Tag Archive for: hacking

Former U.S. intel operatives to pay $1.6M for hacking for foreign govt

/in


Former U.S. intel operatives to pay $1.6M for hacking for foreign govt

The U.S. government has entered a Deferred Prosecution Agreement (DPA) with three former intelligence operatives to resolve criminal charges relating to their offering of hacking services to a foreign government.

Between 2016 and 2019, Marc Baier, Ryan Adams, and Daniel Gericke provided their services to a company that ran sophisticated hacking operations for the United Arab Emirates (UAE) government against various targets.

“These services included the provision of support, direction and supervision in the creation of sophisticated “zero-click” computer hacking and intelligence gathering systems – i.e., one that could compromise a device without any action by the target” – the U.S. Department of Justice

Former employees of the U.S. Intelligence Community (USIC) or the U.S. military, the three agreed to pay $1,685,000 in penalties to not be prosecuted for violations of U.S. export control, computer fraud, and access device fraud laws.

Essential U.S. input

After leaving the U.S. government employment, the trio joined the senior management ranks of a UAE company where they coordinated hacking operations against various targets.

They also supervised the creation of two hacking and espionage platforms called KARMA and KARMA 2, used to compromise iPhones belonging to targets of interest to the UAE.

In 2019, journalists at Reuters revealed that the two hacking platforms were used by a clandestine UAE hacking team codenamed Project Raven run through a UAE-based company called DarkMatter.

The unit had more than a dozen former U.S. intelligence operatives helping the UAE with “surveillance of other governments, militants and human rights activists critical of the monarchy.”

KARMA and its successor relied on “zero-click” exploits (no user interaction needed) that enabled collecting sensitive info that allowed access to the targets accounts (email, cloud storage, social network) to steal data.

According to a report from Patrick Howell O’Neill at MIT Technology Review, the vulnerability that the KARMA platform exploited to take full control of a target’s iPhone was in Apple’s iMessage app and it was developed and sold by an American company named Accuvant (merged…

Source…

Ex-US intelligence officers admit hacking for UAE

/in




a tall building in a city: Prosecutors say the men carried out hacking for the UAE without obtaining the required US licences

© Reuters
Prosecutors say the men carried out hacking for the UAE without obtaining the required US licences

Three former US intelligence operatives have admitted to breaking US laws by carrying out hacking operations for the United Arab Emirates.

US prosecutors said the men had agreed to pay $1.7m (£1.2m) to resolve charges of computer fraud, access device fraud and violating export controls.

They worked for an unnamed UAE-based firm and allegedly hacked into servers, computers and phones around the world.

There was no immediate comment from the men or Emirati officials.

Earlier this year, the UAE was accused of using malware from the Israeli company NSO Group to spy on journalists, dissidents and rival governments.

The US justice department said the former intelligence officers – US citizens Marc Baier and Ryan Adams, and former US citizen Daniel Gericke – initially worked for a US company that provided cyber services to a UAE government agency in compliance with the International Traffic in Arms Regulations (ITAR).

The regulations require companies to obtain pre-approval from the US government prior to releasing information regarding a hacking operation and to agree not to target US citizens and permanent residents or US entities.

In 2016, the three men joined the UAE-based company as senior managers and began carrying out hacking operations for the benefit of the UAE government without obtaining the required licences from the US, according to the justice department.

Over the next three years, it alleged, they supervised the creation of two similar sophisticated “zero-click” computer hacking and intelligence gathering systems – “Karma” and “Karma 2” – that could compromise a device without any action by the target and allowed users to access tens of millions of devices made by a US technology company that was not identified.

The justice department said employees of the company had leveraged the systems to illegally obtain and use credentials for online accounts issued by US companies, and to obtain unauthorised access to computers and mobile phones around the world, including in the US.

“Hackers-for-hire and those who otherwise support such activities in violation of US law…

Source…

‘OMIGOD’ Microsoft Azure vulnerabilities expose users to hacking

/in


A range of recently revealed vulnerabilities in Microsoft Corp.’s Azure remain vulnerable to exploitation as customers may be required to apply the patch manually.

Dramatically dubbed OMIGOD by researchers at Wiz Inc. in a notice Tuesday, the vulnerabilities relate to the Open Manage Infrastructure agent that’s deployed when Azure users set up a Linux virtual machine in the cloud and enable certain Azure services. Attackers can use the four vulnerabilities to obtain root privileges and execute malicious code, including ransomware with file encryption.

According to Sophos, one of the vulnerabilities is a bug that boils down to “a laughably easy trick” because it requires no password. Rather than guessing a valid authentication token to insert into a fraudulent OMI web request, simply omitting all mention of the authentication token delivers access.

The vulnerabilities affect users of Azure services, including Automation, Automatic Update, Operations Management Suite, Log Analytics, Configuration Management, Diagnostics and Container Insights.

In a typical case of vulnerabilities being revealed, particularly with cloud-based services, patches would be applied, but this is not a typical case. Microsoft offered a patch in August, but Azure services remain exposed.

The problem is that users may have to apply the patches themselves, even though the issue resides in Azure Linux installs. Complicating the matter further, many users may not be aware that they have OMI installed, since it’s installed when users add one of those Azure services.

The Wiz researchers conservatively estimate that thousands of Azure customers and millions of endpoints are affected. Further, they noted, it might not just be those using Azure who are affected, since OMI is also independently installed on other Linux machines and is often used on-premises.

“Management agents like OMI are part of the overall attack surface for a deployed system and as such need to be accounted for within the threat models associated with the application,” Tim Mackey, principal security strategist at electronic designed automation firm Synopsys Inc.’s Cybersecurity Research Center, told SiliconANGLE.

“Put…

Source…

Ken Westin Discussing Mobile Security with KGW – Smartphone Security

/in