• Ar chevron_right

    Twitter terminates DDoSecrets and falsely claims it may infect visitors / ArsTechnica · Wednesday, 24 June - 01:28 · 1 minute

A pithy phrase regarding censorship has been spray painted on a wall: the problem with censorship is redacted.

Enlarge (credit: Cory Doctorow / Flickr )

Four days after leak publisher DDoSecrets circulated private documents from more than 200 law enforcement agencies across the United States, Twitter has permanently suspended its account and falsely claimed that the site may infect users with malware.

“Your account, DDoSecrets, has been suspended for violating the Twitter rules,” this email , which Twitter sent to the account holders, said. The message cited rules against “distribution of hacked material” and went on to say:

We don’t permit the use of our services to directly distribute content obtained through hacking that contains private information, may put people in physical harm or danger, or contains trade secrets.

Note that if you attempt to evade a permanent suspension by creating new accounts, we will suspend your new accounts. If you wish to appeal this suspension, please contact our support team.


DDoSecrets describes itself as a “transparency collective, aimed at enabling the free transmission of data in the public interest.” On Friday, it published BlueLeaks, a 269-gigabyte trove of documents that KrebsOnSecurity reported was obtained through the hack of a Web development company that hosted documents on behalf of police departments. Some of the documents exposed police candidly discussing responses to demonstrations protesting the murder by a Minneapolis police officer of George Floyd, a Black man who was murdered while handcuffed.

Read 10 remaining paragraphs | Comments

  • Ar chevron_right

    Rockstar stops hackers from spawning KKK members in Red Dead Online / ArsTechnica · Wednesday, 17 June - 15:38

Hackers had been spawning these character models from the single player version of <em>Red Dead Redemption 2</em> in the multiplayer Red Dead Online.

Enlarge / Hackers had been spawning these character models from the single player version of Red Dead Redemption 2 in the multiplayer Red Dead Online.

Rockstar has closed a loophole that let hackers spawn white-hooded Ku Klux Klan members in the "Red Dead Online" multiplayer portion of Red Dead Redemption 2 , even as other hacking problems in the game persist.

The models for the KKK members come from the single-player portion of the game, where the Klan features in a number of in-game plotlines . But Red Dead Online players had been inserting the characters into the multiplayer game world through the use of mod menus . These tools essentially take full control of the PC version of the game, doing anything from spawning infinite items to changing weather patterns for entire lobbies.

Players using KKK spawning to grief and/or terrorize other players has been reported numerous times on Reddit and other forums in recent weeks. Screenshots also show hackers accompanying these spawns with racist invective broadcast to the game lobby by taking control of the "Rockstar message" channel.

Read 3 remaining paragraphs | Comments

  • Ar chevron_right

    Theft of top-secret CIA hacking tools was result of “woefully lax” security / ArsTechnica · Tuesday, 16 June - 21:06 · 1 minute

Theft of top-secret CIA hacking tools was result of “woefully lax” security

Enlarge (credit: Library of Congress )

In early 2017, WikiLeaks began publishing details of top-secret CIA hacking tools that researchers soon confirmed were part of a large tranche of confidential documents stolen from one of the agency's isolated, high-security networks. The leak—comprising as much as 34 terabytes of information and representing the CIA's biggest data loss in history—was the result of "woefully lax" practices, according to portions of a report that were published on Tuesday.

Vault 7, as WikiLeaks named its leak series, exposed a trove of the CIA's most closely guarded secrets. They included a simple command line that agency officers used to hack network switches from Cisco and attacks that compromised Macs, in one case using a tool called Sonic Screwdriver, which exploited vulnerabilities in the extensible firmware interface that Apple used to boot devices. The data allowed researchers from security firm Symantec to definitively tie the CIA to a hacking group they had been tracking since 2011.

Proliferation over security

Agency officials soon convened the WikiLeaks Task Force to investigate the practices that led to the massive data loss. Seven months after first Vault 7 dispatch, the task force issued a report that assessed the extent and the cause of the damage. Chief among the findings was a culture within the CIA hacking arm known as the CCI—short for the Center for Cyber Intelligence—that prioritized the proliferation of its cyber capabilities over keeping them secure and containing the damage if they were to fall into the wrong hands.

Read 10 remaining paragraphs | Comments

  • Ar chevron_right

    Machine-learning clusters in Azure hijacked to mine cryptocurrency / ArsTechnica · Thursday, 11 June - 21:20

Stylized, composite image of bitcoins against motherboards.

Enlarge (credit: Getty Images )

Attackers recently hijacked powerful machine-learning clusters inside Microsoft’s Azure cloud-computing service so that they could mine cryptocurrency at the expense of the customers who rented them, the company said Wednesday.

The nodes, which were misconfigured by customers, made the perfect target for so-called cryptojacking schemes. Machine-learning tasks typically require vast amounts of computing resources. By redirecting them to perform the compute-intensive workloads required to mine digital coins, the attackers found a means to generate large amounts of currency at little or no cost.

