hack

now browsing by tag

 
 

Women #allegedly #hack #college #computer system to change #grades

Source: National Cyber Security – Produced By Gregory Evans

The Bucks County District Attorney’s office said Aleisha Morosco tried multiple times to change her microbiology grade.

After several failed attempts, she enlisted a friend’s help, orchestrating a security breach at Bucks County Community College.

Authorities said while working at a medical office affiliated with Penn Medicine, Kelly Marryott accessed a faculty member’s personal information and leaked it to her friend, Aleisha Morosco.

Desperate to change her grade, Morosco then used the stolen data to gain unauthorized access to BCCC’s computer system. Officials said while inside the system, Morosco changed not just her grade, but several other student’s grades in her microbiology class.

“The investigators were able to find out the IP address used to access the professor’s account and change the grades,” said Jovin Jose, ADA Bucks County. “That same IP address was used by one of the charged defendants.”

The electronic footprint led investigators to Morosco and to her 37-year-old friend, Marryott.

“They got his personal information, and shouldn’t have obtained the use for that purpose,” said Jose. “We intend to prove at trial that they accessed his information to change grades, which is a crime.”

Bucks County Community College issued this response to Action News:

“BCCC takes the integrity of its data systems very seriously, and all of it the grades altered in the breach were restored to their correct level.”

Students on campus are stunned a classmate would go to these lengths to change a grade.

“It’s crazy. You deserve the grade you get,” said Emily Bombino. “And if you have an issue talk to your professor. Don’t go around changing, stealing his information.”

Both women face felony counts of unlawful computer use and identity theft. A court date is tentatively set for December.

The post Women #allegedly #hack #college #computer system to change #grades appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Researchers #Hack Car Infotainment #System and Find #Sensitive User #Data Inside

Source: National Cyber Security – Produced By Gregory Evans

People who are worried about their security will use a secure phone, lock down their computer, and use strong passwords for their online accounts. But how many people have considered that their car could be leaking their most sensitive data?

A researcher who recently decided to investigate his car’s infotainment system found that it was not designed using modern software security principles, yet it stored a lot of personal information taken from his phone that could be valuable to hackers.

Executing code on the car’s infotainment unit was extremely easy by connecting a USB flash drive with specially crafted scripts. The system automatically picked up those files and executed them with full administrative privileges.

Car enthusiasts have used the same method in the past to customize their infotainment systems and run non-standard applications on them, but Gabriel Cîrlig, a senior software engineer at security firm Ixia, wanted to understand the security implications of this technique.

What he found was a major privacy issue where call histories, contacts, text messages, email messages, and even directory listings from mobile phones that had been synchronized with the car, were being stored persistently on the infotainment unit in plain text.

Mobile operating systems like Android and iOS go to great lengths to protect such data by restricting which applications have access to it or by allowing users to encrypt their devices. All that security could be undone if people pair their devices over Bluetooth with an infotainment system like the one found in Cîrlig’s car.

Cîrlig and an Ixia colleague Ștefan Tănase decided to go even further and investigate how the car’s infotainment unit could be potentially abused by an attacker or even law enforcement to track users and obtain information about them that they couldn’t otherwise get from their mobile devices.

The researchers presented their findings Friday at the DefCamp security conference in Bucharest, but declined to disclose the car make or model because they’re still in the process of reporting the privacy issue they found. However, they mentioned that the car was made by a Japanese manufacturer.

Cîrlig told me that there is a firmware update available that blocks the USB attack vector on his car, but installing it requires going to a dealership. This means that a large number of cars will likely never be patched.

The infotainment system itself is a hacker’s paradise and is more powerful than most embedded devices, including home routers. It has a Cortex-A9 CPU with 1GB of RAM, as well as Wi-Fi and GPS. The operating system is based on Linux and has a fully functional Bash command-line shell with all its usual utilities. On top of that, there are various debugging tools, including for the GPS, that the system’s developers did not bother to remove, according to Cirlig.

It looks like technology that was created in a rush without any concern for security engineering, Cîrlig told me. “A production system, at least for a car, should be completely locked down.”

