infrastructure used by AT&T, T-Mobile, Verizon and several others around the world such as Vodafone and China Mobile, quietly disclosed that hackers were inside its systems for years, impacting more than 200 of its clients and potentially millions of cellphone users worldwide.

I’ve never heard of the company.

No details about the hack. It could be nothing. It could be a national intelligence service looking for information.

  • Sc chevron_right

    A Death Due to Ransomware

    news.movim.eu / Schneier · Friday, 1 October - 14:56 · 1 minute

The Wall Street Journal is reporting on a baby’s death at an Alabama hospital in 2019, which they argue was a direct result of the ransomware attack the hospital was undergoing.

Amid the hack, fewer eyes were on the heart monitors — normally tracked on a large screen at the nurses’ station, in addition to inside the delivery room. Attending obstetrician Katelyn Parnell texted the nurse manager that she would have delivered the baby by caesarean section had she seen the monitor readout. “I need u to help me understand why I was not notified.” In another text, Dr. Parnell wrote: “This was preventable.”

[The mother] Ms. Kidd has sued Springhill [Medical Center], alleging information about the baby’s condition never made it to Dr. Parnell because the hack wiped away the extra layer of scrutiny the heart rate monitor would have received at the nurses’ station. If proven in court, the case will mark the first confirmed death from a ransomware attack.

What will be interesting to see is whether the courts rule that the hospital was negligent in its security, contributing to the success of the ransomware and by extension the death of the infant.

Springhill declined to name the hackers, but Allan Liska, a senior intelligence analyst at Recorded Future, said it was likely the Russianbased Ryuk gang, which was singling out hospitals at the time.

They’re certainly never going to be held accountable.

Another article .

  • chevron_right

    Kickstarter Project: Bangle.js 2 is a Hackable, Open Source Smartwatch runs on JavaScript with two weeks standby time

    Danie van der Merwe · news.movim.eu / gadgeteerza-tech-blog · Wednesday, 29 September - 07:23

Looking for an open source smartwatch you’re in total control of? If so, check out the Bangle.js 2 which is currently crowdfunding on Kickstarter. This hacker-friendly piece of horological hardware is the brainchild of Espruino developer Gordon Williams. Much like Williams’ earlier efforts in this area, the Bangle.js 2 runs on JavaScript.

An open-source online “app store” is also available where you can browse apps created by others, and quickly ‘download’ them to the watch itself wirelessly.

The watch is an off-the-shelf model from China. However, all of the software and firmware that runs on it is open source, having been reverse engineered and retro-fitted to it.

Gordon Williams has run 4 crowdfunding campaigns before and delivered on all of them, which should offer some reassurance should you need it.

See https://www.omgubuntu.co.uk/2021/09/bangle-js-2-is-a-hackable-open-source-smartwatch-that-runs-javascript

#technology #opensource #smartwatch #hacking

  • Sc chevron_right

    The Proliferation of Zero-days

    news.movim.eu / Schneier · Friday, 24 September - 14:51 · 1 minute

The MIT Technology Review is reporting that 2021 is a blockbuster year for zero-day exploits:

One contributing factor in the higher rate of reported zero-days is the rapid global proliferation of hacking tools.

Powerful groups are all pouring heaps of cash into zero-days to use for themselves — and they’re reaping the rewards.

At the top of the food chain are the government-sponsored hackers. China alone is suspected to be responsible for nine zero-days this year, says Jared Semrau, a director of vulnerability and exploitation at the American cybersecurity firm FireEye Mandiant. The US and its allies clearly possess some of the most sophisticated hacking capabilities , and there is rising talk of using those tools more aggressively .

[…]

Few who want zero-days have the capabilities of Beijing and Washington. Most countries seeking powerful exploits don’t have the talent or infrastructure to develop them domestically, and so they purchase them instead.

[…]

It’s easier than ever to buy zero-days from the growing exploit industry. What was once prohibitively expensive and high-end is now more widely accessible.

[…]

And cybercriminals, too, have used zero-day attacks to make money in recent years, finding flaws in software that allow them to run valuable ransomware schemes.

“Financially motivated actors are more sophisticated than ever,” Semrau says. “One-third of the zero-days we’ve tracked recently can be traced directly back to financially motivated actors. So they’re playing a significant role in this increase which I don’t think many people are giving credit for.”

[…]

No one we spoke to believes that the total number of zero-day attacks more than doubled in such a short period of time — just the number that have been caught. That suggests defenders are becoming better at catching hackers in the act.

You can look at the data, such as Google’s zero-day spreadsheet , which tracks nearly a decade of significant hacks that were caught in the wild.

One change the trend may reflect is that there’s more money available for defense, not least from larger bug bounties and rewards put forward by tech companies for the discovery of new zero-day vulnerabilities. But there are also better tools.

  • Sc chevron_right

    FBI Had the REvil Decryption Key

    news.movim.eu / Schneier · Wednesday, 22 September - 14:30

The Washington Post reports that the FBI had a decryption key for the REvil ransomware, but didn’t pass it along to victims because it would have disrupted an ongoing operation.

The key was obtained through access to the servers of the Russia-based criminal gang behind the July attack. Deploying it immediately could have helped the victims, including schools and hospitals, avoid what analysts estimate was millions of dollars in recovery costs.

But the FBI held on to the key, with the agreement of other agencies, in part because it was planning to carry out an operation to disrupt the hackers, a group known as REvil, and the bureau did not want to tip them off. Also, a government assessment found the harm was not as severe as initially feared.

Fighting ransomware is filled with security trade-offs. This is one I had not previously considered.

Another news story .