WikiLeaks Servers attacked after the announcement of Turkey coup documents release

WikiLeaks was teasing its Twitter followers with an upcoming leak that supposedly contained 300,000 emails and over 500,000 documents.

According to WikiLeaks, these documents were leaked from AKP (Turkish: Adalet ve Kalkınma Partisi / English: Justice and Development Party), which is President Recep Tayyip Erdogan's party, currently Turkey's biggest political force.

WikiLeaks announced the data dump just three days after a small faction of the Turkish military tried to take over the country's leadership via a military coup that failed hours after. 208 people were killed, and more than 2,000 wounded in the coup's aftermath.

Thousands of police officers and military personnel were arrested across the country over the weekend after the coup had failed. Human rights organizations have complained about Turkey beating prisoners and not bringing forward clear evidence. Some of them, including WikiLeaks, have gone on record and called it a purge of any political dissidents who might oppose Erdogan's rule.

A few hours after WikiLeaks announced the leak, the organization tweeted, "our infrastructure is under sustained attack."

Below are the relevant tweets. At the time of writing, even if it is Tuesday, the day of the leaks, WikiLeaks has failed to deliver on its promised data dump, probably delayed because of the attack.

#TurkeyCoup: Our pending release of 100k docs on Turkish political power? Just kidding. The first batch is 300k emails, 500k docs. #Erdogan — WikiLeaks (@wikileaks) July 18, 2016

#TurkeyCoup: AKP supporters should pay attention. Our pending megaleak of docs both helps & harms AKP. Are you ready to find it all? — WikiLeaks (@wikileaks) July 18, 2016

Our infrastructure is under sustained attack. #TurkeyPurge #Turkey — WikiLeaks (@wikileaks) July 18, 2016

We are unsure of the true origin of the attack. The timing suggests a Turkish state power faction or its allies. We will prevail & publish. — WikiLeaks (@wikileaks) July 18, 2016

Turks ask whether WikiLeaks is pro or anti-AKP. Neither. Our only position is that truth is the way forward. 100k+ docs serves all sides. — WikiLeaks (@wikileaks) July 18, 2016

Turks will likely be censored to prevent them reading our pending release of 100k+ docs on politics leading up to the coup. (1/3) — WikiLeaks (@wikileaks) July 18, 2016

We ask that Turks are ready with censorship bypassing systems such as TorBrowser and uTorrent (2/3) — WikiLeaks (@wikileaks) July 18, 2016

And that everyone else is ready to help them bypass censorship and push our links through the censorship to come. (3/3) — WikiLeaks (@wikileaks) July 18, 2016

Read more: http://news.softpedia.com/news/wikileaks-servers-go-down-under-ddos-attack-after-announcing-turkey-coup-leaks-506436.shtml#ixzz4EvynlOCg

Hacker group threatens to take Pokémon Go offline on August 1

Hackers who claimed responsibility for popular game Pokémon Go being offline over the weekend have threatened a bigger attack in a fortnight's time.
The group, known on Twitter as PoodleCorp, claimed to have brought the game's servers down on Saturday using a Distributed-Denial-of-Service (DDoS) attack reminiscent of that against Sony's PlayStation Network and XBox Live on Christmas Day in 2014. 

"Just was a lil [sic] test, we will do something on a larger scale soon," said Twitter user XO, who claims to be the leader of PoodleCorp.
A little over a day later the PoodleCorp account said: "August 1st #PoodleCorp #PokémonGo".

August 1st #PoodleCorp #PokemonGo

— PoodleCorp (@PoodleCorp) July 18, 2016

Pokémon Go's servers have suffered from high volumes of traffic since the game first launched in Australia, New Zealand and the US a fortnight ago. Niantic Labs, the Google startup behind the game that spun-out in 2015, paused its international release until it was confident that its servers could cope with the traffic.
It said the outage on Saturday was caused by the number of downloads. "Due to the incredible number of Pokémon Go downloads, some Trainers are experiencing server connectivity issues," said a message on Niantic's website over the weekend. "Don't worry, our team is on it." 

But PoodleCorp, which claims affiliation with Lizard Squad and other hacking groups, insists it was behind the attack.
The collective, which formed recently as "a combined group of Lizard Squad and other members that weren't in groups to combine a super group for this summer", has previously claimed to have attacked League of Legends and prominent YouTube video makers, including Leafy and h3h3 Productions.
XO, the alleged PoodleCorp leader, told YouTube news channel Drama Alert: "Chaos is entertainment and we like making people angry."

"We will be taking down all of the servers of Pokémon Go all day long for 24 hours on August 1," he said.
PoodleCorp took the servers down by overwhelming them with traffic from a "very big botnet", a network of virus-connected computers that can be remotely controlled en-masse by cyber criminals, according to XO. "We have various devices, pretty much all of the internet."

Trainers! We have been working to fix the #PokemonGO server issues. Thank you for your patience. We'll post an update soon.

— Pokémon GO (@PokemonGoApp) July 16, 2016

PokemonGo #Offline #PoodleCorp

— PoodleCorp (@PoodleCorp) July 16, 2016

The group said that its attacks can be verified through the time stamps of its Twitter posts, which it claims come before the servers went down, indicating that the outage was maliciously-intended rather than a technical error.
For avid players of the game, XO had a cold warning for the beginning of next month: "Find something else to do because if that's all you have to do you need a life".

In numbers | Pokémon Go

Pokémon Go became a viral success within days of its release. The augmented reality game swiftly outstripped the number of users on the dating app Tinder, and soon had greater user engagement than Twitter and Facebook. 
A collaboration between Niantic, Nintendo and the separate Pokémon company, the game has sent Nintendo's shares rocketing by 90 per cent. That means the game makers, who own 32 per cent of Pokémon Go, have gained $17 billion (£12.85 bn) in market value in just a fortnight.

40M iCloud accounts may have been hacked

Since February, a number of Apple users have reported locked devices displaying ransom demands written in Russian.
Earlier this week, a security professional posted a message to a private email group requesting information related a possible compromise of at least 40 million iCloud accounts.
Salted Hash started digging around on this story after the email came to our attention. In it, a list member questioned the others about a rumor concerning "rumblings of a massive (40 million) data breach at Apple."