He thinks that some of the software design choices were driven by convenience, like the storing of unencrypted user sensitive data indefinitely instead of requesting it again from the phone when the device is in proximity.

In addition to data copied from mobile devices, Cîrlig found other sensitive information on the infotainment unit, such as a list of favorite locations the car has been driven to or from, voice profiles, vehicle status information, and GPS coordinates.

For their presentation, Cîrlig and Tanase showed a proof-of-concept malware program—a Bash script—that when executed via USB, continuously looked for open Wi-Fi hotspots, connected to them and could exfiltrate newly collected data. By combining this malware with location data from the GPS, an attacker could also track the car in real time on a map.

To make things worse, the rogue script is installed as a cron job—a scheduled task on Linux—and is persistent. Even if the infotainment system is reset to factory defaults, cron jobs are not removed, the researchers said.

Hackers could take the attack even further and create a USB worm, where a compromised infotainment system could infect all USB dongles plugged into it and potentially spread the infection to other cars, Cîrlig said. Or the car could be used in a wardriving scenario, trying to automatically exploit Wi-Fi networks and other systems it encounters, he said.

The development of infotainment systems is usually outsourced to third-party electronic component suppliers and not made by the automobile manufacturers themselves. Other researchers have shown in the past that there are ways to jump from the infotainment systems to more critical electronic control units (ECUs)—the specialized embedded computers that control a car’s functions.

The auto industry continues to work using outdated programming principles and very old technology stacks that would be unacceptable today in a modern software development environment; and that needs to change, Cîrlig said. “For someone like myself who has a software development background, that style of coding looks ancient, from the age of the dinosaurs.”

The post Researchers #Hack Car Infotainment #System and Find #Sensitive User #Data Inside appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

IS #militants #hack into #Swedish #radio station in #Malmo, take over #broadcast

Source: National Cyber Security – Produced By Gregory Evans

The attack occurred Friday morning in the southern city of Malmo, but went unnoticed until listeners began calling in. Experts say it is unlikely the prepetrators will be caught.

Islamic State militants hacked into a Swedish radio station Friday, taking over its transmission and broadcasting an English language propaganda song aimed at recruiting more militants.

The song entitled, “For the Sake of Allah” played for about 30 minutes on the Mix Megapol station in Malmo. Mix Megapol is an FM and internet-based radio station that is part of a private radio network.

Jakob Gravestam, a Marketing Director for the Bauer Media Group, which operates the Malmo-based station, issued a statement that said “Somebody interfered with our frequency using a pirate transmitter.”

Mix Megapol is one of Sweden’s biggest radio stations, and has about 1.4 million listeners daily. But the pirated transmission was only heard in parts of the southern city of Malmo, Sweden’s third largest metropolis, with a population of about 350,000.

The song features male voices singing, in English, such lyrics as: “For the sake of Allah we will march to gates of the paradise where our maidens await. We are men who love death just as you love your life, we are soldiers who fight in the day and the night.”

Preventing such attacks

The hack occurred during a popular morning show ‘Anders & Gry with Friends’ but the hosts didn’t notice anything was askew until listeners called in and asked what was going on.

“A lot of people have called us about this,” Gravestam told the 24Malmo website. “We are very happy that people are vigilant and we treat this very seriously.”

Gravestam said the attack highlights the need for broadcasters to discuss how to “prevent” such incidents. He added that Bauer Media will organize such a discussion and invite other broadcasters, as well as the Swedish Post and Telecom Authority (PTS), which monitors the electronic communications and postal sectors, to the meeting.

The post IS #militants #hack into #Swedish #radio station in #Malmo, take over #broadcast appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

“Victory for the #good guys” – #criminal behind #Mandiant #hack arrested

Source: National Cyber Security – Produced By Gregory Evans

“Victory for the #good guys” – #criminal behind #Mandiant #hack arrested

FireEye has caught the hacker behind a well-publicised attack that leaked a security researcher’s details and claimed to infiltrate the company’s networks earlier this year.

Mandiant employee Adi Peretz was the attack’s main victim as a number of his online accounts were exposed. Mandiant is a division of FireEye.

