close

Hacking news

‘Despacito’ YouTube video has been hacked and deleted

Despacito-is-hacked

‘Despacito’ music video deleted from YouTube; Adele, Taylor Swift, Drake and Shakira’s accounts taken over

In what seems to be a hacker attack, the music video of the hit song ‘Despacito’, which had more than five billion views on YouTube has been removed.

The original clips had been posted by Vevo, a music video hosting service that is a collaboration between the “big three” record companies, Universal Music Group (UMG), Sony Music Entertainment (SME) and Warner Music Group (WMG). Other Vevo channels of artists like Shakira, Selena Gomez, Adele Chris Brown, Maroon 5, Drake and Taylor Swift, were also inaccessible.

For those unaware, the Spanish-language hit “Despacito” released in January 2017, and went on to break several records in music streaming, including one for the single with the most weeks at No.1 in the U.S., with 16 consecutive weeks. It also became the most-streamed song in the world after reaching 4.6bn plays.

Meanwhile, the Despacito video has been removed, but its cover image shows pictures of five animated and masked people pointing guns at the camera. The hackers, who call themselves Prosox and Kuroi’sh, used the online moniker of Kuroi’SH and had written “Free Palestine” below the videos.

The BBC reports that a Twitter account probably belonging to one of the hackers posted: “It’s just for fun, I just use [the] script ‘youtube-change-title-video’ and I write ‘hacked’.”

“Don’t judge me I love YouTube,” it added.

Both YouTube and Vevo have been contacted to comment on the issue.

Source: BBC

read more

Hacker Adrian Lamo who turned in Chelsea Manning dies at the age of 37

Adrian Lamo, who hacked Microsoft and Yahoo, passes away at the age of 37

Adrian Lamo, a Colombian-American threat analyst and former hacker, has died at the age of 37. He was best known for passing on information that led to the arrest of Chelsea Manning.

Lamo, who was also occasionally known as the “homeless hacker” for his nomadic life, died in Sedgwick County, Kansas on Friday. Although the exact reason behind Lamo’s death is unknown, the coroner for Sedgwick County, Kansas, confirmed his death without giving more details, according to ZDNet.

Lamo’s death was also confirmed by his father, Mario Lamo who in the Facebook group “2600 | The Hacker Quarterly,” posted a tribute to his son on Friday.

“With great sadness and a broken heart I have to let know all of Adrian’s friends and acquaintances that he is dead. A bright mind and compassionate soul is gone, he was my beloved son,” wrote Mario Lamo in a Facebook post.

Lamo first gained media attention in the early 2000s for breaking into several high-profile computer networks, including those of The New York Times, Yahoo, and Microsoft, culminating in his 2003 arrest when he eventually turned himself in. He was sentenced to six months of home detention, along with 2 years of probation and a $60,000 fine.

However, Lamo gained worldwide notoriety in 2010 for disclosing to the FBI that the transgender U.S. soldier, Chelsea Manning – then Bradley Manning and an intelligence analyst for a U.S. Army unit in Iraq – had leaked confidential information to WikiLeaks. Manning had reached out to Lamo via a messaging app and told him that she had gained access to hundreds of thousands of classified documents and had leaked to Wikileaks a video of a U.S. military forces in a helicopter machine indiscriminately gunning down journalists and Iraqi civilians. But, Lamo chose to report him and informed the U.S. military of the breach.

Held responsible for the biggest breach of classified data in U.S. history, Manning was convicted by court martial of 20 offences including espionage after sharing over 700,000 confidential files with WikiLeaks. Manning was sentenced to 35 years in prison, but was granted clemency by former President Barack Obama, who said her jail term was “disproportionate.”

Looking back on his decision to give up Manning, Lamo told US News and World Report in 2017 that it was “not [his] most honorable moment”.

However, he added that he had learned a lot from the experience, including that “you can’t really know a person or their motives unless you’ve sat where they sat and seen the situation through their eyes, no matter how much you believe you do”.

“So many people think they know why I did what I did or what I was thinking or why I made my choice,” he added. “And almost without exception they’re wrong.”

Source: ZDNet

read more

Hackers hijack government websites with cryptocurrency mining malware

Government websites becomes victims of cryptocurrency mining hijack

Cryptocurrency-mining hackers attack government websites including UK and US

Scott Helme, a UK-based security researcher, discovered that more than 4,200 websites, including several government ones, were infected on Sunday with a virus that helps criminals mine cryptocurrencies.

