Jump to content

Search the Community

Showing results for tags 'fbi'.

More search options

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


  • Site Related
    • News & Updates
    • Site / Forum Feedback
    • Member Introduction
  • News
    • General News
    • FileSharing News
    • Mobile News
    • Software News
    • Security & Privacy News
    • Technology News
  • Downloads
    • nsane.down
  • General Discussions & Support
    • Filesharing Chat
    • Security & Privacy Center
    • Software Chat
    • Mobile Mania
    • Technology Talk
    • Entertainment Exchange
    • Guides & Tutorials
  • Off-Topic Chat
    • The Chat Bar
    • Jokes & Funny Stuff
    • Polling Station

Find results in...

Find results that contain...

Date Created

  • Start


Last Updated

  • Start


Filter by number of...

Found 69 results

  1. The FBI will be able to snoop on your free Zoom calls, unless you pay for the company’s premium service, which offers end-to-end encryption. In brief Zoom is building end-to-end encryption for its video calls, but only for its premium users. The decision to keep free calls encrypted was in order to comply with the FBI. Zoom may allow users to verify their ID to get access to such encryption in the future. Communications company Zoom has no intentions of adding end-to-end encryption to Zoom calls for its free users, in order to appease the FBI. Meanwhile, it is developing such end-to-end encryption for its commercial clients, thanks to its acquisition of Keybase last month. "Free users for sure we don't want to give that because we also want to work together with FBI, with local law enforcement in case some people use Zoom for a bad purpose," Zoom CEO Eric Yuan said during a Zoom conference call on Wednesday. Zoom has morphed into an indispensable service amid the coronavirus outbreak. With citizens in lockdown, the typical meetings of the 9-5 grind have migrated online. But while this has been a significant boon for the communications firm, it hasn't been without its pitfalls. In recent months Zoom's security protocols have come under tremendous strain. This global stress test exposed a myriad of security issues and provoked privacy snafus in excess. In April, the company's claimed method of end-to-end encryption was deflated, as it was found that Zoom had access to unencrypted user data. Soon after, reports revealed that hackers could steal passwords from Zoom's vulnerable Windows client. Zooming off This news isn't sitting too well with some. Businesses have already started boycotting Zoom in opposition to the service's lack of privacy controls. Most notable was SpaceX, which banned its employee from using Zoom in April, citing "significant privacy and security concerns." Now, after this latest apparent affront, others are jumping on the bandwagon. "I just cancelled my @zoom_us subscription for my law firm, which I had recently purchased to assist with doing remote consultations with clients during the COVID-19 lockdown," tweeted attorney Joel Alan Gaffney in response to Zoom's announcement. Journalist Adam L. Penenberg also condemned the move. "Because people who can afford to pay for Zoom don't commit crimes?" he quipped. Nevertheless, according to a Zoom spokesperson speaking to The Independent, the company intends to provide end-to-end encryption to users who verify their identity. Whether this will extend to free users is unknown—but there may still be hope yet. Source
  2. FBI Arrests Alleged Owner of Deer.io, a Top Broker of Stolen Accounts FBI officials last week arrested a Russian computer security researcher on suspicion of operating deer.io, a vast marketplace for buying and selling stolen account credentials for thousands of popular online services and stores. Kirill V. Firsov was arrested Mar. 7 after arriving at New York’s John F. Kennedy Airport, according to court documents unsealed Monday. Prosecutors with the U.S. District Court for the Southern District of California allege Firsov was the administrator of deer.io, an online platform that hosted more than 24,000 shops for selling stolen and/or hacked usernames and passwords for a variety of top online destinations. An example seller’s panel at deer.io. Click image to enlarge. The indictment against Firsov says deer.io was responsible for $17 million worth of stolen credential sales since its inception in 2013. “The FBI’s review of approximately 250 DEER.IO storefronts reveals thousands of compromised accounts posted for sale via this platform and its customers’ storefronts, including videogame accounts (gamer accounts) and PII files containing user names, passwords, U.S. Social Security Numbers, dates of birth, and victim addresses,” the indictment states. In addition to facilitating the sale of hacked accounts at video streaming services like Netflix and Hulu and social media platforms like Facebook, Twitter and Vkontakte (the Russian equivalent of Facebook), deer.io also is a favored marketplace for people involved in selling phony social media accounts. For example, one early adopter of deer.io was a now-defunct shop called “Dedushka” (“grandpa” in transliterated Russian), a service offering aged, fake Vkontakte accounts that was quite popular among crooks involved in various online dating scams. The indictment doesn’t specify how prosecutors pegged Firsov as the mastermind behind deer.io, but there are certainly plenty of clues that suggest such a connection. Firsov’s identity on Twitter says he is a security researcher and developer who currently lives in Moscow. Previous tweets from that account indicate Firsov made a name for himself after discovering a number of serious security flaws in Telegram, a popular cross-platform messaging application. Firsov also tweeted about competing in and winning several “capture the flag” hacking competitions, including the 2016 and 2017 CTF challenges at Positive Hack Days (PHDays), an annual security conference in Moscow. Isis’ profile on antichat. Deer.io was originally advertised on the public Russian-language hacking forum Antichat by a venerated user in that community who goes by the alias “Isis.” A Google Translate version of that advertisement is here (PDF). In 2016, Isis would post to Antichat a detailed writeup on how he was able to win a PHDays hacking competition (translated thread here). In one section of the writeup Isis claims authorship of a specific file-dumping tool, and links to a Github directory under the username “Firsov.” In another thread from June 2019, an Antichat user asks if anyone has heard from Isis recently, and Isis pops up a day later to inquire what he wants. The user asks why Isis’s site — a video and music search site called vpleer[.]ru — wasn’t working at the time. Isis responds that he hasn’t owned the site for 10 years. According to historic WHOIS records maintained by DomainTools.com (an advertiser on this site), vpleer was originally registered in 2008 to someone using the email address [email protected] That same email address was used to register the account “Isis” at several other top Russian-language cybercrime forums, including Damagelab, Zloy, Evilzone and Priv-8. It also was used in 2007 to register xeka[.]ru, a cybercrime forum in its own right that called itself “The Antichat Mafia.” A cached copy of the entry page for xeka[.]ru. Image courtesy archive.org. More importantly, that same [email protected] email address was used to register accounts at Facebook, Foursquare, Skype and Twitter in the name of Kirill Firsov. Russian hacking forums have taken note of Firsov’s arrest, as they do whenever an alleged cybercriminal in their midst gets apprehended by authorities; typically such a user’s accounts are then removed from the forum as a security precaution. An administrator of one popular crime forum posted today that Firsov is a 28-year-old from Krasnodar, Russia who studied at the Moscow Border Institute, a division of the Russian Federal Security Service (FSB). Firsov is slated to be arraigned later this week, when he will face two felony counts, specifically aiding and abetting the unauthorized solicitation of access devices, and aiding and abetting trafficking in “false authentication features.” A copy of the indictment is available here (PDF). Source: FBI Arrests Alleged Owner of Deer.io, a Top Broker of Stolen Accounts (KrebsOnSecurity - Brian Krebs)
  3. FBI says ransomware victims paid over $140 million to attackers Federal Bureau of Investigation (FBI) was one of the attendees at the RSA 2020 conference which covers security and is attended by big companies like IBM and AT&T. This year, the conference lacked involvement from major tech giants due to the Coronavirus outbreak but FBI and others attended the event to talk about customer security. At the event, FBI released an interesting stat which claims that ransomware victims have paid over $140 million to the attackers in the last 6 years. The agency arrived at the number by analyzing bitcoin wallets and ransom notes. FBI Special Agent Joel DeCapua presented his findings in two sessions explaining how he analyzed bitcoin wallets to arrive at the number. According to DeCapua, between October 2013 and November 2019, approximately $144,350,000 was paid in bitcoins to ransomware attackers. The most profitable ransomware was Ryuk which brought $61.26m. Ryuk was then followed by Crysis/Dharma at $24.48m and Bitpaymer at $8.04m. FBI noted that the ransom amounts could be higher as they don’t have the full data available. Most companies try and hide these details to prevent negative press and hurt their stock prices. DeCapua also revealed that Windows Remote Desktop Protocol (RDP) is the most common method used by attackers to gain access to the victim’s PC. RECOMMENDATIONS FROM THE FBI RDP accounts for 70-80% of all network breaches which is why he recommended organizations use Network Level Authentication (NLA) for additional protection. DeCapua also suggested organizations to use complex passwords on their RDP accounts. He also recommended organizations to monitor updates and install updates for both apps and OS as soon as possible. It is very common for researchers to publish Proof-of-concept after a vulnerability is fixes so any bad actor can use it to attack a system that hasn’t been updated. Lastly, he stretched on the importance of identifying phishing websites and making sure they have data backups to prevent falling victim to a ransomware attack. Source
  4. The FBI is "currently engaged with Apple hoping to see if we can get better help from them so we can get access to that phone." What you need to know The FBI says that it still cannot access the iPhone belonging to the Pensacola shooter. This was revealed at a House Judiciary Committee. The FBI says it is still engaged with Apple to try and get access to the phones. The FBI is still unable to access the iPhones belonging to the Pensacola shooter, despite their best efforts and overtures to Apple. As reported by Bloomberg: FBI Director Christopher Wray told a House Judiciary Committee on Wednesday, February 5. According to the report: *-- The FBI has reconstructed an iPhone belonging to the shooter behind the December Naval Air Station attack in Pensacola, Florida, but still can't access the encrypted data on the device, Director Christopher Wray said Wednesday. The disclosure came at a House Judiciary Committee hearing in response to questions from Republican Matt Gaetz of Florida. Wray said the FBI is "currently engaged with Apple hoping to see if we can get better help from them so we can get access to that phone." About a month ago, the U.S. government asked Apple for help unlocking a pair of iPhones belonging to the shooter. * U.S. Attorney General William Barr and President Donald Trump have also demanded more help from Apple in the case. The Cupertino, California-based company has said it gave the FBI cloud data related to the iPhones, but has insisted that it won't build a backdoor around encryption to access information on its devices. Whilst it won't help the investigation, this is comforting news for privacy and encryption. The FBI's feud with Apple over the Pensacola shooter's iPhone has been extensively covered both here and in the wider media. The moral of the story seems to be that Apple can't assist the FBI, it won't assist the FBI, and it really shouldn't assist the FBI. At least not in the way the FBI is asking, by creating a back door to iOS encryption. Apple has already turned over gigabytes of data relating to the case that it does have access to. This revelation does, however, cast doubt on previous reports that the iPhones in question, an iPhone 5 and an iPhone 7, can be unlocked by existing third-party methods, and that the FBI doesn't actually need Apple's assistance in gaining access. Source