The alleged hacker, who went by the username of LeakTheAnalyst, has now been arrested according to reports, although their name and location have not been made public.

“These attackers rarely, if ever get caught…Over my career, I have found it frustrating how little risk or repercussions exist for the attackers, who hide behind the anonymity of the internet to cause harm to good, well-intentioned people,” Mandia says in a statement.

In addition to OneDrive accounts and PayPal invoices, Peretz’s LinkedIn login was compromised and his page was allegedly defaced by the hacker. The hacker also claimed to have gained access to Mandiant’s systems and customer data.

It was fun to be inside a giant company named ‘Mandiant’ we enjoyed watching how they try to protect their clients and how their dumb analysts are trying to reverse engineer malwares and stuffs. Now that ‘Mandiant’ knows how deep we breached into its infrastructure its so-called threat analysts are trying to block us. Let’s see how successful they are going to be :D,” the hackers’ say as part of their data dump,” a post on PasteBin said.

Two weeks later, the hacker posted another batch of information apparently from the data dump. They also claimed that FireEye was conducting a coverup.

“Well we were waiting FireEye for a public comment and FireEye lied again, and they lied in cost of their customers. They did a mistake. They knew we had access to JIRA, Their IDF workshop wasn’t a part of Adi Peretz’s job. They knew Adi Peretz wasn’t working on Bank Hapoalim,” The PasteBin dump says.

“They said our documents was “public”, are license files, private contract documents, private IDF workshops and internal network topologies public? If they weren’t public why did you removed our files and from public file hosting? Why did you removed our first Pastebin message? They knew the truth and they’re hiding it from their customers and the public,” it continues.

“Therefore, I am pleased that, in this case, we were able to impose repercussions for the attacker and achieve a small victory for the good guys,” Mandia concludes.

The post “Victory for the #good guys” – #criminal behind #Mandiant #hack arrested appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Kremlin Tried To #Hack At Least 4,700 #Email Accounts Before The #Election

Source: National Cyber Security – Produced By Gregory Evans

Kremlin Tried To #Hack At Least 4,700 #Email Accounts Before The #Election

An extensive, Russian-backed hacking operation targeted the email accounts of thousands of perceived Kremlin adversaries in 2015 and 2016, an Associated Press investigation has learned.

The effort, broadly referred to as “Iron Twilight” by security researchers, sought to compromise 4,700 Gmail accounts worldwide, belonging to everyone from high-profile U.S. politicians ― including Hillary Clinton, John Podesta and Colin Powell, who were all hacked ― to academics, journalists, political activists and military personnel.

Who they targeted

According to information provided by Secureworks, the cybersecurity firm whose data underpins much of the AP report, there’s a clear link between the targeted email accounts and Russia’s targets in the real world.

A spokesperson for the prime minister of Ukraine, for instance ― where Russian forces are currently engaged in a military conflict ― was targeted nine times, Secureworks said.

Other targeted individuals identified by the AP include former Secretary of State John Kerry, former NATO Supreme Commander U.S. Air Force Gen. Philip Breedlove, and Serhiy Leshchenko, a Ukranian politician who helped reveal alleged financial crimes of Paul Manafort, who was indicted Monday.

Experts on Ukrainian and Russian subject matters, as well as aerospace researchers and engineers were also among those targeted.

Military spouses and family members also constituted a surprisingly large portion of those targeted, which Secureworks speculates may be an attempt to learn about broader military issues in the U.S., or to gain information about the target’s spouse.

Of the military and government personnel who were targeted, the vast majority are either in the U.S. or a member of NATO:

Given the specific range of targets, experts said the hacks almost undoubtedly originated from within the Kremlin.

“It’s simply hard to see how any other country would be particularly interested in their activities,” Michael Kofman, a Russian military affairs expert at the Woodrow Wilson International Center who had his email targeted, told the AP.

“If you’re not Russia,” he said, “hacking these people is a colossal waste of time.”

