Jump to content

Search the Community

Showing results for tags 'hack'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


  • Site Related
    • News & Updates
    • Site / Forum Feedback
    • Member Introduction
  • News
    • General News
    • FileSharing News
    • Mobile News
    • Software News
    • Security & Privacy News
    • Technology News
  • Downloads
    • nsane.down
  • General Discussions & Support
    • Filesharing Chat
    • Security & Privacy Center
    • Software Chat
    • Mobile Mania
    • Technology Talk
    • Entertainment Exchange
    • Guides & Tutorials
  • Off-Topic Chat
    • The Chat Bar
    • Jokes & Funny Stuff
    • Polling Station


  • Drivers
  • Filesharing
    • BitTorrent
    • eDonkey & Direct Connect (DC)
    • NewsReaders (Usenet)
    • Other P2P Clients & Tools
  • Internet
    • Download Managers & FTP Clients
    • Messengers
    • Web Browsers
    • Other Internet Tools
  • Multimedia
    • Codecs & Converters
    • Image Viewers & Editors
    • Media Players
    • Other Multimedia Software
  • Security
    • Anti-Malware
    • Firewalls
    • Other Security Tools
  • System
    • Benchmarking & System Info
    • Customization
    • Defrag Tools
    • Disc & Registry Cleaners
    • Management Suites
    • Other System Tools
  • Other Apps
    • Burning & Imaging
    • Document Viewers & Editors
    • File Managers & Archivers
    • Miscellaneous Applications
  • Linux Distributions


  • General News
  • File Sharing News
  • Mobile News
  • Software News
  • Security & Privacy News
  • Technology News

Find results in...

Find results that contain...

Date Created

  • Start


Last Updated

  • Start


Filter by number of...

  1. Roughly 400,000 Avast users' account details have been compromised, following a cyber raid on the security firm's forums. Avast Software CEO Vince Steckler revealed the breach in a blog post, confirming around 0.2 percent of the firm's 200 million users' details were compromised during the attack. The attack occurred over the weekend and forced Avast to shut down its forum. It is currently unclear how the breach occurred, though Steckler said Avast believes the hackers leveraged a vulnerability in third party software being used to host the forum. "This forum for many years has been hosted on a third-party software platform and how the attacker breached the forum is not yet known. However, we do believe that the attack just occurred and we detected it essentially immediately," read the post. Steckler said no financial information was stolen during the raid and that key bits of the compromised information, including passwords, were encrypted. "The Avast forum is currently offline and will remain so for a brief period. It was hacked over this past weekend and user nicknames, user names, email addresses and hashed (one-way encrypted) passwords were compromised," read the post. Despite the encryption, Steckler recommended users change their login details as soon as possible. "Even though the passwords were hashed, it could be possible for a sophisticated thief to derive many of the passwords. If you use the same password and user names to log into any other sites, please change those passwords immediately," read the post. Steckler said Avast is migrating its forum to a more secure software platform to avoid further data breaches. Avast is one of many firms to suffer data breaches in the past few months. Last week eBay confessed hackers had managed to steal customers' passwords, usernames, email addresses, addresses, phone numbers and dates of birth during an attack in February while US retailer Target was hit last year. Source
  2. Mobile device management systems at insurance giant Aviva UK were last month hit by an attack based on the Heartbleed exploit that allowed hackers to royally screw with workers' iPhones. The insurance giant has played down the breach but El Reg's mole on the inside claims Aviva is in talks about moving to a new platform in the wake of the incident. Aviva was using BYOD service MobileIron to manage more than 1,000 smart devices such as iPhones and iPads. On the evening of the 20 May, a hacker compromised the MobileIron admin server and posted a message to those handhelds and the email accounts, according to our source. The hacker then performed a full wipe of every device and subsequently took out out the MobileIron server itself. Hacker taunts Aviva after Heartbleed hack Our tipster has forwarded a screenshot of the messages that everyone received before their phones got wiped. He claimed the incident caused millions in damages, a suggestion the insurance giant firmly denies. In a statement sent to us, Aviva downplayed the impact of the breach, and moved to reassure clients that customer data was not exposed. The issue was specific to iPhones and none of Aviva's business data was accessed or lost. Someone gained access to a third party supplier, which also enabled them to reset mobile devices for some Aviva users. There were no financial losses or repercussions. It was an overnight issue and by the start of the next day we had begun to restore devices. Aviva reportedly moved impacted staff onto a new Blackberry 10 service to manage all their Apple devices, and are in discussions with MobileIron reseller Esselar to cancel their contract. The incident was first reported by insurance industry site Postonline.co.uk. In response to queries from El Reg, Mobileiron described the snafu at Aviva as an isolated problem that didn't affect its other customers. Our investigation concluded that this incident neither resulted from nor exploited any compromise or vulnerability in MobileIron systems or software. All indications are that this was an isolated incident that does not represent a threat to other MobileIron customers. Ken Munro, a partner at Pen Test Partners who has looked into the security shortcomings of mobile device management systems, said one of the most surprising aspects of the attack was that it happened a full six weeks after Heartbleed was discovered in March because "any perimeter scan would have found it to be vulnerable". "Maybe it [the MobileIron server] was vulnerable, the creds were stolen, it was then patched, but the creds weren’t changed? Then the creds were used some time later," Munro speculated. "The other possibility is that another filtering/proxying device in front of the MobileIron server was vulnerable, and creds were stolen from that instead." he added. The infamous Heartbleed security bug stems from a buffer overflow vulnerability in the Heartbeat component of OpenSSL. The practical upshot of the vulnerability is that all manner of sensitive data including encryption keys, bits of traffic, credentials or session keys might be extracted from unlatched systems. The flaw was first publicly disclosed in early April. Updated MobileIron has been in touch to add the following statement: "It is important to note that foundational components of the MobileIron Infrastructure are not vulnerable to the attack including our VSP (management console), Sentry (Secure Mobile Gateway), ConnectedCloud, Anyware, and the MobileIron client. None of these product components are vulnerable. We also conducted a recent webinar reviewing this for our customers." Source
  3. Go Unlimited, a very popular "DMCA-ignored" hosting solution frequently used by pirate sites, was hacked yesterday. It appears that the site's user database including plaintext passwords was compromised and all videos were removed. The site is doing its best to recover but the attacker, who acted on behalf of a competitor, says he has rootkits installed to do more damage if needed. With millions of views per month, Go Unlimited is one of the most popular hosting services for pirate streaming sites. Most video hosting services try to avoid a pirate stigma whenever they can, but that’s not the case for this one. DMCA Ignored Hosting The hosting service, which was founded by a Kuwaiti entrepreneur named Bader, launched in 2016 with the aim of being a ‘takedown resistant’ platform. The operator runs several video streaming sites including Fushaar.com and launched Go Unlimited due to a lack of stable video hosts. As other sites were plagued by takedown requests from copyright holders he created his own to bypass this problem. “Thanks to our techniques, by hiding the original source of the videos and misleading the networks providers, we were able to ignore the DMCA takedown requests,” Bader previously informed us. Go Unlimited Was Hacked At the time of writing, Go Unlimited has a much bigger problem than copyright holders. Yesterday afternoon the site went down and soon after several sources said that the site had been hacked. We are generally very reserved in reporting on hacking claims, especially after the alleged hacker reached out directly. However, due to the size of the site and the seriousness of the information we received, this one was hard to ignore. TorrentFreak spoke to the hacker who explained that Go Unlimited was targeted because Bader allegedly DDoSed a friend, who operates a competing site. To help out this friend the hacker decided to retaliate, starting with a massive DDoS attack yesterday. This attack took out Go Unlimited for several hours. However, it was supposedly just a distraction for something bigger. While Go Unlimited was busy mitigating the DDoS attacks, the site’s servers were reportedly compromised and later wiped. Usernames and Plaintext Passwords The attacker shared several screenshots of the information he obtained, including a recent database copy. This includes usernames, plaintext passwords, emails, as well as payout details, including amounts. All information appears to be legitimate. We ran some tests to confirm that the database screenshots indeed came from Go Unlimited, which passed. For example, when we shared the unique ID of a Go Unlimited file, the hacker could find the associated info within seconds. Needless to say, Go Unlimited users should immediately change their passwords to prevent their accounts from being compromised. The hacker informs us that he doesn’t have any plans to share the user data in public, but that’s no guarantee. All signs suggest that the goal of this attack is much more personal. It comes down to a feud between competitors that got out of hand. The hacker wasn’t willing to share the name of his friend’s site, but his demands to Bader are clear. 1 Bitcoin… After the servers were compromised, the attacker copied all data and wiped the servers. Some data was later restored, presumably with dated backups. However, the hacker says he is willing to return all recent data, including 444 Terabytes of videos, in exchange for 1 Bitcoin. The question remains whether paying up is the best option. After all, how do you know that you can trust that this will really resolve the problem? Rootkits? After the servers were initially restored yesterday evening they were later wiped again. According to the information we received the attacker installed rootkits, which means that the servers could still be compromised at the time of writing. Most of this information comes from a single source, which makes it a little one-sided. However, given the gravity of the allegations and the fact that others are picking them up too, we felt that it is our duty to share what information we have. We also reached out to Go Unlimited which confirms that they were “attacked very aggressively.” Bader denies that the database was compromised, however, and suggests that the hacker is sharing fake information from the competitor’s database. The information we have seen suggests that the hack appears to be legitimate, but if more information becomes available we will update this article accordingly. Source: TorrentFreak