  5. (Reuters) - The FBI is investigating the role of Israeli spyware vendor NSO Group Technologies in possible hacks on American residents and companies as well as suspected intelligence gathering on governments, according to four people familiar with the inquiry. The probe was underway by 2017, when Federal Bureau of Investigation officials were trying to learn whether NSO obtained from American hackers any of the code it needed to infect smartphones, said one person interviewed by the FBI then and again last year. NSO said it sells its spy software and technical support exclusively to governments and that those tools are to be used in pursuing suspected terrorists and other criminals. NSO has long maintained that its products cannot target U.S. phone numbers, though some cybersecurity experts have disputed that. The FBI conducted more interviews with technology industry experts after Facebook filed a lawsuit in October accusing NSO itself of exploiting a flaw in Facebook’s WhatsApp messaging service to hack 1,400 users, according to two people who spoke with agents or Justice Department officials. NSO said it was not aware of any inquiry. “We have not been contacted by any U.S. law enforcement at all about any such matters,” NSO said in a statement provided by Mercury Public Affairs strategy firm. NSO did not answer additional questions about its employees conduct but previously said government customers are the ones who do the hacking. A spokeswoman for the FBI said the agency “adheres to DOJ’s policy of neither confirming nor denying the existence of any investigation, so we wouldn’t be able to provide any further comment.” Reuters could not determine which suspected hacking targets are the top concerns for investigators or what phase the probe is in. But the company is a focus, and a key issue is how involved it has been in specific hacks, the sources said. Part of the FBI probe has been aimed at understanding NSO’s business operations and the technical assistance it offers customers, according to two sources familiar with the inquiry. Suppliers of hacking tools could be prosecuted under the Computer Fraud and Abuse Act (CFAA) or the Wiretap Act, if they had enough knowledge of or involvement in improper use, said James Baker, general counsel at the FBI until January 2018. The CFAA criminalizes unauthorized access to a computer or computer network, and the Wiretap Act prohibits use of a tool to intercept calls, texts or emails. NSO is known in the cybersecurity world for its “Pegasus” software other tools that can be delivered in several ways. The software can capture everything on a phone, including the plain text of encrypted messages, and commandeer it to record audio. A business strategy firm retained on behalf of Amazon.com Inc Chief Executive Jeff Bezos, FTI Consulting, said this month that NSO could have supplied the software it said Saudi Arabia used to hack Bezos’ iPhone. The phone began sending out more data hours after it received a video from a WhatsApp account associated with Crown Prince Mohammed bin Salman, FTI said. Saudi Arabia called the FTI allegation “absurd,” and NSO said it was not involved. Other security experts said the data was inconclusive. The FBI is investigating and has met with Bezos, a member of his team told Reuters. A Bezos spokesman did not respond to a request for comment. FBI leaders have indicated that they are taking a hard line on spyware vendors. At a briefing at FBI Washington headquarters in November, a senior cybersecurity official said that if Americans were being hacked, investigators would not distinguish between criminals and security companies working on behalf of government clients. “Whether you do that as a company or you do that as an individual, it’s an illegal activity,” the official said. In the counterintelligence aspect of the probe, the FBI is trying to learn if any U.S. or allied government officials have been hacked with NSO tools and which nations were behind those attacks, according to a Western official briefed on the investigation. Outside of government, journalists, human rights activists and dissidents in several countries have been victims of attacks using NSO spyware, according to the University of Toronto’s Citizen Lab researchers. In the past, NSO has denied involvement in some of those instances and declined to discuss others, citing client confidentiality requirements. Source
  6. They weren’t doing this before? As the 2020 presidential election nears, the Federal Bureau of Investigation announced on Thursday that it would start notifying states when local election systems are hacked in an effort to make elections more secure. Before, the bureau would only notify the owners of the breached equipment of cyberattacks, which were typically counties and local governments with less capacity to respond. The FBI’s announcement comes after months of criticism from lawmakers and election officials who feared the agency was failing to brief states of possible threats, The Wall Street Journal reported Thursday. In a call with reporters, an FBI official also said the bureau will not notify election technology vendors of breaches. “Cyber intrusions affecting election infrastructure have the potential to cause significant negative impacts on the integrity of elections,” an FBI press release said. “Understanding that mitigation of such incidents often hinges on timely notification.” Last year, former special counsel Robert Mueller released his report on Russian interference in the 2016 election. The Mueller report revealed that, in 2016, a Florida county election network was breached by Russian hackers, although they were unable to alter voting tallies. When the report was released in 2019, Florida Governor Ron DeSantis had reportedly still not been briefed by the FBI on the incident, and requested a briefing in the wake of the publication. “Decisions surrounding notification continue to be dependent on the nature and breadth of an incident and the nature of the infrastructure impacted,” the FBI said in a press release. Source
  7. The SharePoint CVE-2019-0604 vulnerability has been one of the most targeted security flaws. Nation-state hackers breached the networks of two US municipalities last year, the FBI said in a security alert sent to private industry partners last week. The hacks took place after attackers used the CVE-2019-0604 vulnerability in Microsoft SharePoint servers to breach the two municipalities' networks. The FBI says that once attackers got a foothold on these networks, "malicious activities included exfiltration of user information, escalation of administrative privileges, and the dropping of webshells for remote/backdoor persistent access." "Due to the sophistication of the compromise and Tactics, Techniques, and Procedures (TTPs) utilized, the FBI believes unidentified nation-state actors are involved in the compromise," the agency said in its security alert. The FBI could not say if both intrusions were carried out by the same group. The agency also did not name the two hacked municipalities; however, it reported the two breaches in greater detail, listing the attackers' steps in each incident. Municipality #1: An unpatched SharePoint server was utilized to gain access to a US municipality's network, steal the Active Directory (AD) database, compromise administrative credentials, and drop webshells for remote/backdoor access to the compromised servers. Four aspxwebshells, all of which appeared to be variants of commonly available or open-source webshells, were uploaded to the compromised SharePoint server and used to facilitate additional access. The cyber actors uploaded a variety of publicly-available and open-source credential harvesting tools, such as Mimikatz, PowerSploit framework and PSEXEC to the C:\ProgramData\directory. The actors named most of the tools with single-letter filenames (e.g., k.exe and h.bat) before deploying them to other systems on the network. The SharePoint server was used as a pivot point on the network, allowing unauthorized access via compromised local administrator credentials. At least five machines on the municipality's network contained evidence of similarly named executables staged in the C:\ProgramData\directory. Over 50 hosts on the network showed evidence of Mimikatz execution. There is also evidence that the actors used the kerberoasting technique to target Kerberos service tickets. The actors were able to successfully gain access to several domain administrator accounts. The intrusion appears to have been detected while the actors were still in the reconnaissance phase of the intrusion, so their actual objectives on target could not be determined. Municipality #2: In October 2019, a second US municipality's network was targeted by unauthorized users. Intrusion activity was detected when Command and Control (C2) communications were discovered from the DMZ network segment. The website was missing patches, leading to the compromise. The cyber actors utilized existing network monitoring infrastructure, as well as third-party services, to move laterally within the DMZ. The activity was detected when the malicious actors gained access to two other hosts in the DMZ segment -a SQL server and a Microsoft Exchange server acting as an SMPT forwarder. These servers are part of the AD domain, and activities indicative of the AD service targeting were detected. Chinese nation-state hackers have previously exploited this bug The attacks on US municipalities are not isolated cases, nor are they the first attacks where the CVE-2019-0604 SharePoint vulnerability has been used. Throughout 2019, this particular SharePoint vulnerability was one of the most exploited security flaws, by both financially-motivated cybercriminals, but also nation-state-sponsored cyber-espionage groups. The first attacks detected in the wild were discovered by Canadian Centre for Cyber Security in late April, when the agency sent out a security alert on the matter. The Saudi National Cyber Security Center (NCSC) confirmed a similar wave of attacks a week later, in early May. Both cybersecurity agencies reported seeing attackers take over SharePoint servers to plant a version of the China Chopper web shell, a type of malware installed on servers that allows hackers to control hacked (SharePoint) servers. Neither agency named the perpetrators of these attacks, but US cyber-security firm Palo Alto Networks linked the two reports to APT27 (Emissary Panda), a hacking group with ties to the Chinese government. It is unclear if the same Chinese hacking group was also behind the attacks on the two US municipalities. ZDNet could not confirm any links between the FBI report and past APT27 activity and indicators of compromise. The SharePoint bug got lost in a busy 2019 Throughout the year, attacks using this bug only intensified, as various hacking groups began realizing this a vulnerability that was both easy to exploit, there were plenty of companies that had failed to patch, and attacks usually yielded access to lots of high-value corporate targets. In the security alert it sent out last week, the FBI reported seeing spikes in scanning activity targeting the CVE-2019-0604 SharePoint vulnerability in May, June, and October 2019, which only confirms what ZDNet learned from sources about an increase in the number of SharePoint attacks as 2019 progressed. Scans and attacks using this vulnerability were aided by the presence of a large number of technical write-ups explaning the bug [1, 2, 3], along with an excess of demo exploit code made freely available by security researchers that attackers could choose from and customize to their needs [1, 2, 3, 4, 5]. But in 2019, a year when we had vulnerabilities like BlueKeep, DejaBlue, and the numerous VPN security flaws, the SharePoint bug went under the radar, despite some pretty intense scanning activity, and even confirmed attacks carried out by nation-state hacking groups. Prior to last week's FBI security alert, there was no any other similar security notification sent out by other major cyber-security agencies -- such as DHS CISA or the UK NCSC. In hindsight, attacks are expected to continue, as there are still a large number of unpatched SharePoints servers online, despite the patch nearing its one-year anniversary next month. One of the reason so many servers remain unpatched is because Microsoft fumbled the patching process. It took the company three patches to completely fix this issue, with fixes delivered in February, March, and April. Some companies might have installed the February patch, thinking they are safe, but not knowing there was a more complete patch made available in April. As several cyber-security experts have pointed out on Twitter, this vulnerability is pretty bad, and organizations should look into verifying they installed al three patches. The sense of urgency in addressing this should be easy to understand. The bug is a so-called pre-auth RCE (pre-authentication remote code execution). Pre-auth RCEs are extremely attractive to attackers as they are easy to automate and exploit. Second of all, SharePoint is a very popular product, with Microsoft boasting with more than 200,000 installs across the globe, making this a huge attack surface, most of which are high-value government organizations and big corporations. Source
