WikiLeaks Servers attacked after the announcement of Turkey coup documents release

WikiLeaks was teasing its Twitter followers with an upcoming leak that supposedly contained 300,000 emails and over 500,000 documents.

According to WikiLeaks, these documents were leaked from AKP (Turkish: Adalet ve Kalkınma Partisi / English: Justice and Development Party), which is President Recep Tayyip Erdogan's party, currently Turkey's biggest political force.

WikiLeaks announced the data dump just three days after a small faction of the Turkish military tried to take over the country's leadership via a military coup that failed hours after. 208 people were killed, and more than 2,000 wounded in the coup's aftermath.

Thousands of police officers and military personnel were arrested across the country over the weekend after the coup had failed. Human rights organizations have complained about Turkey beating prisoners and not bringing forward clear evidence. Some of them, including WikiLeaks, have gone on record and called it a purge of any political dissidents who might oppose Erdogan's rule.

A few hours after WikiLeaks announced the leak, the organization tweeted, "our infrastructure is under sustained attack."

Below are the relevant tweets. At the time of writing, even if it is Tuesday, the day of the leaks, WikiLeaks has failed to deliver on its promised data dump, probably delayed because of the attack.

#TurkeyCoup: Our pending release of 100k docs on Turkish political power? Just kidding. The first batch is 300k emails, 500k docs. #Erdogan — WikiLeaks (@wikileaks) July 18, 2016

#TurkeyCoup: AKP supporters should pay attention. Our pending megaleak of docs both helps & harms AKP. Are you ready to find it all? — WikiLeaks (@wikileaks) July 18, 2016

Our infrastructure is under sustained attack. #TurkeyPurge #Turkey — WikiLeaks (@wikileaks) July 18, 2016

We are unsure of the true origin of the attack. The timing suggests a Turkish state power faction or its allies. We will prevail & publish. — WikiLeaks (@wikileaks) July 18, 2016

Turks ask whether WikiLeaks is pro or anti-AKP. Neither. Our only position is that truth is the way forward. 100k+ docs serves all sides. — WikiLeaks (@wikileaks) July 18, 2016

Turks will likely be censored to prevent them reading our pending release of 100k+ docs on politics leading up to the coup. (1/3) — WikiLeaks (@wikileaks) July 18, 2016

We ask that Turks are ready with censorship bypassing systems such as TorBrowser and uTorrent (2/3) — WikiLeaks (@wikileaks) July 18, 2016

And that everyone else is ready to help them bypass censorship and push our links through the censorship to come. (3/3) — WikiLeaks (@wikileaks) July 18, 2016

Read more: http://news.softpedia.com/news/wikileaks-servers-go-down-under-ddos-attack-after-announcing-turkey-coup-leaks-506436.shtml#ixzz4EvynlOCg

Hacker group threatens to take Pokémon Go offline on August 1

Hackers who claimed responsibility for popular game Pokémon Go being offline over the weekend have threatened a bigger attack in a fortnight's time.
The group, known on Twitter as PoodleCorp, claimed to have brought the game's servers down on Saturday using a Distributed-Denial-of-Service (DDoS) attack reminiscent of that against Sony's PlayStation Network and XBox Live on Christmas Day in 2014. 

"Just was a lil [sic] test, we will do something on a larger scale soon," said Twitter user XO, who claims to be the leader of PoodleCorp.
A little over a day later the PoodleCorp account said: "August 1st #PoodleCorp #PokémonGo".

August 1st #PoodleCorp #PokemonGo

— PoodleCorp (@PoodleCorp) July 18, 2016

Pokémon Go's servers have suffered from high volumes of traffic since the game first launched in Australia, New Zealand and the US a fortnight ago. Niantic Labs, the Google startup behind the game that spun-out in 2015, paused its international release until it was confident that its servers could cope with the traffic.
It said the outage on Saturday was caused by the number of downloads. "Due to the incredible number of Pokémon Go downloads, some Trainers are experiencing server connectivity issues," said a message on Niantic's website over the weekend. "Don't worry, our team is on it." 

But PoodleCorp, which claims affiliation with Lizard Squad and other hacking groups, insists it was behind the attack.
The collective, which formed recently as "a combined group of Lizard Squad and other members that weren't in groups to combine a super group for this summer", has previously claimed to have attacked League of Legends and prominent YouTube video makers, including Leafy and h3h3 Productions.
XO, the alleged PoodleCorp leader, told YouTube news channel Drama Alert: "Chaos is entertainment and we like making people angry."

"We will be taking down all of the servers of Pokémon Go all day long for 24 hours on August 1," he said.
PoodleCorp took the servers down by overwhelming them with traffic from a "very big botnet", a network of virus-connected computers that can be remotely controlled en-masse by cyber criminals, according to XO. "We have various devices, pretty much all of the internet."

Trainers! We have been working to fix the #PokemonGO server issues. Thank you for your patience. We'll post an update soon.

