Private data of 91 million Tokopedia users openly traded online: cyber security firm

A disturbing new development to Tokopedia’s massive user data leak has been reported, with a cyber security firm finding evidence that 91 million users’ private information were put up online over the weekend.

In May, a data breach monitoring service reported that a #hacker obtained the private data of 91 million Tokopedia users, containing their personal information, emails, and password hashes, and was selling it on the Darknet for US$5,000.

Yesterday, cyber security firm Communication and Information System Security Research Center (CISSReC) said someone — not necessarily the original hacker — who had gotten hold of the sensitive data uploaded it to a web forum on Friday, available for users to download for 8 forum credits. Anyone can purchase 30 forum credits for EUR8 (IDR130K or US$9).

https://coconuts.co/jakarta/news/private-data-of-91-million-tokopedia-users-openly-traded-online-cyber-security-firm/

#tokopedia

REPORT OF THE SELECT COMMITTEE ON INTELLIGENCE

UNITED STATES SENATE ON RUSSIAN ACTIVE MEASURES CAMPAIGNS AND INTERFERENCE IN THE 2016 U.S. ELECTION

VOLUME 5: COUNTERINTELLIGENCE THREATS AND VULNERABILITIES

👀 👉🏼 PDF (966 pages): https://kryptosjournal.com/uploads/1/3/2/3/132343488/472862136-senate-intel-report-volume5.pdf

👀 👉🏼 https://thehill.com/policy/national-security/512526-manafort-shared-campaign-info-with-russian-intelligence-officer

👀 👉🏼 Report: Trump campaign’s Russia contacts a ‘grave’ threat
https://t.me/BlackBox_Archiv/1107

#usa #russia #hacking #hacker #hacked #ToddlerTrump #elections #counterintelligence #pdf #thinkabout
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@NoGoolag

Iranian hackers pose as journalists

IT agents of Iran pose as journalists and conduct "interviews" to gain the trust of their victims. The attackers learn from North Korea.

State hackers of Iran pose as Farsi-speaking journalists of Deutsche Welle and the US weekly Jewish Journal. For their false identities, the attackers set up nice LinkedIn accounts. They also pick up the phone and call their victims via WhatsApp, ostensibly to conduct interviews or prepare an alleged webinar in which the victim is supposed to be the keynote speaker.

👀 👉🏼 🇬🇧 The Kittens Are Back in Town 3 (PDF)
https://www.clearskysec.com/wp-content/uploads/2020/08/The-Kittens-are-Back-in-Town-3.pdf

👀 👉🏼 🇬🇧 Operation ‘Dream Job’
https://www.clearskysec.com/wp-content/uploads/2020/08/Dream-Job-Campaign.pdf

👀 👉🏼 🇩🇪 https://www.heise.de/newsticker/meldung/Iranische-Hacker-geben-sich-als-Journalisten-aus-4881027.html

#iran #hacker #agents #attack #journalists #pdf
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@NoGoolag

Rampant Kitten – An Iranian Espionage Campaign

Introduction

Check Point Research unraveled an ongoing surveillance operation by Iranian entities that has been targeting Iranian expats and dissidents for years. While some individual sightings of this attack were previously reported by other researchers and journalists, our investigation allowed us to connect the different campaigns and attribute them to the same attackers.

💡 Among the different attack vectors we found were:

👉🏼 Four variants of Windows infostealers intended to steal the victim’s personal documents as well as access to their Telegram Desktop and KeePass account information

👉🏼 Android backdoor that extracts two-factor authentication codes from SMS messages, records the phone’s voice surroundings and more

👉🏼 Telegram phishing pages, distributed using fake Telegram service accounts

💡 The above tools and methods appear to be mainly used against Iranian minorities, anti-regime organizations and resistance movements such as:

👉🏼 Association of Families of Camp Ashraf and Liberty Residents (AFALR)

👉🏼 Azerbaijan National Resistance Organization

👉🏼 Balochistan people

👀 👉🏼 https://research.checkpoint.com/2020/rampant-kitten-an-iranian-espionage-campaign/

👀 👉🏼 https://www.zdnet.com/article/iranian-hacker-group-developed-android-malware-to-steal-2fa-sms-codes

#iranian #hacker #rampantkitten #android #malware #espionage #thinkabout
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@NoGoolag

Federal Agency Compromised by Malicious Cyber Actor

The Cybersecurity and Infrastructure Security Agency (CISA) responded to a recent threat actor’s cyberattack on a federal agency’s enterprise network. By leveraging compromised credentials, the cyber threat actor implanted sophisticated malware—including multi-stage malware that evaded the affected agency’s anti-malware protection—and gained persistent access through two reverse Socket Secure (SOCKS) proxies that exploited weaknesses in the agency’s firewall.