Apparently, hackers managed to inject Coinhive cryptocurrency-mining code in the U.S. and U.K. government websites that forces web browsers to secretly mine cryptocurrency. As a result, innocent visitors who visited these compromised websites would have their computers and phones commandeered in order to mine cyrptocurrencies for the criminals.

According to reports, websites that were infected with virus include those belonging to the Information Commissioner’s Office (ICO), Student Loans Company and Scottish NHS helpline among others. The list of 4,200-plus affected websites can be found here.

In fact, ICO, the website of UK’s data protection watchdog, was taken offline after they were warned that hackers were taking control of visitors’ computers to mine cryptocurrency. The ICO said: “We are aware of the issue and are working to resolve it.”

Helme said he was informed by a friend who had received a malware warning when he visited UK government site, ico.org.uk. He found that the website was using the Coinhive in-browser mining (cryptojacking) script that caused the visitors machines to use their CPU to mine the digital currency called Monero.

On investigating further, Helme found that several other government websites from various countries such as uscourts.gov, gmc-uk.gov, nhsinform.scot, manchester.gov.uk, and many more too had started injecting a Coinhive miner.

The affected code injected in the above websites was a malicious version of a widely used text-to-speech accessibility script known as Browsealoud, which is used to help blind and partially sighted people access the web, the report says.

British tech company Texthelp, the company which makes the plug-in, confirmed that the Browsealoud script was compromised but no other Texthelp services were affected.

In a statement, Martin McKay, Texthelp’s Chief Technology Officer (CTO), in a statement said the compromise was a criminal act and an investigation is underway.

“Users who visit the hacked sites will immediately have their computers’ processing power hijacked to mine cryptocurrency – potentially netting thousands for those responsible. Government websites continue to operate securely.

“The company has examined the affected file thoroughly and can confirm that it did not redirect any data, it simply used the computers’ CPUs to attempt to generate cryptocurrency,” it said.

“The Browsealoud service has been temporarily taken offline and the security breach has already been addressed, however Browsealoud will remain offline until Tuesday 12.00 GMT.

“At this stage there is nothing to suggest that members of the public are at risk.”

Talking about the attack, Helme said, “This type of attack isn’t new – but this is the biggest I’ve seen. A single company being hacked has meant thousands of sites impacted across the UK, Ireland and the United States.

“Someone just messaged me to say their local government website in Australia is using the software as well.”

A spokesperson for the National Cyber Security Centre (NCSC) said: “NCSC technical experts are examining data involving incidents of malware being used to illegally mine cryptocurrency.

“The affected services has been taken offline, largely mitigating the issue. Government websites will continue to operate securely. At this stage there is nothing to suggest that members of the public are at risk.”

read more

Nintendo Switch hacked to run Debian Linux

Nintendo Switch hacked to run Debian Linux

Hackers run Linux on Nintendo Switch, claim exploit cannot be patched

Hackers have a particular liking when it comes to hacking Nintendo consoles, be it the Wii, DS, or 3DS. Not making it easier for Nintendo, now a hacker group named ‘fail0verflow’ has successfully managed to run Debian Linux on Switch by exploiting its boot code. fail0verflow is the same hacking group who hacked the Nintendo Wii and Sony PlayStation 4.

fail0verflow announced their discovery in a post on Twitter with an image that displayed the Nintendo console running the Debian Linux distro and user login, along with a serial adapter that was connected to one of the Joy-Con terminal on the right side.

According to fail0verflow group, the exploit triggers a flaw in the boot ROM process of the Nvidia Tegra X1 chip that powers the console. The boot ROM is stored on the chip when Nvidia manufactures it and no changes can be made to it after that. Since, the console loads the boot ROM immediately after pressing the power button, the exploit cannot be patched via future software or firmware updates as it won’t affect the ROM, the hacker group claimed.

However, Nintendo could work with Nvidia and manufacture new Nvidia Tegra X1 chips so that new consoles don’t have this vulnerability.

While several sources are of the opinion that the Switch exploit is possibly a fake hack, most industry experts believe it to be true given fail0verflow’s hacking track records. Whatever be the case, Nintendo will definitely be looking to quickly fix the potential weaknesses in its code and hardware to avoid opening up any possibilities for installation of home brew apps and pirated games on the Nintendo Switch.