— Pokémon GO (@PokemonGoApp) July 16, 2016

PokemonGo #Offline #PoodleCorp

— PoodleCorp (@PoodleCorp) July 16, 2016

The group said that its attacks can be verified through the time stamps of its Twitter posts, which it claims come before the servers went down, indicating that the outage was maliciously-intended rather than a technical error.
For avid players of the game, XO had a cold warning for the beginning of next month: "Find something else to do because if that's all you have to do you need a life".

In numbers | Pokémon Go

Pokémon Go became a viral success within days of its release. The augmented reality game swiftly outstripped the number of users on the dating app Tinder, and soon had greater user engagement than Twitter and Facebook. 
A collaboration between Niantic, Nintendo and the separate Pokémon company, the game has sent Nintendo's shares rocketing by 90 per cent. That means the game makers, who own 32 per cent of Pokémon Go, have gained $17 billion (£12.85 bn) in market value in just a fortnight.

40M iCloud accounts may have been hacked

Since February, a number of Apple users have reported locked devices displaying ransom demands written in Russian.
Earlier this week, a security professional posted a message to a private email group requesting information related a possible compromise of at least 40 million iCloud accounts.
Salted Hash started digging around on this story after the email came to our attention. In it, a list member questioned the others about a rumor concerning "rumblings of a massive (40 million) data breach at Apple."

The message goes on to state that the alleged breach was conducted by a Russian actor, and vector "seems to be via iCloud to the 'locate device' feature, and is then locking the device and asking for money."

Salted Hash reached out to Apple for comments, we'll update this article if they respond.
Update: Sources familiar with these types of attacks, speaking on background with Salted Hash, have said the victim count of 40 million is likely way overblown. Their reasoning is sound too, because even if only a small percentage of the list were being attacked, a few hundred thousand victims within a few months would standout like a beacon. In short, there would be no way to keep such attacks under the radar.
For now, let's assume there hasn't been a massive iCloud data breach. If that's the case, then how are these users being compromised?

How the attack works:

In 2014, someone (or perhaps more than one person) using the name "Oleg Pliss" held an unknown number of Australian Apple devices for ransom, demanding a payment of $100.

The Russian Interior Ministry announced in June of 2014 that two people were arrested for blocking Apple devices to extort funds. With those arrests, it was assumed the scams were finished.
But since at least February of this year, the scams have returned and the most recent cases are targeting users in Europe and the United States, but the methods used by the attackers are the same ones that were popular two years ago.
It starts with a compromised Apple ID. From there, the attacker uses Find My iPhone and places the victim's device into lost mode. At this point, they can lock the device, post a message to the lock screen and trigger a sound to play, drawing attention to it.
In each of the cases reported publicly, the ransom demanded is usually $30 to $50. If a victim contacts the referenced email address, in addition to payment instructions, they're told they have 12 hours to comply or their data will be deleted.

China hacked the FDIC

The House of Representative's Science, Space and Technology Committee released its investigative report on Wednesday. 

It presents the FDIC's bank regulators as technologically inept -- and deceitful.
According to congressional investigators, the Chinese government hacked into 12 computers and 10 backroom servers at the FDIC, including the incredibly sensitive personal computers of the agency's top officials: the FDIC chairman, his chief of staff, and the general counsel.
When congressional investigators tried to review the FDIC's cybersecurity policy, the agency hid the hack, according to the report.
Investigators cited several insiders who knew about how the agency responded. For example, one of the FDIC's top lawyers told employees not to discuss the hacks via email -- so the emails wouldn't become official government records.
FDIC Chairman Martin Gruenberg is being summoned before the Congressional committee on Thursday to explain what happened.
The FDIC refused to comment. However, in a recent internal review, the agency admits that it "did not accurately portray the extent of risk" to Congress and recordkeeping "needs improvement." The FDIC claims it's now updating its policies.
Given the FDIC's role as a national banking regulator, the revelation of this hack poses serious concern.
Related: Are Chinese hackers dialing back attacks on the U.S.?
The FDIC's role is to monitor any bank that isn't reviewed by the Federal Reserve system. It has access to extremely sensitive, internal information at 4,500 banks and savings institutions.
The FDIC also insures deposits at banks nationwide, giving it access to huge loads of information on Americans.
"Obviously it's indicative of the Chinese effort to database as much information as possible about Americans. FDIC information is right in line with the deep personal information they've gone for in the past," said computer security researcher Ryan Duff. He's a former member of U.S. Cyber Command, the American military's hacking unit.
"Intentionally avoiding audits sounds unethical if not illegal," he added.
Congressional investigators discovered the hacks after finding a 2013 memo from the FDIC's own inspector general to the agency's chairman, which detailed the hack and criticized the agency for "violating its own policies and for failing to alert appropriate authorities."
Related: Chinese man admits to cyber spying on Boeing and other U.S. firms
The report also says this culture of secrecy led the FDIC's chief information officer, Russ Pittman, to mislead auditors. One whistleblower, whose identity is not revealed in the report, claimed that Pittman "instructed employees not to discuss... this foreign government penetration of the FDIC's network" to avoid ruining Gruenberg's confirmation by the U.S. Senate in March 2012.
David Kennedy, a computer security expert and former analyst at the NSA spy agency, worries that federal agencies are repeatedly hiding hacks "under the blanket of national security."
"With such a high profile breach and hitting the top levels of the FDIC, it's crazy to me to think that this type of information wasn't publicly released. We need to be deeply concerned around the disclosure process around our federal government," said Kennedy, who now runs the cybersecurity firm TrustedSec.
Related: China blames criminals for U.S. government hack
This same committee, led by Republican Congressman Lamar Smith of Texas, has previously criticized the FDIC for minimizing data breaches.
Several cybersecurity experts -- who have extensive experience guarding government computers -- expressed dismay at the alleged coverup.
"It's incumbent upon our policymakers to know about these data breaches so we can properly evaluate our defenses. Trying to hide successful intrusions only makes it easier for the next hacker to get in," said Dan Guido, who runs the cybersecurity firm Trail of Bits.