💡 For a downloadable copy of IOCs, see:
https://us-cert.cisa.gov/sites/default/files/publications/AR20-268A.stix.xml

👀 👉🏼 https://us-cert.cisa.gov/ncas/analysis-reports/ar20-268a

👀 👉🏼 https://www.zdnet.com/article/cisa-says-a-hacker-breached-a-federal-agency

#cisa #hacker #breach #breached #federal #agency
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@NoGoolag

UK National Sentenced to Prison for Role in “The Dark Overlord” Hacking Group

Defendant Conspired to Steal Sensitive Personally Identifying Information from Victim Companies and Release those Records on Criminal Marketplaces unless Victims Paid Bitcoin Ransoms

A United Kingdom national pleaded guilty today to conspiring to commit aggravated identity theft and computer fraud, and was sentenced to five years in federal prison.

U.S. District Judge Ronnie White for the Eastern District of Missouri sentenced Nathan Wyatt, 39, who participated in a computer hacking collective known as “The Dark Overlord,” which targeted victims in the St. Louis area beginning in 2016. Wyatt was extradited from the United Kingdom to the Eastern District of Missouri in December 2019. Judge White also ordered Wyatt to pay $1,467,048 in restitution.

“Nathan Wyatt used his technical skills to prey on Americans’ private data and exploited the sensitive nature of their medical and financial records for his own personal gain,” said Acting Assistant Attorney General Brian C. Rabbitt of the Justice Department’s Criminal Division. “Today’s guilty plea and sentence demonstrate the department’s commitment to ensuring that hackers who seek to profit by illegally invading the privacy of Americans will be found and held accountable, no matter where they may be located.”

“The Dark Overlord has victimized innumerable employers in the United States, many of them repeatedly, said U.S Attorney Jeff Jensen of the Eastern District of Missouri. “I am grateful to the victims who came forward despite ransom threats and to the prosecutors and agents who were the first to catch and punish a member of The Dark Overlord in the United States.”

“Cyber hackers mistakenly believe they can hide behind a keyboard,” said Special Agent in Charge Richard Quinn of the FBI’s St. Louis Field Office. “In this case, the FBI demonstrated once again that it will impose consequences on cyber criminals no matter how long it takes or where they are located.”

Wyatt admitted that, beginning in 2016, he was a member of The Dark Overlord, a hacking group that was responsible for remotely accessing the computer networks of multiple U.S. companies without authorization. Victims in the Eastern District of Missouri included healthcare providers, accounting firms, and others. Wyatt admitted that The Dark Overlord co-conspirators acted by obtaining sensitive data from victim companies, including patient medical records and personal identifying information, and then threatening to release the companies’ stolen data unless the companies paid a ransom of between $75,000 and $350,000 in bitcoin.

👀 👉🏼 https://www.justice.gov/opa/pr/uk-national-sentenced-prison-role-dark-overlord-hacking-group

#darkoverlord #hacker #hacking
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@NoGoolag

When coffee makers are demanding a ransom, you know IoT is screwed

With the name Smarter, you might expect a network-connected kitchen appliance maker to be, well, smarter than companies selling conventional appliances. But in the case of the Smarter’s Internet-of-things coffee maker, you’d be wrong.

👀 👉🏼 https://arstechnica.com/information-technology/2020/09/how-a-hacker-turned-a-250-coffee-maker-into-ransom-machine/

#coffee #ransomware #iot #hacker #video
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@NoGoolag

Crypto crime - KuCoin: Hackers steal 150 million US dollars from Bitcoin stock exchange

The Bitcoin exchange KuCoin has become the victim of a hacker attack. According to estimates, 150 to 200 million US dollars disappeared. Most of the money is said to have already been recovered.

The Bitcoin exchange KuCoin has announced that it became the victim of a hacker attack on September 26. Mainly Bitcoin (BTC), Ether (ETH) and ERC 20 tokens were acquired by the attackers on their raid. The exchange did not explicitly comment on the amount of damage and reassured that it was a small part of the exchange's total capital. According to external estimates, however, crypto-values of 150 to 200 million US dollars (USD) were apparently lost in the process.

