Forwarded from BlackBox (Security) Archiv
Dozens of telegram accounts hacked in Russia
If you log on to #Telegram, you usually get a secret code sent to your mobile phone. Only with this secret code you can access your Telegram #account. According to the #security #researchers of the IB group, however, #hackers managed to gain access to these #secret #codes and successfully retrieve telegram chats from a handful of Russian users.
Dmitry Rodin, runs a successful code school in Russia. In a conversation with #Forbes magazine, he now confirmed the incidents. His Telegram account was also successfully #hacked. He told the media that he had received a telegram warning that someone had tried to access his account. Dmitry Rodin ignored the first notification, but there was another warning. Someone from Samara, Russia, had successfully logged into his account. He immediately ended all active sessions except his own.
#GroupIB and Dmitry Rodin are both pretty sure that no #vulnerability in the Telegram Messenger was #exploited to gain access to the affected Telegram accounts.
"Maybe someone logged into my account by intercepting the SMS. This would indicate that there is a problem on the operator's side. This would mean that other accounts that use SMS as an authentication factor are also threatened." (Dmitry Rodin)
Group-IB has been informed about at least 13 such cases so far. The security researchers of Group-IB assume, however, that it will not stay that way. Moreover, they speak of a completely new type of threat for anyone who uses SMS codes to log in.
"This number is likely to increase, however, as it is a new type of threat that is just beginning to spread" (Group-IB)
Most worryingly, both Group-IB and Dmitry Rodin suspect that passwords (OTP) were compromised at one point. If this hypothesis is true, it is a very large security #threat, as this technology is used in many logins and financial transactions around the world.
ππΌ Read more:
https://www.forbes.com/sites/thomasbrewster/2019/12/12/mystery-russian-telegram-hacks-intercept-secret-codes-to-spy-on-messages
ππΌ Read as well:
https://tarnkappe.info/group-ib-dutzende-telegram-accounts-in-russland-gehackt/
πΊ Ability Inc. Advert 1:
https://youtu.be/CfnVvptL-8E
πΊ Ability Inc. Advert 2:
https://youtu.be/FwdnY-EIMRc
π‘@cRyPtHoN_INFOSEC_DE
π‘@cRyPtHoN_INFOSEC_EN
π‘@BlackBox_Archiv
If you log on to #Telegram, you usually get a secret code sent to your mobile phone. Only with this secret code you can access your Telegram #account. According to the #security #researchers of the IB group, however, #hackers managed to gain access to these #secret #codes and successfully retrieve telegram chats from a handful of Russian users.
Dmitry Rodin, runs a successful code school in Russia. In a conversation with #Forbes magazine, he now confirmed the incidents. His Telegram account was also successfully #hacked. He told the media that he had received a telegram warning that someone had tried to access his account. Dmitry Rodin ignored the first notification, but there was another warning. Someone from Samara, Russia, had successfully logged into his account. He immediately ended all active sessions except his own.
#GroupIB and Dmitry Rodin are both pretty sure that no #vulnerability in the Telegram Messenger was #exploited to gain access to the affected Telegram accounts.
"Maybe someone logged into my account by intercepting the SMS. This would indicate that there is a problem on the operator's side. This would mean that other accounts that use SMS as an authentication factor are also threatened." (Dmitry Rodin)
Group-IB has been informed about at least 13 such cases so far. The security researchers of Group-IB assume, however, that it will not stay that way. Moreover, they speak of a completely new type of threat for anyone who uses SMS codes to log in.
"This number is likely to increase, however, as it is a new type of threat that is just beginning to spread" (Group-IB)
Most worryingly, both Group-IB and Dmitry Rodin suspect that passwords (OTP) were compromised at one point. If this hypothesis is true, it is a very large security #threat, as this technology is used in many logins and financial transactions around the world.
ππΌ Read more:
https://www.forbes.com/sites/thomasbrewster/2019/12/12/mystery-russian-telegram-hacks-intercept-secret-codes-to-spy-on-messages
ππΌ Read as well:
https://tarnkappe.info/group-ib-dutzende-telegram-accounts-in-russland-gehackt/
πΊ Ability Inc. Advert 1:
https://youtu.be/CfnVvptL-8E
πΊ Ability Inc. Advert 2:
https://youtu.be/FwdnY-EIMRc
π‘@cRyPtHoN_INFOSEC_DE
π‘@cRyPtHoN_INFOSEC_EN
π‘@BlackBox_Archiv
GHunt
GHunt is an OSINT tool to extract a lot of informations of someone's Google Account email.
π ππΌ It can currently extract :
β Owner's name
β Last time the profile was edited
β Google ID
β If the account is an Hangouts Bot
β Activated Google services (Youtube, Photos, Maps, News360, Hangouts, etc.)
β Possible Youtube channel
β Possible other usernames
β Public photos
β Phones models
β Phones firmwares
β Installed softwares
β Google Maps reviews
β Possible physical location
β οΈ Warning:
02/10/2020: Since few days ago, Google return a 404 when we try to access someone's Google Photos public albums, we can only access it if we have a link of one of his albums.
Either this is a bug and this will be fixed, either it's a protection that we need to find how to bypass.
So, currently, the photos & metadata module will always return "No albums" even if there is one.
π ππΌ https://github.com/mxrch/GHunt
#ghunt #google #account #tool
π‘@cRyPtHoN_INFOSEC_DE
π‘@cRyPtHoN_INFOSEC_EN
π‘@BlackBox_Archiv
π‘@NoGoolag
GHunt is an OSINT tool to extract a lot of informations of someone's Google Account email.
π ππΌ It can currently extract :
β Owner's name
β Last time the profile was edited
β Google ID
β If the account is an Hangouts Bot
β Activated Google services (Youtube, Photos, Maps, News360, Hangouts, etc.)
β Possible Youtube channel
β Possible other usernames
β Public photos
β Phones models
β Phones firmwares
β Installed softwares
β Google Maps reviews
β Possible physical location
β οΈ Warning:
02/10/2020: Since few days ago, Google return a 404 when we try to access someone's Google Photos public albums, we can only access it if we have a link of one of his albums.
Either this is a bug and this will be fixed, either it's a protection that we need to find how to bypass.
So, currently, the photos & metadata module will always return "No albums" even if there is one.
π ππΌ https://github.com/mxrch/GHunt
#ghunt #google #account #tool
π‘@cRyPtHoN_INFOSEC_DE
π‘@cRyPtHoN_INFOSEC_EN
π‘@BlackBox_Archiv
π‘@NoGoolag
GitHub
GitHub - mxrch/GHunt: π΅οΈββοΈ Offensive Google framework.
π΅οΈββοΈ Offensive Google framework. Contribute to mxrch/GHunt development by creating an account on GitHub.
FBI Has Gained Access to Sci-Hub Founder's Apple Account, Email Claims
https://torrentfreak.com/fbi-has-gained-access-to-sci-hub-founders-apple-account-email-claims-210513/
https://www.reddit.com/r/DataHoarder/comments/nc27fv/rescue_mission_for_scihub_and_open_science_we_are/
#FBI #Sci-Hub #Apple #Account #cops
https://torrentfreak.com/fbi-has-gained-access-to-sci-hub-founders-apple-account-email-claims-210513/
https://www.reddit.com/r/DataHoarder/comments/nc27fv/rescue_mission_for_scihub_and_open_science_we_are/
#FBI #Sci-Hub #Apple #Account #cops