I'm sure there's a special place in Hell ...

Sometimes I think Hell must have more "special places" than there are people that have ever lived (given that lots of people would certainly qualify for multiple "special places").

 

https://www.404media.co/revealed-the-country-that-secretly-wiretapped-the-world-for-the-fbi/

The FBI had a problem. In 2019 the agency was secretly running an encrypted phone company called Anom. Serious organized criminals were using the phones and Anom was gaining popularity. But even though Anom contained a backdoor—a chunk of code that silently copied every message sent—the FBI was unable to actually read Anom’s messages.

The FBI had not obtained legal approval to rummage through that treasure trove of intelligence. As legal experts have argued, the FBI may have technically had the authority to do so, but might need to get an order for every single phone user, a cumbersome process when Anom eventually grew to around 12,000 total devices. The FBI needed another solution.

So the agency turned to what court records have described as a “third country,” the first country being America and the second being Australia, which ran a beta test of the Anom surveillance operation. The third country allowed the FBI to overcome this legal hurdle. The country hosted the Anom interception server for the FBI, and then provided Anom’s messages to American authorities every Monday, Wednesday, and Friday.

 

Russian cyber attack on Las Vegas casinos and hotels

​

Many hotels under the MGM Resorts lining the strip in Las Vegas and around the globe were hit with a cyber security attack Monday. Everything from gaming machines to hotel communications has been inoperable for four days. Thousands of guests have been locked out of their hotel rooms.

 

Russian cyber attack on Las Vegas casinos and hotels
View attachment 302851​

I don't think these are classic Russian hackers.
https://en.wikipedia.org/wiki/Scattered_Spider
https://thehackernews.com/2023/05/threat-group-unc3944-abusing-azure.html
https://isp.page/news/group-in-casino-hacks-skilled-at-duping-workers-for-access/

 

I don't think these are classic Russian hackers.
https://en.wikipedia.org/wiki/Scattered_Spider
https://thehackernews.com/2023/05/threat-group-unc3944-abusing-azure.html
https://isp.page/news/group-in-casino-hacks-skilled-at-duping-workers-for-access/

Yeah, it's hard to know .. but what draws my attention is that they're more like skilled scammers than hackers. I mean, hacking is just part of their operation. The most important part of their "work" involves fraudulent social interaction.

 

Yeah, it's hard to know .. but what draws my attention is that they're more like skilled scammers than hackers. I mean, hacking is just part of their operation. The most important part of their "work" involves fraudulent social interaction.

These guys are native English speakers with a western culture upbringing, this makes social engineering much more effective even with trained personnel on the outlook for scammers. They tried to hack slots at MGM first, FAIL.
https://www.ft.com/content/a25d2897-b0ce-4ba7-92ed-ff5df09d1b47

They were successful because, unlike the Russian-speaking cybercriminals who dominate the ransomware industry, the Scattered Spider crew speaks fluent English. Mandiant Consulting, a cyber security company owned by Google, suspects their members are based in the US and Europe. “This group is one of the most prevalent and aggressive threat actors impacting organizations in the United States today,” said Charles Carmakal, a chief technology officer at Mandiant. “Although members of the group may be less experienced and younger than many of the established ransomware groups and nation-state espionage actors, they are a serious threat, with many native English speakers and are incredibly effective social engineers,” he said.

 

https://www.reuters.com/technology/...-z-hackers-who-struck-mgm-caesars-2023-09-22/

From Canada to Japan, the security firm CrowdStrike has tracked 52 attacks globally by the group since March 2022, most of them in the United States, said Adam Meyers, senior vice president of threat intelligence at the company. Google-owned intelligence firm Mandiant, has logged more than 100 intrusions by it in the last two years.

Some of these kids will eventually be found, when the lakes around Vegas dry up again.

 

https://www.securityweek.com/android-devices-with-backdoored-firmware-found-in-us-schools/
Android Devices With Backdoored Firmware Found in US Schools

A global cybercriminal operation called BadBox has infected the firmware of more than 70,000 Android smartphones, CTV boxes, and tablets with the Triada malware.

 

https://www.securityweek.com/android-devices-with-backdoored-firmware-found-in-us-schools/
Android Devices With Backdoored Firmware Found in US Schools

A global cybercriminal operation called BadBox has infected the firmware of more than 70,000 Android smartphones, CTV boxes, and tablets with the Triada malware.

Even worse:

https://www.bleepingcomputer.com/ne...ython-packages-found-stealing-sensitive-data/

 

https://www.securityweek.com/android-devices-with-backdoored-firmware-found-in-us-schools/
Android Devices With Backdoored Firmware Found in US Schools

A global cybercriminal operation called BadBox has infected the firmware of more than 70,000 Android smartphones, CTV boxes, and tablets with the Triada malware.

Human also warns that BadBox-infected devices cannot be cleaned by the end-users, since the backdoor resides in the firmware partition and that almost all infected devices are lower-price-point, recommending that users choose familiar brands when purchasing new products.

Yeah. Right. Like that's gonna happen!

 

Even worse:

https://www.bleepingcomputer.com/ne...ython-packages-found-stealing-sensitive-data/

Hi,

Nobody mentioned that when I was asking about Python programming in another thread. Ha ha.
I guess I'll have to go to the nearest hardware store (if I can find one anywhere anymore that is) and buy a can of Python Be Gone. Ha!

One place where I lived a long time ago we had smaller snakes hide in the grass, even in the shorter grass. They hide very well. You don't see them until you almost step on them. Time to invent another programming language now, "Mongoose".