  8. Federal officials have called on Apple to unlock a phone belonging to a shooter who killed three people last month at the Pensacola Naval Air Station, but the company has refused to do so, saying there’s “no such thing as a backdoor just for the good guys.” But the FBI has managed to unlock iPhones all on its own in the past, so why can’t the agency do it again? A search warrant obtained by Forbes indicates that investigators were able to use a phone-cracking tool called GrayKey to access information stored on an iPhone 11 Pro Max. An affidavit related to the search warrant and obtained by Forbes showed that the iPhone was locked, which was confirmed to Forbes by the owner’s lawyer. If federal investigators can crack a new iPhone model, then why can’t they crack the iPhone 5 and iPhone 7 belonging to the shooter? So, why the public spectacle demanding that Apple hand over a golden key to bypass security features? According to a 2018 blog post from anti-malware software company Malwarebytes, the time it takes to crack an iPhone password using the GrayKey device varied, but a six-digit passcode was able to be cracked in as few as three days at the time. Citing documents by the device’s maker Grayshift, Malwarebytes said that disabled iPhones could also be unlocked. But since Apple has issued numerous updates for iOS since 2018, and it’s likely that GrayKey has had to make changes to keep up with new security measures. The primary question presented by the records obtained by Forbes with respect to the Pensacola shooter’s phones seems to be why, if GrayKey was used recently to unlock a newer iPhone model, it would not be able to unlock an older iPhone. In statements to the press this week, U.S. Attorney General William Barr said “both phones are engineered to make it virtually impossible to unlock them without the password.” But again, the FBI has unlocked iPhones before, as with the case identified by Forbes as well as in the case of the San Bernardino terrorist attack. One possible answer is both phones are in bad shape. During his statements this week, Barr said that during a shootout, “the shooter disengaged long enough to place one of the phones on the floor and shoot a single round into the device. It also appears the other phone was damaged.” Another is that the phone is set to nuke all data after several failed passcode attempts, though that security wall was able to be bypassed in the instance of San Bernardino (of course, the FBI paid $900,000 to do it). The other possibility is that the FBI is hoping to set legal precedent in order to be able to use a single incident to pave the way to gain access in future cases, which Apple seems to understand could be a dangerous and slippery slope. “We have always maintained there is no such thing as a backdoor just for the good guys,” Apple told Gizmodo in a statement this week. “Backdoors can also be exploited by those who threaten our national security and the data security of our customers. Today, law enforcement has access to more data than ever before in history, so Americans do not have to choose between weakening encryption and solving investigations. We feel strongly encryption is vital to protecting our country and our users’ data.” Source
  9. The FBI has court permission to access data on the iPhones, but both are password protected. The FBI has asked Apple for assistance in unlocking two iPhones that belonged to Mohammed Saeed Alshamrani, the Saudi air force trainee alleged to have shot and killed three people at Naval Air Station Pensacola in December. In a letter sent to Apple's general counsel and obtained by NBC, the FBI said that investigators "are actively engaging in efforts to 'guess' the relevant passcodes but so far have been unsuccessful." The FBI has court permission to access data on the iPhones, but both are password protected. Apple said in a statement that it has been cooperating with the government's investigation. The case calls to memory the Apple-FBI legal feud of 2016, in which the Justice Department sought to compel Apple to build a backdoor that would've bypassed the encryption on an iPhone that belonged to Syed Farook, who with his wife Tashfeen Malik shot and killed 14 people in San Bernardino, California in December 2015. Apple argued it couldn't access the shooter's iPhone 5c because of the device's encryption, but the FBI sought a court order that would've forced Apple to rework its software to bypass the encryption. Apple said at the time that it would "set a dangerous precedent" if it was forced to backdoor one of its products. The government eventually dropped the case when it unlocked the iPhone with the help of an unnamed third party. It was later revealed that the FBI spent over a million dollars to hack the device. Source
  10. The FBI is warning U.S. companies about a series of recent ransomware attacks in which the perpetrator, sometimes posing as a government agency, steals data and then encrypts it to further extort victims.In an advisory to the private sector last week, the FBI called for vigilance to combat the so-called Maze ransomware, which the bureau said began hitting U.S. organizations in November. “From its initial observation, Maze used multiple methods for intrusion, including the creation of malicious look-a-like cryptocurrency sites and malspam campaigns impersonating government agencies and well-known security vendors,” states the advisory obtained by CyberScoop. “In a late November 2019 attack, Maze actors threatened to publicly release confidential and sensitive files from a US-based victim in an effort to ensure ransom payment,” the advisory says, without naming the victim. Maze is but one of an array of different strains of ransomware to emerge in recent years, a scourge with which companies and state and local governments have struggled to contend. This particular hacking tool caught the attention of security researchers last fall, when it was used in a scheme to dupe people in the U.S., Italy, and Germany into installing malware on their computers. Last month, the Maze perpetrators gained more notoriety when they published data supposedly stolen from the City of Pensacola, Florida, to pressure the city into paying a ransom. “The combination of the theft and encryption of data will feel like a one-two punch for victim organizations,” said Charles Carmakal, senior vice president at Mandiant, the incident response arm of cybersecurity company FireEye. “Organizations may feel more coerced to pay the threat actors because they may feel it’s the best option to prevent the disclosure of sensitive information.” The FBI “Flash”— a document the bureau periodically sends to U.S. companies to alert them to hacking activity — offers technical indicators to detect Maze ransomware and asks victims to provide information that could help track the hackers. The bureau requests things like bitcoin wallets used by the hackers and the complete phishing email they sent to the victim. The request for victim data related to Maze aligns with a new FBI offensive against ransomware that taps a wealth of data held by corporate victims. Last September, for example, the FBI held an unprecedented, closed-door summit on ransomware with private sector experts to get a handle on the problem. More At: Cyberscoop Source
  11. Recently released documents revealed the FBI has for years secretly demanded vast amounts of Americans’ consumer and financial information from the largest U.S. credit agencies. The FBI regularly uses these legal powers — known as national security letters — to compel credit giants to turn over non-content information, such as records of purchases and locations, that the agency deems necessary in national security investigations. But these letters have no judicial oversight and are typically filed with a gag order, preventing the recipient from disclosing the demand to anyone else — including the target of the letter. Only a few tech companies, including Facebook, Google, and Microsoft, have disclosed that they have ever received one or more national security letters. Since the law changed in 2015 in the wake of the Edward Snowden disclosures that revealed the scope of the U.S. government’s surveillance operations, recipients have been allowed to petition the FBI to be cut loose from the gag provisions and publish the letters with redactions. Tech companies have used “transparency reports” to inform their users of government demands for their data. But other major data collectors, like credit agencies, have failed to publish their figures altogether. Three lawmakers — Democratic senators Ron Wyden and Elizabeth Warren, and Republican senator Rand Paul — have sent letters to Equifax, Experian, and TransUnion, expressing their “alarm” as to why the credit giants have failed to disclose the number of government demands for consumer data they receive. “Because your company holds so much potentially sensitive data on so many Americans and collects this information without obtaining consent from these individuals, you have a responsibility to be transparent about how you handle that data,” the letters said. “Unfortunately, your company has not provided information to policymakers or the public about the type or the number of disclosures that you have made to the FBI.” Spokespeople for Equifax, Experian, and TransUnion did not respond to a request for comment outside business hours. It’s not known how many national security letters were issued to the credit agencies since the legal powers were signed into law in 2001. The New York Times said the national security letters to credit agencies were a “small but telling fraction” of the overall half-million FBI-issued demands made to date. Other banks and financial institutions, as well as universities, cell service and internet providers, were targets of national security letters, the documents revealed. The senators have given the agencies until December 27 to disclose the number of demands each has received. Source
