NASA hacked because of unauthorized Raspberry Pi connected to its network

NASA described the hackers as an "advanced persistent threat," a term generally used for nation-state hacking groups.

A report published this week by the NASA Office of Inspector General reveals that in April 2018 hackers breached the
agency's network and stole approximately 500 MB of data related to Mars missions.

The point of entry was a Raspberry Pi device that was connected to the IT network of the NASA Jet Propulsion Laboratory (JPL) without authorization or going through the proper security review.
Hackers stole Mars missions data

According to a 49-page OIG report, the hackers used this point of entry to move deeper inside the JPL network by hacking a shared network gateway.

The hackers used this network gateway to pivot inside JPL's infrastructure, and gained access to the network that was storing information about NASA JPL-managed Mars missions, from where he exfiltrated information.

The OIG report said the hackers used "a compromised external user system" to access the JPL missions network.

"The attacker exfiltrated approximately 500 megabytes of data from 23 files, 2 of which contained International Traffic in Arms Regulations information related to the Mars Science Laboratory mission," the NASA OIG said.

The Mars Science Laboratory is the JPL program that manages the Curiosity rover on Mars, among other projects.

Hackers also breached NASA's satellite dish network
NASA's JPL division primary role is to build and operate planetary robotic spacecraft such as the Curiosity rover, or the various satellites that orbit planets in the solar system.

In addition, the JPL also manages NASA's Deep Space Network (DSN), a worldwide network of satellite dishes that are used to send and receive information from NASA spacecrafts in active missions.

Investigators said that besides accessing the JPL's mission network, the April 2018 intruder also accessed the JPL's DSN IT network. Upon the dicovery of the intrusion, several other NASA facilities disconnected from the JPL and DSN networks, fearing the attacker might pivot to their systems as well.

PDF:
https://oig.nasa.gov/docs/IG-19-022.pdf

https://www.zdnet.com/article/nasa-hacked-because-of-unauthorized-raspberry-pi-connected-to-its-network/

#pdf #nasa #hack #raspberry
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES

NordVPN has been hacked

The VPN provider NordVPN apparently had an incident some time ago in which an attacker had access to the servers and private keys. Three private keys appeared on the network, one of which belonged to an expired HTTPS certificate.

Several cryptographic keys and information about NordVPN configuration files have appeared in a leak. One of the keys matches an older NordVPN website certificate. The vendor has not yet commented on the incident.

The leak appeared in an online discussion. In a now deleted tweet NordVPN wrote: "Nobody can steal your online life (if you use a VPN)". In response, someone sent a link to a text file containing evidence of a VPN provider hack.

https://share.dmca.gripe/hZYMaB8oF96FvArZ.txt

https://mobile.twitter.com/NordVPN/status/1185979592374398976

👉🏼 More info (german):

https://www.golem.de/news/leak-nordvpn-wurde-gehackt-1910-144528.html

#leak #NordVPN #hack #hacker #hacked
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES

Apparently other VPN providers were also compromised:

It’s also believed several other VPN providers may have been breached around the same time. Similar records posted online — and seen by TechCrunch — suggest that TorGuard and VikingVPN may have also been compromised, but spokespeople did not return a request for comment.

https://mobile.twitter.com/hexdefined/status/1186106695073726466

https://techcrunch.com/2019/10/21/nordvpn-confirms-it-was-hacked/

👉🏼 NordVPN has been hacked:
https://t.me/NoGoolag/1726

#leak #NordVPN #TorGuard #VikingVPN #hack #hacker #hacked
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES

Exclusive: Government officials around the globe targeted for hacking through WhatsApp

WASHINGTON (Reuters) - Senior government officials in multiple U.S.-allied countries were targeted earlier this year with hacking software that used Facebook Inc's (FB.O) WhatsApp to take over users' phones, according to people familiar with the messaging company's investigation.

Sources familiar with WhatsApp’s internal investigation into the breach said a “significant” portion of the known victims are high-profile government and military officials spread across at least 20 countries on five continents. Many of the nations are U.S. allies, they said.