The message goes on to state that the alleged breach was conducted by a Russian actor, and vector "seems to be via iCloud to the 'locate device' feature, and is then locking the device and asking for money."

Salted Hash reached out to Apple for comments, we'll update this article if they respond.
Update: Sources familiar with these types of attacks, speaking on background with Salted Hash, have said the victim count of 40 million is likely way overblown. Their reasoning is sound too, because even if only a small percentage of the list were being attacked, a few hundred thousand victims within a few months would standout like a beacon. In short, there would be no way to keep such attacks under the radar.
For now, let's assume there hasn't been a massive iCloud data breach. If that's the case, then how are these users being compromised?

How the attack works:

In 2014, someone (or perhaps more than one person) using the name "Oleg Pliss" held an unknown number of Australian Apple devices for ransom, demanding a payment of $100.

The Russian Interior Ministry announced in June of 2014 that two people were arrested for blocking Apple devices to extort funds. With those arrests, it was assumed the scams were finished.
But since at least February of this year, the scams have returned and the most recent cases are targeting users in Europe and the United States, but the methods used by the attackers are the same ones that were popular two years ago.
It starts with a compromised Apple ID. From there, the attacker uses Find My iPhone and places the victim's device into lost mode. At this point, they can lock the device, post a message to the lock screen and trigger a sound to play, drawing attention to it.
In each of the cases reported publicly, the ransom demanded is usually $30 to $50. If a victim contacts the referenced email address, in addition to payment instructions, they're told they have 12 hours to comply or their data will be deleted.

China hacked the FDIC

The House of Representative's Science, Space and Technology Committee released its investigative report on Wednesday. 

It presents the FDIC's bank regulators as technologically inept -- and deceitful.
According to congressional investigators, the Chinese government hacked into 12 computers and 10 backroom servers at the FDIC, including the incredibly sensitive personal computers of the agency's top officials: the FDIC chairman, his chief of staff, and the general counsel.
When congressional investigators tried to review the FDIC's cybersecurity policy, the agency hid the hack, according to the report.
Investigators cited several insiders who knew about how the agency responded. For example, one of the FDIC's top lawyers told employees not to discuss the hacks via email -- so the emails wouldn't become official government records.
FDIC Chairman Martin Gruenberg is being summoned before the Congressional committee on Thursday to explain what happened.
The FDIC refused to comment. However, in a recent internal review, the agency admits that it "did not accurately portray the extent of risk" to Congress and recordkeeping "needs improvement." The FDIC claims it's now updating its policies.
Given the FDIC's role as a national banking regulator, the revelation of this hack poses serious concern.
Related: Are Chinese hackers dialing back attacks on the U.S.?
The FDIC's role is to monitor any bank that isn't reviewed by the Federal Reserve system. It has access to extremely sensitive, internal information at 4,500 banks and savings institutions.
The FDIC also insures deposits at banks nationwide, giving it access to huge loads of information on Americans.
"Obviously it's indicative of the Chinese effort to database as much information as possible about Americans. FDIC information is right in line with the deep personal information they've gone for in the past," said computer security researcher Ryan Duff. He's a former member of U.S. Cyber Command, the American military's hacking unit.
"Intentionally avoiding audits sounds unethical if not illegal," he added.
Congressional investigators discovered the hacks after finding a 2013 memo from the FDIC's own inspector general to the agency's chairman, which detailed the hack and criticized the agency for "violating its own policies and for failing to alert appropriate authorities."
Related: Chinese man admits to cyber spying on Boeing and other U.S. firms
The report also says this culture of secrecy led the FDIC's chief information officer, Russ Pittman, to mislead auditors. One whistleblower, whose identity is not revealed in the report, claimed that Pittman "instructed employees not to discuss... this foreign government penetration of the FDIC's network" to avoid ruining Gruenberg's confirmation by the U.S. Senate in March 2012.
David Kennedy, a computer security expert and former analyst at the NSA spy agency, worries that federal agencies are repeatedly hiding hacks "under the blanket of national security."
"With such a high profile breach and hitting the top levels of the FDIC, it's crazy to me to think that this type of information wasn't publicly released. We need to be deeply concerned around the disclosure process around our federal government," said Kennedy, who now runs the cybersecurity firm TrustedSec.
Related: China blames criminals for U.S. government hack
This same committee, led by Republican Congressman Lamar Smith of Texas, has previously criticized the FDIC for minimizing data breaches.
Several cybersecurity experts -- who have extensive experience guarding government computers -- expressed dismay at the alleged coverup.
"It's incumbent upon our policymakers to know about these data breaches so we can properly evaluate our defenses. Trying to hide successful intrusions only makes it easier for the next hacker to get in," said Dan Guido, who runs the cybersecurity firm Trail of Bits.

Russian hackers attack

Russian hackers are probing Western defences and have already attacked one power company, security researchers have warned.

A team from SentinelOne said “state sponsored hackers” have targeted a European firm using sophisticated digital warfare techniques.
The attacks came from Eastern Europe and are likely to be Russian in origin, although SentinelOne stopped short of blaming Moscow outright.

Any attack on the power grid could be devastating, because it would effectively cripple an advanced country’s economy.
In 2003, a blackout in the north east of America is thought to have cost $6billion. The world is even more reliant on technology now, meaning the cost could be much higher if hackers managed to bring down the power and turn the lights off in a major city like London or New York.
Tech experts Joseph Landry and Udi Shamir wrote: “The Labs team at SentinelOne recently discovered a sophisticated malware campaign specifically targeting at least one European energy company.
“Upon discovery, the team reverse engineered the code and believes that based on the nature, behavior and sophistication of the malware and the extreme measures it takes to evade detection, it likely points to a nation-state sponsored initiative, potentially originating in Eastern Europe.”
The malware used by the hackers is highly advanced, meaning it could not have been designed by anyone who was not state sponsored.
SentinelOne told Ars Technica the digital weapon may have been designed by Russia teams, but declined to be more specific.
Security firms are famously wary of “attributing” attacks, because of the risk of blaming the wrong person.

Russian hackers are often suspected of scheming against the western governments and businesses.
Here are some recent articles relevant to the topic.

 They attacked: 

 Central Bank of Cyprus

Merkel's CDU party

a major Finnish media group.