  12. Former FBI attorney Lisa Page on Tuesday sued the Justice Department and FBI, accusing her former employers of violating her right to privacy by illegally leaking a cache of text messages she sent with a fellow FBI official. Image: Former FBI attorney Lisa Page Page became a target of frequent attacks by President Donald Trump and his supporters after the disclosure of anti-Trump texts she exchanged with former FBI agent Peter Strzok. Both Page and Strzok, who were engaging in an extramarital affair, got nicknames like “dirty cops” and the “lovers” from the president and became two faces of Trump’s claims that the Russia probe was tainted by political bias within DOJ. The lawsuit comes a day after the release of a second report from the department’s independent watchdog that found neither person's political opinions played a role in the Russia probe or in the high-profile investigation into Hillary Clinton's personal email server, which Page and Strzok both participated in. In the 23-page lawsuit filed in U.S. District Court for the District of Columbia nearly two years to the day after the disclosure in question, Page alleges DOJ and FBI violated the Privacy Act by sharing nearly 400 text messages with reporters on the night of Dec. 12, 2017, to alleviate pressure on the department by Trump and his allies in Congress. That night, the department summoned reporters to its D.C. headquarters after hours and let the media view a tranche of 375 text messages, barring them from making copies or removing the messages and from disclosing the source of the materials. In a tweet announcing the lawsuit, Page expressed dismay over having to sue her former employers. "I take little joy in having done so, but what they did in leaking my messages to the press was not only wrong, it was illegal," she wrote. A DOJ spokesperson declined comment on the suit. Page accuses DOJ of sharing the trove of messages at a curious time: Deputy Attorney General Rod Rosenstein was set to testify the next morning before the House Judiciary Committee. He was expected to be grilled over a lack of response to oversight requests by Republicans who were assailing DOJ "for failing to vigorously pursue what the members viewed as evidence of a ‘witch hunt’ against President Trump,” the lawsuit claims. The department had already been subject to an onslaught of verbal attacks from Trump, who’d fired FBI Director James Comey earlier that year and was constantly berating Attorney General Jeff Sessions for recusing himself for the Russia probe. Page alleges that by sharing the messages with reporters, DOJ aimed “to influence the public reception” of Rosenstein’s testimony the next day as well as “ingratiate” Sessions and his department with the president. Moreover, the suit claims, the texts would “dominate coverage of the hearing, which otherwise could be unfavorable for the Department. And the Department could achieve all of this at the relatively low cost (in the Department’s view) of the privacy of two FBI employees: Ms. Page, a longtime DOJ and FBI attorney, and Mr. Strzok, a career FBI agent.” Page also points out that the 375 messages, turned over as part of the first inspector general report, had been preliminarily flagged as political in nature but that only a quarter of them were eventually deemed relevant to the June 2018 report that cleared Page of letting her political opinions impact her work. “In the two years since the December 12 disclosure, the President has targeted Ms. Page by name in more than 40 tweets and dozens of interviews, press conferences, and statements from the White House,” the suit states, “fueling unwanted media attention that has radically altered her day-to-day life.” Page's lawsuit ticks off a litany of insults leveled at her by the president over the last two years, including labeling her as “incompetent,” “corrupt,” “pathetic,” “stupid,” a “dirty cop,” a “loser,” a “clown,” “bad people,” “sick people,” a “lover,” a “great lover,” a “wonderful lover,” a “stupid lover,” and “lovely.” She resigned from the FBI in 2018, prior to the release of the IG report on the Clinton email investigation, and has remained under the radar since, aside from appearing behind closed doors before Congress and sitting for interviews for the Russia inspector general's report. Strzok was fired from the FBI several months later, and sued DOJ and FBI over his dismissal back in August. Another subject of Trump's frequent attacks on law enforcement officials, former FBI Deputy Director Andrew McCabe, has also sued the department for improper dismissal. Page broke her two-year silence earlier this month, in a lengthy interview with The Daily Beast, declaring that after Trump engaged in a crude impression of her relationship with Strzok that it was "time to take my power back." She used the occasion of Monday's inspector general report to claim vindication, despite watchdog Michael Horowitz faulting the FBI with significant missteps while ultimately being on solid footing in opening the Russia probe. "The sum total of findings by IG Horowitz that my personal opinions had any bearing on the course of either the Clinton or Russia investigations? Zero and Zero," she wrote in a tweet. Source
  13. The U.S. Federal Bureau of Investigation (FBI) Cyber Division warned private industry partners of incoming cyberattacks against the US automotive industry targeting sensitive corporate and enterprise data. The Private Industry Notification (PIN) detailing this alert was seen by BleepingComputer after it was issued to partners by the FBI on November 19, 2019. "The FBI has observed incidents since late 2018 in which unidentified cyber actors have increasingly targeted the automotive industry with cyberattacks to obtain sensitive customer data, network account passwords, and internal enterprise network details," the agency says in the PIN. "The FBI assesses the automotive industry likely will face a wide-range of cyber threats and malicious activity in the near future as the vast amount of data collected by Internet-connected vehicles and autonomous vehicles become a highly valued target for nation-state and financially-motivated actors." Financially motivated and state-backed actors taking on more targets The automotive industry is facing an increased barrage of incoming malicious attacks and threats according to the FBI seeing that the wide range and large quantity of information it collects becomes progressively more valuable for threat actors. Extensive amounts and varied types of information gets collected daily from autonomous and Internet-connected vehicles, and the servers it's stored will allow potential attackers to get their hands on the huge trove of data via phishing and brute-force attacks. However, besides the bad actors getting away scot-free with sensitive data, the automotive industry is also facing other types of threats, including but not limited to data destruction following ransomware attacks and persistent unauthorized access to their enterprise networks. The agency says that phishing and brute-force attacks against automotive industry entities from the U.S. have already successfully compromised several organizations and companies during 2019, as CNN also reported. Previous attacks and recommendations To exemplify the dangers lurking in the shadows and eyeing unprepared automotive orgs, the FBI also listed a handful of previous attacks that it was able to detect and observe during 2019: • In 2019, unknown cyber actors conducted a brute force attack against a company’s web-facing employee login application. Cyber actors compromised logins of several accounts to access sensitive data. • In 2019, unidentified cyber actors exploited unpatched operating software vulnerabilities of an organization comprised of multiple office locations and extracted login passwords. The exfiltrated passwords were later used to log into employee accounts on the company’s network to access sensitive data. • In 2019, several automotive company recipients received phishing emails with malicious attachments. Some recipients opened the attachment which enabled macros to run and allowed the cyber actor to gain access and move laterally through the enterprise and exfiltrate sensitive data. • In 2019, unidentified cyber actors gained unauthorized access to employee emails of multiple companies in the automotive industry. Cyber actors created mailbox rules to auto-forward sensitive company communications to non-company email addresses. Cyber actors also gained unauthorized access to email accounts with administrator privileges and conducted fraudulent wire-transfers resulting in financial loss. • Over the course of late 2018 to 2019, several companies in the automotive industry fell victim to both an unidentified ransomware variant and the Ryuk ransomware. The ransomware attacks encrypted data and network servers which impacted the companies’ daily operations. One company paid the ransom, but the attackers did not provide the decryption key; however, the company was partially successful in restoring most of its operations with backed-up data. The FBI also provides some recommendations to automotive companies that want to successfully defend their assets against future cyber attacks. Organizations are advised to always keep operating systems up to date to apply the latest security patches immediately after they're issued, and to use strong passwords, lockout policies, and multi-factor authentication (MFA) to defend against brute-force attacks and protect sensitive info and devices. They are also recommended to back up their data as regularly as possible to prevent data loss following destructive malicious attacks, to protect databases with passwords, and to run an up-to-date anti-malware solution. Employees should also be trained to spot malicious links and attachments delivered via malspam campaigns and alerted when any phishing attacks targeting the org are detected. Additionally, any unusual employee activity such as logins coming from weird IP addresses never used before should be monitored to decrease the response time when dealing with an ongoing attack. Past ransomware, e-skimming, and phishing warnings The FBI also issued a number of warnings in the past to address incoming or ongoing cyber threats targeting the U.S. people, as well as small and medium-sized businesses (SMBs) and government agencies. For instance, in late October, the agency released an advisory on how to build a digital defense against e-skimming, as well as to increase awareness on current e-skimming threats targeting both SMBs and gov't agencies that process online payments. Earlier during October, the FBI's Internet Crime Complaint Center (IC3) published a public service announcement (PSA) on the increasing number of high-impact ransomware attacks targeting both public and private U.S. organizations. Young people from all over the U.S. were also alerted on Twitter in July about sextortion campaigns while another PSA regarding TLS-secured websites being actively used on malicious phishing campaigns was published in June. Source