  4. Porn Clip Disrupts Virtual Court Hearing for Alleged Twitter Hacker Perhaps fittingly, a Web-streamed court hearing for the 17-year-old alleged mastermind of the July 15 mass hack against Twitter was cut short this morning after mischief makers injected a pornographic video clip into the proceeding. 17-year-old Graham Clark of Tampa, Fla. was among those charged in the July 15 Twitter hack. Image: Hillsborough County Sheriff’s Office. The incident occurred at a bond hearing held via the videoconferencing service Zoom by the Hillsborough County, Fla. criminal court in the case of Graham Clark. The 17-year-old from Tampa was arrested earlier this month on suspicion of social engineering his way into Twitter’s internal computer systems and tweeting out a bitcoin scam through the accounts of high-profile Twitter users. Notice of the hearing was available via public records filed with the Florida state attorney’s office. The notice specified the Zoom meeting time and ID number, essentially allowing anyone to participate in the proceeding. Even before the hearing officially began it was clear that the event would likely be “zoom bombed.” That’s because while participants were muted by default, they were free to unmute their microphones and transmit their own video streams to the channel. Sure enough, less than a minute had passed before one attendee not party to the case interrupted a discussion between Clark’s attorney and the judge by streaming a live video of himself adjusting his face mask. Just a few minutes later, someone began interjecting loud music. It became clear that presiding Judge Christopher C. Nash was personally in charge of administering the video hearing when, after roughly 15 seconds worth of random chatter interrupted the prosecution’s response, Nash told participants he was removing the troublemakers as quickly as he could. Judge Nash, visibly annoyed immediately after one of the many disruptions to today’s hearing. What transpired a minute later was almost inevitable given the permissive settings of this particular Zoom conference call: Someone streamed a graphic video clip from Pornhub for approximately 15 seconds before Judge Nash abruptly terminated the broadcast. With the ongoing pestilence that is the COVID-19 pandemic, the nation’s state and federal courts have largely been forced to conduct proceedings remotely via videoconferencing services. While Zoom and others do offer settings that can prevent participants from injecting their own audio and video into the stream unless invited to do so, those settings evidently were not enabled in today’s meeting. At issue before the court today was a defense motion to modify the amount of the defendant’s bond, which has been set at $750,000. The prosecution had argued that Clark should be required to show that any funds used toward securing that bond were gained lawfully, and were not merely the proceeds from his alleged participation in the Twitter bitcoin scam or some other form of cybercrime. Florida State Attorney Andrew Warren’s reaction as a Pornhub clip began streaming to everyone in today’s Zoom proceeding. Mr. Clark’s attorneys disagreed, and spent most of the uninterrupted time in today’s hearing explaining why their client could safely be released under a much smaller bond and close supervision restrictions. On Sunday, The New York Times published an in-depth look into Clark’s wayward path from a small-time cheater and hustler in online games like Minecraft to big-boy schemes involving SIM swapping, a form of fraud that involves social engineering employees at mobile phone companies to gain control over a target’s phone number and any financial, email and social media accounts associated with that number. According to The Times, Clark was suspected of being involved in a 2019 SIM swapping incident which led to the theft of 164 bitcoins from Gregg Bennett, a tech investor in the Seattle area. That theft would have been worth around $856,000 at the time; these days 164 bitcoins is worth approximately $1.8 million. The Times said that soon after the theft, Bennett received an extortion note signed by Scrim, one of the hacker handles alleged to have been used by Clark. From that story: “We just want the remainder of the funds in the Bittrex,” Scrim wrote, referring to the Bitcoin exchange from which the coins had been taken. “We are always one step ahead and this is your easiest option.” In April, the Secret Service seized 100 Bitcoins from Mr. Clark, according to government forfeiture documents. A few weeks later, Mr. Bennett received a letter from the Secret Service saying they had recovered 100 of his Bitcoins, citing the same code that was assigned to the coins seized from Mr. Clark. Florida prosecutor Darrell Dirks was in the middle of explaining to the judge that investigators are still in the process of discovering the extent of Clark’s alleged illegal hacking activities since the Secret Service returned the 100 bitcoin when the porn clip was injected into the Zoom conference. Ultimately, Judge Nash decided to keep the bond amount as is, but to remove the condition that Clark prove the source of the funds. Clark has been charged with 30 felony counts and is being tried as an adult. Federal prosecutors also have charged two other young men suspected of playing roles in the Twitter hack, including a 22-year-old from Orlando, Fla. and a 19-year-old from the United Kingdom. Porn Clip Disrupts Virtual Court Hearing for Alleged Twitter Hacker
  5. Coinbase says it halted more than $280,000 in bitcoin transactions during Twitter hack The company blacklisted the bitcoin address Illustration by Alex Castro The cryptocurrency exchange Coinbase said that it stopped around 1,100 customers from sending bitcoin to hackers who gained access to high-profile Twitter accounts last week. Last Wednesday, over 100 Twitter accounts, some belonging to major companies like Apple and high-profile people like Vice President Joe Biden and Bill Gates, were hacked as part of a massive coordinated bitcoin scam. According to Twitter, the hackers were able to convince some of the company’s employees to use internal systems and tools to access the accounts and help the hackers defraud users into sending them bitcoin. According to Forbes, Coinbase and other cryptocurrency exchanges were able to stop some customers from sending bitcoin to the hackers by blacklisting the hackers’ wallet address. Specifically, Coinbase says it prevented just over 1,000 customers from sending around $280,000 worth of bitcoin during last Wednesday’s attack. Roughly 14 Coinbase users sent around $3,000 worth of bitcoin to the scam’s bitcoin address before the company moved to blacklist it, the company said. “We noticed the scam and began blocking transactions within a couple of minutes of the initial wave of scam posts,” a Coinbase spokesperson told The Verge on Monday. Twitter accounts belonging to cryptocurrency exchanges including Binance and Gemini were also targeted during Wednesday’s attack. Coinbase’s chief information officer told Forbes on Sunday that it learned of the scam shortly after tweets were posted from fellow exchanges’ accounts. As of Monday, Twitter is still investigating Wednesday’s attack. On Friday, the company put out a blog post confirming that 130 accounts were targeted and the hackers were able to initiative a password reset, log in to the account, and send tweets for 45 of those accounts. Twitter also said that the hackers were able to download account data belonging to eight unverified users. Coinbase says it halted more than $280,000 in bitcoin transactions during Twitter hack
  6. Google found at least seven critical bugs being exploited by hackers in the wild. But after disclosing them days ago, the company has yet to reveal key details about who used them and against whom. Google's elite teams of bug and malware hunters found and disclosed a flurry of high impact vulnerabilities in Chrome, Android, Windows, and iOS last week. The internet giant also said that these various vulnerabilities were all "actively exploited in the wild." In other words, hackers were using these bugs to actually hack people, which is concerning. What's more, all these vulnerabilities are in some way related to each other, Motherboard has learned. That potentially means the same hackers were using them. According to the disclosure reports, some bugs were in font libraries, and others were used to escape the sandbox in Chrome, and others were used to take control of the whole system, suggesting some of these bugs were part of a chain of vulnerabilities used to exploit victim's devices. So far, very little information has come out about who may have been using the exploits and who they were targeting. Often, bugs in modern software are found and are ethically disclosed by security researchers, which means that they are fixed before they are widely exploited to hack people. In this case, however, we know that the bugs were being used for hacking operations. Last year, Google found a series of zero-days—vulnerabilities that at the time of discovery are unknown to the software maker—that spies were using to target the Uighur community. China has conducted a widespread, systemic campaign of physical and technical oppression and surveillance against the Muslim minority. Unfortunately, this time we don't know any details because Google—the only company that has the whole story behind these bugs—has not said much at all about how it found the bugs, who was using them, and whom they were being used against. Notably, an update pushed to iOS 12 (which is two years old) patched the issue on phones dating back to the iPhone 5s and iPhone 6. Often, when updates are pushed to such old devices it means the bug is particularly bad, but, again, we do not know the specifics at this time. "The fact that they updated iPhone 6 users means it was bad," said a cybersecurity expert who asked not to be named because he wasn't allowed to speak to the press. "That phone has been end of life for a while." "We're not going to be able to offer much new info," Google spokesperson Scott Westover said in an email on Monday. Apple did not respond to requests for comment. A Microsoft spokesperson said in an email that the company “released security updates in November to address CVE-2020-17087. Customers who have applied the updates, or have automatic updates enabled, are protected.” The company also said that it has not seen evidence of exploitation in the wild. Ben Hawkes, the head of Google Project Zero, the internet giant's team of skilled hackers that is tasked with the mission of finding vulnerabilities in all kinds of software—not just Google's—announced on Twitter over the last 10 days that his team had found all these vulnerabilities (seven in total.) On Oct. 20, Google disclosed the first bug (CVE-2020-15999) in this series of vulnerabilities, a bug in FreeType, an open source font rendering software, was used to target Chrome, according to Hawkes. Then, on Oct. 30, the first bug (CVE-2020-17087) to gather more attention in the press was a Windows bug that allowed hackers to escalate system privileges, meaning the hackers could jump from having control of one app to taking control of the whole victim's system. Finally, last week, Hawkes wrote on Twitter that Project Zero had also found zero-days for Chrome and Android (CVE-2020-16009 and CVE-2020-16010) that were exploited in the wild. The first one of these was used for "remote code execution," technical jargon for hackers taking full control of an application or system. Just three days later, Hawkes announced that Apple had fixed three critical bugs in iOS. Two of them in the kernel, the part of the operating system that has access to almost anything that's happening on the phone, and one of them was also a font bug, vaguely reminiscent of the FreeType one that was disclosed on Oct. 20. This bug, according to Apple, allowed hackers to take control of the victim's phone by sending them a file with a "maliciously crafted font." Shane Huntley, the head of Google's Threat Analysis Group, a team that tracks hackers all over the internet, said on Twitter that these bugs were used for "targeted exploitation in the wild similar to the other recently reported 0days" and that these bugs had nothing to do with the U.S. elections. "This feels like spy shit," Ryan Stortz, a researcher who works the security consultancy firm Trail of Bits, told Motherboard. Stortz said that he has not seen the details of the exploits and vulnerabilities—no one outside of Google and the companies that patched them have—but said that it looks like they could all be part of the same hacker group's bug arsenal. "It's pretty damn rare for bugs like this to be cross platform. I think it’s more likely they found another waterhole site like with the Uighur bugs that had both chains." All these seven bugs are related to each other, according to a source with knowledge of the vulnerabilities, who asked to remain anonymous as they were not allowed to talk to the press. In any case, some of these bugs were very critical and gave hackers a lot of power when they used them. The iOS bugs, for example, were so dangerous that Apple pushed updates not just for the current iOS 14, but also for the older, not usually supported, iOS 12. Source
  7. Popular Usenet indexer NZBGeek has been hacked. The site's database was copied exposing the personal details of all users. The hackers also managed to install a keylogger, opening the door to further abuse. The site's operators recommend that users should secure their online accounts as well as credit cards that were used on the site recently. Despite the growing popularity of pirate streaming sites and services, classic file-sharing tools continue to have a smaller but dedicated audience. This is true for BitTorrent as well as Usenet. In the latter category, NZBGeek is one of the largest players as it provides an indexing service that helps users to find content. NZBGeek is a private community to which users can sign up without any charges. However, those who donate get some extra features that will help to sift through the more than 500,000 NZBs indexed by the site. NZBGeek Hacked The site generally operates smoothly but last week something changed. After initially becoming unreachable, the problem was initially clear but after a while, the operators put up a message stating that there were hosting related issues. Yesterday, however, things turned from bad to worse. “It’s with a heavy heart that we must admit that we have had a breach,” the site informed its users. “If you have recently used your card or payment with us we suggest changing your credentials and card info as soon as possible.” Database Compromised According to the site’s operators, the hackers were able to put a keylogger on the site and also managed to get a copy of the database. The compromised data includes user emails and encrypted passwords. “The hackers obtained a copy of our database which includes your username, encrypted password, email address & last connected ip address. During this time we had the hard drive on our indexer fail along with an api server.” NZBgeek advises all users to change their passwords and do the same on all other accounts where a similar password is used. PayPal payment data should be safe as long as it uses a unique password. However, the site does recommend that users who paid at the site via credit card since 20th November to take appropriate action. Javascript Keylogger TorrentFreak spoke to NZBgeek admin Jeeves who clarifies that the site doesn’t store credit card details. That said, the hackers used an SQL-exploit to install a Javascript-based keylogger, which left users exposed. The NZB indexer is still investigating the hack and aside from the API, all systems are still offline. If more information becomes available it will be shared with the community. Needless to say, the breach has caused quite a bit of concern among users. Some fear that their download histories will be exposed, which would be a concern, especially since their IP-addresses and other information were also compromised. “I am concerned as I don’t know if other data such as download history was accessed,” an NZBGeek user informed us, adding that it’s not clear why the site would need to store IP-addresses anyway. Next Steps While it’s understandable that users would like to have more information, it seems that NZBGeek is still figuring out the scope of the breach themselves. A hack like this one is a major setback but it’s good to see that the operators are being transparent and open. Other sites may have simply tried to cover things up, leaving users even more exposed. NZBGeek is still figuring out what steps to take next but they tell us that more information on that will be made public in the future. “We are taking massive steps, with the help of many community members around the world who are experts in various forms of cybersecurity. I am happy to provide those details as these are vetted and finalized,” NZBgeek informs us. — Update: NZBGeek informed us that download histories were stored on a separate server that had a disk fail last week, but it’s not clear if this was compromised. The site stores users’ most recent IP-addresses in order to combat abuse. Source: TorrentFreak
  8. Stack Overflow 2019 hack was guided by advice from none other than... Stack Overflow Vulnerabilities in build systems, secrets in source code: developer environments are an attack target Developer site Stack Overflow has published details of a breach dating back to May 2019, finding evidence that an intruder in its systems made extensive use of Stack Overflow itself to determine how to make the next move. At the time, the company reported that an unauthorised person had logged into its development system and escalated their access to the production version of stackoverflow.com. The source code for the site as well as the names, IP addresses and email addresses of 184 users was stolen, but not the databases which contain the content of the site and that of its customers. Now further details have been reported by Dean Ward, principal developer in the architecture team at Stack Overflow, apparently “after consultation with law enforcement.” The report describes the timeline of the attack, which started on April 30th with a probe of the Stack Overflow infrastructure. It appears that the source code was a specific target, as one early and unsuccessful move was to pose as a customer to request a copy “for auditing purposes.” According to the report, “This request is rejected because we don’t give out source code and, additionally, the email cannot be verified as coming from one of our customers.” Despite the poor start, a few days later the attacker successfully logged into the StackOverflow development environment, using a crafted login request that bypassed access controls, and then successfully escalated privileges. They then got access to TeamCity, the JetBrains continuous integration product. “A misconfiguration with role assignments means the user was immediately granted administrative privileges to the build server,” said Ward. How does TeamCity work? “The attacker is clearly not overly familiar with the product so they spend time looking up Q&A on Stack Overflow on how to use and configure it,” said Ward. The intruder cloned several repositories hosted on GitHub Enterprise, using access configured for TeamCity. “They continue to browse Stack Overflow for details on building and running .NET applications under IIS as well as running SQL scripts in an Azure environment,” Stack Overflow said. In what sounds like a serious move, the intruder wrote some SQL to elevate permissions across the entire Stack Exchange network and “after several attempts, they are able to craft a build that executes this as a SQL migration against the production databases housing data for the Stack Exchange Network.” The community noticed a new user with broad privileges and reported it, at which point the Stack Overflow security team took more drastic steps, taking Team City offline and removing privileges and credentials. Some aspects were missed, though, and the “attacker pull[ed] source code again,” while also viewing questions on how to build .NET applications and (we are told) “how to delete repositories on GitLab.” The infrastructure was further locked down, and the “attacker continue[d] viewing Q&A, this time around SQL and certificates,” in their last reported actions. Although it appears that damage to the StackOverflow site and the amount of data stolen was small, the company did, it seems, have a lot of source code stolen, although how valuable this is (other than for guiding new avenues of attack) is open to debate. The incident was revealing though, and not only in proving that bad folk use Stack Overflow too. It showed how the development and build process can be a weak point in IT systems. Developers may have a high level of access to production systems, and even if they do not, corrupting the build process can be a way of creating backdoors which are then deployed into production. Twitter API key was in the source code Stack Overflow went on to describe the changes it made to address shortcomings in its security. “We had secrets sprinkled in source control, in plain text in build systems and available through settings screens in the application,” confessed the team. It also moved build and source control systems behind the firewall, added metrics and alerting around privilege escalation, and blocked the ability to view account recovery emails within the system. Although not having secrets in source code seems like a no-brainer, developers sometimes find this hard to avoid. A follow-up thread reveals that a Stack Overflow integration with Twitter was disabled because the Twitter API key was in the source code and the developers have not worked out another way to do it. "We decided the functionality wasn’t critical enough to justify the effort involved," said Ward. Future plans include mandating two-factor authentication with a new VPN, building a runtime secret store, and breaking apart build and deployment. Although this goes against the trend for continuous integration, it will, said Stack Overflow, “allow us to have deterministic builds and better manage deployment permissions.” For every attack like this that is noticed, reported and remediated, there must be others that are not. Who was the attacker? "We are not able to comment on any other details related to the attacker due to ongoing investigations," said the company - though it looks like the moment the community spotted the attack was recorded in StackExchange chat, together with the (likely fake) name of the user. Source: Stack Overflow 2019 hack was guided by advice from none other than... Stack Overflow
  9. ARIS (Reuters) - Hackers have stolen data from a French foreign ministry website created for citizens traveling abroad, the ministry said on Thursday. The breach raises questions about the security of French government websites, though the ministry sought to reassure users that the stolen information was not highly sensitive and that Ariane site was safe to use. “Personal data registered during registration on the Ariane platform has been stolen,” it said in a statement. “This data could be misused but with limited effect as the information does not include sensitive financial material or data likely to disclose destinations.” The Ariane site, which tells travelers to “stay connected for your security”, was set up in 2010 to enable French citizens to receive security-related updates while abroad. It was not immediately clear where the hackers originated from. Source
  10. Quora, a question-and-answer website, has reported a data breach affecting about 100 million users. In a blog post, Chief Executive Adam D'Angelo said user account information such as user names, email addresses, encrypted passwords and data imported from linked networks "may have been compromised." Users' histories—including public questions and answers, as well as comments and votes, along with nonpublic actions such as answer requests and direct messages—also might have been compromised. "We are working rapidly to investigate the situation further and take the appropriate steps to prevent such incidents in the future," D'Angelo wrote Monday night. "It is our responsibility to make sure things like this don't happen, and we failed to meet that responsibility." A privately held company founded in 2009 and based in Mountain View, Calif., Quora says its mission "is to share and grow the world's knowledge." Users can pose questions on the site about a variety of issues, and other users can answer them. In September, Quora reported it had surpassed 300 million unique visitors a month. The data breach "is nothing like" the massive one announced Friday by Marriott International Inc. but it still raises concerns, said Pam Dixon, executive director of the World Privacy Forum, a nonprofit public interest group. The Marriott breach lasted four years and compromised the information of as many as 500 million of its hotel guests worldwide. For about 327 million, the stolen data may have included important personal information such as birth dates and passport numbers. Dixon said that type of data made the breach much more significant than Quora's, which did not include such information. "The main issue here is going to be phishing," Dixon said of Quora's breach. Phishing emails seek to trick a person into clicking on a link that allows the scammer to get personal information or puts malware programs on the person's computer. The phishing potential could be significant if data that Quora imported from other networks included things like contact lists or full Facebook profiles. Quora did not specify the type of information involved. "This is just a really great reminder for everyone that if you're going to chat on social media or any other websites, it's a great idea to have a throwaway email not connected to your work and not your primary personal email," Dixon said. "It just makes all the sense in the world to not make it your favorite email. If it's hacked, you delete it." Quora discovered Friday that a "malicious third party" had gained unauthorized access to one of its systems. "We're very sorry for any concern or inconvenience this may cause," D'Angelo said. The company is still investigating the incident and has "retained a leading digital forensics and security firm to assist us," he said. Quora is notifying users whose data have been compromised, logging them out of the site and invalidating their passwords. "While the passwords were encrypted ... it is generally a best practice not to reuse the same password across multiple services, and we recommend that people change their passwords if they are doing so," D'Angelo said. View: Original Article. Happened a few days ago. But I had to post it as no one posted it.
  11. EFF tells Twitter to encrypt DMs after hacking incident The Electronic Frontier Foundation (EFF) has reiterated to Twitter that it should subject all direct messages (DMs) to end-to-end encryption to provide users with more privacy and security. The digital rights organization has been calling for this for years but the most recent breach has pushed it to demand the feature again. The EFF said that with hackers gaining access to admin tools at Twitter, encrypting the DMs would have meant hackers couldn’t have seen the contents of direct messages, offering more protection. The rights group also pointed to the fact that Twitter CEO Jack Dorsey reassured Senator Ron Wyden two years ago that end-to-end encryption was being worked on. Earlier today, Twitter said in a statement that going forward it will be taking action to tighten up its security. It’s not clear what this tightening up will look like but hopefully, it will include end-to-end encryption for DMs. One of Twitter’s main rivals, Facebook, already offers end-to-end encryption on some of its products including WhatsApp and optionally on Facebook Messenger. The messaging apps, Signal and iMessage, also offer users with encryption features for greater security. While Twitter may be under pressure from law enforcement to keep DMs unencrypted, the EFF believes that securing them is “a no-brainer”. EFF tells Twitter to encrypt DMs after hacking incident
  12. Read Twitter’s update on the huge hack — 8 accounts may have had private messages stolen But it sounds like the attackers didn’t get Biden’s data cache Illustration by Alex Castro On Friday evening, Twitter issued its first full blog post about what happened after the biggest security lapse in the company’s history, one that led to attackers getting hold of some of the highest profile Twitter accounts in the world — including Democratic presidential candidate Joe Biden, President Barack Obama, Tesla CEO Elon Musk, Microsoft co-founder Bill Gates, Kanye West, Michael Bloomberg, and more. The bad news: Twitter has now revealed that the attackers may indeed have downloaded the private direct messages (DMs) of up to 8 individuals while conducting their Bitcoin scam, and were able to see “personal information” including phone numbers and email addresses for every account they targeted. That’s because Twitter has confirmed that attackers attempted to download the entire “Your Twitter Data” archive for those 8 individuals, which contains DMs among other info. They may even have DMs that the 8 individuals tried to delete, given that Twitter stores DMs on its servers as long as either party to a conversation keeps them around — we learned last February that you can retrieve deleted DMs by downloading the “Your Twitter Data” archive, even if you’ve deleted them yourself. The archive can also include other personal information like your address book and any images and videos you may have attached to those private messages as well. The good news: Twitter claims none of those 8 accounts were verified users, suggesting that none of the highest-profile individuals targeted had their data downloaded. It’s still possible that the hackers looked at their DMs, but no, Democratic presidential candidate Joe Biden and others probably didn’t just get their DMs stolen outright. According to Twitter, hackers targeted 130 accounts; successfully triggered a password reset, logged in, and tweeted from 45 of them; and only attempted to download data for that “up to eight” non-verified accounts. We do not know how many accounts they may have scanned for personal information or how many DMs they might have simply accessed or read. And for the larger batch of 130 accounts — including high-profile ones like the Democratic presidential candidate — Twitter says they may have been able to see other sorts of personal information. Twitter also allows logged in users to see a location history of the places and times that they’ve logged in, as an example. Twitter previously confirmed that its own internal employee tools were used to facilitate the account takeovers, and suspected that its employees had fallen for a social engineering scam — now, the company is going further to say definitively that the attackers “successfully manipulated a small number of employees and used their credentials to access Twitter’s internal systems, including getting through our two-factor protections.” That aligns with the prevailing theories, which you can read more about in the NYT’s impressive report here. There are still many, many more questions and serious investigations still ahead. You can read Twitter’s full blog post here. Read Twitter’s update on the huge hack — 8 accounts may have had private messages stolen
  13. Twitter says passwords were spared in yesterday’s attack, but it’s still working to restore locked accounts Twitter wants to restore access ‘ASAP’ Illustration by Alex Castro / The Verge Twitter says it has “no evidence” user passwords were accessed as part of yesterday’s massive attack targeting the company’s internal tools, but it is still working to restore access to locked accounts. The updates were shared as part of a series of tweets posted Thursday afternoon. Yesterday, attackers hijacked the accounts of some of the most-followed people on Twitter, including President Barack Obama, Vice President Joe Biden, Elon Musk, Bill Gates, and Kanye West, to post bitcoin scams. The company made the decision to lock many accounts last night as a precaution to reduce further damage from the attacks, and it provided more detail about why accounts were locked in this afternoon’s tweets. “Out of an abundance of caution, and as part of our incident response yesterday to protect people’s security, we took the step to lock any accounts that had attempted to change the account’s password during the past 30 days,” Twitter said. The company added that if an account was locked, that didn’t “necessarily mean” that the account was compromised, and it believes only a “small subset” of locked accounts actually were. Twitter says it’s working “ASAP” to restore access, but the process may still take some time. Although Twitter says it doesn’t believe passwords were accessed, it remains unclear if the attackers were able to access direct messages. In addition to locking some accounts, Twitter also completely disabled the ability of all verified accounts to tweet last night for a few hours following the hack, though verified accounts could still retweet existing tweets while the limits were in place. Last night, Twitter shared that its own internal tools were compromised in the attack. “We detected what we believe to be a coordinated social engineering attack by people who successfully targeted some of our employees with access to internal systems and tools,” Twitter said in a tweet sent yesterday at 10:38PM ET. Two anonymous sources told Motherboard that a Twitter employee helped them take over accounts, with one saying they paid the employee for their help. Twitter says passwords were spared in yesterday’s attack, but it’s still working to restore locked accounts
  14. The FBI opens investigation into Twitter attack over national security concerns Numerous investigations are now probing Twitter’s worst-ever security incident Illustration by Alex Castro The US Federal Bureau of Investigation has opened an investigation into Wednesday’s unprecedented Twitter attack that resulted in numerous takeovers of high-profile accounts belonging to politicians, business leaders, and corporations, according to a report from The Wall Street Journal. The FBI is concerned that the coordinated attack and the vulnerabilities it exposed in Twitter’s systems may pose serious security risks, due to the widespread compromising of sensitive accounts, including those of President Barack Obama and Democratic presidential candidate Joe Biden. President Donald Trump’s account was not affected, White House press secretary Kayleigh McEnany tells the WSJ, but it’s unclear if Trump’s account has special protections. Twitter tells The Verge it is in communication with the FBI regarding its investigation and intends to fully cooperate. “At this time, the accounts appear to have been compromised in order to perpetuate cryptocurrency fraud,” the FBI said in a statement given to the WSJ. New York Gov. Andrew Cuomo is also having the state’s Department of Financial Services investigate the attack, the report states. “Foreign interference remains a grave threat to our democracy and New York will continue to lead the fight to protect our democracy and the integrity of our elections in any way we can,” Cuomo said, according to the New York Post. New York Attorney General Letitia James also opened an investigation following this morning’s news that lawmakers on both sides of the aisle have begun calling for Twitter to provide more transparency about how the attack was carried out. “Countless Americans rely on Twitter to read and watch the news, to engage in public debate, and to hear directly from political leaders, activists, business executives, and other thought leaders,” James said in a statement. “Last night’s attack on Twitter raises serious concerns about data security and how platforms like Twitter could be used to harm public debate. I have ordered my office to open an immediate investigation into this matter.” The attack, which involved hackers taking control of popular accounts with millions of followers to tweet out a bitcoin scam, was the work of a group of unknown individuals. Twitter now says the group used social engineering techniques of some type to gain control of internal company tools. Those tools allowed the hackers to gain access to the accounts, although Twitter has not specified how exactly this happened. In the aftermath of the account takeovers, which lasted for more than two hours, Twitter had to resort to extreme measures to mitigate the fallout, including disabling the ability for verified accounts to send new tweets and locking down all of the affected accounts and even some accounts that were not targeted by the hackers. The company is still working to restore access to locked accounts as of this afternoon. Motherboard reported yesterday that the hackers did not in fact breach any Twitter systems, but instead allegedly paid a Twitter employee to reset the email addresses associated with the affected accounts, thereby giving unauthorized access to the hackers who then tweeted out the cryptocurrency scam tweets. Twitter has not openly disputed this account of the event, but it is currently unclear how much, if any, of the story is an accurate representation of what happened. The company is still investigating and has not yet shared its full findings. The FBI opens investigation into Twitter attack over national security concerns
  15. Trump’s Twitter account has extra protections, which could be why it didn’t get hacked A lot of high-profile accounts were hit yesterday, but not Trump’s Photo by Drew Angerer/Getty Images In yesterday’s massive attack on Twitter, some of the highest-profile accounts on the service, including President Barack Obama, Joe Biden, Elon Musk, and Bill Gates had their accounts hijacked to peddle bitcoin scams. Notably, however, Donald Trump, perhaps the most famous Twitter user of all, was untouched by the attack, and it could be because Twitter has implemented extra protections for his account. In a deeply-reported article on the attack, The New York Times writes that Trump’s Twitter account has extra protection after “past incidents,” citing two anonymous sources — a senior White House official and a Twitter employee. The New York Times didn’t specify what those past incidents were, but they could refer to the November 2nd, 2017 incident where a rogue employee deactivated Trump’s account on his last day at the company. Trump’s account returned to Twitter 11 minutes later. A day after the deactivation, Twitter said it had “implemented safeguards to prevent this from happening again.” The company didn’t elaborate further. But The Wall Street Journal reported at the time that Twitter had already limited the number of employees who could access Trump’s account following his inauguration. Those tools typically let employees suspend or deactivate accounts, but don’t let them tweet from those accounts, the WSJ said. Motherboard reported that the people involved in Wednesday’s attack were sharing screenshots of a Twitter admin tool apparently used for the attack. And Twitter itself has said that its own employee systems and tools were compromised. If those are also the same systems that no longer had widespread access to Trump’s account as of 2017, that could have made his account more difficult, if not impossible, to access from the admin tool used by the attackers. It’s also possible that Trump’s account was hardened further after the rogue employee deactivated it in November 2017. Twitter hasn’t replied to a request for comment, so we can’t exactly be sure that those safeguards are what stopped the attackers from hijacking his account on Tuesday. In fact, it’s not clear that the attackers even tried. Either way, they didn’t get in, and that could have prevented an already very bad situation from getting even worse. Trump’s Twitter account has extra protections, which could be why it didn’t get hacked
  16. Who’s Behind Wednesday’s Epic Twitter Hack? Twitter was thrown into chaos on Wednesday after accounts for some of the world’s most recognizable public figures, executives and celebrities starting tweeting out links to bitcoin scams. Twitter says the attack happened because someone tricked or coerced an employee into providing access to internal Twitter administrative tools. This post is an attempt to lay out some of the timeline of this attack, and point to clues about who may have been behind it. The first public signs of the intrusion came around 3 PM EDT, when the Twitter account for the cryptocurrency exchange Binance tweeted a message saying it had partnered with “CryptoForHealth” to give back 5000 bitcoin to the community, with a link where people could donate or send money. Minutes after that, similar tweets went out from the accounts of other cryptocurrency exchanges, and from the Twitter accounts for democratic presidential candidate Joe Biden, Amazon CEO Jeff Bezos, President Barack Obama, Tesla CEO Elon Musk, former New York Mayor Michael Bloomberg and investment mogul Warren Buffett. While it may sound ridiculous that anyone would be fooled into sending bitcoin in response to these tweets, an analysis of the BTC wallet promoted by many of the hacked Twitter profiles shows that on July 15 the account processed 383 transactions and received almost 13 bitcoin on July 15 — or approximately USD $117,000. Twitter issued a statement saying it detected “a coordinated social engineering attack by people who successfully targeted some of our employees with access to internal systems and tools. We know they used this access to take control of many highly-visible (including verified) accounts and Tweet on their behalf. We’re looking into what other malicious activity they may have conducted or information they may have accessed and will share more here as we have it.” There are strong indications that this attack was perpetrated by individuals who’ve traditionally specialized in hijacking social media accounts via “SIM swapping,” an increasingly rampant form of crime that involves bribing, hacking or coercing employees at mobile phone and social media companies into providing access to a target’s account. People within the SIM swapping community are obsessed with hijacking so-called “OG” social media accounts. Short for “original gangster,” OG accounts typically are those with short account names (such as @B or @joe). Possession of these OG accounts confers a measure of status and perceived influence and wealth in SIM swapping circles, as such accounts can often fetch thousands of dollars when resold in the underground. In the days leading up to Wednesday’s attack on Twitter, there were signs that some actors in the SIM swapping community were selling the ability to change an email address tied to any Twitter account. In a post on OGusers — a forum dedicated to account hijacking — a user named “Chaewon” advertised they could change email address tied to any Twitter account for $250, and provide direct access to accounts for between $2,000 and $3,000 apiece. The OGUsers forum user “Chaewon” taking requests to modify the email address tied to any twitter account. “This is NOT a method, you will be given a full refund if for any reason you aren’t given the email/@, however if it is revered/suspended I will not be held accountable,” Chaewon wrote in their sales thread, which was titled “Pulling email for any Twitter/Taking Requests.” Hours before any of the Twitter accounts for cryptocurrency platforms or public figures began blasting out bitcoin scams on Wednesday, the attackers appear to have focused their attention on hijacking a handful of OG accounts, including “@6.” That Twitter account was formerly owned by Adrian Lamo — the now-deceased “homeless hacker” perhaps best known for breaking into the New York Times’s network and for reporting Chelsea Manning‘s theft of classified documents. @6 is now controlled by Lamo’s longtime friend, a security researcher and phone phreaker who asked to be identified in this story only by his Twitter nickname, “Lucky225.” Lucky225 said that just before 2 p.m. EST on Wednesday, he received a password reset confirmation code via Google Voice for the @6 Twitter account. Lucky said he’d previously disabled SMS notifications as a means of receiving multi-factor codes from Twitter, opting instead to have one-time codes generated by a mobile authentication app. But because the attackers were able to change the email address tied to the @6 account and disable multi-factor authentication, the one-time authentication code was sent to both his Google Voice account and to the new email address added by the attackers. “The way the attack worked was that within Twitter’s admin tools, apparently you can update the email address of any Twitter user, and it does this without sending any kind of notification to the user,” Lucky told KrebsOnSecurity. “So [the attackers] could avoid detection by updating the email address on the account first, and then turning off 2FA.” Lucky said he still hasn’t been able to review whether any tweets were sent from his account during the time it was hijacked because he still doesn’t have access to it (he has put together a breakdown of the entire episode at this Medium post). But around the same time @6 was hijacked, another OG account – @B — was swiped. Someone then began tweeting out pictures of Twitter’s internal tools panel showing the @B account. A screenshot of the hijacked OG Twitter account “@B,” shows the hijackers logged in to Twitter’s internal account tools interface. Twitter responded by removing any tweets across its platform that included screenshots of its internal tools, and in some cases temporarily suspended the ability of those accounts to tweet further. Another Twitter account — @shinji — also was tweeting out screenshots of Twitter’s internal tools. Minutes before Twitter terminated the @shinji account, it was seen publishing a tweet saying “follow @6,” referring to the account hijacked from Lucky225. The account “@shinji” tweeting a screenshot of Twitter’s internal tools interface. Cached copies of @Shinji’s tweets prior to Wednesday’s attack on Twitter are available here and here from the Internet Archive. Those caches show Shinji claims ownership of two OG accounts on Instagram — “j0e” and “dead.” KrebsOnSecurity heard from a source who works in security at one of the largest U.S.-based mobile carriers, who said the “j0e” and “dead” Instagram accounts are tied to a notorious SIM swapper who goes by the nickname “PlugWalkJoe.” Investigators have been tracking PlugWalkJoe because he is thought to have been involved in multiple SIM swapping attacks over the years that preceded high-dollar bitcoin heists. Archived copies of the @Shinji account on twitter shows one of Joe’s OG Instagram accounts, “Dead.” Now look at the profile image in the other Archive.org index of the @shinji Twitter account (pictured below). It is the same image as the one included in the @Shinji screenshot above from Wednesday in which Joseph/@Shinji was tweeting out pictures of Twitter’s internal tools. Image: Archive.org This individual, the source said, was a key participant in a group of SIM swappers that adopted the nickname “ChucklingSquad,” and was thought to be behind the hijacking of Twitter CEO Jack Dorsey‘s Twitter account last year. As Wired.com recounted, @jack was hijacked after the attackers conducted a SIM swap attack against AT&T, the mobile provider for the phone number tied to Dorsey’s Twitter account. A tweet sent out from Twitter CEO Jack Dorsey’s account while it was hijacked shouted out to PlugWalkJoe and other Chuckling Squad members. The mobile industry security source told KrebsOnSecurity that PlugWalkJoe in real life is a 21-year-old from Liverpool, U.K. named Joseph James Connor. The source said PlugWalkJoe is in Spain where he was attending a university until earlier this year. He added that PlugWalkJoe has been unable to return home on account of travel restrictions due to the COVID-19 pandemic. The mobile industry source said PlugWalkJoe was the subject of an investigation in which a female investigator was hired to strike up a conversation with PlugWalkJoe and convince him to agree to a video chat. The source further explained that a video which they recorded of that chat showed a distinctive swimming pool in the background. According to that same source, the pool pictured on PlugWalkJoe’s Instagram account (instagram.com/j0e) is the same one they saw in their video chat with him. If PlugWalkJoe was in fact pivotal to this Twitter compromise, it’s perhaps fitting that he was identified in part via social engineering. Maybe we should all be grateful the perpetrators of this attack on Twitter did not set their sights on more ambitious aims, such as disrupting an election or the stock market, or attempting to start a war by issuing false, inflammatory tweets from world leaders. Also, it seems clear that this Twitter hack could have let the attackers view the direct messages of anyone on Twitter, information that is difficult to put a price on but which nevertheless would be of great interest to a variety of parties, from nation states to corporate spies and blackmailers. This is a fast-moving story. Please stay tuned for further updates. KrebsOnSecurity would like to thank Unit 221B for their assistance in connecting some of the dots in this story. Who’s Behind Wednesday’s Epic Twitter Hack?
  17. Hackers obtained Twitter DMs for 36 high-profile account holders Hack also exposed phone numbers, email addresses and other PII for 130 users. Enlarge Kevin Krejci 21 with 16 posters participating, including story author Hackers accessed direct messages for 36 high-profile account holders in last week’s epic compromise of Twitter, with one of the affected users being an elected official from the Netherlands, the social media company said late Wednesday. The company also said the intruders were able to view email addresses, phone numbers, and other personal information for all 130 hijacked accounts. The mass-account takeover came to light last Wednesday when some of the world’s best-known celebrities, politicians, and executives began tweeting links to Bitcoin scams. A handful of the account holders included Vice President Joe Biden, philanthropist and former Microsoft founder, CEO, and Chairman Bill Gates, Tesla founder and CEO Elon Musk, and pop star Kanye West. A few hours later, Twitter officials said the incident was the result of it losing control of its internal administrative systems to hackers who either paid, tricked, or coerced one or more company employees. The officials said they would disclose any other malicious activities those responsible may have undertaken as an investigation continued. A breathtaking impact On Wednesday, Twitter provided its most troubling update so far. It said: The revelation that some of the world's most influential people likely had their personal messages read by unknown hackers will put more pressure on Twitter to better protect its users. US Senator Ron Wyden, a Democrat representing Oregon, said in a statement last week that he has pushed CEO Jack Dorsey to protect direct messages with end-to-end encryption, which would prevent Twitter and anyone else other than the sender and recipient from being able to read them. “Twitter DMs are still not encrypted, leaving them vulnerable to employees who abuse their internal access to the company's systems, and hackers who gain unauthorized access,” Wyden wrote. “If hackers gained access to users' DMs, this breach could have a breathtaking impact, for years to come.” Phone numbers, email addresses and more A blog post that was updated on Wednesday added that the account hijackers were able to view personal information, including phone numbers and email addresses, that were associated with the accounts. The company made no mention of what other personal details—such as words or users the account holder had muted or blocked—were available to hackers. A Twitter spokeswoman declined to provide additional information, including the identity of the users whose direct messages were accessed or other types of personal information that was exposed. Wednesday’s update also said that: “Attackers were not able to view previous account passwords, as those are not stored in plain text or available through the tools used in the attack.” “Previous passwords” referred to the passcodes that were used before hackers changed them. The update made no mention of passwords that were cryptographically hashed and whether the hijackers had the ability to obtain them. On background, a Twitter representative said the attackers didn't see passwords in hashed or plaintext format. In previous updates over the past week Twitter has provided additional details, including: Hackers likely tried to sell access to hijacked Twitter accounts with highly-coveted usernames such as @6 Up to eight of the compromised accounts had information taken through Twitter's “Your Twitter Data” tool. None of these accounts were verified Attackers tweeted from 45 verified accounts, which besides the holders mentioned above, also included Jeff Bezos, Barack Obama, and Apple The company is working with the law enforcement agencies, which according to Reuters, include the FBI Twitter has yet to answer several other important questions. They include whether the employees or hackers involved = in the attack left behind any backdoors that could allow similar breaches in the future. Also unanswered is if the company has put in place a mechanism—such as a requirement that multiple employees must provide separate passwords—to unlock administrative panels. Over the past decade, Twitter has evolved into a channel that President Trump, other world leaders, and myriad government agencies use to communicate both official policy and unofficial vitriol. With so much at stake, breaches that allow attackers to impersonate users and access their private message and information raise serious national security concerns that the company has yet to address. Hackers obtained Twitter DMs for 36 high-profile account holders
  18. How the Alleged Twitter Hackers Got Caught Bitcoin payments and IP addresses led investigators to two of the alleged perpetrators in just over two weeks. Photograph: David Paul Morris/Bloomberg/Getty Images On July 15, a Discord user with the handle Kirk#5270 made an enticing proposition. “I work for Twitter,” they said, according to court documents released Friday. “I can claim any name, let me know if you’re trying to work.” It was the beginning of what would, a few hours later, turn into the biggest known Twitter hack of all time. A little over two weeks later, three individuals have been charged in connection with the heists of accounts belonging to Bill Gates, Elon Musk, Barack Obama, Apple, and more—along with nearly $120,000 in bitcoin. Friday afternoon, after an investigation that included the FBI, IRS, and Secret Service, the Department of Justice charged UK resident Mason Sheppard and Nima Fazeli, of Orlando, Florida in connection with the Twitter hack. A 17-year-old, Graham Ivan Clark, was charged separately with 30 felonies in Hillsborough County, Florida, including 17 counts of communications fraud. Together, the criminal complaints filed in the cases offer a detailed portrait of the day everything went haywire—and how poorly the alleged attackers covered their tracks. All three are currently in custody. Despite his claims on the morning of July 15, Kirk#5270 was not a Twitter employee. He did, however, have access to Twitter’s internal administrative tools, which he showed off by sharing screenshots of accounts like “@bumblebee,” “@sc,” “@vague,” and “@R9.” (Short handles are a popular target among certain hacking communities.) Another Discord user who went by “ever so anxious#0001” soon began lining up buyers; Kirk#5270 shared the address of a Bitcoin wallet where proceeds could be directed. Offers included $5,000 for “@xx,” which would later be compromised. That same morning, someone going by “Chaewon” on the forum OGUsers started advertising access to any Twitter account. In a post titled "Pulling email for any Twitter/Taking Requests,” Chaewon listed prices as $250 to change the email address associated with any account, and up to $3,000 for account access. The post directs users to “ever so anxious#0001” on Discord; over the course of seven hours, starting at around 7:16 am ET, the “ever so anxious#0001” account discussed the takeover of at least 50 user names with Kirk#5270, according to court documents. In that same Discord chat, “ever so anxious#0001” said his OGUsers handle was Chaewon, suggesting the two were the same individual. Kirk#5270 allegedly received similar help from a Discord user going by Rolex#0373, although that person was skeptical at first. “Just sounds too good to be true,” he wrote, according to chat transcripts investigators obtained via warrant. Later, to help back up his claim, Kirk#5270 appears to have changed the email address tied to the Twitter account @foreign to an email address belonging to Rolex#0373. Like Chaewon, Rolex#0373 then agreed to help broker deals on OGUsers—where his user name was Rolex—with prices starting at $2,500 for especially sought-after account names. In exchange, Rolex got to keep @foreign for himself. By around 2 pm ET on July 15, at least 10 Twitter accounts had been stolen, according to the criminal complaints, but the hackers still seemed focused on short or desirable handles like @drug and @xx and @vampire, rather than celebrities and tech moguls. And the takeovers were an end unto themselves, rather than in service of a cryptocurrency scam. The deals brokered by Chaewon netted Kirk#5270 around $33,000 in bitcoin, according to the criminal complaint; Chaewon took in another $7,000 for his role as intermediary. The FBI believes that Rolex is Fazeli, and it charged him with one count of aiding and abetting the intentional access of a protected computer. They believe Sheppard is Chaewon, who is charged with conspiracy to commit wire fraud, conspiracy to commit money laundering, and the intentional access of a protected computer. The criminal complaints against Sheppard and Fazeli leave off here. Neither complaint identifies the individual behind Kirk#5270, or explicitly links that account to a named individual. But court documents in Clark's case allege that it was the 17-year-old who had gained access to Twitter’s systems, and who went on to take over the high-profile accounts in service of a bitcoin scam. The Justice Department has referred the case to the Hillsborough State Attorney Office, which is prosecuting Clark, according to the office's website, "because Florida law allows minors to be charged as adults in financial fraud cases such as this when appropriate." “He gained access to Twitter accounts and to the internal controls of Twitter through compromising a Twitter employee,” Hillsborough state attorney Andrew Warren said in a video conference Friday. “He sold access to those accounts. He then used the identities of prominent people to solicit money in the form of bitcoin, promising in return that he would send back twice as much bitcoin.” Court documents show approximately 415 payments to the bitcoin wallet associated with the scam, totaling the equivalent of around $177,000. As Twitter confirmed last week, 130 accounts were targeted in all. Attackers successfully tweeted from 45 of the accounts, accessed the direct messages of 36, and downloaded the Twitter data of seven. On Thursday evening, Twitter disclosed that attackers got in through social engineering, specifically through a phone spear-phishing attack, that targeted company employees. Court documents don’t provide much more detail than that, and only allege that Clark’s actions date back to on or around May 3. It’s also not entirely clear how investigators identified Clark, but the trail that led the FBI to Sheppard and Fazeli has much bigger bread crumbs. On April 2, the administrator of OGUsers announced that the forum had been hacked; a few days later, court documents say, a rival hacking gang put out a download link to a database of user information. It turned out to be quite a trove, full of not just user names and public postings but private messages between users, IP addresses, and email addresses. The FBI says it acquired a copy of the database on April 9. The work appears to have been quick from there. In Chaewon’s private messages on OGUsers, investigators say they found an exchange in February where Chaewon was instructed to pay for a videogame by sending bitcoin to a particular address. Activity on that wallet the next day was traced to a cluster of bitcoin addresses that, months later, would be used by “ever so anxious#0001” in his interactions with Kirk#5270. Investigators also used the database to connect Chaewon's account to another OGUsers handle, Mas. Both accounts signed onto the forums from the same IP address on the same day, according to the database leak; agents also found that multiple times between February 11 and 15 of this year, Chaewon posted ““IT IS MAS I AM MAS NOT BRY I AM MAS MAS [email protected],” which combined suggest that Chaewon and Mas are owned by the same individual. The Mas account was associated with the email account [email protected], investigators say, which was linked to a Coinbase account tied to Mason Sheppard. The bitcoin addresses associated with Chaewon had also processed numerous exchanges on the cryptocurrency exchange Binance, whose records also tied those accounts with Sheppard. Finally, court documents say that an unnamed juvenile who had allegedly assisted in the scheme told investigators that they knew Chaewon by the name Mason. Investigators rely on bitcoin and IP addresses to link the Rolex#0373 to Fazeli, as well, particularly one October 30, 2018 exchange that was referenced on the OGUsers forums. The Coinbase account involved in that transaction allegedly belonged to “Nim F,” under the email address “[email protected],” the same used to register the Rolex account on OGUsers. The Coinbase account had allegedly been verified with a Florida driver’s license in the name of Nima Fazeli, complete with the driver’s license number. Over time, court documents say, Fazeli would use his real driver’s license to register three separate Coinbase accounts, the third of which was frequently visited from the same IP address as the Rolex#0373 Discord account and Rolex account on OGUsers. “We appreciate the swift actions of law enforcement in this investigation and will continue to cooperate as the case progresses,” Twitter said in a tweeted statement. The FBI's San Francisco Office released a statement Friday indicating that the investigation was still ongoing. While the Twitter hack garnered major headlines, the social engineering attack at the heart of it is nothing new. “In terms of the M.O. of breaking into companies and then using the employee tools to perpetuate fraud, that is just another day for these guys,” says Allison Nixon, chief research officer with cybersecurity firm 221B, which assisted the FBI in the investigation. “This exact same M.O. was used against telcos for years prior to this.” Generally, the sort of social engineering used in the Twitter hack avoids legal scrutiny, Nixon says, because it’s considered a low level of attack. That’s obviously no longer the case when your hit list includes a former president and the two wealthiest men in the world. It’s also unclear how effective a deterrent these arrests will prove to be in the long run, given how entrenched this particular hacking community has become. If anything, the details in the criminal complaints may instruct future attacks. “Every single cycle of this teaches them to be better,” says Nixon, “because they get to see the evidence against them, and how they get caught.” How the Alleged Twitter Hackers Got Caught
  19. Florida teen arrested, charged with being “mastermind” of Twitter hack The 17-year-old is facing 30 felony fraud charges. 52 with 46 posters participating A Florida teen has been arrested and charged with 30 felony counts related to the high-profile hijacking of more than 100 Twitter accounts earlier this month. Federal law enforcement arrested Graham Ivan Clark, 17, in Tampa earlier today, the Office of Hillsborough State Attorney Andrew Warren said. The arrest followed an investigation spearheaded by the Federal Bureau of Investigation and the Justice Department. "These crimes were perpetrated using the names of famous people and celebrities, but they're not the primary victims here," said Warren. "This 'Bit-Con' was designed to steal money from regular Americans from all over the country, including here in Florida. This massive fraud was orchestrated right here in our backyard, and we will not stand for that." A security researcher who has been actively working with the FBI on the investigation into this month's breach told Ars that the hack was the result of painstaking research into Twitter employees, the social engineering of them by phone, and carefully timed phishing. Allison Nixon, chief research officer at security firm Unit 221B, said evidence collected to date shows that Clark and hackers he worked with started by scraping LinkedIn in search of Twitter employees who were likely to have access to the account tools. Using tools that LinkedIn makes available to recruiters, the attackers then obtained those employees’ cell phone numbers and other private contact information. The attackers then called the employees, and directed them to a phishing page that mimicked an internal Twitter VPN. Detailed work histories and other employee data the attackers obtained from public sources allowed the attackers to pose as people who were authorized Twitter personnel. Work at home arrangements cause by the COVID-19 pandemic also prevented the employees from using using normal procedures such as face-to-face contact, to verify the identities of co-workers. With the confidence of the targeted employees, the attackers directed them to a phishing page that mimicked an internal Twitter VPN. The attackers then obtained credentials as the targeted employees entered them. To bypass two-factor authentication protections Twitter has in place, the attackers entered the credentials into the real Twitter VPN portal within seconds of the employees entering them into the fake one. Once the employee entered the one-time password, the attackers were in. According to the charging document (PDF), Clark faces one count of organized fraud, 11 total counts of fraudulent use of personal information, one count of accessing a computer or electronic device without authority, and 17 counts of communications fraud. Clark's prosecution is taking place in Tampa, where he lives, "because Florida law allows minors to be charged as adults in financial fraud cases such as this when appropriate," Warren's office said. Two other young adults are also facing charges in relation to the hack, the DOJ announced. Mason Sheppard, a 19-year-old UK resident, and Nima Fazeli of Orlando, Florida, have both been charged in the Northern District of California. Sheppard faces counts of conspiracy to commit wire fraud, conspiracy to commit money laundering, and intentionally accessing a protected computer. Fazeli is charged with aiding and abetting the intentional access of a protected computer. This is a developing story and will be updated. Florida teen arrested, charged with being “mastermind” of Twitter hack
  20. The same team of cybersecurity researchers who discovered several severe vulnerabilities, collectively dubbed as Dragonblood, in the newly launched WPA3 WiFi security standard few months ago has now uncovered two more flaws that could allow attackers to hack WiFi passwords. WPA, or WiFi Protected Access, is a WiFi security standard that has been designed to authenticate wireless devices using the Advanced Encryption Standard (AES) protocol and intended to prevent hackers from eavesdropping on your wireless data. The WiFi Protected Access III (WPA3) protocol was launched a year ago in an attempt to address technical shortcomings of the WPA2 protocol from the ground, which has long been considered to be insecure and found vulnerable to more severe KRACK attacks. WPA3 relies on a more secure handshake, called SAE (Simultaneous Authentication of Equals), which is also known as Dragonfly, that aims to protect WiFi networks against offline dictionary attacks. However, in less than a year, security researchers Mathy Vanhoef and Eyal Ronen found several weaknesses (Dragonblood) in the early implementation of WPA3, allowing an attacker to recover WiFi passwords by abusing timing or cache-based side-channel leaks. Shortly after that disclosure, the WiFi Alliance, the non-profit organization which oversees the adoption of the WiFi standard, released patches to address the issues and created security recommendations to mitigate the initial Dragonblood attacks. But it turns out that those security recommendations, which were created privately without collaborating with the researchers, are not enough to protect users against the Dragonblood attacks. Instead, it opens up two new side-channel attacks, which once again allows attackers to steal your WiFi password even if you are using the latest version of WiFi protocol. New Side-Channel Attack Against WPA3 When Using Brainpool Curves The first vulnerability, identified as CVE-2019-13377, is a timing-based side-channel attack against WPA3's Dragonfly handshake when using Brainpool curves, which the WiFi Alliance recommended vendors to use as one of the security recommendations to add another layer of security. "However, we found that using Brainpool curves introduces the second class of side-channel leaks in the Dragonfly handshake of WPA3," the duo says in an updated advisory. "In other words, even if the advice of the WiFi Alliance is followed, implementations remain at risk of attacks." "The new side-channel leak is located in the password encoding algorithm of Dragonfly," the researchers said, "We confirmed the new Brainpool leak in practice against the lastest Hostapd version, and were able to brute-force the password using the leaked information." Side-Channel Attack Against FreeRADIUS' EAP-PWD Implementation The second vulnerability, identified as CVE-2019-13456, is an information leak bug which resides the implementation of EAP-pwd (Extensible Authentication Protocol-Password) in FreeRADIUS—one of the most widely used open-source RADIUS server that companies utilizes as a central database to authenticate remote users. Mathy Vanhoef, one of the two researchers who discovered the Dragonblood flaws, told The Hacker News that an attacker could initiate several EAP-pwd handshakes to leak information, which can then be used to recover the user's WiFi password by performing dictionary and brute-force attacks. "The EAP-pwd protocol internally uses the Dragonfly handshake, and this protocol is used in some enterprise networks where users authenticate using a username and password," Vanhoef told The Hacker News. "More worrisome, we found that the WiFi firmware of Cypress chips only executes 8 iterations at minimum to prevent side-channel leaks. Although this makes attacks harder, it does not prevent them." the duo said. According to researchers, implementing Dragonfly algorithm and WPA3 without side-channel leaks is surprisingly hard, and the backward-compatible countermeasures against these attacks are too costly for lightweight devices. The researchers shared their new findings with the WiFi Alliance and tweeted that "WiFi standard is now being updated with proper defenses, which might lead to WPA 3.1," but unfortunately, the new defenses wouldn't be compatible with the initial version of WPA3. Mathy Vanhoef also told The Hacker News that it's unfortunate that WiFi Alliance created their security guidelines in private. "If they would have done this publicly, these new issues could have been avoided. Even the original WPA3 certification was partly made in private, which also wasn't ideal." Source
