Tag Archive for: Damage

Hackers are waging a guerrilla war on tech companies, revealing secrets and raising fears of collateral damage

/in


A chain of recent, devastating hacks is exposing some of the Internet’s most fiercely guarded secrets, stepping up a guerrilla struggle between tech firms and anonymous hackers and raising fears that everyday Internet users could get caught in the crossfire.



An advertising board for Twitch during the 2016 Electronic Entertainment Expo video game conference in Los Angeles. (Photo by Frederic J. Brown / AFP via Getty Images)

© Frederic J. Brown/AFP/Getty Images
An advertising board for Twitch during the 2016 Electronic Entertainment Expo video game conference in Los Angeles. (Photo by Frederic J. Brown / AFP via Getty Images)

Hackers this week dumped a colossal haul of data stolen from Twitch, the Amazon-owned streaming site, revealing what they said was not just the million-dollar payouts for its most popular video game streamers but the site’s entire source code — the DNA, written over a decade, central to keeping the company alive.

Loading...

Load Error

That followed the hack by the group Anonymous that exposed the most crucial inner workings of Epik, an Internet services company popular with the far right, and triggered firings and other consequences for some of the company’s clients whose identities had previously been undisclosed.

The Epik hack also made way for breaches into the websites of the Texas GOP, one of America’s biggest state party affiliates, and the Oath Keepers, a far-right militia group that contributed to the storming of the U.S. Capitol on Jan. 6. A California sheriff faced calls for his resignation this week after the hack showed evidence that he had been a member of the group in 2014.

The perpetrators of these hacks are distancing themselves from financially driven cybercriminals and ransomware gangs by portraying their attacks as moral crusades against what they said were the companies’ sins. In celebratory notes released alongside their data dumps, the Epik hackers said they were sick of the company serving hateful websites, while the Twitch hackers used a hashtag criticizing company efforts to confront harassment and said the site had become a “disgusting cesspool.”

“Jeff Bezos paid $970 million for this,” the hackers wrote, referring to the price Amazon paid to buy the company in 2014. “We’re giving it away FOR FREE.” (Bezos, Amazon’s founder, owns The Washington…

Source…

Singtel Suffers Zero-Day Cyberattack, Damage Unknown – Threatpost

/in



Singtel Suffers Zero-Day Cyberattack, Damage Unknown  Threatpost

Source…

Hack may have exposed deep US secrets; damage yet unknown

/in


BOSTON (AP) — Some of America’s most deeply held secrets may have been stolen in a disciplined, monthslong operation being blamed on elite Russian government hackers. The possibilities of what might have been purloined are mind-boggling.

Could hackers have obtained nuclear secrets? COVID-19 vaccine data? Blueprints for next-generation weapons systems?

It will take weeks, maybe years in some cases, for digital sleuths combing through U.S. government and private industry networks to get the answers. These hackers are consummate pros at covering their tracks, experts say. Some theft may never be detected.

What’s seems clear is that this campaign — which cybersecurity experts say exhibits the tactics and techniques of Russia’s SVR foreign intelligence agency — will rank among the most prolific in the annals of cyber-espionage.

U.S. government agencies, including the Treasury and Commerce departments, were among dozens of high-value public- and private-sector targets known to have been infiltrated as far back as March through a commercial software update distributed to thousands of companies and government agencies worldwide. A Pentagon statement Monday indicated it used the software. It said it had “issued guidance and directives to protect” its networks. It would not say — for “operational security reasons” — whether any of its systems may have been hacked.

On Tuesday, acting Defense Secretary Chris Miller told CBS News there was so far no evidence of compromise.

In the months since the update went out, the hackers carefully exfiltrated data, often encrypting it so it wasn’t clear what was being taken, and expertly covering their tracks.

Thomas Rid, a Johns Hopkins cyberconflict expert, said the campaign’s likely efficacy can be compared to Russia’s three-year 1990s “Moonlight Maze” hacking of U.S. government targets, including NASA and the Pentagon. A U.S. investigation determined the height of the documents stolen — if printed out and piled up — would triple the height of the Washington Monument.

In this case “several Washington Monument piles of documents that they took from different government agencies is probably a realistic estimate,” Rid said. “How would they use that?…

Source…

Government agencies, private companies secure networks, begin to assess damage from massive hack

/in


WASHINGTON — U.S. government agencies and private companies rushed Monday to secure their computer networks following the disclosure of a sophisticated and long-running cyber-espionage intrusion that experts said almost certainly was carried out by a foreign state.

It was not yet clear who was responsible for the intrusion, though it was reportedly conducted by Russia, and the extent of the damage is not yet known. The potential threat was significant enough that the Department of Homeland Security’s cybersecurity unit directed all federal agencies to remove compromised network management software and thousands of companies were expected to do the same.

What was striking about the operation was its potential scope as well as the manner in which the perpetrators managed to pierce cyber defenses and gain access to email and internal files at the Treasury and Commerce departments and potentially elsewhere. It was stark evidence of the vulnerability of even supposedly secure government networks, even after well-known previous attacks.

“It’s a reminder that offense is easier than defense and we still have a lot of work to do,” said Suzanne Spaulding, a former U.S. cybersecurity official who is now a senior adviser to the Center for Strategic and International Studies.

The campaign came to light when a prominent cybersecurity firm, FireEye, learned it had been breached. FireEye
FEYE,
-1.16%
would not say who it suspected, though many experts quickly suspected Russia given the level of skill involved, and alerted that foreign governments and major corporations were also compromised.

U.S. authorities acknowledged that federal agencies were part of the breach on Sunday, providing few details. The Cybersecurity and Infrastructure Security Agency, known as CISA, said in an unusual directive that the widely used network software SolarWinds had been compromised and should be removed from any system using it.

The national cybersecurity agencies of Britain and Ireland issued similar alerts.

SolarWinds
SWI,
-16.69%
is used by hundreds of thousands of organizations around the world, including most Fortune 500 companies and multiple…

Source…