The hacking of a wider group of top government officials' smartphones than previously reported suggests the WhatsApp cyber intrusion could have broad political and diplomatic consequences.

WhatsApp filed a lawsuit on Tuesday against Israeli hacking tool developer NSO Group. The Facebook-owned software giant alleges that NSO Group built and sold a hacking platform that exploited a flaw in WhatsApp-owned servers to help clients hack into the cellphones of at least 1,400 users between April 29, 2019, and May 10, 2019.

The total number of WhatsApp users hacked could be even higher. A London-based human rights lawyer, who was among the targets, sent Reuters photographs showing attempts to break into his phone dating back to April 1.

While it is not clear who used the software to hack officials' phones, NSO has said it sells its spyware exclusively to government customers.

👉🏼 Read more:
https://uk.mobile.reuters.com/article/amp/idUKKBN1XA27N

#WhatsApp #Hack #government #military
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES

Darknet Diaries: The Indo-Pak Conflict

#Kashmir is a region right in between #India, #Pakistan, and #China. For the last 70 years Pakistan and India have fought over this region of the world, both wanting to take #control of it. Tensions sometimes heat up which can result in people being killed. When tensions get high in the real world, some people take to the #internet and #hack their rivals as a form of protest. In this episode we’ll explore some of the #hacking that goes on between India and Pakistan.

📻 #DarknetDiaries #podcast
https://darknetdiaries.com/episode/51/

📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES

The A1 Telekom Austria Hack - they came in through the web shells

On the 3rd of February 2020 I received an encrypted email on 3 of my email addresses from a person calling themself "Libertas" with the subject "Information for the public".

"I am writing to you today because you seem to be a IT security related guy from Austria with a brain. I hope this assumption is correct, otherwise please disregard this message.

I am writing concerning your local telecom company A1 Telekom. -Libertas"

At first I thought it's some conspiracy theorist who wants to publish something on my blog (they always do) but it was not one of these cases and I wasn't prepared to what they presented me.

Disclaimer:

After confirming the hack with A1 I was asked to postpone the publishing of this post until A1 has kicked the attackers out. I complied with their request so I wouldn't interfere with the ongoing investigation. Since I did not publish this post for months the whistleblower also contacted a journalist from Heise.de and we agreed to release our articles at the same time.

Since I have no way of checking the validity of individual statements made by the whistleblower, they could all be fabricated. I find them very plausible and many details of the email were confirmed by A1 but keep it in the back of your head that the statements of "Libertas" might be untrue or half-true until confirmed by A1 Telekom. Since I had the opportunity to talk to people from A1 I will add their statements in blue.

👉🏼 Read more:
https://blog.haschek.at/2020/the-a1-telekom-hack.html

👉🏼 Read more 🇩🇪:
https://www.golem.de/news/oesterreich-hackerangriff-bei-a1-telekom-2006-148984.html

#austria #telekom #hack #hacked #Libertas
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv

Dark Basin
Uncovering a Massive Hack-For-Hire Operation

Dark Basin is a hack-for-hire group that has targeted thousands of individuals and hundreds of institutions on six continents. Targets include advocacy groups and journalists, elected and senior government officials, hedge funds, and multiple industries.

Dark Basin extensively targeted American nonprofits, including organisations working on a campaign called #ExxonKnew, which asserted that ExxonMobil hid information about climate change for decades.

Dark Basin is also behind the phishing of organizations working on net neutrality advocacy, previously reported by the Electronic Frontier Foundation.

https://citizenlab.ca/2020/06/dark-basin-uncovering-a-massive-hack-for-hire-operation

Comments:
https://news.ycombinator.com/item?id=23466119


#darkbasin #hack

LiveHack 😷 Corona App
Security hole in "Corona Data Donation" app allows full access to hundreds of thousands of Android devices. 🇩🇪 Robert Koch Institute wants to sweep it under the carpet.