  21. Gafgyt has been updated with new capabilities, and it spreads by killing rival malware. Tens of thousands of Wi-Fi routers are potentially vulnerable to an updated form of malware which takes advantage of known vulnerabilities to rope these devices into a botnet for the purposes of selling distributed denial of service (DDoS) attack capabilities to cyber criminals. A new variant of Gafgyt malware – which first emerged in 2014 – targets small office and home routers from well known brands, gaining access to the devices via known vulnerabilities. Now the authors of Gafgyt – also known as Bashlite – have updated the malware and are directing it at vulnerabilities in three wireless router models. The Huawei HG532 and Realtek RTL81XX were targeted by previous versions of Gafgyt, but now it's also targeting the Zyxel P660HN-T1A. In all cases, the malware is using a scanner function to find units facing the open internet before taking advantage of vulnerabilities to compromise them. The new attacks have been detailed by cybersecurity researchers at Palo Alto Networks. The Gafgyt botnet appears to be directly competing with another botnet – JenX – which also targets the Huawei and Realtek routers, but not Zyxel units. Ultimately, the attackers behind Gafgyt want to kill off their competition by replacing JenX with their own malware. "The authors of this malware want to make sure their strain is the only one controlling a compromised device and maximizing the device's resources when launching attacks," Asher Davila, security researcher at the Palo Alto Networks Unit 42 research division told ZDNet. "As a result, it is programmed to kill other botnet malware it finds, like JenX, on a given device so that it has the device's full resources dedicated to its attack". Control of the botnet allows its gang to launch DDoS attacks against targets in order to cause disruption and outages. While the malware could be used to launch denial of service campaigns against any online service, the current incarnation of Gafgyt appears to focus on game servers, particularly those running Valve Source Engine games, including popular titles Counter-Strike and Team Fortress 2. Often the targeted servers aren't hosted by Valve, but rather are private servers hosted by players. The most common reason for attacks is plain sabotage of other users: some young game players want to take revenge against opponents or rivals. Those interested in these malicious services don't even need to visit underground forums to find them – Unit 42 researchers note that botnet-for-hire services have been advertised using fake profiles on Instagram and can cost as little as $8 to hire. Researchers have alerted Instagram to the accounts advertising malicious botnet services. "There's clearly a younger demographic that they can reach through that platform, which can launch these attacks with little to no skill. It is available to everyone and is easier to access than underground sites," said Davila. As more IoT products become connected to the internet, it's going to become easier for attacker to rope devices into botnets and other malicious activity if devices aren't kept up to date. The routers being targeted by the new version of Gafgyt are all old – some have been on the market for more than five years – researchers recommend upgrading your router to a newer model and that you should regularly apply software updates to ensure the device is as protected as possible against attacks. "In general, users can stay safe against botnets by getting in the habit of updating their routers, installing the latest patches and implementing strong, unguessable passwords," Davila explained. The more frequent the better, but perhaps for simplicity, considering timing router updates around daylight savings so at least you're updating twice a year," he added. Source: This aggressive IoT malware is forcing Wi-Fi routers to join its botnet army (via ZDNet)
  22. Russia carried out a “stunning” hack of U.S. intelligence services’ most sensitive communications, Yahoo News reports. The hack is believed to have happened around 2010 and reportedly gave Russian spies in Washington, New York, and San Francisco access to the location of FBI surveillance teams as well as the actual content of FBI communications. The hack may have allowed the Russian agents to avoid FBI surveillance, communicate with U.S. sources, and gather intelligence on their FBI pursuers, according to the report. “When we found out about this, the light bulb went on—that this could be why we haven’t seen [certain types of] activity” from Russian spies, one source told Yahoo. The Russians reportedly compromised the encrypted radio systems used by the FBI’s mobile surveillance teams as well as the backup communications systems. “This was something we took extremely seriously,” one former senior counterintelligence official is reported to have said. The intercepts were said to be monitored by teams at the Russian diplomatic compounds that President Obama ordered seized shortly before he left office. More AT: [Yahoo News] Source
  23. The suspect, only identified by the initials B.B.A., second from left, is presented at a press conference at the headquarters of the National Police in South Jakarta on Friday. (Antara Photo/Reno Esnir) Police arrested a 21-year-old man in Sleman, Yogyakarta, on Friday for allegedly using malicious software to extort victims and steal financial data for personal gain. Yogyakarta Police spokesman Senior Comr. Yuliyanto said the suspect, only identified by the initials B.B.A., sent phishing emails to at least 500 randomly selected addresses to spread ransomware, or software designed to block access to computer systems until a ransom is paid. The suspect had reportedly been acting alone since 2014 and collected 300 Bitcoins, or equivalent to around Rp 31.5 billion ($2.25 million), Yuliyanto said. He said the investigation started after a tipoff that the suspect had hacked the computer system of a company based in San Antonio, Texas. The suspect allegedly also stole credit card data from internet users for personal gain. The National Police's cybercrime unit is investigating the case. Yuliyanto said the Yogyakarta Police are assisting in the investigation and will forward evidence to the National Police headquarters in Jakarta. "The evidence includes a Harley Davidson motorcycle and several computers. We will send these [to Jakarta]," he said. The suspect has been in custody in Jakarta since his arrest. The suspect lived in a boarding house in Sleman for the past two years, Yuliyanto said, without providing further detail. Senior Comr. Rickynaldo Chairul, head of the police's cybercrime investigation unit, said separately in Jakarta that the suspect had sent emails containing hyperlinks that directed unsuspecting recipients to his webmail server, which would then install ransomware on recipients' computer systems and prevent them from accessing their data. In the case involving the US company, the suspect threatened to delete its data if it failed to pay the ransom within three days. "The suspect demanded the ransom be paid in Bitcoin before restoring access to the victim's mail server," Rickynaldo said. The suspect reportedly used the email address, [email protected], in his communications with victims. He faces up to six years in prison under the Electronic Information and Transactions Law. Source: Police Arrest Yogyakarta Man Who Used Ransomware Attacks to Amass 300 Bitcoins (via Jakarta Globe) p/s: For those who can understand Indonesian language, there's a news reporting on that. https://cyberthreat.id/read/3532/Pertama-Kali-dalam-Sejarah-Polri-Tangkap-Hacker-Ransomware
  24. Graphic designers, video editors, and other creatives beware: Nearly 7.5 million Adobe Creative Cloud accounts were exposed to the public. The database containing the sensitive user info, discovered by security researcher Bob Diachenko and Comparitech, was accessible to anyone through a web browser. The exposed user data for the nearly 7.5 million accounts included email addresses, the Adobe products they subscribed to, account creation date, subscription and payment status, local timezone, member ID, time of last login, and whether they were an Adobe employee. While no passwords or financial information such as credit card numbers were exposed, the data is sensitive enough to cause real problems for Creative Cloud users. It’s easy to see how a bad actor could use this data to create highly targeted and convincing phishing campaigns. Adobe Creative Cloud includes industry standard software and some of the most popular apps for creatives such as Photoshop, Premiere, Illustrator, After Effects, InDesign, and more. According to Comparitech, Diachenko immediately reached out to Adobe upon discovering the open database on Oct. 19. Adobe addressed the issue immediately and secured the database on the same day. Diachenko believes the data was left exposed for about a week, however it’s unclear when the database first became publicly accessible or if there was any unauthorized access. Adobe was last hit with a major data leak in 2013 when a hacker gained access to 38 million customers' usernames, encrypted passwords, and credit card info. Creative Cloud customers should be wary of any suspicious emails they receive claiming to be from the company. Mashable has reached out to Adobe and will update this post when we hear back. UPDATE: Oct. 25, 2019, 5:05 p.m. EDT Adobe reached out to Mashable to share the following statement posted to its website: Source: Adobe exposed nearly 7.5 million Creative Cloud accounts to the public (via Mashable)
  25. Friday, 18 Oct 2019|11:30 AM MYT By Angelin Yeoh, Christina Chin and Elim Poon Users were greeted with this image on the E-Pay portal before it went offline. — Twitter @XavierNaxa Universiti Malaya (UM) E-Pay Cashless Payment and Records portal is currently inaccessible after it was reportedly defaced with what appears to be a protest message, last night. According to a Twitter post, the defaced portal carried a message that included hashtags #NoRasis and #UndurVC, probably to highlight the recent student protest at the university’s convocation ceremony. Deputy Education Minister Teo Nie Ching said the ministry has yet to receive a report on the incident. “I just read about it this morning. Let us get the details first before I comment,” she said after the launch of the “Back-to-School” programme at SK Klang Gate. The online portal was launched in January this year to allow students to make financial transactions such as paying university fees. The Star sighted a series of WhatsApp messages circulated by students warning others from accessing any of UM’s other portals for the next 24 hours. Some claimed that more than one UM portal has been hacked, and it’s likely to put their information at risk if they logged in. "Hey guys, please don’t log into Spectrum, MYUM and UM E-Pay for the next 24 hours. All of these websites have been hacked. The hacker can see your credentials and also can see your MYUM financial account status," the message read. A UM lecturer also sent out a similar message, warning students not to log in to UM’s websites, saying it could also be infected with malware. A chemical engineering student at UM believes the attack was to highlight an ongoing protest by a student group against UM vice-chancellor Datuk Abdul Rahim Rashid. "This is not the right way and platform to express their feelings. Why affect other innocent students and the operating system of the university?" the person said. Another student who also wished to remain anonymous expressed disappointment that the UM vice-chancellor attended the Malay Dignity Congress. "I think it's acceptable for this unknown party to hack the UM E-pay portal as a protest. But that's if they do not take any advantage of the students' financial data,” the person said. “If they do, that'd be wrong. It is one thing to voice out, it is another thing to harm others. Freedom of speech should be done without causing harm to others," the student said. The Star has reached out to UM for comments. Source: 1. Universiti Malaya E-Pay portal is down after being defaced - via TheStar Online 2. Penggodam mensasarkan gerbang pembayaran Universiti Malaya untuk menyuarakan tanda protes. (translation: Hacker targets Universiti Malaya's payment portal to voice out protest signs) - via Twitter
  • Create New...