Tag Archive for: names

A Hacker, by Many Other Names

/in


In Word Through The Times, we trace how one word or phrase has changed throughout the history of the newspaper.

On Sept. 14, 1998, the reporter Amy Harmon covered a disturbance at her workplace: “A group calling for the release of Kevin Mitnick, the imprisoned computer criminal, commandeered The New York Times site,” she wrote. It was “the first time that hackers have penetrated the Web site of a major news organization.” (The website was secured later that day.)

The origin of the word “hacking” as it relates to interfering with data or a computer is often traced to M.I.T. in the mid-1950s. As the legend goes, students used the term to refer to pranks that involved meddling with technology and showed the cleverness of the prankster. Minutes from a meeting of the school’s Tech Model Railroad Club in 1955 included the word: A student requested “that anyone working or hacking on the electrical system turn the power off to avoid fuse blowing.” (“Hackers,” a 1984 book by Steven Levy, credits the club with shaping modern hacker culture.) The word “hacker,” or one who is good at computer programming quickly, was later added to The Jargon File, a dictionary of programming slang.

But “hack” has a far less thrilling origin story. According to Webster’s New World Dictionary, “hack,” when used as a verb, means “to give harsh, dry coughs” or “to make rough or irregular cuts.” In 1964, a Times article covering an art exhibit described one sculptor as “a real lively hacker of stone.” (The exhibition’s catalog also described him as “a strong and tender troll.”)

Today, the word “hacking” generally has a negative connotation, just as “hackers” generally have a bad reputation. (The Times’s stylebook notes that a hacker “originally referred to any skilled manipulator of software. It now connotes mischievous, malicious or illegal manipulation.”) But some can see the benefit of so-called white-hat hacking. In 2017, the technology reporter Kevin Roose pondered the topic in a Times article on ethical hacking: “What if the problem we face is not too many bad hackers,” he wrote, “but too few good ones?”

Both schools of thought may have…

Source…

Darktrace Denies Getting Hacked After Ransomware Group Names Company on Leak Site

/in


Cybersecurity company Darktrace issued a statement on Thursday after it was named on the leak website of the LockBit ransomware group.

“Earlier this morning we became aware of tweets from LockBit, the cyber-criminal gang, claiming that they had compromised Darktrace’s internal security systems and had accessed our data. Our security teams have run a full review of our internal systems and can see no evidence of compromise,” Darktrace said.

“None of the LockBit social media posts link to any compromised Darktrace data. We will continue to monitor the situation extremely closely, but based on our current investigations we are confident that our systems remain secure and all customer data is fully protected,” it added.

The statement was issued after a post on LockBit’s leak website seemed to suggest that the ransomware group had targeted Darktrace. The post suggested that data was stolen from Darktrace and that the cybercriminals were asking for a $1 million ransom.

However, it appears that Darktrace was not hacked — or even targeted — by LockBit. Instead, the entry on the LockBit leak website apparently comes in response to a recent Twitter post from Singapore-based threat intelligence firm DarkTracer, which is not related in any way to Darktrace.

“The reliability of the RaaS service operated by LockBit ransomware gang seems to have declined,” DarkTracer said on Wednesday, referring to junk data being posted on the LockBit leak website. 

The fake data on the LockBit site was apparently test data posted by the hackers while doing maintenance. 

The cybercriminals were not happy with DarkTracer’s allegations, but confused it with UK-based Darktrace and published a post suggesting that they had hacked Darktrace. These types of mistakes are not uncommon for ransomware groups. 

It’s worth noting that there is also no evidence that LockBit targeted DarkTracer either. 

LockBit last year claimed to have stolen hundreds of gigabytes of data from cybersecurity firm Entrust. The company confirmed that some systems used for internal operations had been breached and that some files had been stolen, but has still not publicly shared additional information on the…

Source…

Six Common Ways That Malware Strains Get Their Names

/in


You’re likely familiar with the names of common malware strains such as MOUSEISLAND, Agent Tesla and TrickBot. But do you know how new malware threats get their names?

As a cybersecurity writer, I quickly add new strains to my vocabulary. But I never knew how they came to have those names in the first place. After writing numerous articles on malware, I decided to dig deep into the naming conventions to shed some light on that question. As it turns out, a name can tell you a lot about the malware itself — but it can also sow some confusion. 

Threat Group Names

First, let’s talk about the difference between group names and malware strain names since they often intertwine and sometimes impact each other. With a one-hit-wonder group or a group with no known name, occasionally, the malware shares the group name. However, in most cases, there is a unique name for both the group and the malware.

You can often learn a lot about a group from its name. Group names often reference the nation-state associated with the group, such as Bear for Russia and Panda for China. The name often reflects the group’s motivation as well. “Spider” in the name means that money motivates a group, and “Jackals” refer to hacktivists.

A Few Common Naming Conventions

Now let’s get back to the question of how malware strains themselves are named. The short answer is that strains are named in several different ways. Of course, there are always outliers that get their names in a totally different way, so these are just common examples.

Typically if a cyber criminal doesn’t name their strain themselves, a cybersecurity researcher creates the name. The primary researcher of the strain or attack will usually come up with the name, and they sometimes assign one that seems random — but there is usually a pattern or at least some loose methodology.

And yes, that has led to many issues — especially misidentification and misnaming. Without an industry-wide database that lists the official names of all strains, some strains even end up with multiple names. Because many strains turn into families, researchers and the media must use consistent naming conventions. Otherwise, these labels can cause…

Source…

Hacking Forum Exposes Entire US No Fly List Of Over 1.5M Names As TSA Investigates

/in


hero hacking forum exposes us no fly list tsa investigates news
Earlier this month, a Swiss hacker who goes by the name maia arson crimew exfiltrated a copy the US government’s No Fly List from an insecure server. This list, which names individuals who are forbidden from flying anywhere within US borders, is a subset of the Terrorist Screening Database and is kept hidden from the public. However, this list is now publicly available after an unknown actor posted the version accessed by crimew to BreachForums.

Crimew originally came into possession of this list when browsing the Jenkins servers on ZoomEye, which, similar to Shodan, lets users search for servers connected to the internet. The hacker happened to come across a Jenkins server operated by the airline CommuteAir. After digging through this server for a time, crimew discovered credentials for the company’s Amazon Web Services (AWS) infrastructure. The hacker then used the credentials to connect to this infrastructure, which crimew found to contain a 2019 copy of the No Fly List, as well as a “selectee” list. This second list likely names all those who are subject to Secondary Security Screening Selection (SSSS).

In a blog post published by crimew, the hacker acknowledges that these lists are sensitive in nature before stating, “[I] believe it is in the public interest for this list to be made available to journalists and human rights organizations.” Crimew accordingly made the lists available for access upon request, requiring that applicants be journalists, researchers, or other parties with legitimate interest. The service hosting the lists, Distributed Denial of Secrets, further states that requests will probably be rejected if interested individuals don’t provide sufficient information to verify their identities and if said individuals are “hacktivist[s] that want to exploit the data” or “researcher[s] without a clear journalist or academic project.”

breach forums post tsa no fly list
BreachForums post sharing the No Fly List (click to enlarge)

Despite the apparent limitations on who can access this information, someone managed to obtain a copy of the lists and posted them for free on BreachForums. According to BleepingComputer, the No Fly List contains 1,566,062 entries and the…

Source…