Tag Archive for: locked

Dutch suspect locked up for alleged personal data megathefts – Naked Security

/in


The Public Prosecution Service in the Netherlands [Dutch: Openbaar Ministerie] has just released information about an unnamed suspect arrested back in December 2022 for allegedly stealing and selling personal data about tens of millions of people.

The victims are said to live in countries as far apart as Austria, China, Columbia, the Netherlands itself, Thailand and the UK.

Apparently, the courts have taken a strict approach to this case, effectively keeping the arrest secret from late 2022 until now, and not allowing the suspect out on bail.

According to the Ministry’s report, a court order about custody was made in early December 2022, when the authorities were given permission to keep the suspect locked up for a further 90 days, meaning that they can hold him until at least March 2023 as work on his case continues.

The suspect is being investigated for multiple offences: possessing or publishing “non-public” data, possessing phishing software and hacking tools, computer hacking, and money laundering.

The prosecutors claim that he laundered close to half-a-million Euros’ worth of cryptocurrency during 2022, so we’re assuming that the court considered him a flight risk, decided that if released he might be able to destroy evidence and, presumably, thought that he might try to warn others in the cybercrime forums where he’d been active to start covering their tracks, too.

Governmental breach?

Intriguingly, the investigation was triggered by the appearance on a cybercrime forum of a multi-million record stash of personal data relating to Austrian residents.

Those data records, it seems, turned out to have a common source: the company responsible for collecting radio and TV licence fees in Austria.

Austrian cops apparently went undercover to buy up a copy of the stolen data for themselves, and in the process of doing so (their investigative methods, unsurprisingly, weren’t revealed) identified an IP number that was somehow connected to the username they’d dealt with on the dark web.

That IP number led to Amsterdam in the Netherlands, where the Dutch police took the investigation further.

As the Dutch Ministry writes:

The team has strong indications that…

Source…

Should hospital ransomware attackers be locked up for life? [Audio + Text] – Naked Security

/in


Should hospital ransomware attackers get life in prison? Who was the Countess of Computer Science, and just how close did we come to digital music in the 19th century? And could a weirdly wacky email brick your iPhone?

With Doug Aamoth and Paul Ducklin.

DOUG.  Legal troubles abound, a mysterious iPhone update, and Ada Lovelace.

All that and more on the Naked Security Podcast.

[MUSICAL MODEM]

Welcome to the podcast, everybody.

I am Doug Aamoth; he is Paul Ducklin.

Paul, how do you do today, Sir?

DUCK.  I’m very well, Doug…

…except for some microphone problems, because I’ve been on the road a little bit.

So if the sound quality isn’t perfect this week, it’s because I’ve had to use alternative recording equipment.

DOUG.  Well, that leads us expertly into our Tech History segment about imperfection.

DUCK.  [IRONIC] Ohhhhh, thanks, Doug. [LAUGHS]

DOUG.  On 11 October 1958, NASA launched its first space probe, the Pioneer One.

It was meant to orbit the moon, but failed to reach lunar orbit thanks to a guidance error, fell back to Earth, and burned up upon re-entry.

Though it still collected valuable data during its 43 hour flight.

DUCK.  Yes, I believe it got to 113,000km above the Earth… and the Moon is just shy of 400,000 kilometres away.

My understanding is it went off target a bit and then they tried to correct, but they didn’t have the granularity of control that they do these days, where you run the rocket motor for a little tiny burst.

So they corrected, but they could only correct so much… and in the end they figured, “We’re not going to make it to the moon, but maybe we can get it into a high Earth orbit so it’ll keep going around the Earth and we can keep getting scientific measurements?”

But in the end it was a question of, “What goes up… [LAUGHS] must come down.”

DOUG.  Exactly. [LAUGHS]

DUCK.  And, as you say, it was like shooting a very, very, very powerful bullet way into outer space, well above the Kármán line, which is only 100km, but in such a direction that it didn’t actually escape the influence of the Earth altogether.