Source: TechCrunch

read more

South Korea Intelligence: North Korea May Be Involved In Japan’s $530M Coincheck Heist

South Korea Intelligence: North Korea May Be Involved In Japan’s $530M Coincheck Heist

North Korea Possibly Behind Coincheck Hack, Says South Korea’s Intelligence Agency

Recently, Coincheck, one of Japan’s and Asia’s largest cryptocurrency exchange, was hit by the biggest hack in the history of cryptocurrency in which 58 billion Yen ($534 million) worth of the virtual currency “NEM (Nemu)” was stolen from its digital wallets.

While no one has taken responsibility for the hack, South Korea’s National Intelligence Service (NIS) claims that North Korea is likely behind the Coincheck cryptocurrency heist. Although the NIS didn’t have evidence to support this claim, the people who had knowledge of parliament’s intelligence committee proceedings told Reuters, “It’s a possibility that North Korea could be behind the theft.”

Kim Byung-kee, a member of South Korea’s Parliament’s intelligence committee, recalled similar past incidents in which North Korea attacked exchanges in the country.

Last year, tens of billions of won in cryptocurrency were stolen from South Korea cryptocurrency exchanges through North Korean cyberattacks, which partly involved the sending of hacking emails to members of the exchanges, according to parliamentary sources.

“North Korea sent emails that could hack into cryptocurrency exchanges and their customers’ private information and stole [cryptocurrency] worth billions of won,” Kim said.

Following the Coincheck hack on January 26, the Japanese exchange temporarily halted its operations. It later announced a compensation policy designed to return more than 260,000 users who were affected by the breach.

Meanwhile, the NIS has informed the National Assembly that it is investigating whether North Korea was behind the Coincheck hack that took place last month.

This is not the first time that North Korea is being held responsible for a huge cyberattack. The United States has publicly accused the world’s most isolated country for carrying out the WannaCry ransomware cyberattack that affected companies, banks, hospitals, and other services in 2017.

Tara O, an adjunct fellow at the Pacific Forum CSIS based in Washington, said North Korea’s attempts to hack digital currencies, including Bitcoin, are happening on a large scale.

“North Korea continuously seeks ways to bring in hard currency, and one way is to steal or demand payment in Bitcoin or other cryptocurrency, which can later be changed into dollars or yen or renminbi,” O told The Korea Times.

One good example, she said, is “Lazarus Group’s WannaCry malware, a malicious ransomware,” that targeted businesses and governments in 150 countries, with over 200,000 victims, in May 2017.

“Lazarus Group, also known as Hidden Cobra and Guardians of Peace, used WannaCry to exploit a flaw in Windows operating systems to lock files on computers and demand a ransom, payable in Bitcoin,” she said.

read more

British teenager posed as CIA boss to access secret military files

British teenager posed as CIA boss to access secret military files

Crackas With Attitude’ Hacker Gained Access To CIA Chief’s Accounts

A British teenager who gained access to intel-operations in Afghanistan and Iran by posing as the CIA chief has pleaded guilty in a London court on Friday.

The accused, Kane Gamble, now 18, who was then aged 15 and 16 at the time of the offences targeted figures such as the then CIA chief John Brennan, Director of National Intelligence James Clapper and Secretary of Homeland Security Jeh Johnson, as well as senior FBI figures such as Mark Giuliano between June 2015 and February 2016, when he was arrested.

Gamble carried out his hacking operations from his bedroom in Coalville, central England, by mimicking his targets to gain access to highly classified documents concerning US operations in Afghanistan and Iraq Afghanistan including personal information, contacts lists, security details, and passwords.

“Kane Gamble gained access to the communications accounts of some very high-ranking US intelligence officials and government employees. He also gained access to US law enforcement and intelligence agency network. He accessed some extremely sensitive accounts referring to, among other things, military operations and intelligence operations in Afghanistan and Iran,” prosecutor Lloyd-Jones QC prosecutor John Lloyd-Jones told England’s Old Bailey central criminal court on Friday.

He then used the personal information to abuse his victims’ online, release personal information, and bombard them with calls and messages, and even download pornography onto their computers while taking control of their iPads and TV screens.