👀 👉🏼 https://nitter.net/kucoincom/status/1309689557206491137

👀 👉🏼 🇩🇪 https://www.btc-echo.de/kucoin-hacker-stehlen-150-millionen-us-dollar-von-bitcoin-boerse/

#KuCoin #bitcoin #exchange #hacker #hacked #attack
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@NoGoolag

North Korea has tried to hack 11 officials of the UN Security Council

New UN Security Council report reveals repeated targeting of UN Security Council officials over the past year.

A hacker group previously associated with the North Korean regime has been spotted launching spear-phishing attacks to compromise officials part of the United Nations Security Council.

The attacks, disclosed in a UN report last month, have taken place this year and have targeted at least 28 UN officials, including at least 11 individuals representing six countries of the UN Security Council.

UN officials said they learned of the attacks after being alerted by an unnamed UN member state (country).

The attacks were attributed to a North Korean hacker group known in the cyber-security community by the codename of Kimsuky.

According to the UN report, Kimsuky operations took place across March and April this year and consisted of a series of spear-phishing campaigns aimed at the Gmail accounts of UN officials.

The emails were designed to look like UN security alerts or requests for interviews from reporters, both designed to convince officials to access phishing pages or run malware files on their systems.

The country which reported the Kimsuky attacks to the UN Security Council also said that similar campaigns were also carried out against members of its own government, with some of the attacks taking place via WhatsApp, and not just email.

Furthermore, the same country informed the UN that Kimsuky attacks have extremely persistent with the North Korean hacker group pursuing "certain individuals throughout the 'lifetime' of their [government] career."

👀 👉🏼 https://www.zdnet.com/article/north-korea-has-tried-to-hack-11-officials-of-the-un-security-council

#northkorea #hack #hacker #un #security #council
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@NoGoolag

Budding cyber crims can now enrol at ‘hacker university’

For a one-off fee of $125, you too can become one of those scumbags who preys on elderly Internet users and small online businesses.

Cybersecurity software provider Armor this week revealed in its latest annual threat report that it has found a so-called ‘hacker university’ offering online courses that teach students how to commit various cyber crimes. These include how to access a router’s admin software; deploying ransomware; locating targets on compromised networks; and trafficking stolen credit card information, among others.

According to Armor, the ‘university’ also plans to sell its own range of ransomware, keyloggers password stealers, and trojans.

All of this is accessible for the low price of $125, paid in Bitcoin or Monero – a cryptocurrency that prides itself in offering anonymous payments.

“Creators of the site advertise that they want to ‘teach people about cybercrime and how to become a professional cybercriminal. By taking the course offered you will gain the knowledge and skills needed to hack an individual or company successfully with whatever malware you have at your disposal’,” said Armor, in its threat report.

Charming. Presumably the university doesn’t offer a course on ethics, where students are encouraged to try and reconcile their idealised image of hackers as modern-day outlaws with the reality that all they are really doing is stealing old peoples’ pensions.

Among the other findings in Armor’s report is an a la carte menu of various dark-Web products and services and their prices.

These include but are not limited to perennial favourites like an individual’s credit card information ($5-$35 depending on nationality and type of card) or DDoS attack ($100-$250 depending on the size of Website), to something a little more exotic, like personal identifiable information – street-name ‘fullz’ – or a white-label turnkey e-commerce platform that enables anyone to set up their own darkweb online store. There is even a service that offers to destroy a rival small business by bombarding it with spam and unwanted items ($185).

👀 👉🏼 https://telecoms.com/506692/budding-cyber-crims-can-now-enrol-at-hacker-university/

#cyber #crims #crime #hacker #university #cybersecurity #thinkabout
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@NoGoolag

Hackers Congress Paralelní Polis Is Ready to Deliver Fifty-Eight Hours Of Freedom Content

Luptak: The annual Hackers Congress (HCPP) will take place on October 2 to 4 in the stunning venue of Paralelní Polis, Prague. Traditionally, it gathers freedom activists, technology geeks, artists and scientists. Every HCPP has a current topic — a provocative idea behind it. Continuing the trend of previous congresses in the series, which explored diverse topics such as the binding constraints of global political and economic systems, the manifesto of the 7th Hackers Congress (HCPP20) highlights “Digital Totality” as its main narrative and a current threat to humanity.

