Tag Archive for: Frame

Hackers Planted Files to Frame Indian Priest Who Died in Custody

/in


According to Arsenal, Swamy never touched the files himself. After his devices were seized by Pune City Police, those files were among the digital evidence used to charge him and the other Bhima Koregaon 16 defendants with terrorism as well as inciting a riot in 2018 that led to two deaths.

All of Arsenal’s findings, the firm notes, match the earlier cases of evidence fabrication, seemingly carried out by the same hackers, that targeted the two defendants’ machines that Arsenal examined earlier. “Arsenal has effectively caught the attacker red-handed (yet again),” the report adds.

On Swamy’s computer, however, Arsenal also found something new: The hackers seem to have begun what Arsenal calls “antiforensics”—a clean-up operation–on June 11, 2019, deleting files that revealed its access to Swamy’s machine in an apparent attempt to cover their tracks, just a day before Pune Police seized Swamy’s computer on June 12 of that year. Arsenal describes that attempt at anti-forensics as “both unique and extremely suspicious given the computer’s imminent seizure.”

In other words, the hackers wanted to plant fake evidence that could be revealed to incriminate Swamy while also deleting actual evidence of their fabrications that might be discovered in legal proceedings, says Tom Hegel, a researcher for security firm Sentinel One. (Hegel and his colleague Juan Andres Guerrero‑Saade published their own findings on the Bhima Koregaon hacking cases this year.) Hegel argues the timing of that deletion, which he says displays a sloppy urgency, suggests the hackers somehow knew the seizure of Swamy’s devices was coming, and after five years of stealthy access to his computer, scrambled to erase their fingerprints. “The timing and the rushed cleanup effort is, in my opinion, clear evidence of collusion between the police unit and the attackers at that point,” Hegel says.

That cleanup is one of several signs that the hackers who targeted members of the Bhima Koregaon 16 may well have been working in league with the Pune City Police who arrested many of the defendants. Last June, Hegel and Guerrero‑Saade revealed to WIRED that an official in the Pune City Police appears to have added his own email…

Source…

New Ransomware Attack Tries to Frame Security Researchers

/in


This site may earn affiliate commissions from the links on this page. Terms of use.

Most ransomware tries to extract a ransom for the restoration of files, hence the name. Whether or not the nefarious individuals behind the attack hold up their side varies, but a new version of the Azov Ransomware doesn’t bother. Instead of demanding Bitcoin, it tells infected individuals to contact security researchers and cybersecurity publication BleepingComputer, as if they are the authors of the malware. However, this is just an attempt to frame the good guys.

While Azov has some features of ransomware, and it presents itself as such, it’s more accurate to call it a data wiper. The updated malware began appearing on systems over the past few days after purchasing installs via the SmokeLoader malware. People often pick up SmokeLoader on sketchy sites that offer key generators, software cracks, and game cheats. This botnet is used to distribute numerous pieces of nasty hacking software, including other ransomware. There are even people whose systems have been double-encrypted, first by Azov and then by the STOP ransomware.

When introduced on a system, the malware launches itself from a temporary directory, usually with the addition of a Windows registry key. The executable scans all drives on the computer to find files that don’t have ini, exe, or dll extensions. Whenever it finds something else, like a document, image, or video, it encrypts it and appends the .azov file extension to the end.

In each folder containing encrypted files, Azov creates a text document called “RESTORE_FILES.txt,” which you can see above. Usually, this is where your average ransomware would ask for money to decrypt the files. As BleepingComputer reports, the text document claims to be written by Polish security researcher and malware analyst Hasherezade. The document tells users to reach out to Hasherezade, BleepingComputer (and owner Lawrence Abrams), Vitali Kremez, and other cybersecurity pros on Twitter. Hasherezade notes in a statement that it’s common for malware authors to try and frame researchers.

Naturally, none of those people will be able to do anything about the encrypted files, but that’s…

Source…

Police Linked to Hacking Campaign to Frame Indian Activists

/in


police forces around the world have increasingly used hacking tools to identify and track protesters, expose political dissidents’ secrets, and turn activists’ computers and phones into inescapable eavesdropping bugs. Now, new clues in a case in India connect law enforcement to a hacking campaign that used those tools to go an appalling step further: planting false incriminating files on targets’ computers that the same police then used as grounds to arrest and jail them. 

More than a year ago, forensic analysts revealed that unidentified hackers fabricated evidence on the computers of at least two activists arrested in Pune, India, in 2018, both of whom have languished in jail and, along with 13 others, face terrorism charges. Researchers at security firm SentinelOne and nonprofits Citizen Lab and Amnesty International have since linked that evidence fabrication to a broader hacking operation that targeted hundreds of individuals over nearly a decade, using phishing emails to infect targeted computers with spyware, as well as smartphone hacking tools sold by the Israeli hacking contractor NSO Group. But only now have SentinelOne’s researchers revealed ties between the hackers and a government entity: none other than the very same Indian police agency in the city of Pune that arrested multiple activists based on the fabricated evidence.

“There’s a provable connection between the individuals who arrested these folks and the individuals who planted the evidence,” says Juan Andres Guerrero-Saade, a security researcher at SentinelOne who, along with fellow researcher Tom Hegel, will present findings at the Black Hat security conference in August. “This is beyond ethically compromised. It is beyond callous. So we’re trying to put as much data forward as we can in the hopes of helping these victims.”

SentinelOne’s new findings that link the Pune City Police to the long-running hacking campaign, which the company has called Modified…

Source…

Jesse Watters spins facts beyond recognition with claims that Hillary Clinton paid to hack and frame Trump

/in


Fox News host Jesse Watters falsely accused Hillary Clinton of paying hackers to break into former President Donald Trump’s computers and plant fabricated evidence that would frame Trump for collusion with the Russian government.

The elaborate scheme Watters described is a massive distortion of a Feb. 11 court filing that has attracted attention from conservative media in the week after it dropped.

The filing came from special counsel John Durham, selected by former Trump Attorney General William Barr to examine the reasons for the Justice Department’s investigation into Russian interference in the 2016 election. Special counsel Robert Mueller led the initial investigation that culminated in a report published in 2019.

Watters claimed Durham’s work now implicates Clinton.

“If there was ever any doubt that Clinton was behind the Russia hoax, that’s officially gone,” Watters said on his prime-time show Feb. 14. “Durham’s documents show that Hillary Clinton hired people who hacked into Trump’s home and office computers before and during his presidency, and planted evidence that he colluded with Russia. Yeah. You heard that right.”

“Hillary broke into a presidential candidate’s computer server and a sitting president’s computer server, spying on them,” he went on. “There, her hackers planted evidence, fabricated evidence connecting Trump to Russia, then fed that doctored material to the feds and the media.”

None of what Watters said on that program about an effort to hack and frame Trump with fake evidence is borne out by Durham’s filing, which he cited. The document never even mentioned hacking.

Still, the narrative echoed elsewhere on Fox News, where talk of hacking and an offense “worse than Watergate” stretched across programs, according to TVEyes, a media monitoring service.

The chyrons on “Jesse Watters Primetime” on Feb. 14 focused on Hillary Clinton and special counsel John Durham’s investigation. (PolitiFact)

One of the first headlines posted to Fox News’s website inaccurately declared that the Clinton campaign paid to “infiltrate” Trump’s servers. The word “infiltrate” was never used in…

Source…