Gamble is the founder of the Crackas With Attitude (CWA) group, who had reportedly claimed responsibility for the attacks. The CWA group always expressed its support to Palestine and the hacks were carried out as part of a campaign of harassment against top US officials due to its support to the Israeli politics.

Gamble was arrested in February 2016, and in October 2017, he pleaded guilty to ten charges related to the attempted intrusions that took place between late 2015 and early 2016.

Other two members of the CWA group, Andrew Otto Boggs and Justin Gray Liverman were arrested by FBI in September 2016 and have already been sentenced to five years in federal prison.

Gamble, of Linford Crescent, Coalville pleaded guilty at Leicester Crown Court to eight charges of “performing a function with intent to secure unauthorised access” to computers and two charges of “unauthorised modification of computer material”.

“It all started by me getting more and more annoyed at how corrupt and cold-blooded the US Government is so I decided to do something about it.” Gamble told a journalist.

“The court heard Gamble “felt particularly strongly” about US-backed Israeli violence against Palestinians, the shooting of black people by US police, racist violence by the KKK and the bombing of civilians in Iraq and Syria.” reported The Sun.

Gamble’s defense, William Harbage QC, argued that he was “on the autistic spectrum” and had committed the offences when aged 15 and 16.

“Medical experts for the defence argue that he is on the autism spectrum and at the time of his offending had the mental development of a 12 or 13-year-old,” reported The Telegraph.

“He has no friends to speak off and is closest to his mother Ann, a cleaner who reportedly won a £1.6million lottery jackpot in 1997 but “lost all the money on doomed property deals.”

After his arrest, William Harbage QC told doctors “it was kind of easy” and that he had little consequences of his actions “in his bedroom on the internet thousands of miles away.”

The teenager, who is on conditional bail, will be sentenced by Mr Justice Haddon-Cave at the Old Bailey. The date of the sentence is yet to be fixed.

read more

OnePlus checkout system reportedly hacked, customers report credit card fraud

OnePlus checkout system reportedly hacked, customers report credit card fraud

OnePlus confirms investigation of credit card fraud reports

Chinese smartphone manufacturer OnePlus’s official online store is assumed to be reportedly hacked after a number of customers are reporting of credit card misuse after their purchase on the OnePlus website recently.

The incident came to light when on the OnePlus support forum on January 11 from a customer who said two of his credit cards used on the phone maker’s official website showed signs of fraud. “The only place that both of those credit cards had been used in the last 6 months was on the OnePlus website,” he wrote. Once this claim was made, several complaints were later posted to Twitter and Reddit that reported the same misuse of credit card.

Meanwhile, security experts over at a company called Fidus Information Security have published their own blog post explaining the alleged issues with the OnePlus website’s payment system.

According to the firm, OnePlus is currently using the Magento e-Commerce platform, which is a common platform for credit card hacking and is known to contain cybersecurity flaws for at least two years.

“The payment page which requests the customer’s card details is hosted ON-SITE and is not an iFrame by a third-party payment processor. This means all payment details entered, albeit briefly, flow through the OnePlus website and can be intercepted by an attacker. Whilst the payment details are sent off to a third-party provider upon form submission, there is a window in which malicious code is able to siphon credit card details before the data is encrypted,” Fidus says.

Adding further, Fidus said, “Card payments are handled by CyberSource, the processing form is still hosted on the OnePlus infrastructure. If an attacker had write access to this page, JavaScript could have been inserted to compromise data entered into CyberSource’s payment form on the client-side.”

While it is not clear whether the company is to blame, OnePlus published a forum post on Monday explaining how its payment system works and confirming an investigation into the matter. It revealed that each of the reports included customers who made card payments at oneplus.net.

OnePlus, further stressed that the credit card processing doesn’t take place on its website. “Your card info is never processed or saved on our website – it is sent directly to our PCI-DSS-compliant payment processing partner over an encrypted connection, and processed on their secure servers. Our website is HTTPS encrypted, so it’s very difficult to intercept traffic and inject malicious code, however we are conducting a complete audit,” a spokesperson wrote on OnePlus’s official forums.