LinkedIn accounts

DNC, Clinton and Trump part 1

DNC hack part 2

NATO sites (possibly)

Russian hackers also cooperated with China to control the world wide web (allegedly)

And finally here's some speculation about russian cyber operations and activities.

 

 

 

NATO sites downed as measures approved opposing Russian aggression

Three days after the North Atlantic Treaty Organization's Allied Transformation Command websites were knocked offline, the alliance has yet to release official comments over the cause of the outage that felled two military command websites.

The outages occurred during a NATO summit held in Warsaw last week, raising suspicions that Russian hackers could have attacked the websites in response to the summit's initiatives opposing Russian military aggression. “This is a suspicious timing for a technical failure,” a senior NATO official said, according to a Wall Street Journal report. “If this is a cyberattack, it would be no surprise.”
On Friday, NATO approved measures to place US, UK, Germany and Canada-led battalions along member nations' borders with Russia. The battalions are expected to be placed in Estonia, Latvia, Lithuania and Poland by early next year. The intergovernmental alliance also on Friday approved language that defines cyberspace as a domain of war.
Over the weekend, NATO approved an aid package to support the defense, security, and cybersecurity of Ukraine, a non-NATO-member that has been engaged in a prolonged cyber-conflict with Russia.
Earlier this month, a researcher discovered a campaign targeting Ukrainian officials. Login credentials of employees at the National Bank of Ukraine and the South Ukranian Nuclear Energy Complex, and other Ukrainian officials were dumped on Pastebin.

Twitter CEO' twitter hacked!

Twitter CEO Jack Dorsey's accounts aren't protected from security hacks.

Earlier today, two tweets were sent from Jack Dorsey's Twitter account claiming to be from a group called OurMine. The tweets linked to a video on Dorsey's Vine account, which were cross posted to his Twitter account. Vine is also owned by Twitter.


The tweets has since been deleted and the videos has been deleted from Dorsey's Vine account. However, his Vine account bio still references OurMine team.


OurMine is the same group that had previously hacked into Google CEO Sundar Pichai's Quora acccount and Facebook CEO Mark Zuckerberg's Pinterest & Twitter accounts as well as Twitter accounts of Amazon CTO Werner Vogels, venture Capitalist Mark Suster and Spotify founder Daniel Ek to post similar messages.

Anonymous Hackers Threaten the U.S. with a 'Day of Solidarity' with Black Lives Matter

The activist computer hacker group Anonymous is calling for protests and cyber attacks during a "day of solidarity" with the Black Lives Matter movement around the country this week.

EMERGENCY ALERT: Anonymous and #BlackLivesMatter call for #DayOfSolidarity against police brutality. https://t.co/z5la1aJDJm #Dallas

— TheAnonMessage (@TheAnonnMessage) July 10, 2016

"Anonymous has declared a day of action in solidarity with the Black Lives Matter movement and the victims of Police Brutality as well as alongside the families of Alton Sterling and Philando Castile," the statement says, which appears under a video on YouTube. 

"We are calling on a collective day of rage," the statement reads. "A day of action centered around civil disobedience and the right to protest."

The statement links to a list of protests allegedly planned at 37 cities around the country on Friday.

Ukrainian hacker attacked a polish meiaa company "Netia"

A Ukrainian hacker going by the handle of Pravy Sektor has breached the servers of Poland’s telecom company Netia SA and stole a massive trove of data a couple of days ago and posted it for public access on an underground forum.

---

Netia SA has acknowledged that netia.pl faced a cyber attack from the hackers but claimed that only specific amount of data has been stolen. A press release from the company explains that passwords and logins of self-service portal NetiaOnline are safe while data of customers and cooperating companies are secured by the experts.

The attack was launched at 11:03 a.m. (0903 GMT) on Thursday and impeded access to Netia’s main web page netia.pl until late in the evening the same day, said spokeswoman Lidia Marcinkowska. She said hackers may have gained access to some data of its clients as they had accessed two types of forms sent via Netia’s website by people wanting to contact the company or sign a contract with it.

W związku z atakiem na naszą stronę informujemy, że serwisy, loginy, hasła do NOL są bezpieczne.Więcej informacji tu:https://t.co/Sdhhpqw05F

— NETIA SA (@NETIA_SA) July 9, 2016

Analysis:

The data was first discovered by Yogev Mizrahi, Head of cybersecurity team at Hacked-DB and analyzed by Oren Yaakobi who found the stolen data is far greater than what the company claims in their press releases. Here is a full and exclusive data analysis conducted by Hacked-DB:

Ukrainian hacker posted multiple SQL files that are compromised and extracted from investor.netia.pl domain. There are several database files including sales DB that contains records such as Blue Media transactions, device and product offers, IP Block Lead and IP TradeDoubler. There’s also an SQL file containing 342,000 lines and contains data such as first and last name, home address and IP address. The data was last updated in 2014.

The leaked records also include data about clients and publication information such as email addresses, phone numbers, home address, IP details and full names. Another file in the database contains street address, city, area codes and IP addresses.

Researchers have also found a 9GB file size Log file containing, session ID, IP address, agent type, browser and the operating system details of users.

In total, the dumped data is about 14GB in size and last but not least, the hacker has also dumped 615,525 unique email addresses including 150,440 emails from Poland’s sixth-largest web portal Wirtualna, 118,989 Gmail emails addresses, 64,000 email address of O2 users. Here is a list of top 10 email domains compromised:

Though the researchers did not obtain passwords from the data but they were able to detect logger database holding session IDs of users which basically means that a malicious user having access to the data can authenticate as another user based on this sensitive data. 

An important point to notice is that session ID is a very critical finding, this data allows direct connection to the website without authentication process with username and password, explains one of the researchers from Hacked-DB.

Recently, we have seen an increase in such offers where hackers have been offering highly confidential data from top social media giants including MySpace, LinkedIn, Twitter, Beautiful People and VK.com but when it comes to telecom giants, one of UK’s largest telecom companies TalkTalk faced a massive data breach when hackers stole personal data of 4 Million users.

At the moment it is unclear what flaw allowed hackers to bypass Netia’s server but based on previous data breaches a simple SQL flaw lets hackers make their way to protected data. However, Netia’s website which was down after the attack has been restored. Here is a screenshot showing the site was down for maintenance: 

Patchwork" hackers attack South-Asian states

An advanced persistent threat tied to Southeast Asia and the South China Sea is targeting governments and entities around the world including the U.S. The attacks are unique, according to security experts, because the perpetrators are relying nearly 100 percent on computer code copied-and-pasted from sources on the web.
Cymmetria Research, which discovered the APT and today released a report on the attacks, calls those responsible for the attacks Patchwork because the group has piece-mealed computer code from sources such as open-source repository GitHub, the dark web and hidden criminal forums. “Those behind these attacks have copied, pasted and pieced together everything from penetration tools, malware and post-intrusion attack tools,” said Gadi Evron, founder and CEO of Cymmetria Research.

“This group shows how low the bar has been moved for a successful APT attack to take flight,” Evron said. “We are impressed that these attacks were able to infiltrate high-end organizations given the apparent low technical aptitude of the attackers,” he said.
Patchwork attackers are believed to be of Indian origin and gathering intelligence from influential parties tied to Southeast Asia and the South China Sea. Threat actors, Cymmetria said, were active during the Indian time zone. However, the report’s authors point out, it’s not possible to say conclusively that the attacks were originating in India. The report added, while it also can’t be said definitively, the attacks may be related to similar APT Hangover/Appin.
“Patchwork is a highly successful APT operation, infecting approximately 2,500 high-value targets worldwide,” the report states. Attacks began in the December timeframe. It’s unclear as to why the attackers relied on second-hand computer code. However, what might appear amateurish has been highly effective when it came to the attacker’s second stage toolsets – meant for persistence and to avoid detection.
According to Cymmetria the attacks target entities in the United States as well as Europe, the Middle East, South Asia and the Asia and Pacific regions. “It would be more accurate to say that targets were chosen worldwide with a focus on personnel working on military and political assignments – specifically, but not limited to, intelligence requirements concentrating on Southeast Asia and the South China Sea. Many of the targets were governments and government related organizations,” according to the report.
Evron said most infections on targeted systems were initiated via spear phishing campaigns that included emails that contained content related to Southeast Asia and the South China Sea. In one incident, Patchwork attackers enticed email recipients to download a presentation titled “Is China’s assertiveness in the South China Sea likely to affect Australia’s national interest over the next ten years?”
In that incident, the presentation, if opened, contained the Sandworm vulnerability (CVE-2014-4114), which infects unpatched versions of Microsoft Office PowerPoint 2003 and 2007. Targeted systems were also infected with sysvolinfo.exe (the first stage payload of the APT) and 7zip.exe (second stage malware), according to the report.
During the course of Cymmetria’s investigation, it managed to access to one of Patchwork’s command and control servers where it found a stash of infected Microsoft PowerPoint files used in spear phishing attacks along with additional malicious code packages. “Most of the spear phishing file content was directly related to China-related subjects, or pornographic in nature,” according to the report.
As part of the investigation, Cymmetria was able to pull back the curtain on some of the second stage tools used by attackers and identify how intruders moved laterally through the network. Those tools included a compiled AutoIt script to escalate privileges by exploiting the computer’s user account control system along with PowerSploit, Meterpreter and the well-known Metasploit framework.
The exfiltration of data to a command and control server, according to Cymmetria, was once again carried out using a second stage payload built from code taken from various online forums and resources, according to the report.
“Unlike other APT threat actors, India seems to be a relatively quiet locale for cyber espionage activity. The scope and scale of this operation are quite surprising. This suggests that additional geopolitical powers are actively developing offensive cyber capabilities whilst simultaneously making attempts to maximize return on investment by keeping development costs to a minimum,” wrote the report authors.

Hackers attack U.S. restaurant chain "Wendy's"

The Wendy’s Co. on Thursday acknowledged that a year-long attack on point-of-sale systems at franchisee-owned locations is far more widespread than initially reported, affecting 1,025 locations overall.
The Dublin, Ohio-based burger chain said that malware installed on terminals in several states targeted customers’ payment card data, including their name, debit or credit card number, expiration date, cardholder verification value and service code.
The list of affected restaurants, to be posted on the company’s site, was not yet available.
“We sincerely apologize to anyone who has been inconvenienced as a result of these highly sophisticated, criminal cyberattacks,” Wendy’s CEO Todd Penegor wrote in a letter to customers.
“We have conducted a rigorous investigation to understand what has happened and we are committed to protecting our customers and keeping you informed.”

The 1,000 restaurants represents less than one in five domestic Wendy’s locations — there are 5,144 franchise-operated domestic units, plus another 582 company-owned locations.
Wendy’s described the security breach as a pair of attacks. The first, according to the company, started at some franchisee locations in late fall, was first reported in January and affected less than 300 locations.
But in June the company said that, during its investigation, it discovered a second malware attack, similar to the first, which affected many more than 300 locations. The 1,000 number is the first quantification of the restaurants affected by the dual attacks.
Wendy’s is offering one year of fraud consultation and identity restoration services to customers who used a payment card at a potentially affected restaurant during the time it might have been affected.
“In a world where malicious cyberattacks have unfortunately become all too common for merchants, we are doing what is necessary to protect our customers,” Penegor wrote. “We will continue to work diligently with our investigative team to apply what we have learned from these incidents and further strengthen our data security measures.”
Wendy’s believes that criminals gained access to point of sale terminals by gaining remote access to the system by using compromised credentials from third party service providers.
That gave the criminals’ access to the central system, enabling them to place malware onto the terminals that read the credit card information.
The company says the attack has only affected franchisee outlets and not the 582 company locations. That’s important because Wendy’s is shifting to a single point-of-sale system, called Aloha, that’s installed at company-owned units.
Wendy’s said it worked with investigators to disable the malware.

ANOTHER celebrity nude photo hacker pleads guilty

For those interested in photos - You can see all the photos here.

Another hacker who illegally accessed hundreds of Hollywood entertainment industry accounts – including those of dozens of high-profile female actresses and singers – may be headed to the hoosegow.
It’s the latest development into the US government’s continuing investigation into the September 2014 “Celebgate” leaks of intimate images of celebrities such as Jennifer Lawrence, Kate Upton, Kirsten Dunst, Selena Gomez, Kim Kardashian, Vanessa Hudgens, Lea Michele and Hillary Duff.
This week, Illinois resident Edward Majerczyk agreed to plead guilty to a felony violation of the Computer Fraud and Abuse Act, admitting to “unauthorized access to a protected computer to obtain information.” Once the plea is official, he’ll be sentenced: the statutory maximum would be five years.
Per the Justice Department’s description, Majerczyk’s crime started like these so often do: with phishing…

He sent e-mails to victims that appeared to be from security accounts of internet service providers that directed the victims to a website that would collect the victims’ usernames and passwords.
After victims responded by entering information at that website, Majerczyk had access to victims’ usernames and passwords. After illegally accessing the iCloud and Gmail accounts, Majerczyk obtained personal information including sensitive and private photographs and videos.

As United States Attorney Eileen M. Decker put it:

Defendant’s conduct was a profound intrusion into the privacy of his victims and created vulnerabilities at multiple online service providers.

Top FBI investigator Deirdre Fike, Assistant Director in Charge of the FBI’s Los Angeles Field Office, put it a bit more personally:

This defendant not only hacked into e-mail accounts – he hacked into his victims’ private lives, causing embarrassment and lasting harm.

As Variety reports, this case follows on the recent guilty plea by Pennsylvanian Ryan Collins, 36, who’s still awaiting sentencing. According to Variety, “though the charges against both men are very similar, Collins and Majerczyk were apparently operating independently.”

The feds have consistently stressed that they “have no evidence that either Collins [or] Majerczyk posted the hacked material online.” They’re still trying to figure out who did that.
There’s been no public statement about how these guilty pleas might relate to the government’s confiscation of another Chicago man’s computers – a story we covered in detail at the time. And these cases don’t appear related to Alonzo Knowles’ guilty plea in New York for celebrity hacking (including theft of new screenplays as well as sex videos)… nor of the recent felony hacking conviction of Andrew Helton in Oregon for similar hacking of celebrity-owned Apple and Google accounts.
But all these cases do seem to have one thing in common: if you hack a celebrity’s email or iCloud account, you’re going to end up with the US Department of Justice coming after you.

Hillary Clinton’s Emails case - expert opinion

When the F.B.I. director, James B. Comey, said on Tuesday that his investigators had no “direct evidence” that Hillary Clinton’s email account had been “successfully hacked,” both private experts and federal investigators immediately understood his meaning: It very likely had been breached, but the intruders were far too skilled to leave evidence of their work.

Mr. Comey described, in fairly blistering terms, a set of email practices that left Mrs. Clinton’s systems wide open to Russian and Chinese hackers, and an array of others. She had no full-time cybersecurity professional monitoring her system. She took her BlackBerry everywhere she went, “sending and receiving work-related emails in the territory of sophisticated adversaries.” Her use of “a personal email domain was both known by a large number of people and readily apparent.”

In the end, the risks created by Mrs. Clinton’s insistence on keeping her communications on a private server may prove to be a larger issue than the relatively small amount of classified data investigators said they found on her system. But the central mystery — who got into the system, if anyone — may never be resolved.

“Reading between the lines and following Comey’s logic, it does sound as if the F.B.I. believes a compromise of Clinton’s email is more likely than not,” said Adam Segal, the author of “Hacked World Order,” who studies cyberissues at the Council on Foreign Relations. “Sophisticated attackers would have known of the existence of the account, would have targeted it and would not have been seen.”

Mr. Comey couched his concern on Tuesday by repeating the intelligence community’s favorite phrase — “we assess” — four times, but ultimately reached no hard-and-fast conclusion. “We assess it is possible that hostile actors gained access to Secretary Clinton’s personal email account,” he said.

But that was notable: Until Mr. Comey spoke, Mrs. Clinton and her campaign have said that her server — there were actually several, in succession — was never hacked. A State Department inspector general’s report issued this year reported what looked like several attempts at “spear phishing” — fake emails intended to get a user to click on a link that would install malware on a computer — but there is no evidence that those links were activated.

Mrs. Clinton, and her campaign, have always maintained that the server was secure. President Obama backed her up in an interview last October on CBS’s “60 Minutes.” “I don’t think it posed a national security problem,” he said.

But Mr. Comey painted a different picture.

“Hostile actors gained access to the private commercial email accounts of people with whom Secretary Clinton was in regular contact,” he said.

And that would have meant that tracking the trail of electronic breadcrumbs back to her server would have been a pretty simple task. After that, their ability to break in would have been a mix of skill and luck, but they had plenty of time to get it right.

Mrs. Clinton’s best defense, and one she cannot utter in public, is that whatever the risks of keeping her own email server, that server was certainly no more vulnerable than the State Department’s. Had she held an unclassified account in the State Department’s official system, as the rules required, she certainly would have been hacked.

Graphic

What We Know About Hillary Clinton’s Private Email Server

A private email server used by Hillary Clinton while she was secretary of state has been the focus of a half-dozen inquiries and legal proceedings.

OPEN Graphic

Russian intruders were thoroughly inside that system for years — since at least 2007 — before the State Department shut its system down several times to perform a digital exorcism in late 2014, nearly two years after Mrs. Clinton left office.

Either out of embarrassment or to protect its sources of intelligence, the Obama administration has never publicly blamed Russia for stealing data from the unclassified systems at the State Department and the White House, just as it has never publicly identified China as the culprit in the theft of security-clearance information on nearly 22 million Americans stored by the Office of Personnel Management.

Mrs. Clinton’s campaign has insisted that the server did have some cyber protection software, but they have not said what kind.

But security software is useless unless it is updated constantly to reflect threats that change every day. Even then, there are ways for a determined, state-sponsored hacker to get in. The best hackers use a gap in the software that has never been discovered before called a “zero day,” suggesting there are zero days of warning about its dangers, or they wait for a user error, including clicking on a spear-phishing link.

Perhaps Mr. Comey’s most surprising suggestion was that Mrs. Clinton had used her private email while in the territory of what he called “sophisticated adversaries.” That usually means China and Russia, but could include visits elsewhere, including Eastern Europe.

James A. Lewis, a former government cyber security expert who now studies the cyber activities of nations at the Center for Strategic and International Studies in Washington, said, “If she used it in Russia or China, they almost certainly picked it up.”

Once the hardware is in a foreign country, and on its phone networks, it is particularly vulnerable. Malware can be placed on it that could turn the phone into a listening device. One lurking question is whether Mrs. Clinton’s own practice of taking the phone around the world made it susceptible to tinkering by a foreign government.

The State Department worries so much about corrupted cellphones that visitors to the secretary’s suite on the seventh floor must place their devices in lockers near the guard’s desk. Mrs. Clinton, her campaign said on Wednesday, took her smartphone to the State Department but kept it in a room outside the secure area around her office suite.

Moreover, for truly sensitive data, the State Department does not use its own networks at all. It quietly uses a network run by one of the major intelligence agencies, according to officials familiar with the system. That suggests a lack of confidence that State’s classified systems can be fully trusted.

Since the disclosure that Mrs. Clinton used private email, officials in the government and many outside it have been monitoring the internet, looking to see if any of her messages, or those directed to her, made their way into the public domain. Documents from the Democratic National Committee began circulating after it announced a breach that also appears to have been conducted by Russian intelligence.

Nothing from Mrs. Clinton has surfaced. But that does not mean they were not stolen, only that they have not been made public.

New macOS malware gives hackers complete access to your files

For security reasons, out of the box macOS is configured to only allow software from the App Store and identified developers to be installed. However, there are times when users may also want to run apps from other sources, in which case it is possible to enable a no holds barred setting. But, along with the extra freedom, it also exponentially increases the risk of running into malware.

You may be inclined to believe that you can stay safe by sticking to known download websites, but that is not always the case. Bitdefender has uncovered a new Mac malware, called Backdoor.Mac.Eleanor, that poses as a document converter on what the security company calls "reputable sites". When installed, it gives hackers complete access to your Mac.

Bitdefender says that, while it appears to have "no real functionality", it downloads a malicious script that installs a hidden Tor service, web service, and Pastebin agent through which hackers can do pretty much everything they want, including accessing and managing your files, accessing your webcam, executing commands, sending emails and so on. Here is how it all works.
The Tor service gives your Mac a Tor-generated IP address, which gives hackers anonymity as it makes it virtually impossible to track where the incoming traffic comes from. For easy access to your device, your IP address is stored, via the Pastebin service, on Pastebin, but not before it is encrypted using RSA and base64 algorithms.
The web service is what actually allows hackers to control your Mac. It sets up a web-based control panel, which can be accessed at the Tor-generated IP address mentioned above using the right credentials. The browser interface gives them access to personal files, the Terminal, root privileges, the ability to connect and manage a database, and so on.
"This type of malware is particularly dangerous as it’s hard to detect and offers the attacker full control of the compromised system", says Bitdefender Antimalware Lab technical leader Tiberius Axinte. "For instance, someone can lock you out of your laptop, threaten to blackmail you to restore your private files or transform your laptop into a botnet to attack other devices. The possibilities are endless".
You can read more about how it works here. Bitdefender has not provided a method of removing this malware, but the company recommends sticking to the default security setting and running security software on your Mac.

A hacker boasts of cracking Denuvo - gaming security system

The current king of PC games security is looking a little less secure on its throne.
Denuvo currently boasts a superb security record, with plenty of titles remaining uncracked and safe from the grip of piracy. So revolutionary has the system been that it has even forced some pirates to abandon their trade altogether.

Now PCGamesN reports that Russian hackers claim to have made serious progress in bypassing Denuvo.
A video is currently doing the rounds that seemingly shows an illicit copy of Rise of the Tomb Raider up and running, albeit with a performance handicap from the virtual machine used to host the file.
Nobody has yet claimed responsibility for the hack and some questions are being asked of its legitimacy.
Denuvo director Thomas Goebl, however, has not rejected the claims: "It’s always hard to comment on something which is not available to the public, as the article says all files currently floating around are fake. The general positioning of our product is ‘hard to crack’ and not ‘uncrackable’.
“For us it is important to secure the initial sales window of games, which worked out well on all the recent titles."

How nuclear deal has cooled Iran-US cyberwar

Sitting in a brightly lit apartment in Brooklyn, an American hacker who asked Al-Monitor to call him Alex scribbled down a dizzying array of cyberstrikes between the United States/Israel and Iran since 2010. The page was fast being covered in Alex’s rushed handwriting, and his eyes glimmered with excitement.

“They’ve gotten incredibly sophisticated,” he said as he marveled at the speed at which Iranian hackers have been able to create a defensive and offensive arm against Western cyberattacks. Yet, as he neared 2015 on his ad hoc timeline, his pen began to slow.
“With the Iran [nuclear] deal, we saw a parallel cooling down of attacks in the cyberworld. The nuclear deal has not only opened discussion with the Iranians on nuclear issues, but it has created a mutual detente in the cyberworld, and that’s huge, because cyberwarfare between Iran and the West was getting to really bad levels.”
David, an Iranian-American internet security specialist who spoke to Al-Monitor on condition of anonymity, agreed. He said, “Before the Iran deal, we were witnessing a heightened level of cyberwarfare between Iran and the US/Israel. It was getting to a very [worrisome] level, as Iran’s capabilities had increased exponentially in a very short period of time. But the Iran deal has put a halt to all of this.” David's employer is one of the leading US firms that monitor Iranian cyberactivity.
Until the 2011 emergence of Stuxnet, a malicious computer worm reportedly built by the United States and Israel to sabotage Iran’s nuclear program, Iranian cyberstrike capabilities were virtually nonexistent. Until then, the Islamic Republic was focusing on its own citizens. Local hackers contracted by the authorities spent time monitoring domestic netizens. With the advent of the 2009 Green Movement, Iran officially created the “Iranian Cyber Army,” further tapping into the extensive surveillance network that German firm Siemens had installed in the country. The key stakeholders in the Cyber Army include the Islamic Revolutionary Guard Corps and the Basij paramilitary militia. To counter Stuxnet, Iran began pouring cash into both defensive and offensive cybercapabilities. David, the internet security specialist, said in this regard, “It wasn’t until Stuxnet that Iran realized it could use cybercapabilities as a weapon on such a large scale.”
“Iran went from being a nuisance in the cyberworld to starting big cyberattacks around the world,” Alex, the hacker, said. “They began stealing encryption keys and attacking US banks. But the biggest was Operation Shamoon [2012] in which Iranian hackers were able to completely bring down Saudi Aramco, targeting 30,000 Saudi Aramco workstations. The rate at which they were able to expand caused paranoia in cybersecurity circles across the world, but especially in the Gulf countries.”
He added, “Iran’s attack against Aramco was no joke — it brought down the entire system. That’s huge.”
The West and Israel reportedly targeted Iran with four pieces of cyberweaponry between 2010 and 2012: Stuxnet, Duqu, Flame and Gauss. Each time, the Islamic Republic retaliated almost tit for tat, stealing encryption keys and certificates. In 2013, Israel said Iran was constantly attacking its power grid and water systems.
David said, “It was with Operation Cleaver [2014] that targeted US defense contractors, energy firms and educational institutions, that the United States began to really look at and study Iran’s cyberactivities. We concluded that Iran’s cyberactivities are now on par with China.” The FBI issued warnings about Operation Cleaver, which was known to have hit US Navy servers and caused breaches in other major targets.
“Unlike the Chinese or Russian cyberarmies — which stage massive attacks like a conventional army would in the real world — the Iranian Cyber Army works in a much more guerrilla fashion. They work patiently and slowly, and that’s why it is much harder to detect their activity until they have completely hacked a system,” David said. “The Iranian hackers are experts at 'personifying' by creating fake profiles on social media sites and slowly connecting to people. They establish relationships with users on other ends, and after a long period of time they will hack the system. It’s ingenious, because there is no way to detect this. They did a hack on Gmail and were able to get a lot of personal information in the same way.”
Unlike China and Syria, for instance, where cyberwarriors are official members of their country’s military and intelligence units and report to work every day, Iran keeps a bit of a distance from its hackers. In this vein, the Islamic Republic rather operates along the lines of the US model, in which private companies and hackers are mostly contracted to do the work, according to a 2013 report by California-based cybersecurity firm FireEye Inc. Like the United States and its National Security Agency (NSA), Iran also has cybercapabilities in certain intelligence bodies, but for the most part it relies on outside contractors.
One of those firms is Ajax Security, a private security company in Iran monitored by FireEye. It is thought to be one of the leading enablers of the Islamic Republic’s quest to enhance Iranian cybercapabilities. Ajax Security is thought to be behind “Operation Saffron Rose,” a series of attacks that features spear-phishing emails as well as spoofed Microsoft Outlook Web Access and virtual private network pages. The operation also includes trolling for user credentials from defense contractors and other members of the defense industry. Ajax Security is additionally active in helping the Iranian authorities monitor activists by luring them with legitimate anti-censorship tools rigged with malware. According to the FireEye report, Ajax Security has become the first Iranian hacking group known to use custom-built malicious software to launch espionage campaigns.
In a 2014 interview with Reuters, former CIA and NSA director Michael Hayden said, “I've grown to fear a nation-state that would never go toe to toe with us in conventional combat and that now suddenly finds they can arrest our attention with cyberattacks.”
Alex said he agrees with Hayden’s assessment. “That’s why the Iran deal has been so significant. These cyberattacks were happening because the United States and Iran distrusted each other and we were after their nuclear program, so they were retaliating in kind. The Iran deal has slowed all of this down and hopefully will ensure that we don’t have to be attacking each other in this fashion,” he said.

Guccifer 2.0. is possibly dead. The truth or conspiracy?

Is Guccifer dead?
Anyone poking around on Twitter on Wednesday may have come across the news that the Romanian hacker who allegedly revealed Hillary Clinton’s unsecured email went missing — or was found dead in his jail cell, whichever version of the story they found. The story seemed to fit a shadowy conspiracy theory to allow Clinton to rise to the presidency, something out of a political thriller novel.

There’s a good reason it sounded that way. The story that Guccifer was killed was a hoax, one possibly connected to conspiracy theories claiming that Hillary Clinton pulled strings behind the scenes to avoid facing charges for her use of the unauthorized email server, which may have put American secrets at risk.
Guccifer, whose real name is Marcel Lazăr Lehel, had claimed that he hacked his way into Clinton’s private email server and through that gained computer accounts of a number of other prominent world figures, NBC News reported.
He was extradited to the United States this spring and entered guilty pleas to charges of identity theft and unauthorized access to protected computers, including one that belonged to a former U.S. cabinet member.
Officials hailed his conviction as a measure to make the United States safer from cybercrime.
“Cybercriminals like Marcel Lazar believe they can act with impunity from safe havens abroad, but the Justice Department’s partnerships with law enforcement agencies around the world ensure that they can be brought to justice,” said Leslie Caldwell, the assistant attorney general in charge of the Criminal Division.
But amid Guccifer’s conviction, there were rumors that the true reason he was extradited to the United States was to serve as something of a star witness against Hillary Clinton.
The story claiming that Guccifer was dead originally appeared on the website Don’t Comply, but the story itself was later erased and replaced with an error message.

BREAKING:Hacker Guccifer who accessed Clinton emails found dead in cell #NeverHillary @Robert_Reyvolt @RedIceRadio https://t.co/MwGGyjKfqE

— Ray Robinson (@LeeHarveyAssad) July 6, 2016

The story of Guccifer’s alleged death also appeared in a website called the Christian Times Newspaper, claiming that the Romanian hacker went missing from his jail cell not long after the announcement that the FBI would not recommend charges against Hillary Clinton for her unauthorized use of a personal server during her time as secretary of State.

Updated, #Guccifer hasn't been found dead either:https://t.co/tCeyLpoHPY pic.twitter.com/3tTRCwNlad

— snopes.com (@snopes) July 6, 2016

The report suggested that Guccifer’s disappearance — or possible death — may have been in connection to the secrets he allegedly learned from Clinton’s email. The story also recalled a past conspiracy theory that Clinton may have played a role in the death of former aide Vince Foster.

“Comey, in his statement Tuesday morning, alluded to the fact that American enemies and individual actors most likely accessed Hillary Clinton’s emails, but Guccifer was the only person to come forward with knowledge of their contents.
“Reports are still developing, and CTN is waiting on statements from authorities.
“It is worth noting that the Clinton White House faced allegations that Hillary and her aides were involved in the questionable suicide of White House employee Vince Foster in 1995.”

But anyone who looked further into the Christian Times found that the site was filled with other hoax stories, including one that federal authorities had canceled all Fourth of July celebrations amid terrorist fears.
The hoax about Guccifer’s death came after FBI Director James Comey said in his press conference that it was possible that Clinton’s email was hacked, but that investigators had no way to know for sure.
The rumors that Guccifer was either dead or missing from his jail cell actually ended up prompting a response from the sheriff’s department in the city of Alexandria, Virginia, where the hacker is being held. The statement noted that Lazar is “alive and has never been missing from this facility.”

New developmentson Guccifer 2.0

The notorious hacker continues his crusade against U.S. governmental bodies. This time he posted a new set of documents on Trump and DNC titled "Trumpocalypse and other DNC plans for July".
The hacker said on his official website:

"I have a new bunch of docs from the DNC server for you.
It includes the DNC action plan during the Republican National Convention, Surrogate Report, POTUS briefing, financial reports, etc.
This pack was announced two days ago but I had to keep you waiting for some security reasons. I suffered two attacks on my wp account.
You might be aware of the rumors about Marcel Lazar aka Guccifer. Those are a.c. fake stories, but who knows. Please keep me updated if there is any news."

Wikileaks taken down!

OurMine, the hacker group that previously broke into the social accounts of tech heavyweights like Google CEO Sundar Pichai, Facebook founder Mark Zuckerberg and Uber CEO Travis Kalanick, has now taken down the Wikileaks site.

The reason? A spat with Anonymous, the global hacker group that’s been known to take down ISIS social media accounts, publish the names of KKK members and attack a Greek Central Bank’s website to protest the global financial system, which it labeled a “tyrannical institution.”
We’re not usually keen on amplifying internet beefs, but this one affects a major source of once-confidential information that has made a major impact on our world, including a video showing the killing of Iraqi journalists in an American airstrike and secret files concerning the condition of prisoners at Guantanamo Bay.
Last December, when OurMine was a straight-up hacking group (it now labels itself a security firm) that would “we DDoS/hack anyone for no reason”, it took down Wikileaks’ site with a Distributed Denial of Service attack. The method mimics a massive wave of traffic to a targeted site, which crashes its servers temporarily.

.@Our_Mine if you really are the ones firing DDoS attacks against wikileaks, please cease the operation, we are doing important research

— Anonymous (@YourAnonNews) December 21, 2015

Anonymous proceeded to request OurMine to stop compromising the Wikileaks site and then doxxed the group, i.e. published personal information about its members. OurMine claims that the information, which has since been taken down, was incorrect.
More than half a year later, OurMine is out for revenge. Claiming that one of Anonymous’ account holders has continued to abuse the group till today, it took down Wikileaks once again with another DDoS attack and intimated TNW about its actions. We contacted Anonymous but didn’t receive a reply.
It’s worth noting that there are various ways of carrying out a DDoS attack and it isn’t always easy to mitigate them as soon as they occur. However, it appears that Wikileaks is now back online.
It’s hard to take sides in this case, given that the situation seems to have arisen out of a long drawn-out spat between rival hackers. But when a major resource like Wikileaks – which has sought to uncover injustice and wrongdoing by those in power – takes a hit in the crossfire, we all lose.

Tor designed to hack sites!

The internet anonymity service Tor has some bad actors among its volunteer servers set to hack dark net websites.  
Northeastern University professor Guevara Noubir and his graduate student Amirali Sanatinia found the many of the volunteer-run servers making up the Tor network are designed to hack the anonymous sites that connect to it.

More than 95 percent of Tor traffic is used to browse websites such as Facebook and Twitter, and the anonymity it provides allows citizens of oppressive regimes visit sites that would otherwise be tracked, lets abuse victims use the internet without revealing their location and helps privacy-minded individuals feel more secure. The Department of State, the Defense Advanced Research Projects Agency (DARPA) and the governments of Germany and Sweden have all funded Tor for such reasons.
But the other 5 percent of traffic on Tor goes to hidden sites that are not accessible from normal web browsers. Hidden sites enjoy the same anonymity as Tor browsers and can range from news outlets in countries not supportive of an open press to criminal enterprises, including child pornography, drug sales and hackers for hire.
Noubir and Sanatinia found more than 100 of the network’s “exit nodes” were designed to not only store data but to contact the server again to either scan it for vulnerabilities or attack it.
The Tor network is composed of 10,000 volunteer servers that bounce data off of each other in ways that make it difficult to track. Around 3,500 are exit nodes, serving as the last link in the chain and connecting directly with the website.
None of these volunteers are supposed to retain any identifying information on the sites contacted or data transmitted, though Noubir’s and Sanatinia findings prove otherwise.
They set up thousands of fake hidden sites on Tor that were never accessed by any users. Only the two researchers and the exit nodes they connected to knew the internet addresses of the fake sites. But they found those sites were either scanned for vulnerabilities or attacked outright soon after connecting to the exit nodes.
The timing of the attacks ranged from immediate to a two-week delay – long enough to try and divert suspicion away from the exit nodes, but quick enough to guarantee the site would still be there.
“Many dark net sites go away quickly. There is an incentive to attack as soon as possible,” Noubir said.
It is unclear who operates the corrupt exit nodes. It could be hackers looking for victims, governments looking to quash activists or law enforcement looking to crack down on criminal markets. The FBI, for example, recently hacked a wide assortment of computers using Tor to break up a child pornography ring.
Hidden sites make ideal targets for any kind of attack, Noubir said.
“If someone set up a hidden server, they cannot report a hacker because if they did, it would reveal the location and existence of the hidden server,” he said.
Noubir also said such attacks might be a sign of other bad activity the Northeastern group was not checking for.
“To do this, they needed to modify the code for exit nodes. They are familiar with the code and sophisticated enough to modify it – they could be doing something worse,” he warned.
But it is hard to tell who the attackers are, Nourbir said, because so many Tor nodes are set up on cloud accounts. Thus, anyone who has an account with Amazon or Alibaba’s cloud services might be behind the attacks.
Noubir and Santinia will present the details at the hacker research conference DEF CON next month.