Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label hackers group. Show all posts

British Police Charge Teenagers in LAPSUS$ Gang Connection

 

The Police force of London city who has been investigating the Lapsus$ malicious group announced on Friday that it has charged two of the seven teenagers, a 16-year-old and a 17-year-old for their illegal connections to the LAPSUS$ data extortion group. 

The two teenagers have been charged with unauthorized access to a computer with the intention to impair the reliability of data, fraud by false representation, and unauthorized access to a computer with the intention to hinder access to data, the police force stated. 

According to a member of the police, charges come when the Police moved to catch seven suspected LAPSUS$ group members aged between 16 and 21 on March 25. 

“Both teenagers have been charged with: three counts of unauthorized access to a computer with intent to impair the reliability of data; one count of fraud by false representation and one count of unauthorized access to a computer with intent to hinder access to data,” Detective Inspector Michael O’Sullivan, from the City of London Police, said in a statement. 

In a short span of a few months, the LAPSUS$ hacker group has gained infamy in the crowded digital extortion market for their hacking records including stealing and publishing the source code of multiple top-tier technology companies on their Telegram channel, which has more than 58,000 subscribers. It's worth noting that it has exceedingly high-level of access to some of the biggest companies in the world. 

Data has shown that in the past few months, Lapsus$ has extracted data from various global giants, including Samsung, Nvidia, Microsoft, Vodafone, and Qualcomm, with the latest target being the Globant. 

The group of hackers came into the spotlight after attacking Okta, a company that facilitates organizations with security services. 

"In today's environment, threat actors favor using ransomware to encrypt data and systems and often extort victims for significant amounts of cryptocurrency in exchange for decryption keys, sometimes turning up the pressure with the threat of publishing stolen data…" 

"…LAPSUS$, however, is unusual in its approach – for this group, notoriety most often appears to be the goal, rather than financial gain”, Palo Alto Networks' Unit 42 team reported.

Anonymous Hackers reportedly exposed the anti-Russian activities of the British Council

The Anonymous hacker group published an analysis of documents belonging to various British government agencies, including the Foreign Office, according to the local media reports. 

Anonymous previously accused British authorities and media organizations of influencing Russian-language media and attempting to shape the minds of their audiences in the way the West wants. In support of their position, the hackers published hundreds of copies of files that they called documents of the British Foreign and Parliamentary Ministries and organizations working for the authorities.

The analysis notes that the purpose of such manipulations is to change power in Russia and change the Kremlin's foreign policy.

It is also pointed out that the council is cooperating with British intelligence to be more effective.

The hackers noted the organization's activity in Russia's neighboring states: in the Caucasus, Moldova, Belarus and Ukraine.

"The British Council's operations in the Baltic States are well documented: they are designed to socially unite Russian-speaking communities in these countries, to make sure they have strong ties among themselves and feel an affinity with British and European values and culture, and are resistant to destabilizing narratives. Brilliant brainwashing," writes Anonymous.

The group cites photocopies of files to prove their claims, which include a call for proposals for communication in English in the South Caucasus, Moldova, and Belarus for fiscal years 2019-2022. Anonymous claims that it is a copy of the Foreign Ministry document, but there are no logos or markings on it to confirm this.

According to this document, the British State was willing to allocate 650,000 pounds per year for English language training in the regions, so the total cost of the three-year program should not exceed 1.95 million pounds.

However, according to Anonymous, the real purpose of the humanitarian programs of the British authorities in the post-Soviet space is "to break the foundations of the regime in Russia or to change its foreign policy".


Flaws in LTE can allow hackers to spoof presidential alerts


Last year, the United States performed the first public test of the national Wireless Emergency Alert (WEA), an alert system designed to send messages to smartphones, TVs, and other systems simultaneously. The test was specifically for the 'Presidential Alert,' a new category that can't be opted out of (like AMBER alerts). It turns out these types of alerts can be easily spoofed, thanks to various security vulnerabilities with LTE towers.