  14. There can be no accountability if there is no transparency. Many of us wear masks on Halloween for fun. But what about a world in which we have to wear a mask every single day to protect our privacy from the government’s oppressive eye? Face recognition surveillance technology has already made that frightening world a reality in Hong Kong, and it’s quickly becoming a scary possibility in the United States. The FBI is currently collecting data about our faces, irises, walking patterns, and voices, permitting the government to pervasively identify, track, and monitor us. The agency can match or request a match of our faces against at least 640 million images of adults living in the U.S. And it is reportedly piloting Amazon’s flawed face recognition surveillance technology. Face and other biometric surveillance technologies can enable undetectable, persistent, and suspicionless surveillance on an unprecedented scale. When placed in the hands of the FBI — an unaccountable, deregulated, secretive intelligence agency with an unresolved history of anti-Black racism — there is even more reason for alarm. And when that agency stonewalls our requests for information about how its agents are tracking and monitoring our faces, we should all be concerned. That’s why today we’re asking a federal court to intervene and order the FBI and related agencies to turn over all records concerning their use of face recognition technology. The FBI’s troubling political policing practices underscore the urgent need for transparency. Under the leadership of the agency’s patriarch — the disgraced J. Edgar Hoover — the FBI obsessively spied on left-wing, Indigenous rights, anti-war, and Black power activists across the country. Hoover infamously tried to blackmail Martin Luther King, Jr., encouraging the civil rights leader to kill himself to avoid the shame Hoover’s leaks to journalists would bring to him and his family. The FBI was also involved in the 1969 killing of Fred Hampton, a brilliant Chicago leader in the Black Panther Party who was assassinated by Chicago Police while he lay asleep in his bed next to his pregnant girlfriend. While Hoover’s reign may be history, the FBI’s campaign against domestic dissent is not. Since at least 2010, the FBI has monitored civil society groups, including racial justice movements, Occupy Wall Street, environmentalists, Palestinian solidarity activists, Abolish ICE protesters, and Cuba and Iran normalization proponents. In recent years, the FBI has wasted considerable resources to spy on Black activists, who the agency labeled “Black Identity Extremists” to justify even more surveillance of the Black Lives Matter movement and other fights for racial justice. The agency has also investigated climate justice activists including 350.org and the Standing Rock water protectors under the banner of protecting national security. Because of the FBI’s secrecy, little is known about how the agency is supercharging its surveillance activities with face recognition technology. But what little is known from public reporting, the FBI’s own admissions to Congress, and independent tests of the technology gives ample reason to be concerned. For instance, the FBI recently claimed to Congress that the agency does not need to demonstrate probable cause of criminal activity before using its face surveillance technology on us. FBI witnesses at a recent hearing also could not confirm whether the agency is meeting its constitutional obligations to inform criminal defendants when the agency has used the tech to identify them. The failure to inform people when face recognition technology is used against them in a criminal case, or the failure to turn over robust information about the technology’s error rates, source code, and algorithmic training data, robs defendants of their due process rights to a fair trial. This lack of transparency would be frightening enough if the technology worked. But it doesn’t: Numerous studies have shown face surveillance technology is prone to significant racial and gender bias. One peer-reviewed study from MIT found that face recognition technology can misclassify the faces of dark skinned women up to 35 percent of the time. Another study found that so-called “emotion recognition” software identified Black men as more angry and contemptuous than their white peers. Other researchers have found that face surveillance algorithms discriminate against transgender and gender nonconforming people. When our freedoms and rights are on the line, one false match is too many. Of course, even in the highly unlikely event that face recognition technology were to become 100 percent accurate, the technology’s threat to our privacy rights and civil liberties remains extraordinary. This dystopian surveillance technology threatens to fundamentally alter our free society into one where we’re treated as suspects to be tracked and monitored by the government 24/7. That’s why a number of cities and states are taking action to prevent the spread of ubiquitous face surveillance, and why law enforcement agencies, at minimum, must come clean about when, where, and how they are using face recognition technology. There can be no accountability if there is no transparency. Source : ACLU
  15. The suspect, only identified by the initials B.B.A., second from left, is presented at a press conference at the headquarters of the National Police in South Jakarta on Friday. (Antara Photo/Reno Esnir) Police arrested a 21-year-old man in Sleman, Yogyakarta, on Friday for allegedly using malicious software to extort victims and steal financial data for personal gain. Yogyakarta Police spokesman Senior Comr. Yuliyanto said the suspect, only identified by the initials B.B.A., sent phishing emails to at least 500 randomly selected addresses to spread ransomware, or software designed to block access to computer systems until a ransom is paid. The suspect had reportedly been acting alone since 2014 and collected 300 Bitcoins, or equivalent to around Rp 31.5 billion ($2.25 million), Yuliyanto said. He said the investigation started after a tipoff that the suspect had hacked the computer system of a company based in San Antonio, Texas. The suspect allegedly also stole credit card data from internet users for personal gain. The National Police's cybercrime unit is investigating the case. Yuliyanto said the Yogyakarta Police are assisting in the investigation and will forward evidence to the National Police headquarters in Jakarta. "The evidence includes a Harley Davidson motorcycle and several computers. We will send these [to Jakarta]," he said. The suspect has been in custody in Jakarta since his arrest. The suspect lived in a boarding house in Sleman for the past two years, Yuliyanto said, without providing further detail. Senior Comr. Rickynaldo Chairul, head of the police's cybercrime investigation unit, said separately in Jakarta that the suspect had sent emails containing hyperlinks that directed unsuspecting recipients to his webmail server, which would then install ransomware on recipients' computer systems and prevent them from accessing their data. In the case involving the US company, the suspect threatened to delete its data if it failed to pay the ransom within three days. "The suspect demanded the ransom be paid in Bitcoin before restoring access to the victim's mail server," Rickynaldo said. The suspect reportedly used the email address, [email protected], in his communications with victims. He faces up to six years in prison under the Electronic Information and Transactions Law. Source: Police Arrest Yogyakarta Man Who Used Ransomware Attacks to Amass 300 Bitcoins (via Jakarta Globe) p/s: For those who can understand Indonesian language, there's a news reporting on that. https://cyberthreat.id/read/3532/Pertama-Kali-dalam-Sejarah-Polri-Tangkap-Hacker-Ransomware
  16. A secretive federal court has ruled that the Federal Bureau of Investigation abused the privacy rights of U.S. citizens by searching for their information within the National Security Agency’s databases that should legally only be used to gather foreign intelligence information. The Wall Street Journal reports that on Tuesday the U.S. Intelligence Community released a court opinion on a ruling, which reveals that last year the Foreign Intelligence Surveillance (FISA) Court found that a warrantless program for internet surveillance aimed at foreign agents was used to search Americans’ data. According to the FISA court, which rules on foreign surveillance warrants requested by the FBI and NSA, the FBI used the system to search for raw data on Americans. Such improper use of the program likely infringed upon those people’s constitutional rights, as the Fourth Amendment protects citizens from unreasonable searches. Searching Americans’ data in the system ran afoul of the law that authorizes the program, according to the opinion. Because the judges’ opinion targets whether or not the broad practice at the FBI was legal and no individuals have been charged with a crime, the legal definition of “breaking the law” is a bit squishy in this case. But the judge was clear that the Feds are not treating the FISA courts properly. The NSA’s system for warrantless searching of foreign communications was created out of Section 702 of the Foreign Intelligence Surveillance Act in the wake of 9/11. Under federal law, the databases of this program should only be used for foreign intelligence or uncovering evidence of foreign crimes. The FISA court reportedly found that agents performed tens of thousands of inappropriate searches within databases in 2017 and 2018, which allegedly included tens of thousands of phone numbers and emails. According to WSJ, the ruling suggests that the FBI used the system to vet sources and staff. The ruling also cites an instance when an FBI contractor used the system to find information on his family, other FBI staff, and himself. The Daily Beast reports that the court found on one day in December 2017 the FBI made 6,800 database searches based on social security numbers. Senate Intelligence Committee senior member Ron Wyden said in a public statement that the ruling “reveals serious abuses in the FBI’s backdoor searches, underscoring the need for the government to seek a warrant before searching through mountains of private data on Americans.” “Last year, when Congress reauthorized Section 702 of FISA, it accepted the FBI’s outright refusal to account for all its warrantless backdoor searches of Americans,” Wyden said. “Today’s release demonstrates how baseless the FBI’s position was and highlights Congress’ constitutional obligation to act independently and strengthen the checks and balances on government surveillance.” According to WSJ, Judge James Boasberg of the FISA court concluded that: “The court accordingly finds that the FBI’s querying procedures and minimization procedures are not consistent with the requirements of the Fourth Amendment.” Source
  17. FBI warns about SIM swapping and tools like Muraen and NecroBrowser The US Federal Bureau of Investigation (FBI) has sent last month a security advisory to private industry partners about the rising threat of attacks against organizations and their employees that can bypass multi-factor authentication (MFA) solutions. "The FBI has observed cyber actors circumventing multi-factor authentication through common social engineering and technical attacks," the FBI wrote in a Private Industry Notification (PIN) sent out on September 17. Past incidents of MFA bypasses While nowadays there are multiple ways of bypassing MFA protections, the FBI alert specifically warned about SIM swapping, vulnerabilities in online pages handling MFA operations, and the use of transparent proxies like Muraen and NecroBrowser. To get the point across, the FBI listed recent incidents where hackers had used these techniques to bypass MFA and steal money from companies and regular users alike. We cite from the report: In 2016 customers of a US banking institution were targeted by a cyber attacker who ported their phone numbers to a phone he owned-an attack called SIM swapping. The attacker called the phone companies' customer service representatives, finding some who were more willing to provide him information to complete the SIM swap. Once the attacker had control over the customers' phone numbers, he called the bank to request a wire transfer from the victims' accounts to another account he owned. The bank, recognizing the phone number as belonging to the customer, did not ask for full security questions but requested a one-time code sent to the phone number from which he was calling. He also requested to change PINs and passwords and was able to attach victims' credit card numbers to a mobile payment application. Over the course of 2018 and 2019, the FBI's Internet Crime Complaint Center and FBI victim complaints observed the above attack-SIM swapping-as a common tactic from cyber criminals seeking to circumvent two-factor authentication. Victims of these attacks have had their phone numbers stolen, their bank accounts drained, and their passwords and PINs changed. Many of these attacks rely on socially engineering customer service representatives for major phone companies, who give information to the attackers. In 2019 a US banking institution was targeted by a cyber attacker who was able to take advantage of a flaw in the bank's website to circumvent the two-factor authentication implemented to protect accounts. The cyber attacker logged in with stolen victim credentials and, when reaching the secondary