DOUG.  Pretty good for a first try, though?

I mean, not bad… that’s 1958, what…

Source…

Locked out of ‘God Mode’, runners hack treadmills – Bestgamingpro

/in


Just wanted to watch cloud security tutorials, right? Construction worker on sabbatical Howard spent $4,000 on a NordicTrack X32i treadmill, lured in by its 32-inch HD screen and the opportunity to exercise body and mind.

NordicTrack’s hardware, despite its enormous screen, encourages customers to subscribe to iFit, the company’s parent firm’s exercise software. You can’t watch videos from other applications or external sources on this device. iFit has content including workout routines and jogging routes that alter the treadmill’s incline based on the terrain shown on the screen.

To access his X32i, Howard only needed to tap the touchscreen 10 times, wait seven seconds, and then repeat the process 10 more times. This allowed Howard to gain entry to the Android operating system beneath it.

NordicTrack does not promote privilege mode as a client benefit, but it is nevertheless well-known. Several unauthorized manuals instruct people how to get inside their equipment, and even iFit’s support pages explain how to use it. Howard explains that he bought the X32i mainly because he could access God mode.

Since mid-October, NordicTrack has been automatically upgrading all of its exercise equipment—including bikes, ellipticals, and rowing machines—to prevent users from entering privilege mode.

“I got exactly what I paid for,” says Howard, who already owned a “poor” treadmill with no screen before buying the Internet-connected version and is also a member of iFit. “Now they’re trying to take away [features] that are really important to me.

Customers aren’t the only ones who are complaining. In recent weeks, a slew of threads and postings have surfaced online expressing dissatisfaction with NordicTrack and iFit’s decision to restrict privilege mode.

“The block on privilege mode was automatically enabled because we believe it enhances security and safety while using fitness equipment with numerous moving parts,” according to a spokesperson for NordicTrack and iFit. The company has never marketed its products as being able to use other apps, the spokesperson adds.

Source…

Locked out of “God mode,” runners are hacking their treadmills

/in


NordicTrack owners aren’t giving up the fight just yet.
Enlarge / NordicTrack owners aren’t giving up the fight just yet.

Sam Whitney | Getty Images

JD Howard just wanted to watch cloud security tutorials. Howard, a construction industry worker on sabbatical, spent $4,000 on a NordicTrack X32i treadmill, lured in by its 32-inch HD screen and the opportunity to exercise body and mind. His plan was to spend his time away from work exercising while watching technical videos from learning platforms such as Pluralsight and Udemy. But his treadmill had other ideas.

Despite having a huge display strapped to it, NordicTrack’s hardware pushes people to subscribe to exercise software operated by iFit, its parent company, and doesn’t let you watch videos from other apps or external sources. iFit’s content includes exercise classes and running routes, which automatically change the incline of the treadmill depending on the terrain on the screen. But Howard, and many other NordicTrack owners, weren’t drawn to the hardware by iFit’s videos. They were drawn in by how easy the fitness machines were to hack.

To get into his X32i, all Howard needed to do was tap the touchscreen 10 times, wait seven seconds, then tap 10 more times. Doing so unlocked the machine—letting Howard into the underlying Android operating system. This privilege mode, a sort of God mode, gave Howard complete control over the treadmill: he could sideload apps and, using a built-in browser, access anything and everything online. “It wasn’t complicated,” Howard says. After accessing privilege mode he installed a third-party browser that allowed him to save passwords and fire up his beloved cloud security videos.

While NordicTrack doesn’t advertise privilege mode as a customer feature, its existence isn’t exactly a secret. Multiple unofficial guides tell people how to get into their machines, and even iFit’s support pages explain how to access it. The whole reason Howard bought the X32i, he says, was because he could access God mode. But the good times didn’t last long.

Since October, NordicTrack has been automatically updating all of its…

Source…