NDR and RKI know about a huge security hole in Corona App - RKI apparently prevents detection.
This IT expert uncovers major security gaps in connection with the current corona app of the German government.
Here he shows how quickly the app can be hacked and private photos and folders can be accessed. What he says at the end is also exciting: RKI is now looking for IT security experts by advertisement.

🎦 author: #Haikiki - if you wanna cooperate: haikiki.com/partnerschaft/konzept

🎦 source: yewtu.be/zbrebIXrjGE — previous video on his channel: yewtu.be/Ex6BNVxuuvw

#security #worm #hack #tutorial #german #google 🙏 @NoGooLag

Call Me Maybe: Ea­ves­drop­ping En­cryp­ted LTE Calls With Re­VoL­TE (PoC)

Voice over LTE (VoLTE) is a packet-based telephony service seamlessly integrated into the Long Term Evolution (LTE) standard. By now all major telecommunication operators use VoLTE. To secure the phone calls, VoLTE encrypts the voice data between the phone and the network with a stream cipher. The stream cipher shall generate a unique keystream for each call to prevent the problem of keystream reuse.

👀 👉🏼 https://revolte-attack.net/

#hack #LTE #VoLTE #poc #video
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@NoGoolag

Get this - there is a Bitcoin wallet with 69,000 Bitcoins ($693,207,618) that is being passed around between hackers/crackers for the past 2 years for the purpose of cracking the password, no success so far.

👀 👉🏼 https://twitter.com/UnderTheBreach/status/1303316723186139136

#wallet #bitcoin #breach #hack #whynot
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@NoGoolag

North Korea has tried to hack 11 officials of the UN Security Council

New UN Security Council report reveals repeated targeting of UN Security Council officials over the past year.

A hacker group previously associated with the North Korean regime has been spotted launching spear-phishing attacks to compromise officials part of the United Nations Security Council.

The attacks, disclosed in a UN report last month, have taken place this year and have targeted at least 28 UN officials, including at least 11 individuals representing six countries of the UN Security Council.

UN officials said they learned of the attacks after being alerted by an unnamed UN member state (country).

The attacks were attributed to a North Korean hacker group known in the cyber-security community by the codename of Kimsuky.

According to the UN report, Kimsuky operations took place across March and April this year and consisted of a series of spear-phishing campaigns aimed at the Gmail accounts of UN officials.

The emails were designed to look like UN security alerts or requests for interviews from reporters, both designed to convince officials to access phishing pages or run malware files on their systems.

The country which reported the Kimsuky attacks to the UN Security Council also said that similar campaigns were also carried out against members of its own government, with some of the attacks taking place via WhatsApp, and not just email.

Furthermore, the same country informed the UN that Kimsuky attacks have extremely persistent with the North Korean hacker group pursuing "certain individuals throughout the 'lifetime' of their [government] career."

👀 👉🏼 https://www.zdnet.com/article/north-korea-has-tried-to-hack-11-officials-of-the-un-security-council

#northkorea #hack #hacker #un #security #council
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@NoGoolag

The Fortnite Trial Is Exposing Details About the Biggest iPhone Hack on Record

via www.vice.com


#iphone #hack #fortnite

Qualcomm Chip Flaw Could Leave 30 Percent of the World's Phones Vulnerable to Hackers

https://gizmodo.com/qualcomm-chip-flaw-could-leave-30-percent-of-the-worlds-1846837667


#qc #Qualcomm #soc #hack #vulnerability

The Full Story of the Stunning RSA Hack Can Finally Be Told

In 2011, Chinese spies stole the crown jewels of cybersecurity—stripping protections from firms and government agencies worldwide. Here’s how it happened.

https://www.wired.com/story/the-full-story-of-the-stunning-rsa-hack-can-finally-be-told/

#rsa #hack

https://www.forbes.com/sites/daveywinder/2022/09/06/has-tiktok-us-been-hacked-and-2-billion-database-records-stolen/

#tiktok #hack