Russian hackers attack

Russian hackers are probing Western defences and have already attacked one power company, security researchers have warned.

A team from SentinelOne said “state sponsored hackers” have targeted a European firm using sophisticated digital warfare techniques.
The attacks came from Eastern Europe and are likely to be Russian in origin, although SentinelOne stopped short of blaming Moscow outright.

Any attack on the power grid could be devastating, because it would effectively cripple an advanced country’s economy.
In 2003, a blackout in the north east of America is thought to have cost $6billion. The world is even more reliant on technology now, meaning the cost could be much higher if hackers managed to bring down the power and turn the lights off in a major city like London or New York.
Tech experts Joseph Landry and Udi Shamir wrote: “The Labs team at SentinelOne recently discovered a sophisticated malware campaign specifically targeting at least one European energy company.
“Upon discovery, the team reverse engineered the code and believes that based on the nature, behavior and sophistication of the malware and the extreme measures it takes to evade detection, it likely points to a nation-state sponsored initiative, potentially originating in Eastern Europe.”
The malware used by the hackers is highly advanced, meaning it could not have been designed by anyone who was not state sponsored.
SentinelOne told Ars Technica the digital weapon may have been designed by Russia teams, but declined to be more specific.
Security firms are famously wary of “attributing” attacks, because of the risk of blaming the wrong person.

Russian hackers are often suspected of scheming against the western governments and businesses.
Here are some recent articles relevant to the topic.

 They attacked: 

 Central Bank of Cyprus

Merkel's CDU party

a major Finnish media group.

LinkedIn accounts

DNC, Clinton and Trump part 1

DNC hack part 2

NATO sites (possibly)

Russian hackers also cooperated with China to control the world wide web (allegedly)

And finally here's some speculation about russian cyber operations and activities.

 

 

 

NATO sites downed as measures approved opposing Russian aggression

Three days after the North Atlantic Treaty Organization's Allied Transformation Command websites were knocked offline, the alliance has yet to release official comments over the cause of the outage that felled two military command websites.

The outages occurred during a NATO summit held in Warsaw last week, raising suspicions that Russian hackers could have attacked the websites in response to the summit's initiatives opposing Russian military aggression. “This is a suspicious timing for a technical failure,” a senior NATO official said, according to a Wall Street Journal report. “If this is a cyberattack, it would be no surprise.”
On Friday, NATO approved measures to place US, UK, Germany and Canada-led battalions along member nations' borders with Russia. The battalions are expected to be placed in Estonia, Latvia, Lithuania and Poland by early next year. The intergovernmental alliance also on Friday approved language that defines cyberspace as a domain of war.
Over the weekend, NATO approved an aid package to support the defense, security, and cybersecurity of Ukraine, a non-NATO-member that has been engaged in a prolonged cyber-conflict with Russia.
Earlier this month, a researcher discovered a campaign targeting Ukrainian officials. Login credentials of employees at the National Bank of Ukraine and the South Ukranian Nuclear Energy Complex, and other Ukrainian officials were dumped on Pastebin.

Twitter CEO' twitter hacked!

Twitter CEO Jack Dorsey's accounts aren't protected from security hacks.

Earlier today, two tweets were sent from Jack Dorsey's Twitter account claiming to be from a group called OurMine. The tweets linked to a video on Dorsey's Vine account, which were cross posted to his Twitter account. Vine is also owned by Twitter.


The tweets has since been deleted and the videos has been deleted from Dorsey's Vine account. However, his Vine account bio still references OurMine team.


OurMine is the same group that had previously hacked into Google CEO Sundar Pichai's Quora acccount and Facebook CEO Mark Zuckerberg's Pinterest & Twitter accounts as well as Twitter accounts of Amazon CTO Werner Vogels, venture Capitalist Mark Suster and Spotify founder Daniel Ek to post similar messages.