The event will focus on safeguarding privacy when drones, cameras, databases and hostile AI are more prevalent than ever before. This year’s event will focus on practical skills, with the overall goal of teaching participants to be more secure and private online. All ticket holders will benefit from rare networking opportunities with famous crypto anarchists, hackers, Austrian Economists, crypto evangelists and activists.

👀 👉🏼 https://www.nasdaq.com/articles/hackers-congress-paralelni-polis-is-ready-to-deliver-fifty-eight-hours-of-freedom-content

#hacker #congress #paralelni
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@NoGoolag

FBI: Hackers stole source code from US government agencies and private companies

FBI blames intrusions on improperly configured SonarQube source code management tools.

The Federal Bureau of Investigation has sent out a security alert warning that threat actors are abusing misconfigured SonarQube applications to access and steal source code repositories from US government agencies and private businesses.

👀 👉🏼 Summary (PDF)
https://www.ic3.gov/Media/News/2020/201103-3.pdf

👀 👉🏼 https://www.zdnet.com/article/fbi-hackers-stole-source-code-from-us-government-agencies-and-private-companies

#hacker #usa #fbi #SonarQube #sourcecode #pdf
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@NoGoolag

BlackBerry discovers new hacker-for-hire mercenary group

CostaRicto is the fifth hacker-for-hire mercenary group discovered this year.

BlackBerry's security team has published details today about a new hacker-for-hire mercenary group they discovered earlier this year, and which they tied to attacks to victims all over the world.

The group, which BlackBerry named CostaRicto, is the fifth hacker-for-hire group discovered this year after the likes of:

BellTrox (aka Dark Basin) [1, 2, 3]
DeathStalker (aka Deceptikons) [1, 2]
Bahamut [1, 2]
Unnamed group [1]

👀 👉🏼 https://www.zdnet.com/article/blackberry-discovers-new-costaricto-hacker-for-hire-group

#blackberry #hacker #costaricto #mercenary
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@NoGoolag

Suspected Russian hack is much worse than first feared: Here's what you need to know

👉🏼 The U.S. Cybersecurity and Infrastructure Security Agency said the threat "poses a grave risk to the federal government."

👉🏼 CISA has not said who it thinks is the "advanced persistent threat actor" behind the "significant and ongoing" campaign, but many experts are pointing to Russia.

👉🏼 It's not clear exactly what the hackers have done beyond accessing top-secret U.S. government networks and monitoring data.

The scale of a sophisticated cyberattack on the U.S. government that was unearthed this week is much bigger than first anticipated.

The Cybersecurity and Infrastructure Security Agency said in a summary Thursday that the threat "poses a grave risk to the federal government."

It added that "state, local, tribal, and territorial governments as well as critical infrastructure entities and other private sector organizations" are also at risk.

CISA believes the attack began at least as early as March. Since then, multiple government agencies have reportedly been targeted by the hackers, with confirmation from the Energy and Commerce departments so far.

"This threat actor has demonstrated sophistication and complex tradecraft in these intrusions," CISA said. "Removing the threat actor from compromised environments will be highly complex and challenging."

https://telegra.ph/Suspected-Russian-hack-is-much-worse-than-first-feared-Heres-what-you-need-to-know-12-18

via www.cnbc.com

#hacker #hacked #usa #russia #cybersecurity #cyberattack #compromised #cisa
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@NoGoolag
📡@BlackBox

Nintendo Conducted Invasive Surveillance Operation Against Homebrew Hacker

Leaked Nintendo documents have revealed a frightening surveillance operation carried out against a hacker who was researching exploits for the 3DS handheld. In addition to monitoring his private life, including aspects of his education, when he left the house and where he went, the company followed its target from his place of work in order to pressure him into stopping his activities.

Projects to protect the intellectual property rights of corporations are underway all around the world on a continual basis but it is rare for operational details to leak out to the public.

Unfortunately for Nintendo, leaked documents are now revealing how frightening things can get for console hackers in their crosshairs, even when those targets have already declared that their work isn’t designed for piracy purposes.

https://torrentfreak.com/nintendo-conducted-invasive-surveillance-operation-against-homebrew-hacker-201223/

https://nitter.net/forestillusion/status/1341230631913541633

https://nitter.net/eclipse_tt

#invasive #surveillance #nintendo #homebrew #hacker
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@NoGoolag
📡@BlackBox

Parler hacker targets on Telegram groups related to QAnon

The hacker who stole user data from the controversial Twitter alternative Parler is now taking care of Telegram groups she attributes to the QAnon cosmos.