Secureworks told HuffPost other, non-Gmail email providers were also targeted in the effort, though they don’t have data on the particulars of the campaign. While the firm only has data spanning March 2015 through May 2016, there’s no reason to believe Russia has ceased its hacking operations.

“This type of operation supports an ongoing intelligence objective,” Rafe Pilling, a senior security researcher with Secureworks’ Counter Threat Unit team said. “The activity is still underway via similar methods and likely will continue while the hackers behind this activity continue to be successful.”

“The targeting we saw (of 4,700 Gmail accounts) was just a fragment of a larger campaign from Iron Twilight.”

How they did it

Data provided by Secureworks shows Russian-linked groups operating under the names APT28, Sofacy, Sednit, Fancy Bear, and Pawn Storm sent emails to targets that mimicked authentic login pages from Google Accounts.

Instead of being directed to the real Google Accounts page, however, the emails directed recipients to a highly-convincing fake page, which then recorded the user’s login and password information:

Russian hackers disguised the website address of the fake page via Bitly, a link-shortening and web analytics service, which is ultimately what tipped Secureworks off to the hacking campaign.

By working backward from a compromised login page, Secureworks was able to decipher the publicly-accessible Bitly account associated with it. That account served as a window into all of the group’s other activity, which, the AP found out, was used 95 percent of the time Monday-Friday, during Moscow’s regular business hours.

Bitly representatives told HuffPost they took quick action once they learned of the activity, noting the operation itself involved little in the way of conventional “hacking” ― all the login information was unwittingly supplied by the targets themselves.

“The links and accounts related to this situation were blocked as soon as we were informed,” Bitly CTO Rob Platzer explained in email. “This isn’t really an exploit of Bitly, but it’s an unfortunate exploit of internet users through social engineering.”

“It serves as a reminder that even the savviest, most skeptical users can be vulnerable to opening unsolicited emails. It can’t always be helped, but we advise everyone to be extra cautious about emails and links related to passwords and other sensitive information, and to employ safety measures such as unique passwords and two-factor authentication.”

What to do if you think you’ve been hacked

Unless your information has been published online, there’s a decent chance you wouldn’t know you’ve been hacked.

“If a target was compromised,” said Pilling, “it’s entirely feasible that the compromise could go undetected for an extended period of time.”

Given the wide range of those targeted and Russia’s continued hacking efforts, Secureworks recommends those who suspect they could be a target ― and use Gmail or any other web mail service ― to regularly change their passwords.

Other commonsense steps, like enabling “two-factor” or “two-step” authentication on your email account, can also go a long way, Pilling said.

He also recommended readers check to see what applications and devices they’ve authorized to access their account, information that’s often found under “settings.”

“If there are any apps or devices they don’t recognize, they should disable or delete the access right away,” he said.

And finally, don’t open attachments or click links in an email unless you’re sure the email was actually ― and intentionally ― sent to you by the sender.

The post Kremlin Tried To #Hack At Least 4,700 #Email Accounts Before The #Election appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

North Korea #accused of #stealing #warship #blueprints in #hack

Source: National Cyber Security – Produced By Gregory Evans

North Korea #accused of #stealing #warship #blueprints in #hack

North Korea’s cyber army appears to be going after real weapons.

Hackers tied to Kim Jong Un’s regime stole blueprints and other information about warships and submarines last year when they broke into one of the world’s biggest shipbuilders, according to South Korean lawmaker Kyeong Dae-soo.

Blueprints, shipbuilding technology, weapons systems and test data related to submarines and destroyers were among roughly 60 classified military documents taken from Daewoo Shipbuilding last year, according to Kyeong’s office. It said it was summarizing information it had received from the South Korean Defense Ministry and several military agencies.

The hackers are believed to have accessed some 40,000 documents in all.

Kyeong, a member of the opposition party, learned of the Daewoo hack at an intelligence briefing last week, according to a spokesman for the lawmaker. The South Korean Defense Ministry declined to comment on the matter, but said it is working to strengthen military security.

Daewoo has built several South Korean warships and submarines, all part of the country’s defenses against North Korea.

A Daewoo spokeswoman declined to comment, beyond saying that the company is looking into the matter.