page where the customer would normally need to enter a PIN and answer a security question, the attacker entered a manipulated string into the Web URL setting the computer as one recognized on the account. This allowed him to bypass the PIN and security question pages and initiate wire transfers from the victims' accounts. In February 2019 a cyber security expert at the RSA Conference in San Francisco, demonstrated a large variety of schemes and attacks cyber actors could use to circumvent multi-factor authentication. The security expert presented real-time examples of how cyber actors could use man-in-the-middle attacks and session hijacking to intercept the traffic between a user and a website to conduct these attacks and maintain access for as long as possible. He also demonstrated social engineering attacks, including phishing schemes or fraudulent text messages purporting to be a bank or other service to cause a user to log into a fake website and give up their private information. At the June 2019 Hack-in-the-Box conference in Amsterdam, cyber security experts demonstrated a pair of tools - Muraena and NecroBrowser - which worked in tandem to automate a phishing scheme against users of multi-factor authentication. The Muraena tool intercepts traffic between a user and a target website where they are requested to enter login credentials and a token code as usual. Once authenticated, NecroBrowser stores the data for the victims of this attack and hijacks the session cookie, allowing cyber actors to log into these private accounts, take them over, and change user passwords and recovery e-mail addresses while maintaining access as long as possible. MFA is still effective The FBI made it very clear that its alert should be taken only as a precaution, and not an attack on the efficiency of MFA, which the agency still recommends. The FBI still recommends that companies use MFA. Instead, the FBI wants users of MFA solutions to be aware that cyber-criminals now have ways around such account protections. "Multi-factor authentication continues to be a strong and effective security measure to protect online accounts, as long as users take precautions to ensure they do not fall victim to these attacks," the FBI said. MFA attacks are rare Despite the rise in the number of incidents and attack tools capable of bypassing MFA, these attacks are still incredibly rare and have not been automated at scale. Last week, Microsoft said that attacks that can bypass MFA are so out of the ordinary, that they don't even have statistics on them. In contrast, the OS maker said that when enabled, MFA helped users block 99.9% of all account hacks. Back in May, Google also said a similar thing, claiming that users who added a recovery phone number to their accounts (and indirectly enabled SMS-based MFA) improved their account security. "Our research shows that simply adding a recovery phone number to your Google Account can block up to 100% of automated bots, 99% of bulk phishing attacks, and 66% of targeted attacks that occurred during our investigation," Google said at the time. All in all, MFA is still very effective at preventing most mass and automated attacks; however, users should be aware that there are ways to bypass some MFA solutions, such as those relying on SMS-based verifications. Instead, users should choose a stronger MFA solution that is not vulnerable to social engineering tricks like SIM swapping, or transparent proxies that can intercept the MFA token. On this page, a Microsoft security engineer analyzed how various MFA solutions fare against MFA-bypass attacks. The solutions listed at the bottom of the table are the strongest. Source
  18. Russia carried out a “stunning” hack of U.S. intelligence services’ most sensitive communications, Yahoo News reports. The hack is believed to have happened around 2010 and reportedly gave Russian spies in Washington, New York, and San Francisco access to the location of FBI surveillance teams as well as the actual content of FBI communications. The hack may have allowed the Russian agents to avoid FBI surveillance, communicate with U.S. sources, and gather intelligence on their FBI pursuers, according to the report. “When we found out about this, the light bulb went on—that this could be why we haven’t seen [certain types of] activity” from Russian spies, one source told Yahoo. The Russians reportedly compromised the encrypted radio systems used by the FBI’s mobile surveillance teams as well as the backup communications systems. “This was something we took extremely seriously,” one former senior counterintelligence official is reported to have said. The intercepts were said to be monitored by teams at the Russian diplomatic compounds that President Obama ordered seized shortly before he left office. More AT: [Yahoo News] Source
  19. The FBI wanted a backdoor in Phantom Secure, an encrypted phone company that sold to members of the Sinaloa cartel, and which is linked to the alleged leaking of sensitive law enforcement information in Canada. Image: Screenshot from Instagram of Phantom PGP The FBI tried to force the owner of an encrypted phone company to put a backdoor in his devices, Motherboard has learned. The company involved is Phantom Secure, a firm that sold privacy-focused BlackBerry phones and which ended up catering heavily to the criminal market, including members of the Sinaloa drug cartel, formerly run by Joaquín "El Chapo" Guzmán. The news signals some of the tactics law enforcement may use as criminals continue to leverage encrypted communications for their own ends. It also comes as Canadian media reported that a former top official in the Royal Canadian Mounted Police (RCMP), who has been charged with leaking state secrets, offered to sell information to Vincent Ramos, Phantom's CEO. "He was given the opportunity to do significantly less time if he identified users or built in/gave backdoor access," one source who knows Ramos personally and has spoken with him about the issue after his arrest told Motherboard. A backdoor is a general term for some form of technical measure that grants another party, in this case the FBI, surreptitious access to a computer system. What exactly the FBI was technically after is unclear, but the desire for a backdoor was likely to monitor Phantom's clients. A second source with intimate knowledge of Phantom's operations told Motherboard "The FBI wanted a backdoor into Phantoms network." Motherboard granted several sources in this story anonymity to talk more candidly about a law enforcement investigation and internal Phantom deliberations. Phantom was part of the secure phone industry, where companies often strip the microphone and GPS functionality from a device, add encrypted email or messaging programs, and route communications through overseas servers. In early 2018, the FBI and its partners arrested Ramos and shut down the company in a large scale international operation. Ramos pleaded guilty to running a criminal enterprise that facilitated drug trafficking, and in May was sentenced to nine years in prison. Phantom's clients included serious organized crime groups around the world. Court filings in Ramos' case include testimony from an unnamed convicted drug trafficker from the Sinaloa drug cartel. A third source told Motherboard "He never gave law enforcement a backdoor into Phantom Secure. He did not do that." When pressed on whether the FBI still asked for access, the source, who worked directly on the case, said, "Basically that's all I want to say. He did not give law enforcement a backdoor into Phantom Secure." The FBI did not respond to a request for comment. One of the sources said Ramos did not have the technical knowledge to implement a backdoor though, and so the FBI asked Ramos to lure another Phantom member who could. Ramos declined, the source said. "The FBI wanted a backdoor into Phantoms network." The FBI's attempt to plant a backdoor into an encrypted phone network is an important episode in the Going Dark debate, in which law enforcement agencies say they are losing visibility into criminals' activities as groups increasingly use digital protections. The encryption itself used in end-to-end encryption is typically too robust to crack, so law enforcement agencies have to find a work around. That might include hacking a device directly—the end point—to install message reading malware. Or it could include trying to force a service provider to provide extra access to authorities. The Department of Justice famously tried to compel Apple to create a custom version of its iOS operating system that would lower protections on the phone used by one of the San Bernardino terrorists, so that authorities could then attempt to bruteforce the phone's passcode. The FBI also previously leaned on Microsoft to create a backdoor in its BitLocker encryption software, Mashable reported in 2013. One key difference between Phantom and other companies such as Apple or Microsoft, is that authorities say in court records that Phantom deliberately and explicitly catered to criminal behaviour, rather than just being incidental to a crime. In an undercover operation, the RCMP posed as drug traffickers and recorded Ramos saying, "We made it—we made it specifically for this [drug trafficking] too." But Phantom Secure started as a legitimate, privacy-focused phone company. "The idea was solely to provide a secure telecommunications system," Michael Pancer, Ramos' attorney, previously said in a phone call. "Then when individuals started to use this system to break the law, at some point it came to his [Ramos'] attention, and he has apologized to the court for allowing them to continue. But his intentions were certainly honorable when he started the network." "He was given the opportunity to do significantly less time if he identified users or built in/gave backdoor access." The FBI still gained valuable information on the Phantom network. After the FBI shut down the network, the agency briefly ran a portal that allowed customers to 'check' whether their email address was included in the list of impacted customers. It is unclear what the FBI did with any email addresses that were entered into this portal. The FBI did obtain information that led to other high profile investigations. Ramos' arrest revealed that someone tried to sell sensitive law enforcement information to the company, Global News reported this week. "While Ramos did not know the identity of the person allegedly brokering the RCMP information, Canadian investigators traced it to a list of suspects who had access to it," the outlet reported. That led to Cameron Ortis, a senior member of the Ottawa-based National Security Criminal Investigations unit of the RCMP. Ortis has been charged under the Security of Information Act, an espionage and foreign powers-focused piece of legislation. The source who knows Ramos personally said, "He respected the privacy of clients whoever it was." Source
