Articles about Hacking

Some four months after the first Vault 7 leak, WikiLeaks continues to publish revealing CIA documents that detail the agency's ability to hack, infiltrate and surveil targets. The latest batch goes under the banner "UCL / Raytheon", and comprises documents from CIA contractor Raytheon Blackbird Technologies.

Dating from late 2014 and late 2015, the documents show how the CIA, through Raytheon Blackbird Technologies, monitored malware in the wild to see how it could be used by the agency. The documents cover tools produced by the infamous Hacking Team as well as the Russian HammerToss malware delivered via Twitter.

Continue reading →

A lightning-fast raid on a cryptocurrency platform's website earned a hacker $7 million in three minutes yesterday. Moments after CoinDash launched its ICO (Initial Coin Offering, the cryptocurrency version of an IPO), the attacker modified the address of the wallet it used and watched as millions poured into their own account.

The website was shut down as soon as the hack was discovered, but by this time $7 million had already disappeared. CoinDash managed to gather $6 million from investors, but funds stopped arriving with the shutdown.

Continue reading →

Businesses aren’t investing enough to protect their businesses from data breaches. What’s more, even the funds they are investing are going down the wrong path.

New research from digital security firm Gemalto found that, despite the increasing number of data breaches and nearly 1.4 billion data records being lost or stolen in 2016, the vast majority of IT Professionals still believe perimeter security is effective at keeping unauthorized users out of their networks.

Continue reading →

The meeting between Donald Trump and Vladimir Putin was always going to generate a great deal of interest. After the two presidents had their first (official) meeting on Friday, Trump tweeted on Sunday that the pair has discussed "forming an impenetrable Cyber Security unit."

Considering Trump has accused Russia of hacking the US election, such an arrangement would seem unlikely. Nonetheless, the topic was broached. It was brought up "so that election hacking, & many other negative things, will be guarded and safe." But it didn’t take Trump long to back down from the idea.

Continue reading →

Criminals behind the recent Petya/NotPetya attack have made a fresh ransom demand as they look to continue their mayhem

A post on online hub DeepPaste said to be from the attackers is demanding 100 bitcoins ($250,000) to decrypt anything that's been affected by the recent attack. Motherboard managed to get in touch with one of the individuals claiming to be from the group. They tried the decryption on a file, and after a two-hour wait, it was successful.

Continue reading →

The latest addition to WikiLeaks' Vault 7 cache of CIA tools and documents gives details of tools used by the agency to attack Windows and Linux computers. The BothanSpy and Gyrfalcon projects can be used to intercept and exfiltrate SSH (Secure Shell) credentials.

BothanSpy is used to target Windows, while Gyrfalcon is used for Linux machines, with both working in different ways. A number of popular distros can be hit by Gyrfalcon, including CentOS, Debian, RedHat, openSUSE and Ubuntu, and both tools function as implants that steal credentials before transmitting them to a CIA server.

Continue reading →

Adding extra features like plugins and social media links makes websites more likely to be compromised according to a new report.

The study by website security company SiteLock finds that sites with between one and five plugins have 1.5 times more chance of being compromised than the average site.

Continue reading →

Thanks to its rapidly growing value, relative anonymity, and easy trading opportunities, the cryptocurrency market is a highly attractive target for hackers. Making things even more interesting, the major exchanges deal with significant volumes throughout the day, making them a prime target for cryptocurrency thefts.

Bithumb is among the biggest targets, being the fourth-largest cryptocurrency exchange by volume and the largest in South Korea. And last week it got hacked, with users estimated to have lost billions of won as a result. I say estimated because Bithumb hasn't gone public yet with an accurate figure -- or any figure for that matter.

Continue reading →

The Vault 7 leaks continue to flow thick and fast from WikiLeaks, shedding more and more light on the hacking and infiltration capabilities of the CIA. The latest batch details the OutlawCountry project which finds the CIA targeting Linux systems.

With Linux-based operating systems usually lauded for their impenetrability, news of a possible chink in the armour will undoubtedly cause concern. With OutlawCountry, it seems the CIA was able to redirect network traffic from a target machine to an agency-controlled machine for infiltration.

Continue reading →

An investigation by the Times has found that passwords belonging to British officials have been traded by Russian hackers. The passwords and email addresses of tens of thousands of politicians, senior police officers and diplomats were sold or swapped following an attack on LinkedIn in 2012.

As well as LinkedIn, some information seems to have been garnered from MySpace. The credentials for politicians, including education secretary Justine Greening and business secretary Greg Clark, were initially put on the market for sale or trade, but were later made available free of charge.

Continue reading →

Virgin Media is urging hundreds of thousands of customers with its Super Hub 2 router to change their passwords after a Which? investigation uncovered a way for hackers to gain access to the device.

If the password for the router is not changed from its default there is a risk from hacking, but Virgin Media said the risk is small. Nevertheless, as a precautionary measure a password change is the advice for more than 800,000 users.

Continue reading →

We're all familiar with the concept of the dark web where information gained from hacks and data breaches is traded amongst cyber criminals. But just how much are your identity and account credentials worth?

Password manager and digital vault app Keeper Security has produced an infographic looking at how much various pieces of information trade for.

Continue reading →

Wikileaks has released a batch of documents from the middle of 2012 revealing details of the CIA's CherryBlossom project. A joint venture with the Stanford Research Institute, the CherryBlossom files show how the agency can take remote control of routers and other networking devices from numerous manufacturers, transforming them into listening devices.

CherryBlossom also enables the CIA to interfere with both incoming and outgoing traffic. Passwords present little obstacle in many cases and the fact that remote infection is possible makes the implant very simple to install. The documents reveal how the CIA can home in on a target using information such as MAC address, email address, or even chat handles.

Continue reading →

If you have $20 to spare and some "basic programming knowledge," you can create a powerful hacking tool that can collect huge amounts of user credentials, easily. The best part about it is that you don’t even need to use any malware or viruses -- everything can be clean as a whistle.

The news was revealed by security experts Kaspersky Lab, which was able to create such a device using a Raspberry-Pi microcomputer that was then configured as an Ethernet adapter.

Continue reading →

Researchers from the Kromtech Security Research Center have discovered an unprotected database online that includes information on about 10 million cars sold in the US.

As well as data such as VIN and details of payment plans, the database also includes detailed information about owners, such as name, address, phone numbers and occupation. It has been left exposed online for over four months, but it's not clear who the owner is -- or how to address the security risk it poses.

Continue reading →