Source: National Cyber Security – Produced By Gregory Evans A spokesman for the Russian Federal Security Service toldSCMagazineUK.com that Russian hacker groups Energetic Bear, Dragonfly and some others are considering engaging their activities against selected Western countries. The current financial crisis in Russia, seen locally as having been caused by Western…
New Russian Hacker Exploit ‘Most Significant Cyber-Espionage Threat’ To US, NATO Partners
Source: National Cyber Security – Produced By Gregory Evans The Russian hacker group Pawn Storm is using a vulnerability in Adobe Flash Player to install malware on computers belonging to several “foreign ministries,” Trend Micro researchers reported Tuesday. Pawn Storm “is the most significant cyber-espionage threat to the U.S. government and her NATO…
Adobe Flash Player Zero-Days Used by Hackers Linked to Russian Government
Source: National Cyber Security – Produced By Gregory Evans Researchers from antivirus provider Trend Micro said in a blog post published on Tuesday that the attackers behind Pawn Storm are using a new Adobe Flash zero-day exploit in their latest campaign. TrendMicro has been monitoring the campaign for a few…
Kremlin’s ties to Russian cyber gangs sow US concerns
Source: National Cyber Security – Produced By Gregory Evans The relationship between Moscow and Russian cyber gangs may be tightening, spurred by international sanctions and disputes with the United States over military action in Ukraine and Syria, experts and federal lawmakers warn. Moscow has long been known to source its…
Russian hacker admits role in huge $300m data theft scheme
Source: National Cyber Security – Produced By Gregory Evans A Russian hacker called Vladimir Drinkman has pleaded guilty to his involvement in a data breach scheme that stole 160 million credit card details from US companies and resulted in losses estimated at $300m. The US Department of Justice (DoJ) said…
Russian hacker admits role in massive data breach scheme
Source: National Cyber Security – Produced By Gregory Evans A Russian man has pleaded guilty to his role in a worldwide cyber crime scheme to breach payment processors, retailers and financial institutions, resulting in over 160 million stolen credit card numbers. Vladimir Drinkman admitted partaking in the global plot nearly…
ISIS social media accounts are buzzing with a spreadsheet of personal data on employees of the American, British, and Australian governments, including military personnel. The Islamic State claims this list was compiled using data stolen from government systems by its “hacking division,” although some experts who have reviewed the list say most of it was more likely created using simple Google searches of publicly available data. There are about 1,400 individuals included on the list. The list was accompanied by a message from the “Islamic State Hacking Division,” transcribed by Sky News: O Crusaders, as you continue your aggression towards the Islamic State and your bombing campaign against the Muslims, know that we are in your emails and computer systems, watching and recording your every move. We have your names and addresses, we are in your emails and social media accounts, we are extracting confidential data and passing on your personal information to the soldiers of the khilafah, who soon with the permission of Allah will strike at your necks in your own lands. So wait, we too are waiting. The Sydney Morning Herald criticizes Australian officials for being “caught on their heels” by the hit list, which includes Defense Force employees and a Victorian MP. Even though “Australia’s most senior Islamic State militant, former Melbourne man and terror recruiter Neil Prakash” was posting links to the hit list early Wednesday morning, at least half of the Australians targeted by ISIS said they were unaware of the threat until they were informed by the media… which contacted them using the phone numbers published by the Islamic State. “I’m completely at a loss,” said the aforementioned MP, who at least has access to a security detail assigned to protect elected officials. “What do I do? The police probably know less than you and I.” Defense Force employees on the list said they were in shock no one from the government had warned them. Various agencies of the Australian government declined to discuss the matter. In addition to Prakash – who crowed “Cyber war got em shook!” and “Kill them where you find them and enslave their women” on Twitter – the Herald reports “other prominent militants, including British man Junaid Hussain, who is third on a CIA kill list of Islamic State operatives, also used social media to promote the leak and encourage attacks.” Sky News reports the hit list includes British Foreign Office employees, plus a “local council employee.” Most of the names on the list are American, including personnel from the Air Force, Marines, NASA, FBI, and the Port Authority of New York and New Jersey. Russian state outlet RT.com says the list also includes “a worker in an Israeli magistrate’s court” and “someone in a college in Mississippi.” The RT.com article mentions some reasons for skepticism about the Islamic State’s claim that this list includes confidential information obtained by hackers: some of the phone numbers appear to be disconnected, while the purportedly stolen U.S. military passwords appearing on the list are “too weak to pass the guidelines of an official computer system operated by the Pentagon.” The Sydney Morning Herald also found some of the information published on the list to be outdated. “This is the second or third time they’ve claimed that and the first two times I’ll tell you, whatever lists they got were not taken by any cyber attack,” said Army Chief of Staff General Ray Odierno, as quoted by the UK Guardian. The Guardian also cites the opinion of computer security expert Troy Hunt, who said the of the supposedly hacked data: “It’s pretty clear that it’s been aggregated from different sources. It’s been put together on the basis of a .gov or .mil address. Even the passwords, they’re not strong enough to have come from a corporate or government. They’re not even strong enough to have come from an online service – you can’t create a Gmail account, for example, with a password of less than eight characters, and here we’re seeing some passwords of three letters.” The UK Daily Mail notes that Twitter administrators appear to have shut down the Islamic State Hacking Division’s account three times on Wednesday while it attempted to spread its hit list around, leading to the creation of a fourth terrorist account with the message, “Kuffar seem to be raging.”
Source: National Cyber Security – Produced By Gregory Evans ISIS social media accounts are buzzing with a spreadsheet of personal data on employees of the American, British, and Australian governments, including military personnel. The Islamic State claims this list was compiled using data stolen from government systems by its “hacking…
Chinese hack of US national security details revealed days after Russian hack
Source: National Cyber Security – Produced By Gregory Evans The ongoing saga of successful foreign hack attacks on government databases continued Monday with news of another break-in allegedly perpetrated by China. Just days after the reported spear-phishing attack on the Pentagon’s joint staff email system, which exposed some 4,000 civilian…
How a Russian hacker made $45,000 selling a zero-day Flash exploit to Hacking Team
Source: National Cyber Security – Produced By Gregory Evans If you’re a Moscow-based zero-day exploit seller, all you have to do is e-mail a spyware company like Hacking Team out of the blue. You can go from initial, unsolicited message to getting paid tens of thousands of dollars in just…
Catching ‘Hell’: Navalny Says Notorious Russian Hacker To Be Unmasked In Germany
Source: National Cyber Security – Produced By Gregory Evans For years, a mysterious self-identified “hacker” has boasted about wreaking havoc against prominent Kremlin critics, claiming responsibility for stealing troves of their personal e-mails leaked online and hijacking their social-media accounts. To date, however, the true identity of the individual —…