  20. The Federal Bureau of Investigation is soliciting technology firms to build a tool that can monitor social media for threats. The agency posted a request for proposals on July 8 claiming it wants a “social media early alerting tool,” that will help it track the use of the platforms by terrorists, criminal organizations, and foreign agencies. “With increased use of social media platforms by subjects of current FBI investigations and individuals that pose a threat to the United States, it is critical to obtain a service which will allow the FBI to identify relevant information from Twitter, Facebook, Instagram, and other social media platforms in a timely fashion,” the request reads. “Consequently, the FBI needs near real-time access to a full range of social media exchanges in order to obtain the most current information available in furtherance of its law enforcement and intelligence missions.” The solicitation was first reported on by Defense One. The documents released by the FBI show that the agency plans to have a tool that can be accessed from all FBI headquarters and field offices, or through FBI-issued mobile devices. The tool would allow FBI agents to access people’s email addresses, phone numbers IP addresses, user IDs, and associated accounts. It would also allow agents to create filters and custom alerts, so they can receive notifications when “mission-relevant” activity happens on social media. As CNN points out, in 2016 the FBI announced it was using a Dataminr tool to “search the complete Twitter firehose, in near real-time, using customizable filters.” During a recent speech at the International Conference on Cyber Security—a couple of weeks after the request was posted—Attorney General William Barr told tech companies that they must allow law enforcement to gain access to encrypted messages of criminals and suspected criminals. Later at the same conference, FBI director Christopher Wray said he strongly agreed with Barr on this matter. In the wake of many recent acts of terrorism and mass shootings, the suspects’ social media activity, which sometimes includes online manifestos, have been assessed by law enforcement and the greater public. So it’s no surprise that there is growing interest within government agencies to track this activity in real-time but one of the biggest questions is whether social media companies will offer their help in the FBI’s mission to figuratively plant the biggest wiretap of all time. We’ve reached out to Facebook, Twitter, and Instagram to ask for comment and we’ll update this post when we receive a reply. The FBI’s social media tool solicitation claims the service must ensure “all privacy and civil liberties compliance requirements are met,” but there’s no doubt this push will further erode privacy and put anyone with a social media account at greater risk of data breaches. Source
  21. Last week, Attorney General William Barr and FBI Director Christopher Wray chose to spend some of their time giving speeches demonizing encryption and calling for the creation of backdoors to allow the government access to encrypted data. You should not spend any of your time listening to them. Don’t be mistaken; the threat to encryption remains high. Australia and the United Kingdom already have laws in place that can enable those governments to undermine encryption, while other countries may follow. And it’s definitely dangerous when senior U.S. law enforcement officials talk about encryption the way Barr and Wray did. The reason to ignore these speeches is that DOJ and FBI have not proven themselves credible on this issue. Instead, they have a long track record of exaggeration and even false statements in support of their position. That should be a bar to convincing anyone—especially Congress—that government backdoors are a good idea. Barr expressed confidence in the tech sector’s “ingenuity” to design a backdoor for law enforcement that will stand up to any unauthorized access, paying no mind to the broad technical and academic consensus in the field that this risk is unavoidable. As the prominent cryptographer and Johns Hopkins University computer science professor Matt Green pointed out on Twitter, the Attorney General made sweeping, impossible-to-support claims that digital security would be largely unaffected by introducing new backdoors. Although Barr paid the barest lip service to the benefits of encryption—two sentences in a 4,000 word speech—he ignored numerous ways encryption protects us all, including preserving not just digital but physical security for the most vulnerable users. For all of Barr and Wray’s insistence that encryption poses a challenge to law enforcement, you might expect that that would be the one area where they’d have hard facts and statistics to back up their claims, but you’d be wrong. Both officials asserted it’s a massive problem, but they largely relied on impossible-to-fact-check stories and counterfactuals. If the problem is truly as big as they say, why can’t they provide more evidence? One answer is that prior attempts at proof just haven’t held up. Some prime examples of the government’s false claims about encryption arose out of the 2016 legal confrontation between Apple and the FBI following the San Bernardino attack. Then-FBI Director James Comey and others portrayed the encryption on Apple devices as an unbreakable lock that stood in the way of public safety and national security. In court and in Congress, these officials said they had no means of accessing an encrypted iPhone short of compelling Apple to reengineer its operating system to bypass key security features. But a later special inquiry by the DOJ Office of the Inspector General revealed that technical divisions within the FBI were already working with an outside vendor to unlock the phone even as the government pursued its legal battle with Apple. In other words, Comey’s statements to Congress and the press about the case—as well as sworn court declarations by other FBI officials—were untrue at the time they were made. Wray, Comey’s successor as FBI Director, has also engaged in considerable overstatement about law enforcement’s troubles with encryption. In congressional testimony and public speeches, Wray repeatedly pointed to almost 8,000 encrypted phones that he said were inaccessible to the FBI in 2017 alone. Last year, the Washington Post reported that this number was inflated due to a “programming error.” EFF filed a Freedom of Information Act request, seeking to understand the true nature of the hindrance encryption posed in these cases, but the government refused to produce any records. But in their speeches last week, neither Barr nor Wray acknowledged the government’s failure of candor during the Apple case or its aftermath. They didn’t mention the case at all. Instead, they ask us to turn the page and trust anew. You should refuse. Let’s hope Congress does too. Source: The EFF
  22. Sen. Chuck Schumer and the DNC says the fact that Russia is involved is a problem. The viral hit FaceApp is facing further scrutiny from US Senate Minority Leader Chuck Schumer. The senator has asked the FBI and the Federal Trade Commission to open a national security and privacy investigation into the Russian-developed AI photo-editing app. In a public letter to FBI Director Christopher Wray and FTC Chairman Joe Simons, Schumer said he has "serious concerns regarding both the protection of the data that is being aggregated as well as whether users are aware of who may have access to it." Schumer asked the FBI to assess whether any data uploaded to FaceApp could find its way into the hands of the Russian government. He also asked the FTC to examine whether there are "adequate safeguards" in place to protect the privacy of the users. The FTC confirmed it received Schumer's letter but declined to comment further. The FBI didn't immediately respond to a request for comment. The Democratic National Committee sent a security alert to 2020 presidential campaigns on Wednesday urging them not to use the app, according to CNN. "This app allows users to perform different transformations on photos of people, such as aging the person in the picture. Unfortunately, this novelty is not without risk: FaceApp was developed by Russians," said the security alert from Bob Lord, the DNC's chief security officer. Released in 2017, FaceApp has seen a new surge of popularity with the #AgeChallenge. The app lets you take a selfie, or choose an existing photo, and apply an AI filter that makes you look old. The app's maker responded to privacy concerns over how it handles users' photos in a statement Wednesday denying any mishandling of user data. FaceApp didn't immediately respond to a request for comment. Originally published July 18 at 6:23 a.m. PT. Update, at 6:57 a.m. PT: Adds response from FTC and news about the DNC security alert. Source
  23. Heavily outnumbered and outpaced by their targets, small FBI cybersquads have been quietly notching up major wins against online criminals operating out of home and abroad. Elliott Peterson struggles a bit when asked to identify the most frustrating part of his job as an FBI agent fighting cybercrime. "Actually, most of the time our job is awesome," he finally says. "We are often the only ones that can effect really permanent solutions in this space." As a special agent in the FBI's Anchorage field office in Alaska, Peterson and his teammates are among those at the forefront of the US government's dogged battle against criminals in cyberspace. Heavily outnumbered and outpaced by their targets, small FBI cybersquads like the one in Anchorage have been quietly notching up major wins against online criminals operating out of home and abroad in recent years. At least some of the success is the result of efforts to build up partnerships with private industry and from cooperation with international law enforcement agencies. Peterson's own team was responsible for investigating and bringing to justice the three-person operation behind the massive Mirai distributed denial-of-service (DDoS) attacks in 2016 that impacted Internet service provider Dyn and several others. More recently, Peterson led a major investigation that in December resulted in some 15 Web domains associated with DDoS-for-hire services being seized and the operators of several being arrested. The actions resulted in a sharp — but temporary — drop-off in DDoS activity early this year. Such victories are a long way from chilling cybercrime, which by some accounts has become even bigger and more organized than even drug trafficking. But the arrests, the indictments, the seizures, and the takedowns are not going entirely unnoticed either. "We see them talk about this stuff on forums and Discord chats," Peterson said in an interview with Dark Reading at Akamai's Edge World user conference in Las Vegas last week. "We've had a lot of wins in the areas we focus on." Lessons from Mirai Peterson's cybercrime-fighting career began as part of an FBI team that went after East European cybergroups stealing money from online accounts of US companies. The law enforcement efforts were so successful that for a brief period between 2013 and 2014, there was an enormous dip in cybertheft targeting US organizations. "I remember thinking, 'Oh, we figured this out. This isn't hard,'" Peterson says wryly. The Mirai investigation was something of an eye opener for Peterson and other members of the Anchorage cybersquad — not necessarily because of how sophisticated the malware was, but because of the sheer scale of the attacks it enabled. Mirai was the first malware tool designed to exploit weaknesses in ordinary IoT devices, such as home routers and IP cameras. It allowed attackers to quickly assemble botnets capable of launching DDoS floods bigger than anything seen up to that point. The sheer scale of the damage the malware could inflict surprised both the FBI and even the malware's own creators — Josiah White of Washington, Pennsylvania; Paras Jha of Fanwood, New Jersey; and Dalton Norman of Metairie, Louisiana. "These guys underestimated the scale of manufacture of [IoT] devices and how widely placed they were throughout the world," recalls William Walton, supervisory special agent at the Anchorage FBI field office. "So when they developed the Mirai botnet, I think they inadvertently harnessed way more power than they set out to harness." What Mirai showed was how drastically the threat landscape had changed as a result of more devices coming online constantly. "The interconnectedness of the Internet's architecture became readily apparent," Walton says. DDoS and botnet activities continue to be a core focus of the Anchorage cybersquad. But business email compromise scams and enterprise ransomware attacks are vying for attention as well. Tapping Private Industry As threats have evolved, so has the FBI's understanding of how best to approach them. One area where the agency has made a lot of improvement is in scoping requests for data from service providers when carrying out investigations. "We have gotten better at getting the right evidence from service providers," Walton says. Instead of hitting them with blanket requests and then having to wade through lots of data in the hope of finding something useful, the focus these days is on first gaining a technical understanding of how particular crimes are