Posts Tagged ‘hacking’

Full text of ICA-2017-1 – Assessing Russian Activities and Intentions in Recent US Elections (with annotations)

// January 8th, 2017 // No Comments » // Politics and legal

The following was released to the general public on January 6, 2017 by the DNI (Director of National Intelligence). In short, the release accuses Russia of attempting to influence the US’s 2016 election using a persona known as Guccifer 2.0 to release stolen (hacked) documents via Wikileaks. Regular readers will not be surprised by the […]

How we know Russia hacked the US election – analysis of the DNC hack (and why Assange and Guccifer 2.0 are best buds)

// December 13th, 2016 // No Comments » // Hacking and Security

Assange served as the gateway for stolen US government documents that appeared to be an attempt to influence the US election process. The documents were rumored to come from the Russian government and an enigmatic lone-wolf hacker known as Guccifer 2.0.

The Shadow Brokers dropped another server list today–is it relevant?

// October 31st, 2016 // No Comments » // Hacking and Security

The Shadow Brokers published another encrypted drop today on Medium which they say reveals NSA IP addresses linked to the Equation Group (some believe Equation Group is a NSA hacking cooperative). TSB’s drop uses the same PGP as previous drops so it appears to be legit.

Why we should fear Mirai and IoT botnets (and how stupidly simple it is to quash those fears)

// October 24th, 2016 // No Comments » // Hacking and Security

The first thought for anyone who has examined the Mirai codebase is how well the application was coded. The second thought is how easy it would be to disable. Being a C&C server inherently means you can control the Mirai botnet with it – even to the point of shutting it down – permanently.

A day in the life of a Bug Bounty hunter – demo of productive hacking session against Yelp

// September 9th, 2016 // No Comments » // Hacking and Security

Offering bounties worth thousands, even millions of dollars, bug bounties pay hackers to report vulnerabilities. The process is pretty simple. The hacker sends the vulnerability report to the company, the company patches the vulnerably, the bounty paid, and finally, the vulnerability disclosed. Everyone wins. Usually.

Windows Subsystem for Linux (WSL) – how to create a Linux hacking toolkit that runs on Windows 10

// August 6th, 2016 // No Comments » // Hacking and Security

Forget running Kali in a virtual machine (well, at least put it aside for a while). The Windows 10 Anniversary Update includes a whack new feature – Windows Subsystem for Linux or WSL. Using the new LxssManager service, WSL lets you run a full-featured Ubuntu Linux subsystem on Windows 10.

The United States is outsourcing its Cyberspace (Cyber Command) Operations – really?

// November 16th, 2015 // No Comments » // Hacking and Security

It’s a draft title Task Order Request for Cyberspace Operations Support Services in support of United States Cyber Command (USCYBERCOM). Oh, brother. That means the U.S. has bungled their cybersecurity so badly they’re now willing to outsource, and trust, this critical national security task to an outside contractor. Even a partner outside of the U.S. […]

Probe finds that contractors working on military code outsourced some tasks to Russian coders

// November 6th, 2015 // No Comments » // Hacking and Security

After conclusion of a four-year probe, contractors who worked on U.S. military code are being fined a combined $12.75 million. As it turns out, some contractors outsourced coding tasks to Russian. No words can convey the level of stupidity here (hey, let’s get Al-Qaeda to build US airplanes!).

Interesting geographic attack vector from a Russian launched cyber counter-attack

// July 14th, 2015 // No Comments » // Hacking and Security

I love the Russians. I know, strange to hear that from an American in modern day with a new “cold war” (seemingly) beginning to gain steam. Let’s say, I respect them. Their hackers in particular. Their response to a cyberattack is to launch a full-on offensive attack against the attacker, quite a different response from […]

Are Wild Neutron’s latest attacks related to the zero-day exploit(s) in Hacking Team’s drop?

// July 10th, 2015 // No Comments » // Hacking and Security

Both Kaspersky and Symantec released reports this week pointing out the increase in attacks by Wild Neutron (aka Jripbot, Morpho, or Butterfly). WN had gone mostly dormant (or undetected?) since 2013 after hitting Apple, Facebook, Twitter, and Microsoft using zero-day Java exploits (seeded in the hacked forums of various websites) and the OSX/Pintsized Mac OS […]

Imagine if we couldn’t report the news. Better yet, imagine you are Barrett Brown.

// January 23rd, 2015 // No Comments » // Hacking and Security

Imagine a cybercrime has occurred. 200 gigabytes of data have been stolen and posted on a remote site. The remote site is public, easily accessible to all. An experienced journalist (Barrett Brown) reports the location of the stolen data.

Guardians of Peace (GOP) release Sony CEO Outlook data file with threat to movie goers

// December 16th, 2014 // No Comments » // Hacking and Security

A Pastebin dump attributed to Guardians of Peace (GOP) was released a few hours ago followed by the purported screenplay for the upcoming movie The Interview. In the dump, the GOP continued to harp on their Christmas Day threat while including an invite to the public for special “requests”. The dump included another little surprise […]

Interesting list of Chinese filtered words, banned domains, and potential username/passwords

// December 12th, 2014 // No Comments » // Hacking and Security

That China filters their Internet traffic is no secret – their societal system (many believe) requires that information be filtered. What is more interesting, are the *words* that are filtered. Several research groups have studied China’s walled-off Internet infrastructure (via search engine results, reverse engineered software and hardware products, leaked router or firewall settings, etc.) […]

After loss of pre-release movies and confidential data – Sony goes on the offensive with DoS attacks

// December 11th, 2014 // No Comments » // Hacking and Security

fter the data breach and loss of pre-release films and confidential data in late November, Sony takes an offensive stance – and I like what I’m seeing. According to reports, Sony is using a deluge of Amazon cloud servers in Tokyo and Singapore to conduct DoS attacks against torrent seeds and websites hosting their stolen […]

Rough start for Apple Pay alternative – CurrentC mobile payment data systems hacked today

// October 29th, 2014 // No Comments » // Hacking and Security

MCX’s CurrentC payment system, the alternative to Apple Pay backed by Walmart, Best Buy, CVS, Rite Aid, Gap, and others, was hacked today. Reports indicate the data breach involves the theft of email addresses of early beta participants and others who expressed interest in testing the new mobile payment system. No word yet on how […]

JPMorgan Chase security breach not what you think – military attack against key financial institutions turns over keys to the kingdom

// October 4th, 2014 // No Comments » // Hacking and Security

Although I’m disappointed that JPMorgan Chase delayed the disclosure of the breach that touched more than 83 million U.S. households (they knew about it at least four months ago), I’m even more upset at what they disclosed – that key customer financial data was not stolen. JPMorgan may tout the expertise of their security team […]