The Daewoo hack is the latest case to come to light suggesting North Korea is using its hacking abilities to try to gain an edge in the tense standoff with the U.S. and its allies over Pyongyang’s nuclear weapons program.

Earlier this month, another South Korean lawmaker revealed that North Korean hackers allegedly stole classified military documents from a Defense Ministry database. Among the documents stolen were a South Korea-U.S. wartime operation plan and a document that included procedures to “decapitate” North Korean leadership.

North Korean hackers have also been tied to other high profile cyberattacks, including the massive ransomware attack WannaCry earlier this year, a series of attacks on global banks that came to light last year and the hacking of Sony Pictures in 2014.

The North Korean government has repeatedly denied involvement in international cyberattacks.

Cybersecurity experts say the latest alleged heist shows the risks for government contractors.

“State versus state espionage has moved into the digital realm,” said Bryce Boland, Asia Pacific chief technology officer with cybersecurity firm FireEye.

Companies “involved in state activities like defense are considered fair game by cyber spies,” he said.

 

The post North Korea #accused of #stealing #warship #blueprints in #hack appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Pizza Hut hack: Thousands of customers’ data stolen as users report fraudulent card transactions

Source: National Cyber Security – Produced By Gregory Evans

Pizza Hut hack: Thousands of customers’ data stolen as users report fraudulent card transactions

Hackers hit Pizza Hut earlier in October and reportedly stole customers’ financial information. Pizza Hut said that its website was hacked and some of its customers who used the fast food chain’s website and app were affected by the breach.

Although Pizza Hut reportedly sent out emails notifying its customers of the breach, the alerts came two weeks after the company’s website was hacked. Some users took to Twitter to complain about the delayed notification. Some customers also reported fraudulent card transactions, which they suspect may have occurred due to the Pizza Hut hack.

“Pizza Hut has recently identified a temporary security intrusion that occurred on our website. We have learned that the information of some customers who visited our website or mobile application during an approximately 28-hour period (from the morning of October 1, 2017, through midday on October 2, 2017) and subsequently placed an order may have been compromised,” the company said in an email sent to affected customers, Bleeping Computer reported.

“Pizza Hut identified the security intrusion quickly and took immediate action to halt it,” the fast food chain added. “The security intrusion at issue impacted a small percentage of our customers and we estimate that less than one percent of the visits to our website over the course of the relevant week were affected.”

It is still unclear as to how many users may have been affected by the breach and whether the hackers were able to get their hands on any corporate data. IBTimes UK has reached out to Pizza Hut for further clarity on the incident and will update this article in the event of a response.

Source:

The post Pizza Hut hack: Thousands of customers’ data stolen as users report fraudulent card transactions appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Senators worry troops could fall victim to fraud in wake of Equifax hack

Source: National Cyber Security – Produced By Gregory Evans

A bipartisan pair of senators is pressing Equifax for details on how it plans to protect data on U.S. servicemembers caught up in a massive breach, underscoring fears of potential identity theft and financial fraud. Sens. Joe Donnelly (D-Ind.) and Dean Heller (R-Nev.) wrote to the credit reporting firm on…

The post Senators worry troops could fall victim to fraud in wake of Equifax hack appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Corporate America still using Equifax-like software even after hack

Source: National Cyber Security – Produced By Gregory Evans

There are 50,000 potential Equifaxes looming on the horizon. Corporate America has been slow to update its open-source software, even in the wake of the Equifax hack that exposed 143 million people’s sensitive data, according to one of the central hubs for the free programs. More than 50,000 organizations are…

The post Corporate America still using Equifax-like software even after hack appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Hack to the future: HopHacks challenges students to solve problems using technology

Source: National Cyber Security – Produced By Gregory Evans

In rooms around Hodson Hall on Saturday night, clusters of students tapped away at their laptops amid a scattering of snack bags, soda cans, book bags, and belongings. Some took time out from their teamwork to study for a test. A few napped using balled up sweatshirts as pillows. It…

The post Hack to the future: HopHacks challenges students to solve problems using technology appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures