Fundraising for 2019/2020. 12 Month renewal is up Oct 21/2019. $382.44 USD of roughly $1700 USD (CDN conversion) as of Aug 13/2019. Paypal Donation Link Here

Cyberwar - The Hacking Thread

For discussion of religion and politics

Moderators: LawBeefaroni, $iljanus

Post Reply
User avatar
Defiant
Posts: 17874
Joined: Tue Oct 12, 2004 11:09 pm
Location: Tongue in cheek

Cyberwar - The Hacking Thread

Post by Defiant » Fri Dec 16, 2016 9:18 am

Russian-Speaking Hacker Selling Access to the US Election Assistance Commission

Figured I'd make a thread on hacking and cyber warfare
On December 1, 2016, Recorded Future threat intelligence technology identified chatter related to a suspected breach of the U.S. Election Assistance Commission (EAC).

Further research identified a Russian hacker (Recorded Future refers to this actor as Rasputin) soliciting a buyer for EAC database access credentials.


The EAC was established by the Help America Vote Act of 2002 (HAVA), and among many other responsibilities, the Commission is mandated to test and certify voting equipment, maintain the National Voter Registration form, and administer a national clearinghouse on elections. This includes developing shared practices, distributing information for voters, and providing other resources to improve elections. EAC also accredits testing laboratories and voting systems, as well as conducts a financial audit of HAVA programs.
It’s unclear how long the EAC vulnerability has been active; however, it could have been potentially discovered and accessed by several parties independently. Based on Rasputin’s historical criminal forum activity, Recorded Future believes it’s unlikely that Rasputin is sponsored by a foreign government. Recorded Future’s artificial intelligence technology is continuously scanning and analyzing the internet for updated threat indicators and tactics. Prior to this incident, no previous malicious activity related to EAC has been identified.

User avatar
Defiant
Posts: 17874
Joined: Tue Oct 12, 2004 11:09 pm
Location: Tongue in cheek

Re: Cyberwar - The Hacking Thread

Post by Defiant » Fri Dec 16, 2016 9:21 am

Russian hackers struck at the heart of the U.S. military in August 2015 by seizing the e-mail system used by the Joint Chiefs of Staff, CBS News has learned.
In that time, the hackers seized the computer credentials of Dempsey and hundreds of other senior officers -- the passwords and electronic signatures they used to sign on to the network. The only way to stop the attack was to take the network down.

The attack, which officials now blame on Russia, began with 30,000 e-mails sent to a West Coast university. Of those 30,000, four were forwarded to members of the Joint Staff and one was opened -- allowing the hackers in. Since it was an unclassified network, the attack had no real intelligence value.

It was not spying, but a full-on assault whose only apparent purpose was to cause damage and force the Pentagon to replace both hardware and software, which took about two weeks to accomplish.
link


User avatar
hepcat
Posts: 38442
Joined: Wed Oct 13, 2004 3:02 pm
Location: Chicago, IL Home of the triple homicide!
hepcat’s avatar
Offline

Re: Cyberwar - The Hacking Thread

Post by hepcat » Sat Dec 31, 2016 8:45 am

It's time to move on. All this evidence and all these facts prove nothing!

(thought I'd beat Rip to it)
I beat a camel to death with a monkey. Can I do that?
-Mr Bismarck

You have to whack a few rabbits before you are ready to punch a camel.
-Coopasonic

User avatar
Rip
Posts: 26885
Joined: Tue Oct 12, 2004 9:34 pm
Location: Cajun Country!
Contact:
Rip’s avatar
Loading…

Re: Cyberwar - The Hacking Thread

Post by Rip » Sat Dec 31, 2016 1:14 pm

Laptop wasn't even connected to the grid.

Good thing we never hack into other nation's power grids and no one else hacks ours.

https://www.buzzfeed.com/jamesball/us-h ... .xkNlWebPV

http://www.timesofisrael.com/iranian-ha ... blackouts/

:coffee:

User avatar
Alefroth
Posts: 4544
Joined: Thu Oct 14, 2004 1:56 pm
Location: Bellingham WA

Re: Cyberwar - The Hacking Thread

Post by Alefroth » Sat Dec 31, 2016 4:13 pm

Rip wrote:Laptop wasn't even connected to the grid.

Good thing we never hack into other nation's power grids and no one else hacks ours.

https://www.buzzfeed.com/jamesball/us-h ... .xkNlWebPV

http://www.timesofisrael.com/iranian-ha ... blackouts/

:coffee:
Is that going to be the excuse for everything the next 4 years?

Why shouldn't Iran have nuclear weapons. It's not like we don't have them.

User avatar
Isgrimnur
Posts: 61125
Joined: Sun Oct 15, 2006 12:29 am
Location: Chookity pok
Contact:
Isgrimnur’s avatar
Snooze

Re: Cyberwar - The Hacking Thread

Post by Isgrimnur » Sat Dec 31, 2016 4:56 pm

So much for American Exceptionalism.

User avatar
Zarathud
Posts: 13749
Joined: Fri Oct 15, 2004 10:29 pm
Location: Chicago, Illinois

Re: Cyberwar - The Hacking Thread

Post by Zarathud » Sat Dec 31, 2016 5:02 pm

Republicans reduced to defending the Russians interfering with the US infrastructure. Ike and Reagan are rolling in their graves with disgust.
"If the facts don't fit the theory, change the facts." - Albert Einstein
"When the president does it, that means that it is not illegal. - Nixon
"I don't stand by anything." - Trump
“Bad men need nothing more to compass their ends, than that good men should look on and do nothing.” - John Stuart Mill, Inaugural Address Delivered to the University of St Andrews, 2/1/1867

User avatar
Rip
Posts: 26885
Joined: Tue Oct 12, 2004 9:34 pm
Location: Cajun Country!
Contact:
Rip’s avatar
Loading…

Re: Cyberwar - The Hacking Thread

Post by Rip » Sat Dec 31, 2016 6:12 pm

Russians have been interfering with US infrastructure for a long time.

http://www.telegraph.co.uk/news/worldne ... -grid.html
Protecting the electrical grid and other infrastructure is a key part of the Obama administration's cybersecurity review, which is to be completed next week.

The Pentagon is sure many of the attacks came from China and Russia but could not determine if they were sponsored by the government in either country. Spokesmen for both embassies in Washington strongly denied any suggestion there was official involvement.

The US government is however convinced China is endeavouring to overtake the US as the dominant force in cyberspace. Researchers at the University of Toronto recently revealed the presence of GhostNet, a global cyber-spy network run from China that has infiltrated 103 countries and infected dozens of computers every month.

The ten-month investigation by the Munk Centre for International Studies in Toronto started as an investigation into interference with computers on computers belonging to the Dalai Lama, the exiled Tibetan leader, and his supporters. It found that the Chinese had in many cases successfully searched computers, tapped into emails and turned on web cameras and microphones to record conversations within range.
Why did it take till now to make a big deal about it? Nothing new.

The only thing it tells me is how ineffective the Obama administration has been at combatting it.

malchior
Posts: 8784
Joined: Wed Oct 13, 2004 12:58 pm

Re: Cyberwar - The Hacking Thread

Post by malchior » Sun Jan 01, 2017 3:31 pm

Rip wrote:The only thing it tells me is how ineffective the Obama administration has been at combatting it.
Everything is the Obama administrations fault, amirite? The Government certainly could do more but the private sector has been a big part of the problem. They are completely clueless on cyber security and fought the Government's initial attempts at bringing order. After the big hacks (Target/Home Depot/United Healthcare) they have lately started demanding help. And also began ramping up their own programs but they have been slow to start. A big factor is how short we are on people and expertise; and if the Government was hurting this effort it is that they are eating up all the security consulting talent at the moment.

I've seen several large organization's current cyber security environments in the last 2 years or so and they generally are just as bad if not worse than the Government. They just don't report breaches unless they absolutely have to. In other words, we only see the tip of the ice berg. So again could the government step in more? The initial attempts were tried in 2013 and the effort was undercut by the Republican Congress who took another 2 years to pass enabling legislation that expanded it beyond the limited scope of the EO. Congress probably dragged their feet due to resistance from the business community. The Chamber didn't want to be burdened with all the overhead of sweeping cyber security regulations (until the shareholder lawsuits began naturally). Also they kept trying to attach unrelated things like IP protection into the bills which kept stopping them cold. Important problems but they need to be solved independently of pure defense.

The EO also tried unsuccessfully to get companies to start sharing threat information with each other but no one would trust their competitors especially since there could have been liability attached. That has gotten markedly better in the last 18 months especially with the passage of the CISA bill which limits liability. As an example, the Automotive ISAC has really started to stand up a capability to track threats and share information. To boil it down, this is a complicated problem and it wasn't failure in leadership - it is the usual dysfunction at play. You blame it on Obama. Many blame it on the GOP. They'll own the whole enchilada soon - we'll see if they can fix the problem. I sort of doubt it.

User avatar
Smoove_B
Posts: 39724
Joined: Wed Oct 13, 2004 12:58 am
Location: Kaer Morhen

Re: Cyberwar - The Hacking Thread

Post by Smoove_B » Sun Jan 01, 2017 5:34 pm

This man is going to be be President in a few more weeks, quoted:
"I also know things that other people don't know, and so they cannot be sure of the situation," Trump responded when asked why he doubts intelligence reports of Russian hacking, according to a pool reporter.
I know things that other people don't know. Christ.
I'm breaking down, I'm burning out and it's not funny like on television

User avatar
RunningMn9
Posts: 22935
Joined: Tue Oct 12, 2004 11:55 pm
Location: The Sword Coast
Contact:

Re: Cyberwar - The Hacking Thread

Post by RunningMn9 » Sun Jan 01, 2017 5:43 pm

To be fair, he might be getting his briefings from Putin, so maybe he does know things.
And in banks across the world
Christians, Moslems, Hindus, Jews
And every other race, creed, colour, tint or hue
Get down on their knees and pray
The raccoon and the groundhog neatly
Make up bags of change
But the monkey in the corner
Well he's slowly drifting out of range

User avatar
hepcat
Posts: 38442
Joined: Wed Oct 13, 2004 3:02 pm
Location: Chicago, IL Home of the triple homicide!
hepcat’s avatar
Offline

Re: Cyberwar - The Hacking Thread

Post by hepcat » Sun Jan 01, 2017 10:14 pm

Man, I hope no one on his staff accidentally uses his activation word before Putin gets him into place
I beat a camel to death with a monkey. Can I do that?
-Mr Bismarck

You have to whack a few rabbits before you are ready to punch a camel.
-Coopasonic

User avatar
Isgrimnur
Posts: 61125
Joined: Sun Oct 15, 2006 12:29 am
Location: Chookity pok
Contact:
Isgrimnur’s avatar
Snooze

Re: Cyberwar - The Hacking Thread

Post by Isgrimnur » Sun Jan 01, 2017 10:58 pm

hepcat wrote:Man, I hope no one on his staff accidentally uses his activation word before Putin gets him into place
Image

User avatar
Max Peck
Posts: 7646
Joined: Fri Aug 05, 2005 8:09 pm
Location: Down the Rabbit-Hole

Re: Cyberwar - The Hacking Thread

Post by Max Peck » Wed Jan 04, 2017 11:08 am

Smoove_B wrote:This man is going to be be President in a few more weeks, quoted:
"I also know things that other people don't know, and so they cannot be sure of the situation," Trump responded when asked why he doubts intelligence reports of Russian hacking, according to a pool reporter.
I know things that other people don't know. Christ.
It looks like what he knows is what Assange tells him. :lol:
President-elect Donald Trump has backed Wikileaks founder Julian Assange in casting doubt on intelligence alleging Russian meddling in the US election.

Mr Assange said Russia was not the source for the site's mass leak of emails from the Democratic Party.

Mr Trump has now backed that view in a tweet. He wrote: "Assange... said Russians did not give him the info!"

The president-elect has repeatedly refused to accept the conclusions of the US intelligence community.

Several US agencies including the FBI and the CIA believe Russia directed hacks against the Democratic Party and the campaign of its presidential candidate Hillary Clinton.

The information, released through Wikileaks and other outlets, was intended to help Mr Trump win the election, say the FBI and CIA.

On Tuesday evening, Mr Trump said an intelligence briefing he was due to receive on the issue had been delayed.

"Perhaps more time needed to build a case. Very strange!" he wrote.

But US intelligence officials insisted there had been no delay in the briefing schedule.
Time and tide melt the snowman.

There are worlds out there where the sky is burning, where the sea's asleep and the rivers dream, people made of smoke and cities made of song. Somewhere there's danger, somewhere there's injustice and somewhere else the tea is getting cold. Come on, Ace, we've got work to do.
-- The Doctor

User avatar
hepcat
Posts: 38442
Joined: Wed Oct 13, 2004 3:02 pm
Location: Chicago, IL Home of the triple homicide!
hepcat’s avatar
Offline

Re: Cyberwar - The Hacking Thread

Post by hepcat » Wed Jan 04, 2017 1:50 pm

Baron will be briefing his dad on Putin's involvement in the hacking scandal at 2pm today after their naps.
I beat a camel to death with a monkey. Can I do that?
-Mr Bismarck

You have to whack a few rabbits before you are ready to punch a camel.
-Coopasonic

User avatar
Isgrimnur
Posts: 61125
Joined: Sun Oct 15, 2006 12:29 am
Location: Chookity pok
Contact:
Isgrimnur’s avatar
Snooze

Re: Cyberwar - The Hacking Thread

Post by Isgrimnur » Fri Jan 06, 2017 11:28 am

FTC vs. D-Link
The Federal Trade Commission filed a complaint against Taiwan-based computer networking equipment manufacturer D-Link Corporation and its U.S. subsidiary, alleging that inadequate security measures taken by the company left its wireless routers and Internet cameras vulnerable to hackers and put U.S. consumers’ privacy at risk.

In a complaint filed in the Northern District of California, the FTC charged that D-Link failed to take reasonable steps to secure its routers and Internet Protocol (IP) cameras, potentially compromising sensitive consumer information, including live video and audio feeds from D-Link IP cameras.

The complaint filed today is part of the FTC’s efforts to protect consumers’ privacy and security in the Internet of Things (IoT), which includes cases the agency has brought against ASUS, a computer hardware manufacturer, and TRENDnet, a marketer of video cameras.
...
According to the FTC’s complaint, D-Link promoted the security of its routers on the company’s website, which included materials headlined “EASY TO SECURE” and “ADVANCED NETWORK SECURITY.” But despite the claims made by D-Link, the FTC alleged, the company failed to take steps to address well-known and easily preventable security flaws, such as:
  • “hard-coded” login credentials integrated into D-Link camera software -- such as the username “guest” and the password “guest” -- that could allow unauthorized access to the cameras’ live feed;
  • a software flaw known as “command injection” that could enable remote attackers to take control of consumers’ routers by sending them unauthorized commands over the Internet;
  • the mishandling of a private key code used to sign into D-Link software, such that it was openly available on a public website for six months; and
  • leaving users’ login credentials for D-Link’s mobile app unsecured in clear, readable text on their mobile devices, even though there is free software available to secure the information.

    According to the complaint, hackers could exploit these vulnerabilities using any of several simple methods. For example, using a compromised router, an attacker could obtain consumers’ tax returns or other files stored on the router’s attached storage device. They could redirect a consumer to a fraudulent website, or use the router to attack other devices on the local network, such as computers, smartphones, IP cameras, or connected appliances.

malchior
Posts: 8784
Joined: Wed Oct 13, 2004 12:58 pm

Re: Cyberwar - The Hacking Thread

Post by malchior » Fri Jan 06, 2017 12:32 pm

I like this lawsuit - it fires a shot over the bow of the home networking sector. Too many products are dumbed down in dangerous ways. For example, they shouldn't be defaulted to easily guessed passwords such as admin/password, etc. There are very reasonable ways to protect the device without making it too complicated but they are just dumping commodity products on the market and hoping for the best.

Some companies get it. Synology was having all sorts of remote attack issues so they tightened down the attack surface quite a bit and now have a medium-quality security tool built-in to the "firmware" that assesses the configuration and provides recommendations. A big improvement on the delivered state of the product IMO.

Jeff V
Posts: 31467
Joined: Fri Oct 15, 2004 7:17 pm
Location: Nowhere you want to be.

Re: Cyberwar - The Hacking Thread

Post by Jeff V » Fri Jan 06, 2017 2:24 pm

There should be no default username/passwords at all. Connect to a new device, go into setup mode, starting with setting name and password. Forget the name and password you setup? Too bad, factory reset, start from scratch.

User avatar
LordMortis
Posts: 60952
Joined: Tue Oct 12, 2004 11:26 pm

Re: Cyberwar - The Hacking Thread

Post by LordMortis » Fri Jan 06, 2017 5:44 pm


User avatar
Unagi
Posts: 17316
Joined: Wed Sep 20, 2006 5:14 pm
Location: Chicago

Re: Cyberwar - The Hacking Thread

Post by Unagi » Fri Jan 06, 2017 8:51 pm

malchior wrote:I like this lawsuit - it fires a shot over the bow of the home networking sector. Too many products are dumbed down in dangerous ways. For example, they shouldn't be defaulted to easily guessed passwords such as admin/password, etc. There are very reasonable ways to protect the device without making it too complicated but they are just dumping commodity products on the market and hoping for the best.

Some companies get it. Synology was having all sorts of remote attack issues so they tightened down the attack surface quite a bit and now have a medium-quality security tool built-in to the "firmware" that assesses the configuration and provides recommendations. A big improvement on the delivered state of the product IMO.
This is timely - my 9 year old son gave me a run down of all the internet linked home-products like security, thermostat, outdoor weather station, lights, garage, toys, etc - that all have backdoor connectivity to other things on your networks. He's a sensationalist know-it-all, so I more or less patted him on the head. :geek:

User avatar
Rip
Posts: 26885
Joined: Tue Oct 12, 2004 9:34 pm
Location: Cajun Country!
Contact:
Rip’s avatar
Loading…

Re: Cyberwar - The Hacking Thread

Post by Rip » Fri Jan 06, 2017 10:12 pm

Unagi wrote:
malchior wrote:I like this lawsuit - it fires a shot over the bow of the home networking sector. Too many products are dumbed down in dangerous ways. For example, they shouldn't be defaulted to easily guessed passwords such as admin/password, etc. There are very reasonable ways to protect the device without making it too complicated but they are just dumping commodity products on the market and hoping for the best.

Some companies get it. Synology was having all sorts of remote attack issues so they tightened down the attack surface quite a bit and now have a medium-quality security tool built-in to the "firmware" that assesses the configuration and provides recommendations. A big improvement on the delivered state of the product IMO.
This is timely - my 9 year old son gave me a run down of all the internet linked home-products like security, thermostat, outdoor weather station, lights, garage, toys, etc - that all have backdoor connectivity to other things on your networks. He's a sensationalist know-it-all, so I more or less patted him on the head. :geek:

Remember that when you ground him and he turns the house against you.

:twisted:

User avatar
Isgrimnur
Posts: 61125
Joined: Sun Oct 15, 2006 12:29 am
Location: Chookity pok
Contact:
Isgrimnur’s avatar
Snooze

Re: Cyberwar - The Hacking Thread

Post by Isgrimnur » Sat Jan 07, 2017 12:40 am

NYT
But Mr. Trump’s postelection effort to minimize intelligence assessments about Russia’s actions came to an abrupt end Friday after a detailed classified briefing from the nation’s top intelligence officials at Trump Tower and the release of an unclassified report concluding that the Russian president, Vladimir V. Putin, had a “clear preference” for Mr. Trump.

By the end of the day, it was clear that the strategy of intimidation and bluster that served Mr. Trump so well in the presidential campaign would not prove nearly as effective in Washington. Here was a reminder, should Mr. Trump heed it, that a president’s critics, especially the lords of Washington’s national security establishment, can’t always be cowed by a flash-grenade tweet or a withering quip about the possibility that a “400-lb. hacker” might have breached Democratic servers.

“I don’t think what worked in a campaign against Jeb Bush is really going to work when you are dealing, you know, with the combined power of the C.I.A., N.S.A. and the F.B.I.,” said John Weaver, a frequent critic of Mr. Trump who worked on Ohio Gov. John Kasich’s unsuccessful primary campaign against him.

Senator Chuck Schumer, the New York Democrat who has a good working relationship with Mr. Trump, warned him recently that it was “really dumb” to take on the intelligence services. He followed up with a warning on Wednesday that the president-elect needed “to calm down” his Twitter usage.

He’s not alone. In recent days, Mr. Trump’s aides have gently prodded him to drop the attacks on the intelligence community and mollify nervous Republicans by showing that he was moving ahead with forward-looking reforms of the sprawling intelligence-gathering bureaucracy, according to two people close to the discussions. “He can’t afford this fight,” one longtime adviser to Mr. Trump said. “He’s said it’s time to move on — well, move on.”

The decision to choose Dan Coats, a popular former senator from Indiana, as director of national intelligence had been in the works for some time, the officials said, but Mr. Trump’s advisers decided to announce the choice to ease concerns of a rift between the future Trump White House and the clandestine services.

It is less clear if Mr. Trump’s admission reflects a long-term shift in strategy to appease his advisers or a momentary decision to escape a negative news cycle.

User avatar
Smoove_B
Posts: 39724
Joined: Wed Oct 13, 2004 12:58 am
Location: Kaer Morhen

Re: Cyberwar - The Hacking Thread

Post by Smoove_B » Sat Jun 09, 2018 9:29 am

Chinese hackers steal unclassified data from Navy contractor:
China has stolen sensitive data related to naval warfare from the computers of a Navy contractor, American officials said on Friday, in another step in the long-running cyberwar between two global adversaries.

The breach occurred this year, the officials said, when Chinese government hackers infiltrated the computers of a company working on a Navy submarine and underwater programs contract. The company, which was not identified, was doing work for the Naval Undersea Warfare Center, which is based in Newport, R.I.

Officials said that the data gleaned by China was unclassified.
I'm breaking down, I'm burning out and it's not funny like on television

User avatar
Rip
Posts: 26885
Joined: Tue Oct 12, 2004 9:34 pm
Location: Cajun Country!
Contact:
Rip’s avatar
Loading…

Re: Cyberwar - The Hacking Thread

Post by Rip » Sat Jun 09, 2018 9:41 am

Smoove_B wrote:
Sat Jun 09, 2018 9:29 am
Chinese hackers steal unclassified data from Navy contractor:
China has stolen sensitive data related to naval warfare from the computers of a Navy contractor, American officials said on Friday, in another step in the long-running cyberwar between two global adversaries.

The breach occurred this year, the officials said, when Chinese government hackers infiltrated the computers of a company working on a Navy submarine and underwater programs contract. The company, which was not identified, was doing work for the Naval Undersea Warfare Center, which is based in Newport, R.I.

Officials said that the data gleaned by China was unclassified.
Horseshit. It included classified data and they are just trying to keep it under wraps. They have even went so far as to pressure reporters to not detail information they have about Sea Dragon which was included in some of the data taken.

https://www.washingtonpost.com/world/na ... story.html
Taken were 614 gigabytes of material relating to a closely held project known as Sea Dragon, as well as signals and sensor data, submarine radio room information relating to cryptographic systems, and the Navy submarine development unit’s electronic warfare library.

The Washington Post agreed to withhold certain details about the compromised missile project at the request of the Navy, which argued that their release could harm national security.
I would imagine this is what led to to state it was unclassified data.
The data stolen was of a highly sensitive nature despite being housed on the contractor’s unclassified network. The officials said the material, when aggregated, could be considered classified, a fact that raises concerns about the Navy’s ability to oversee contractors tasked with developing ­cutting-edge weapons.
The isn't much research concerning submarines that isn't classified at least as FOUO, it could probably be covered in a 5 page pamphlet.

User avatar
raydude
Posts: 2791
Joined: Mon Oct 18, 2004 9:22 am

Re: Cyberwar - The Hacking Thread

Post by raydude » Sat Jun 09, 2018 10:01 am

Rip wrote:
Sat Jun 09, 2018 9:41 am
Smoove_B wrote:
Sat Jun 09, 2018 9:29 am
Chinese hackers steal unclassified data from Navy contractor:
China has stolen sensitive data related to naval warfare from the computers of a Navy contractor, American officials said on Friday, in another step in the long-running cyberwar between two global adversaries.

The breach occurred this year, the officials said, when Chinese government hackers infiltrated the computers of a company working on a Navy submarine and underwater programs contract. The company, which was not identified, was doing work for the Naval Undersea Warfare Center, which is based in Newport, R.I.

Officials said that the data gleaned by China was unclassified.
Horseshit. It included classified data and they are just trying to keep it under wraps. They have even went so far as to pressure reporters to not detail information they have about Sea Dragon which was included in some of the data taken.

https://www.washingtonpost.com/world/na ... story.html
Taken were 614 gigabytes of material relating to a closely held project known as Sea Dragon, as well as signals and sensor data, submarine radio room information relating to cryptographic systems, and the Navy submarine development unit’s electronic warfare library.

The Washington Post agreed to withhold certain details about the compromised missile project at the request of the Navy, which argued that their release could harm national security.
I would imagine this is what led to to state it was unclassified data.
The data stolen was of a highly sensitive nature despite being housed on the contractor’s unclassified network. The officials said the material, when aggregated, could be considered classified, a fact that raises concerns about the Navy’s ability to oversee contractors tasked with developing ­cutting-edge weapons.
The isn't much research concerning submarines that isn't classified at least as FOUO, it could probably be covered in a 5 page pamphlet.
It's all good as long as it was ZTE doing it. AmiRight?

User avatar
Isgrimnur
Posts: 61125
Joined: Sun Oct 15, 2006 12:29 am
Location: Chookity pok
Contact:
Isgrimnur’s avatar
Snooze

Re: Cyberwar - The Hacking Thread

Post by Isgrimnur » Tue Dec 11, 2018 12:57 pm

WaPo
The Trump administration is preparing a series of actions this week to call out Beijing for what it says are China’s continued efforts to steal America’s trade secrets and advanced technologies and compromise sensitive government and corporate computers, according to U.S. officials.

Multiple government agencies are expected to condemn China, citing a documented campaign of economic espionage and the alleged violation of a landmark 2015 pact to refrain from hacking for commercial gain.

In perhaps the most significant move, the Justice Department is expected to announce the indictments of multiple hackers suspected of working for a Chinese intelligence service and participating in a long-running espionage campaign that targeted U.S. networks.

Along with that, the administration is planning to declassify intelligence relating to the breaches, which date to 2014, and to sanction some of those believed responsible, according to people familiar with the plans.

Other actions are expected, but officials declined to discuss them.

User avatar
GreenGoo
Posts: 40570
Joined: Thu Oct 14, 2004 10:46 pm
Location: Ottawa, ON

Re: Cyberwar - The Hacking Thread

Post by GreenGoo » Tue Dec 11, 2018 2:24 pm

I look forward to seeing how China pins this on Canada somehow.

User avatar
Max Peck
Posts: 7646
Joined: Fri Aug 05, 2005 8:09 pm
Location: Down the Rabbit-Hole

Re: Cyberwar - The Hacking Thread

Post by Max Peck » Wed Jan 30, 2019 12:56 pm

UAE used cyber super-weapon to spy on iPhones of foes
A team of former U.S. government intelligence operatives working for the United Arab Emirates hacked into the iPhones of activists, diplomats and rival foreign leaders with the help of a sophisticated spying tool called Karma, in a campaign that shows how potent cyber-weapons are proliferating beyond the world’s superpowers and into the hands of smaller nations.

The cyber tool allowed the small Gulf country to monitor hundreds of targets beginning in 2016, from the Emir of Qatar and a senior Turkish official to a Nobel Peace laureate human-rights activist in Yemen, according to five former operatives and program documents reviewed by Reuters. The sources interviewed by Reuters were not Emirati citizens.

Karma was used by an offensive cyber operations unit in Abu Dhabi comprised of Emirati security officials and former American intelligence operatives working as contractors for the UAE’s intelligence services. The existence of Karma and of the hacking unit, code named Project Raven, haven’t been previously reported. Raven’s activities are detailed in a separate story published by Reuters today.

The ex-Raven operatives described Karma as a tool that could remotely grant access to iPhones simply by uploading phone numbers or email accounts into an automated targeting system. The tool has limits — it doesn’t work on Android devices and doesn’t intercept phone calls. But it was unusually potent because, unlike many exploits, Karma did not require a target to click on a link sent to an iPhone, they said.

In 2016 and 2017, Karma was used to obtain photos, emails, text messages and location information from targets’ iPhones. The technique also helped the hackers harvest saved passwords, which could be used for other intrusions.
Inside the UAE’s secret hacking team of American mercenaries
Two weeks after leaving her position as an intelligence analyst for the U.S. National Security Agency in 2014, Lori Stroud was in the Middle East working as a hacker for an Arab monarchy.

She had joined Project Raven, a clandestine team that included more than a dozen former U.S. intelligence operatives recruited to help the United Arab Emirates engage in surveillance of other governments, militants and human rights activists critical of the monarchy.

Stroud and her team, working from a converted mansion in Abu Dhabi known internally as “the Villa,” would use methods learned from a decade in the U.S intelligence community to help the UAE hack into the phones and computers of its enemies.

Stroud had been recruited by a Maryland cybersecurity contractor to help the Emiratis launch hacking operations, and for three years, she thrived in the job. But in 2016, the Emiratis moved Project Raven to a UAE cybersecurity firm named DarkMatter. Before long, Stroud and other Americans involved in the effort say they saw the mission cross a red line: targeting fellow Americans for surveillance.

“I am working for a foreign intelligence agency who is targeting U.S. persons,” she told Reuters. “I am officially the bad kind of spy.”
Time and tide melt the snowman.

There are worlds out there where the sky is burning, where the sea's asleep and the rivers dream, people made of smoke and cities made of song. Somewhere there's danger, somewhere there's injustice and somewhere else the tea is getting cold. Come on, Ace, we've got work to do.
-- The Doctor

User avatar
Isgrimnur
Posts: 61125
Joined: Sun Oct 15, 2006 12:29 am
Location: Chookity pok
Contact:
Isgrimnur’s avatar
Snooze

Re: Cyberwar - The Hacking Thread

Post by Isgrimnur » Sun Mar 10, 2019 9:37 pm

Citrix
Citrix today warned its customers that foreign hackers romped through its internal company network and stole corporate secrets.

The enterprise software giant – which services businesses, the American military, and various US government agencies – said it was told by the FBI on Wednesday that miscreants had accessed Citrix's IT systems and exfiltrated files.

According to infosec firm Resecurity, which claimed it had earlier alerted the Feds and Citrix to the cyber-intrusion, at least six terabytes of sensitive internal files were swiped from the US corporation by the Iranian-backed IRIDIUM hacker gang. The spies hit in December, and Monday this week, we're told, lifting emails, blueprints, and other documents. The hackers have ways to bypass multi-factor login systems to slip into private networks, it is claimed.
...
Earlier today, Citrix chief information security officer Stan Black gave his company's side of the story. He said that, as of right now, Citrix does not know exactly which documents the hackers obtained nor how they got in – the FBI thinks it was by brute-force password spraying – nor for how long they may have been camping on the corporate network.

User avatar
Isgrimnur
Posts: 61125
Joined: Sun Oct 15, 2006 12:29 am
Location: Chookity pok
Contact:
Isgrimnur’s avatar
Snooze

Re: Cyberwar - The Hacking Thread

Post by Isgrimnur » Tue May 14, 2019 5:46 pm

WhatsApp
WhatsApp was hacked, and attackers installed sophisticated spyware on an unknown number of people's smartphones.

The Facebook subsidiary, which has 1.5 billion users, said it discovered in early May that "an advanced cyber actor" infected an unknown number of devices with the malware.

The Financial Times, which first reported on the issue on Monday, said bad actors exploited a vulnerability to install the surveillance technology by calling the target through WhatsApp, giving them access to information including location data and private messages. Even if the target didn't pick up, the malware was able to infect the phone.

The FT reported that the spyware was developed by Israel's NSO Group, whose Pegasus software is known to have targeted human-rights activists. In a statement to the FT, the firm denied any involvement in the WhatsApp hack.
...
A notice on Facebook said the issue affected Android phones, iPhones, and Windows phones. An update to resolve the issue was released on Monday, and users are being urged to update regardless of whether they have had any suspicious call activity.

User avatar
coopasonic
Posts: 15975
Joined: Fri Mar 04, 2005 11:43 pm
Location: Dallas-ish

Re: Cyberwar - The Hacking Thread

Post by coopasonic » Thu May 16, 2019 4:08 pm

Isgrimnur wrote:
Tue May 14, 2019 5:46 pm
WhatsApp
A notice on Facebook said the issue affected Android phones, iPhones, and Windows phones. An update to resolve the issue was released on Monday, and users are being urged to update regardless of whether they have had any suspicious call activity.
Good news! Your blackberries are safe!
-Coop

User avatar
Isgrimnur
Posts: 61125
Joined: Sun Oct 15, 2006 12:29 am
Location: Chookity pok
Contact:
Isgrimnur’s avatar
Snooze

Re: Cyberwar - The Hacking Thread

Post by Isgrimnur » Thu May 16, 2019 4:17 pm

Depends on what Blackberry...

Image

Post Reply