“If you suspect that your credit card info has been compromised, please check your card statement and contact your bank to resolve any suspicious charges. They will help you initiate a chargeback and prevent any financial loss,” the statement continued.

read more

Lizard Squad And PoodleCorp Co-Founder Pleads Guilty To DDoS Attacks

Lizard Squad And PoodleCorp Co-Founder Pleads Guilty To DDoS Attacks

Lizard Squad’s founding member pleads guilty for running hacking-for-hire service

A Maryland man has pleaded guilty in a federal court in Chicago for operating a hacker-for-hire service that shut down company websites and targeted victims for as little as $20 for online harassment.

Zachary Buchta, a 20-year-old admitted in his plea agreement with prosecutors confessed to launching cyberattacks and harassment campaigns as a founding member of the hacker-for-hire groups Lizard Squad and PoodleCorp, according to the Chicago Tribune.

Butcha pleaded guilty to one count of conspiracy to commit damage to protected computers — a charge that can carry a sentence of up to 10 years in prison. However, Butcha has agreed to a plea agreement that will see him co-operate in the investigation, thereby reducing his jail term to two and a half years.

Lizard Squad rose to international prominence over Christmas 2014 when it launched massive DDoS attacks on Sony’s PlayStation Network (PSN) and Microsoft’s Xbox Live crippling their platforms, as well as “initiating so-called phone-bombing schemes that inundated victims with harassing phone calls” as well as general threats made to the FBI. In January 2015, they claimed to have taken over the social media accounts of pop singer, Taylor Swift.

On the other hand, PoodleCorp also hit gaming giants’ servers including Blizzard, EA, Rockstar Games and Niantic among others.

Buchta, who went by several screen names and handles “pein”, “@fbiarelosers”, “lizard” and “xotehpoodle” has also agreed to pay $350,000 in restitution to two online gaming companies that he helped to target.

Buchta and another defendant and fellow Lizard Squad and PoodleCorp core member Bradley Jan Willem Van Rooy, of the Netherlands, were both 19 when they were arrested in October of 2016 in connection with paid attacks on all kinds of victims, ranging from individuals to online-gaming companies. Van Roy is awaiting trial on similar charges in the Europe, following an investigation that began in 2015 and resulted in inter-agency cooperation between U.S. and Netherlands cyber-authorities. These charges are among the first brought in the U.S. against the alleged members of Lizard Squad.

The 61-page complaint alleged Buchta and the Dutch co-defendant operated websites that enabled paying customers to select victims to receive repeated harassing phone calls from spoofed numbers via the site phonebomber.net.

The DOJ released an example of his calls in 2016 which were heavily censored: “Better look over your [expletive] back because I don’t flying [expletive] if we have to burn your [expletive] house down, if we have to [expletive] track your [expletive] family down, we will [expletive] your [expletive] up [expletive]”.

In October 2015, a resident of Northern Illinois, described in court documents as Victim A,” was the “first victim” of the group’s personal harassment attacks. The victim started receiving non-stop phone calls every hour for 30 days with the same recorded message, which went as follows:

“When you walk the f**king streets, motherf**ker, you better look over your f**king back because I don’t flying [expletive] if we have to burn your f**king house down, if we have to f**king track your [expletive] family down, we will [expletive] your [expletive] up [expletive].”

In 2015, a 17-year-old affiliate of the group was convicted and sentenced to two years in prison for a slew of computer crimes in Finland.

read more

North Korean hackers behind attacks on cryptocurrency exchanges in South Korea

North Korean hackers behind attacks on cryptocurrency exchanges in South Korea

South Korean cryptocurrency exchanges hacked by North Korea, claims report

North Korean hackers are suspected to be behind the attacks on cryptocurrency exchanges this year who have netted millions in the virtual currency, claims South Korea’s chief intelligence agency.

The widespread malware campaign targeting cryptocurrency users is believed to be carried out by the “Lazarus Group,” a state-sponsored hacking group linked to the North Korean government. According to researchers, this group has been involved in some notable crimes, such as the 2014 Sony Pictures hack, an $81 million Bangladesh cyber theft in 2016 and the worldwide WannaCry ransomware attacks in May this year.

Citing the country’s National Intelligence Service (NIS), South Korea’s Chosun Ilbo reported that the cyberattacks credited to North Korean hackers also included the leaking of personal information from 36,000 accounts from South Korea’s biggest and one of the top five cryptocurrency exchange in the world, Bithumb, in June.