The infected clusters were running Kubeflow, an open source framework for machine-learning applications in Kubernetes , which is itself an open-source platform for deploying scalable applications across large numbers of computers. Microsoft said compromised clusters it discovered numbered in the “tens.” Many of them ran an image available from a public repository, ostensibly to save users the hassle of creating one themselves. Upon further inspection, Microsoft investigators discovered it contained code that surreptitiously mined the Monero cryptocurrency.

Read 6 remaining paragraphs | Comments

  • Ar chevron_right

    Hackers for hire targeted hundreds of institutions, says report / ArsTechnica · Tuesday, 9 June - 15:57

Hackers for hire targeted hundreds of institutions, says report

Enlarge (credit: Getty Images)

A hackers-for-hire group dubbed “Dark Basin” has targeted thousands of individuals and hundreds of institutions around the world, including advocacy groups, journalists, elected officials, lawyers, hedge funds, and companies, according to the internet watchdog Citizen Lab.

Researchers discovered almost 28,000 web pages created by hackers for personalized “spear phishing” attacks designed to steal passwords, according to a report published on Tuesday by Citizen Lab, part of the University of Toronto’s Munk School.

“We see them again and again in areas where business and politics is contentious,” said John Scott-Railton, the lead author of the report, who said the hackers were “brazen, they seem to think they are untouchable.”

Read 20 remaining paragraphs | Comments

  • Ar chevron_right

    Ransomware gang is auctioning off victims’ confidential data / ArsTechnica · Tuesday, 2 June - 21:18

Ransomware gang is auctioning off victims’ confidential data

Enlarge (credit: RichLegg/Getty Images)

Ransomware operators say they’re auctioning off victims’ confidential data in an attempt to put further pressure on them to pay hefty fees for its safe return.

The Happy Blog, a dark Web site maintained by the criminals behind the ransomware known by the names REvil, Sodin, and Sodinokibi, began the online bidding process earlier on Tuesday. Previously, the group published limited details of selected victim data and threatened to air additional confidential material if the owners didn’t pay. Besides stealing the data, the group also encrypts it so that it’s no longer accessible to the owners.

Combining the threat of publishing the data while simultaneously locking it from its rightful owner is designed to increase the chances of a payout. The new tactic furthers the pressure, possibly because previous practices haven’t yielded the desired results. The ransoms demanded are frequently high, sometimes in the millions of dollars. Affected companies have also been loath to encourage further attacks by rewarding the people behind them. Added to that reluctance are new financial pressures caused by the coronavirus pandemic.

Read 5 remaining paragraphs | Comments

  • Ar chevron_right

    An advanced and unconventional hack is targeting industrial firms / ArsTechnica · Saturday, 30 May - 16:19

A large amount of zeroes and ones.

Enlarge / Binary code, illustration. (credit: KTSDESIGN/SCIENCE PHOTO LIBRARY / Getty Images )

Attackers are putting considerable skill and effort into penetrating industrial companies in multiple countries, with hacks that use multiple evasion mechanisms, an innovative encryption scheme, and exploits that are customized for each target with pinpoint accuracy.

The attacks begin with emails that are customized for each target, a researcher at security firm Kaspersky Lab reported this week . For the exploit to trigger, the language in the email must match the localization of the target’s operating system. For example, in the case of an attack on a Japanese company, the text of the email and an attached Microsoft Office document containing a malicious macro had to be written in Japanese. Also required: an encrypted malware module could be decrypted only when the OS had a Japanese localization as well.

Recipients who click on a request to urgently enable the document’s active content will see no indication anything is amiss. Behind the scenes, however, a macro executes a Powershell script. The reason it stays hidden: the command parameters:

Read 5 remaining paragraphs | Comments

  • Ar chevron_right

    Russian hackers are exploiting bug that gives control of US servers / ArsTechnica · Thursday, 28 May - 20:38

Stylized photo of desktop computer.

Enlarge (credit: Lino Mirgeler/picture alliance via Getty Images )

A Russian hacking group tied to power-grid attacks in Ukraine, the world’s most destructive data wiper worm, and other nefarious Kremlin operations is exploiting a vulnerability that allows it to take control of computers operated by the US government and its partners.

In an advisory published on Thursday , the US National Security Agency said that the Sandworm group was actively exploiting a vulnerability in Exim, an open source mail transfer agent, or MTA, for Unix-based operating systems. Tracked as CVE-2019-10149 , the critical bug makes it possible for an unauthenticated remote attacker to send specially crafted emails that execute commands with root privileges. With that, the attacker can install programs of their choosing, modify data, and create new accounts.

A patch CVE-2019-10149 has been available since last June. The attacks have been active since at least August. NSA officials wrote:

Read 6 remaining paragraphs | Comments