After the outage of the short messaging service Parler, users are looking for alternatives. At least in part, they seem to see them in the messenger Telegram, which has already proven itself many times as a place to go for people whose concerns can't find a home on other platforms.

Donk_Enby collects Telegram groups from the QAnon environment

A hacker, who can be found on Twitter under the account Donk_Enby, had already obtained - according to her own information - 70 terabytes of user data in the course of the Parler shutdown by Amazon and had made it publicly accessible. In doing so, she had exploited gaps in the system that the operator Parler itself had torn.

Now it has targeted the users who switched from Parler to Telegram and aggregated public invite URLs to Telegram groups from the QAnon environment via scraper. Telegram implemented the invite link feature in such a way that clicking on the link is enough to join the corresponding group and participate in the group chat. Donk_Enby has already collected over 700,000 such invite links.

https://nitter.net/donk_enby/status/1353613244695502848

#parla #telegram #qanon #hacker
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@NoGoolag

Hacked Surveillance Camera Firm Shows Staggering Scale of Facial Recognition

A hacked customer list shows that facial recognition company Verkada is deployed in tens of thousands of schools, bars, stores, jails, and other businesses around the country.

Hackers have broken into Verkada, a popular surveillance and facial recognition camera company, and managed to access live feeds of thousands of cameras across the world, as well as siphon a Verkada customer list. The breach shows the astonishing reach of facial recognition-enabled cameras in ordinary workplaces, bars, parking lots, schools, stores, and more.

The spreadsheet, provided by one of the hackers to Motherboard, shows more than 24,000 unique entries in the "organization name" column. Verkada's cameras are capable of identifying particular people across time by detecting their faces, and are also capable of filtering individuals by their gender, the color of their clothes, and other attributes.

"It's so abysmal," Tillie Kottman, one of the hackers claiming responsibility, told Motherboard in an online chat, referring to the ease of access to the cameras once they discovered a username and password online. Bloomberg first reported the news of the breach on Tuesday, and reported that the hackers had managed to access live video feeds from companies such as Tesla and Cloudflare, as well as jails and hospitals.

https://www.vice.com/en/article/wx83bz/verkada-hacked-facial-recognition-customers

https://www.bloomberg.com/news/articles/2021-03-09/hackers-expose-tesla-jails-in-breach-of-150-000-security-cams

#US #face #recognition #surveillance #privacy #hacker #hacking

Indonesia’s ethical hackers take on perceptions and the government

Bug hunters and white hats want to be a force for good, tackling cyberthreats from scammers and the authorities.

Teguh Aprianto thought he was doing the Indonesian National Police a favor when he sent them a message on Twitter in June last year: “Hello @DivHumasPolri, time to clean up. Someone claims to have succeeded in breaking into the data of all members of the National Police. This person can now easily access, search and change the data.”

Aprianto, a white hat hacker and private cybersecurity consultant, noticed a user on RaidForums — a marketplace and forum for hackers — who claimed to have broken into the database.

But rather than a thank you, Aprianto got anonymous calls to his WhatsApp number and a visit from the police. He refused to accompany them back to the station, on the promise that he would go voluntarily with his lawyers the next day, he told Rest of World. By the time he arrived, the Ministry of Communications and Informatics (Kominfo) had issued a public statement that his well-meaning warning was a hoax. His Twitter account was suspended.

https://restofworld.org/2021/indonesias-white-hats-unite/

#Indonesia #white #hat #hacker

Kevin Mitnick Obituary - Las Vegas, NV –

Kevin David Mitnick, 59, died peacefully on Sunday, July 16, 2023, after valiantly battling pancreatic cancer for more than a year

The story behind the world's most wanted hacker | Cyber Magazine –

Kevin Mitnick's ‘electronic joyride’ made him part of the FBI’s most wanted list for hacking into more than 40 major corporations in the 1990s. Mitnick gained access to the computers and networks of the world's biggest companies while eluding the authorities through phone switches, computer systems and cellular networks. For three years he went on the run, using false identities and escaping from city to city until a final showdown with the Feds, who would stop at nothing to bring him down.

Via @irozysk
#Hacker #KevinMitnick #FBI

Kevin Mitnick - A Hacker's Story

See :https://t.me/NoGoolag/20087

#Hacker #KevinMitnick #FBI #OnTheRun