Researchers figured out a way to exploit the system that sends presidential emergency alerts to our phones, simulating their method on a 50,000 seat football stadium in Colorado with a 90 percent success rate.

A group of researchers at the University of Colorado Boulder released a paper that details how Presidential Alerts can be faked. An attack using a commercially-available radio and various open-source software tools can create an alert with a custom message.

Why it matters: The Wireless Emergency Alert (WEA) system is meant to allow the president to promptly broadcast alert messages to the entire connected US population in case of a nationwide emergency. It can also send out bad weather or AMBER alerts to notify citizens in a particular region or locality, thus making its operation critical. However, the exploitation of LTE networks used in it can enable the transmission of spoofed messages that can cause wide spread of misinformation and panic among the masses.

The researchers didn’t perform an actual attack on a live crowd at the stadium or on actual mobile devices, Eric Wustrow, a researcher on the paper, told Gizmodo in an email. The tests performed were instead done in isolated RF shield boxes, Wustrow said, “and our analysis of Folsom Field was a combination of empirically gathered data and simulation.”

First, alerts come from a specific LTE channel, so malicious alerts can be sent out once that channel is identified. Second, phones have no way of knowing if an alert is genuine or not. Adding digital signatures to alerts could potentially solve the latter problem, but the task would require device manufacturers, carriers, and government agencies to work together.

E Hacking News Interview with The hacker group NullCrew


Today, EHN had an interview with the hacktivist group NullCrew who recently leaked the data from UN Wasatch and Wisconsin University site.  

In the past , the group breached the World Health Organization(Who) , PBS, UNESCO Etxea , Ford, DHS's Study in the States and Sharp Electronics UK, University of North Carolina , Yale University, South Africa's Leading ISP Directory site and more sites.


Why did you attack those sites?

These servers are a part of the system, a system which is ran by corrupt rich assholes. They mostly use their money for themself,

No donations to the people who need the money, and if they do; it's just so people look at them in a kinder way, only for publicity.

Wasatch is a partner of Microsoft, ran by Bill Gates; it was to target them as part of the system, their under the table dealings. The way they treat employees, take full credit for certian things.

The United Nations attack, mainly because the UN is all Nations together. And all nations are corrupt, wheather the people see it or not; that is something we wish to stop. Those are the reasons.

wisc.edu Became a target when they commited Animal Cruelty.

What kind of method you used?

The methods we're all SQL injection of different techniques. WasatchIT and Software were on a shared host, two of the websites hosted. On the server contained SQL injection, and in the databases displayed WasatchIT and WasatchSoftware.


We exploited [wisc.edu] via b-sqli. UN.org had a MSSQLi behind A WAF, which we had to bypass to gain access to the databases, and data its self.

What is your Next target?
Our next big release will be on Febuary 14th, yes, yes; VALENTINES DAY! It'll be the official release of #FuckTheSystem valentines day, and one target I will tell you is the pentagon.

But our next single release will be a multipul target release, on United States government servers; retaliating against #OperationFastAndFurious. How many more need to die, from weapons the government is putting into criminal's hands?

What is your ultimate goal? What do you hope to achieve by hacking these websites ?
Our ultimate goal, is to make the people of the system stand and revolt; and to prove that #FuckTheSystem is not a joke.  For people to finally live without fear, to be able to bring others into the world without fear.
 
Have you seen any results after your campaigns?
After our Unescoetxa defacment, with the song everything is corrupt; there were comments upon comments from people posting #FuckTheSystem from whatever country they lived in. So yes, we have seen results.

How many websites did you hack so far?
To be honest, atleast 150+ We've outlived most groups, and been highly active.


Pakistani Google, Yahoo, Apple, Microsoft hacked by Turkish Hacker group Eboz.


A Turkish hacker group called Eboz has hacked and defaced Pakistani high profile websites which includes Search Engine giant Google, Yahoo, Microsoft and Apple, Visa, HSBC, Coca Cola, Blogspot, Sony, HP, eBay and PayPal .

The hackers has defaced Google.pk, Google.com.pk, Yahoo.pk, Apple.pk, Microsoft.pk and 279 other sites in Pakistan

"My homies in a friend always there for me. Have not shot by me with every breath" The message posted by hackers reads(translated).

The list of sites hacked and defaced:
google.com.pk
microsoft.pk
biofreeze.com.pk
blackstone.pk
blogspot.pk
itunes.pk
gmails.pk
zynga.com.pk
chrome.com.pk
chrome.pk
visa.com.pk
bx.com.pk
abbvie.com.pk
abbvie.pk
cgma.pk
chacos.com.pk
cimacpa.pk
cisco.pk
ciscosystems.pk

blogspot.com.pk
cpacima.pk
cpaintl.pk
cpaldglobal.pk
cpalwglobal.pk
drivealliance.pk
eastman.biz.pk
eastman.net.pk
eastman.org.pk
ebay.pk
everyblock.pk
youtube.pk
3com.web.pk
hp.web.pk
revlon.pk
streetwear.pk
windows7.pk
windows8.pk
windowsrt.pk
yahoo.pk
yahoomaktoob.pk
zynga.pk
firstdirect.com.pk
flickr.pk
fordgofurther.pk
gbuzz.pk
gmailbuzz.pk
gmail.pk
googlebrowser.com.pk
google.pk
googlebuzz.pk
googlechrome.com.pk
abbviepharmaceuticals.pk
abbviepharmaceuticals.com.pk
hewlettpackard.pk
hexagon.com.pk
hsbcamanah.biz.pk
hotmail.com.pk
hpcloud.com.pk
hp.com.pk
hpscalene.com.pk
hsbc.biz.pk
hsbcadvance.com.pk
hsbc.pk
hsbcpremier.com.pk
hsbcprivatebank.biz.pk
hsbcamanah.com.pk
hsbcdirect.com.pk
hsbcnet.com.pk
hsbcpremier.biz.pk
hsbcpremier.pk
hsbcprivatebank.com.pk
investdirect.biz.pk
investdirect.com.pk
ipod.pk
jaiku.pk
kellyservices.com.pk
maktoob.pk
markmonitor.pk
microsoftsmartglass.com.pk
microsoftsmartglass.pk
xboxsmartglass.com.pk
xboxsmartglass.pk
msn.org.pk
windowsstore.pk
windowsstore.com.pk
opteron.com.pk
parkplaza.pk
paypal.pk
postini.pk
scalene.com.pk
schwab.biz.pk
schwab.com.pk
sonystyle.com.pk
streetwear.com.pk
theworldslocalbank.com.pk
genapp.pk
genapp.com.pk
generationapp.pk
generationapp.com.pk
windows.com.pk
windows7.com.pk
windows8.com.pk
3com.biz.pk
3com.fam.pkpk
bx.com.pk
abbvie.com.pk
abbvie.pk
cgma.pk
chacos.com.pk
cimacpa.pk
cisco.pk
ciscosystems.pk
cpacima.pk
cpaldglobal.pk
drivealliance.pk
eastman.net.pk
monatin.pk
youtube.pk
revlon.pk
windows7.pk
3com.net.pk
3com.org.pk
gchrome.com.pk
aicpacima.pk

Guess what?! The sites including Blogspot,paypal, fanta, Ebay, Msn.org.pk still displays the defacement page and we are not able to reach other sites.

It seems like hackers compromised the Pakistan's TLD operator PKNIC which administers and registers all .pk domains.

Hackers modified the DNS servers records such that it points to some other server, points to two nameservers, dns1.freehostia.com and dns2.freehostia.com

In case you are not able to see the defacement, you can see the Mirror of the defacement page here "zone-h.com/archive/notifier=KriptekS".

Few days back, Pakistani hackers has defaced the high profile Israeli websites which includes BBC, Bing, Intel, Live, MSN, CNN, Skype,Xbox .