 

Hi,

Nobody mentioned that when I was asking about Python programming in another thread. Ha ha.
I guess I'll have to go to the nearest hardware store (if I can find one anywhere anymore that is) and buy a can of Python Be Gone. Ha!

One place where I lived a long time ago we had smaller snakes hide in the grass, even in the shorter grass. They hide very well. You don't see them until you almost step on them. Time to invent another programming language now, "Mongoose".

Mentioned what -- that malicious players try to find ways to exploit things for their own benefit?

Did they mention it when you used C, or Java, or jpg files, or pdf file, or (the list is pretty much endless, and includes iOS, Windows, and Linux)?

 

Mentioned what -- that malicious players try to find ways to exploit things for their own benefit?

Did they mention it when you used C, or Java, or jpg files, or pdf file, or (the list is pretty much endless, and includes iOS, Windows, and Linux)?

Hi there,

Well, it sounded like hackers were targeting Python more than maybe other languages, but of course I do not have any reliable stats to figure that out for sure.
Maybe what you are saying is that it is not as bad as it sounds.

 

https://www.cbsnews.com/news/more-from-five-eyes-intelligence-chiefs-warning-to-60-minutes/
Five Eyes" intelligence chiefs' warning

 

https://arstechnica.com/security/20...-with-malware-that-monitors-their-every-move/

Highly invasive malware targeting software developers is once again circulating in Trojanized code libraries, with the latest ones downloaded thousands of times in the last eight months, researchers said Wednesday.

Since January, eight separate developer tools have contained hidden payloads with various nefarious capabilities, security firm Checkmarx reported. The most recent one was released last month under the name "pyobfgood." Like the seven packages that preceded it, pyobfgood posed as a legitimate obfuscation tool that developers could use to deter reverse engineering and tampering with their code. Once executed, it installed a payload, giving the attacker almost complete control of the developer’s machine. Capabilities include:

• Exfiltrate detailed host information
• Steal passwords from the Chrome web browser
• Set up a keylogger
• Download files from the victim's system
• Capture screenshots and record both screen and audio
• Render the computer inoperative by ramping up CPU usage, inserting a batch script in the startup directory to shut down the PC, or forcing a BSOD error with a Python script
• Encrypt files, potentially for ransom
• Deactivate Windows Defender and Task Manager
• Execute any command on the compromised host

 

https://arstechnica.com/security/20...ryptographic-keys-in-new-cutting-edge-attack/
In a first, cryptographic keys protecting SSH connections stolen in new attack
An error as small as a single flipped memory bit is all it takes to expose a private key.

Even though the SSH protocol has been around for almost 18 years and is extremely widely deployed, we’re still finding new ways to exploit errors in cryptographic protocols and identifying vulnerable implementations. In our data, about one in a million SSH signatures exposed the private key of the SSH host. While this is rare, the massive amount of traffic on the Internet implies that these RSA faults in SSH happen regularly. Even though the vast majority of SSH connections are not affected, it’s still important that these failures are defended against. It only takes one bad signature in an unprotected implementation to reveal the key.

It’s fortunate that the most popular SSH implementations include countermeasures to prevent RSA signature faults from leading to catastrophic key leakage, but implementations that did not were still common enough to appear in our data.

 

https://www.reuters.com/technology/...hacking-gang-cyber-responders-say-2023-11-14/
FBI struggled to disrupt dangerous casino hacking gang, cyber responders say

For more than six months, the FBI has known the identities of at least a dozen members tied to the hacking group responsible for the devastating September break-ins at casino operators MGM Resorts International (MGM.N) and Caesars Entertainment (CZR.O), according to four people familiar with the investigation.


Industry executives have told Reuters they were baffled by an apparent lack of arrests despite many of the hackers being based in America.

"I would love for somebody to explain it to me," said Michael Sentonas, president of CrowdStrike, one of the firms leading the response effort to the hacks.

"For such a small group, they are absolutely causing havoc," Sentonas told Reuters in an interview last month.


Sentonas said the hackers were "known" but didn't provide specifics. He did say, "I think there is a failure here." Asked who was responsible for the failure, Sentonas said, "law enforcement."

The FBI has said it is investigating the gaming company hacks but a spokesperson for the agency declined to comment on the larger group responsible or where the investigation stands. A spokesman for the Department of Justice also declined to comment.


Dubbed by some security professionals as "Scattered Spider,"

In recent months, meanwhile, alarming details of The Com's aggressive tactics have come into public view. Its members are engaged in a range of illicit schemes, from sextortion and ransomware to phone-based scams and paying people to commit physical violence - also known as 'violence-as-a-service.'

 

Over the top commentary on old news but basically factual.

 

https://techcrunch.com/2023/12/04/23andme-confirms-hackers-stole-ancestry-data-on-6-9-million-users/
23andMe confirms hackers stole ancestry data on 6.9 million users

In an email sent to TechCrunch late on Saturday, 23andMe spokesperson Katie Watson confirmed that hackers accessed the personal information of about 5.5 million people who opted-in to 23andMe’s DNA Relatives feature, which allows customers to automatically share some of their data with others. The stolen data included the person’s name, birth year, relationship labels, the percentage of DNA shared with relatives, ancestry reports and self-reported location.


23andMe also confirmed that another group of about 1.4 million people who opted-in to DNA Relatives also “had their Family Tree profile information accessed,” which includes display names, relationship labels, birth year, self-reported location and whether the user decided to share their information, the spokesperson said. (23andMe declared part of its email as “on background,” which requires that both parties agree to the terms in advance. TechCrunch is printing the reply as we were given no opportunity to reject the terms.)

Fortunately, I change my DNA every few months.

 

Fortunately, I change my DNA every few months.

Me, too. Along with my underwear.