carried out. "We try and understand the types of things we can and should be asking for," Walton says. Helping them in a major way is the private industry. Over the past several years, the FBI has been working with researchers and engineers from within the security industry to try and understand new and emerging threats and trends. The informal interactions and relationships have been key to the FBI's ability to hunt down and dismantle criminal networks on the Internet. One example is the role Akamai played in the Mirai investigation. Researchers from the company reverse-engineered Mirai's command-and-control (C2) infrastructure and built a tool that helped the FBI and others keep track of the botnet, says Tim April, principal architect at the content delivery network services provider. When the massive DDoS attacks on Dyn began, Akamai researchers were able to quickly point the FBI to the exact C2 that issued the attack command, he says. The company's information played a big role in the FBI's ability to definitively attribute the attacks to Jha and his pals. "We try to keep close tabs on what's going on, and we update [the FBI] whenever we see something new or novel" on the threat landscape, April says. The interaction is mutual, voluntary, and beneficial to both sides. Peterson himself calls in to meetings at least once a week with security researchers from companies like Akamai. The meetings are an opportunity to hear what everybody is doing and to provide updates on cases the FBI might be investigating. He finds such exchanges to be more useful, at least from a purely investigative standpoint, than formal information-sharing groups. "ISACs absolutely have their place. They are super-important," he emphasizes. But it's the researchers and other contacts on the frontlines who usually have the information needed to move quickly on investigating new threats. "People really move their schedules around to do them because it is so useful to hear what the government is seeing and what all these different private entities are seeing in this space," Peterson notes. "That visibility is really not something we had a few years ago." The interaction with private industry has also helped the FBI prioritize investigations better. The process typically involves looking at the scope of existing damage caused by a threat or group and the potential for future damage. "We rely on private industry partners to give us a sense of the scale of what we are facing," Walton says. The Anchorage office is able to prioritize some threats locally using available agents and bandwidth. Sometimes the task involves having to work with headquarters to identify where the bureau has the best resources to put up against a particular threat. International Cooperation The FBI's efforts at building relationships with its international law enforcement counterparts are helping as well. Walton and Peterson often travel to other countries in pursuing cybercriminals operating out of the direct reach of US law. On some of those trips, the two agents have taken US prosecutors along with them to meet prosecutors in other countries. In other cases, they have hosted law enforcement agents from other countries on US soil. For the Mirai case, for instance, a team from France flew to the US to observe and sit in on interviews with the suspects in an example of what Peterson describes as an almost unprecedented level of cooperation on cyber matters between the two sides. British and Polish teams have visited the US in connection with other investigations, too. Such interactions have given the FBI a better understanding of the legal and time constraints under which law enforcement in other countries operate. Importantly, they have also enabled a better understanding internationally about how US law enforcement conducts cybercrime investigations. "There is a growing understanding and appreciation for what matters in terms of gathering evidence and the speed at which that has to occur," Walton says. Even so, international investigations still take longer than ideal. The speed at which the FBI was able to pursue the Mirai operators and with which they were prosecuted was helped by the fact the attackers were based in the US. The time lag is a whole lot longer in an international setting. "For me the most frustrating thing is the ability to match the pace of cybercriminals as we pursue them," Walton says. Legal process takes time, developing relationships with private industry takes time, and working internationally takes time. "All of those time constraints aren’t really a factor for cybercriminal operations," Walton says. At the end of the day, fighting cybercrime requires broad cooperation, Peterson says. Everybody has an interest in an Internet that is safer and more secure, so people and organizations need to find ways to work together and make that happen. "If your company is an island, you are not contributing to all of us trying to solve the problem," he says. "Team up. Find a way to help. That's the only way to get ahead of this." Source
  24. Criminals are using TLS certificates to convince users that fraudulent sites are worthy of their trust. One of the most common mechanisms used to secure web browser sessions — and to assure consumers that their transactions are secure — is also being used by criminals looking to gain victims' trust in phishing campaigns. The FBI has issued a public service announcement defining the problem and urging individuals to go beyond simply trusting any "https" URL. Browser publishers and website owners have waged successful campaigns to convince consumers to look for lock icons and the "https:" prefix as indicators that a website is encrypted and, therefore, secure. The problem, according to the FBI and security experts, is that many individuals incorrectly assume that an encrypted site is secure from every sort of security issue. Craig Young, computer security researcher for Tripwire’s VERT (vulnerability and exposure research team) recognizes the conflict between wanting consumers to feel secure and guarding against dangerous over-confidence. "Over the years, there has been a battle of words around how to communicate online security. Website security can be discussed at a number of levels with greatly different implications," he says. "On its own, however, the padlock does not actually confirm that the user is actually connected with a server from the business they expect," Young explains. "Unfortunately, there is still no solid solution for empowering the general public to discern phishing or scam sites with 100% effectiveness." In the FBI's PSA, the bureau points out that criminals are increasingly incorporating website certificates in phishing email messages impersonating known companies and individuals. The trustworthy-looking URLs take the victims to pages that seek sensitive and personal information. "This isn’t new; cyber criminals have been orchestrating these kinds of phishing campaigns for several years," says Kevin Bocek, vice president of security strategy and threat intelligence at Venafi. He explains, "In 2017, security researchers uncovered over 15,000 certificates containing the word 'PayPal' that were being used in attacks. Since then it’s become clear that bad actors have an entire supply chain in place on the dark web to get trustworthy TLS certificates to use in all kinds of malicious attacks." Bocek says that researchers have found definitive evidence of TLS certificates for sale on the dark web, with prices for highly trustworthy certificates reaching more than a thousand dollars. He sees greater visibility and transparency as key assets in fighting the proliferation of these "trustworthy" certificates used in fraudulent ways. Other technologies may eventually provide additional weapons against the criminals. Young says, "In the long run, the best available solution to this problem is probably the use of newer standards like WebAuthN to prevent naïve users from inadvertently divulging site credentials to a phisher." The FBI's PSA doesn't recommend new technology, instead suggesting behavioral defenses against the phishing attacks. The Bureau recommends questioning the intent of email messages, confirming the authenticity of messages before divulging sensitive information, looking for mis-spellings or domain inconsistencies, and tempering the overall trust in a site simply because it displays a green lock icon. Source
  25. Using FOIA, they’ve already published NASA’s official report about the infamous WANK worm. In 1989, just a few months after the web became a reality, a computer worm infected thousands of computers across the world, including those of NASA. The worm showed a message on the screens of the infected computers: “Your System Has Been Officially WANKed.” Late last month—30 years after the "WANK worm" struck NASA—the agency released an internal report that the agency wrote at the time, thanks to a journalist and a security researcher who have embarked on a project to use the Freedom of Information Act to get documents on historical hacking incidents. The project is called “Hacking History,” and the people behind it are freelance journalists Emma Best, and security researcher (and former NSA hacker) Emily Crose. The two are crowdfunding to raise money to cover the costs of the FOIA requests via the document requesting platform MuckRock. In the last few years, hackers and the cybersecurity industry have gone mainstream, earning headlines in major newspapers, becoming key plotlines in Hollywood movies, and even getting a hit TV show. But it hasn't always been this way. For decades, infosec and hacking was a niche industry that got very little news coverage and very little public attention. As a result, the ancient and not so ancient history of hacking has a lot of holes. Now, the two women are trying to fill in those gaps in hacker history, like missing pieces of a puzzle, sending FOIA requests to several US government agencies, including the FBI. “Before the era of Anonymous, most news stories about hacking were panics of one sort or another,” Best told Motherboard in an online chat. Best and Crose have already filed around 50 FOIA requests related to well-known groups that have made hacking history, such as the Legion of Doom, the Cult of the Dead Cow, the infamous Anonymous offshoot LulzSec, and GoatSec. “The files will capture a mix of the history of hackers and the FBI's investigation of/interest in them,” Best said. “That's the primary source materials for infosec history.” The two have raised more than $2,300 already to help pay for fees associated with filing the FOIA requests, and plan to collaborate with Property of the People, a nonprofit that pushes for government transparency through FOIA requests and litigation. Best and Crose said they really don’t have an endgame in mind yet, but Crose mentioned they might publish the most interesting documents—and their accompanying stories—in a hard copy zine. “[It’s] more subversive that way,” Crose said, explaining why she wants to do a printed zine rather than an online one. “An homage to the past.” Either way, the goal is to gather, publish, and thus preserve historical documents that may otherwise get lost. “That's a major thing we want to accomplish, I think: get these things before the government destroys the records,” Best said. “That's the primary source materials for infosec history.” So far, Best and Crose have found that the FBI has 46,250 pages on Legion of Doom, an influential 1980s hacking collective; 7,500 pages on LulzSec, a group that dominated headlines in the summer of 2011 when they hacked several high profile targets; and more than 15,000 pages on GoatSec, a trolling and hacking group that featured the infamous far-right hacker Andrew “Weev” Auernheimer. In the meantime, they already uncovered a couple of gems, such as the FOIA response from NASA on the WANK worm. Best and Crose don’t expect to uncover any details that will radically change the way we understand hacking history, but they believe they man find new details and missing pieces that would otherwise get lost in time. Video Here Source
  • Create New...