It also cited the NIS saying that the hackers had also demanded a ransom of 6 billion won ($5.5 million) in exchange for destroying the leaked personal information. Additionally, around 7.6 billion won ($6.99 million) worth of cryptocurrencies were also stolen at that time.

Attacks also included the theft of cryptocurrencies from accounts at exchanges Yapizon, now called Youbit, and Coinis in April and September.

In October, another cyberattack on about 10 cryptocurrency exchanges was carried out by North Korean hackers using e-mails containing malware that used North Korean internet addresses, which was thwarted by the Korea Internet Security Agency (KISA), Chosun Ilbo cited the NIS.

According to the NIS, the malware used to hack the cryptocurrency exchanges was similar to the hacks carried out on Sony Pictures and Bank of Bangladesh in 2014 and 2016 respectively.

Source: Reuters

read more

‘Moneytaker’ hacker group stole millions from U.S. and Russian banks

'Moneytaker' hacker group stole millions from U.S. and Russian banks

Russian hacking group steals more than $10 million from U.S. banks

A Moscow-based security firm, Group-IB has discovered a new group of Russian-speaking hackers who have stolen millions of dollars since May 2016 through international heists.

In a 36-page report published on Monday, Group-IB, which runs the largest computer forensics laboratory in eastern Europe, provided details of the newly-disclosed hacking group “MoneyTaker” named after a piece of custom malware it uses. According to the Group-IB, the hacking group has carried out more than 20 successful attacks on financial institutions and legal firms in the U.S., UK and Russia in the last two months alone.

The MoneyTaker group stole funds by targeting electric fund transfer networks like SWIFT (Society for Worldwide Interbank Financial Telecommunication). The MoneyTaker group also targeted law firms and financial software vendors. Group-IB has confirmed that 20 companies were successfully hacked, of which 16 attacks were on U.S. organizations, three on Russian banks, and one against an IT company in the UK.

In the U.S., the group primarily targeted smaller, community banks as victims, and stole money by infiltrating the credit card processor, including the AWS CBR (Russian Interbank System) and SWIFT international bank messaging service (U.S.). This act of theirs went unnoticed for a year and a half.

“MoneyTaker uses publicly available tools, which makes the attribution and investigation process a non-trivial exercise,” said Dmitry Volkov, Group-IB co-founder and head of intelligence. “In addition, incidents occur in different regions worldwide and at least one of the US banks targeted had documents successfully exfiltrated from their networks, twice.”

The first attack happened in spring of 2016 when money was stolen from a bank by breaching its “STAR” network, a bank transfer messaging system that connects 5,000 ATMs in the U.S.

MoneyTaker members also targeted an interbank network known as AWS CBR, which interfaces with Russia’s central bank. The hackers also stole internal documents related to the SWIFT banking system, although there’s no evidence they have successfully carried out attacks over it.

“The scheme is extremely simple. After taking control over the bank’s network, the attackers checked if they could connect to the card processing system. Following this, they legally opened or bought cards of the bank whose IT system they had hacked. Money mules – criminals who withdraw money from ATMs – with previously activated cards went abroad and waited for the operation to begin,” said the Group-IB.

“After getting into the card processing system, the attackers removed or increased cash withdrawal limits for the cards held by the mules. They removed overdraft limits, which made it possible to overdraw even with debit cards. Using these cards, the mules withdrew cash from ATMs, one by one. The average loss caused by one attack was about $500,000 USD.”

In Russia, $1.2 million was stolen per attack. Last year, stolen SWIFT account credentials was used by online criminals to steal $81 million from a bank in Bangladesh. The amount of information MoneyTaker has collected on the Star, SWIFT, and AWS CBR networks has increased the possibility of the group looking to carry more attacks targeting the interbank payment systems, the group said.

“A number of incidents with copied documents that describe how to make transfers through SWIFT are being investigated by Group-IB. Their contents and geography indicate that banks in Latin America may be targeted next by MoneyTaker,” company officials said in a statement.

“Group-IB specialists expect new thefts in the near future and in order to reduce this risk, Group-IB would like to contribute our report identifying hacker tools, techniques as well as indicators of compromise we attribute to MoneyTaker operations,” they added.

“The more we dig, the more we’ll find,” Group-IB’s Volkov said. “This report doesn’t represent the full picture, and I can say with 100 percent certainty that there are more victims that haven’t been identified yet.”

Source: The Register

read more