Tag Archive for: mystery

The Sheikh, the Businessman and a Hacking Mystery on 3 Continents

/in


Though the judge questioned the credibility of that story, his ruling against Mr. Azima should have ended the case. But soon, a reporter with Reuters contacted one of his lawyers and said the news organization had records indicating that BellTroX had sent him phishing emails.

Mr. Azima, Mr. Massaad, their lawyers and other associates would uncover over 150 phishing emails, sent to them between 2015 and 2017, that bore the fingerprints of BellTroX, court filings state.

Mr. Azima’s lawyers then hired a private investigator. That investigator, Jonas Rey, stated in an affidavit filed in Mr. Azima’s London lawsuit that an unnamed associate in India put him in touch with a computer specialist who used to work at CyberRoot.

According to the investigator’s affidavit, that ex-employee, Vikash Kumar Pandey, told him that CyberRoot had used BellTroX’s hacking infrastructure to send phishing emails because it lacked the technical ability to do so. Mr. Pandey also allegedly said Mr. Del Rosso, the private detective, had directed CyberRoot’s actions.

Records show that Mr. Del Rosso’s firm paid CyberRoot over $1 million between 2015 and 2017. Last year, Mr. Azima sued Mr. Del Rosso in a federal court in North Carolina, accusing him of hacking.

Mr. Del Rosso, who did not respond to emails seeking comment, has rejected the allegation and said in court papers that all his payments to CyberRoot were for legitimate services. He added that he had never heard of Mr. Pandey. The other investigator, Mr. Page, who did not respond to requests for comment, has denied any role in hacking.

The lawsuit filed by Mr. Azima is not expected to go to trial in London until next year, and Mr. Pandey, the computer specialist, is unlikely to testify.

Source…

Have you tried… hacking under house arrest in cyberpunk mystery Song of Farca?

/in


In Song of Farca, you have to experience everything through a computer screen, which is something that feels very familiar in the age of working from home and endless Zoom calls. Sadly, unlike hero Isabella Song, my days involved more spreadsheets, less catching serial killers and spying on goat-obsessed heiresses. She’s a hacker under house arrest, called on by various people to help investigate their gruesome and ghastly cases. 

Straight away the UI of the game will catch your eye. It splits the screen in two, with Izzy and her dog Scooter pottering around her apartment in the top half, and Izzy’s computer on the bottom. You can only control what happens through her computer, but there’s just something humanizing about seeing her grab a snack or looking out of her window before she wanders over to her desk. It helps to see her that way too, because you’re going to be doing a lot of shady stuff while you’re investigating. Invading people’s privacy by hacking security cameras, stalking their online presence, and operating in the greyest of moral areas. 

Digital detective

But then the people she’s investigating aren’t exactly angels. There are the people stealing robots for eTerrier dogfights, blackmailers using someone’s previous sex work as collateral, cybernetically enhanced killers, and a family that makes Succession’s Roys look like the Brady Bunch. It’s these stories that make the game absolutely addictive, even when you’re hacking what feels like your sixteenth security camera or struggling to present the right evidence to someone in one of the game’s many video calls with persons of interest. The whole thing plays out against a backdrop of a near-future where technology companies, and those that know how to take advantage of their wares, wield all the power. 

Song of Farca

(Image credit: Wooden Monkeys)

Izzy knows how to make the most of the loopholes that this world presents, and as well as using security cameras to give her access to people’s private spaces – each one a little logic puzzle where people might need to be distracted by a malfunctioning coffee machine or robot vacuum – to hack their laptops and phones, she can use her AI, Maurice, to analyze the evidence she finds. Photos…

Source…

Juniper breach mystery starts to clear with new details on hackers and US role

/in


Days before Christmas in 2015, Juniper Networks Inc. alerted users that it had been breached. In a brief statement, the company said it had discovered “unauthorized code” in one of its network security products, allowing hackers to decipher encrypted communications and gain high-level access to customers’ computer systems.

Further details were scant, but Juniper made clear the implications were serious: It urged users to download a software update “with the highest priority.”

More than five years later, the breach of Juniper’s network remains an enduring mystery in computer security, an attack on America’s software supply chain that potentially exposed highly sensitive customers including telecommunications companies and U.S. military agencies to years of spying before the company issued a patch.

Those intruders haven’t yet been publicly identified, and if there were any victims other than Juniper, they haven’t surfaced to date. But one crucial detail about the incident has long been known — uncovered by independent researchers days after Juniper’s alert in 2015 — and continues to raise questions about the methods U.S. intelligence agencies use to monitor foreign adversaries.

The Juniper product that was targeted, a popular firewall device called NetScreen, included an algorithm written by the National Security Agency. Security researchers have suggested that the algorithm contained an intentional flaw — otherwise known as a backdoor — that American spies could have used to eavesdrop on the communications of Juniper’s overseas customers. NSA declined to address allegations about the algorithm.

Juniper’s breach remains important — and the subject of continued questions from Congress — because it highlights the perils of governments inserting backdoors in technology products. 

“As government agencies and misguided politicians continue to push for backdoors into our personal devices, policymakers and the American people need a full understanding of how backdoors will be exploited by our adversaries,” Senator Ron Wyden, a Democrat from Oregon,…

Source…

A Mystery Malware Stole 26 Million Passwords From Windows PCs

/in


Researchers have discovered yet another massive trove of sensitive data, a dizzying 1.2 TB database containing login credentials, browser cookies, autofill data, and payment information extracted by malware that has yet to be identified.

In all, researchers from NordLocker said on Wednesday, the database contained 26 million login credentials, 1.1 million unique email addresses, more than 2 billion browser cookies, and 6.6 million files. In some cases, victims stored passwords in text files created with the Notepad application.

The stash also included over 1 million images and more than 650,000 Word and PDF files. Additionally, the malware made a screenshot after it infected the computer and took a picture using the device’s webcam. Stolen data also came from apps for messaging, email, gaming, and file-sharing. The data was extracted between 2018 and 2020 from more than 3 million PCs.

The discovery comes amid an epidemic of security breaches involving ransomware and other types of malware hitting large companies. In some cases, including the May ransomware attack on Colonial Pipeline, hackers first gained access using compromised accounts. Many such credentials are available for sale online.

Alon Gal, cofounder and CTO of security firm Hudson Rock, said that such data is often first collected by stealer malware installed by an attacker attempting to steal cryptocurrency or commit a similar type of crime.

The attacker “will likely then try to steal cryptocurrencies, and once he is done with the information, he will sell to groups whose expertise is ransomware, data breaches, and corporate espionage,” Gal told me. “These stealers are capturing browser passwords, cookies, files, and much more and sending it to the [command and control server] of the attacker.”

NordLocker researchers said there’s no shortage of sources for attackers to secure such information.

“The truth is, anyone can get their hands on custom malware,” the researchers wrote. “It’s cheap, customizable, and can be…

Source…