Tag Archive for: Admits

FBI admits it accidentally used NSO Group tools

/in


NSO Group, makers of spying tool Pegasus

The U.S. Federal Bureau of Investigation has admitted it has used software by iPhone hacking tool maker NSO Group, after an investigation discovered it was unwittingly doing so.

In April, a report from the New York Times determined that a contractor had bought and used a spying tool produced by NSO Group, specifically for use by the U.S. government. At the time, the White House claimed it didn’t know of a contract, and tasked the FBI to find out who was using it.

It turns out the FBI’s answer after the investigation was itself.

Contractor Riva Networks signed a deal in November 2021, reported The New York Times on Monday, days after the White House placed NSO Group on the Commerce Department blacklist. The tools from the Israeli security firm were effectively blocked from purchase by US businesses at that point.

However, the FBI contracted Riva networks, which in turn led to the use of an NSO tool as part of an investigation, which the FBI said occurred unwittingly.

FBI director Christopher Wray terminated the contract with the contractor in April after the discovery was made.

Contractor to blame

The FBI hasn’t explained why this situation occurred, but the tool in use was not the infamous Pegasus, but one called “Landmark.” Rather than hacking phones directly, Landmark instead is able to narrow down and track the location of a device.

In 2021, a senior FBI official provided numbers based in Mexico for Riva to search for, under a fugitive apprehension program. The FBI allegedly thought that Riva was using an in-house geolocation tool, rather than NSO software.

A later investigation found that Riva started using Landmark in 2021 without telling the FBI, and withheld the detail in its November 2021 contract renewal. This despite the FBI telling Riva and other contractors in 2021 that NSO products were off-limits.

In a statement, the FBI says it is tasked with locating fugitives around the world who are charged in U.S. courts, and that the FBI regularly contracts with companies for…

Source…

Man known as ‘PlugwalkJoe’ admits to Twitter hack that hijacked celebrity accounts

/in


By Margi Murphy | Bloomberg

A British man has admitted to his involvement in one of the most high-profile social media hacks, a plot that included the hijacking of top US political and business leaders’ Twitter accounts.

Joseph James O’Connor pleaded guilty in New York on Tuesday to hacking into the social network, a move that led to the impersonation of Barack Obama, Joe Biden, Jeff Bezos, Warren Buffett and others to advertise a Bitcoin scheme.

The 23-year-old, also known as “PlugwalkJoe,” was extradited from Spain on April 26, according to the Department of Justice. The crimes involved SIM swaps — a process in which a phone number is transferred to a new device in order to bypass security measures — but went far beyond that, prosecutors said.

“O’Connor used his sophisticated technological abilities for malicious purposes — conducting a complex SIM swap attack to steal large amounts of cryptocurrency, hacking Twitter, conducting computer intrusions to take over social media accounts, and even cyberstalking two victims, including a minor,” said US Attorney Damian Williams for the Southern District of New York.

“O’Connor’s guilty plea today is a testament to the importance of law enforcement cooperation, and I thank our law enforcement partners for helping to bring to justice to those who victimize others through cyberattacks,” he said.

The Department of Justice alleges that O’Connor plotted with others to hijack Twitter accounts to promote a scheme to defraud the public, with O’Connor paying $10,000 for just one of the accounts he requested. The co-conspirators used social engineering techniques to convince a Twitter employee into giving them access to administrative tools to the platform. Those tools were used to take control of the high-profile accounts.

According to the charge sheet, O’Connor pleaded guilty to a variety of cybercrimes, including the exploitation of social media accounts, online extortion and cyberstalking.

Source…

News Corp admits hackers accessed system for two years

/in


The emergence of a letter sent to at least one affected News Corp employee details how ‘an unauthorised party’ gained access to personal data.

News Corp logo at its headquarters in Sydney
(Image: AAP/Dean Lewins)

News Corp has admitted it failed to detect hackers inside its computer systems for 23 months between 2020 to 2022. News Corp first disclosed the breach last year in its 01-K filing with the Securities and Exchange Commission for the December quarter and in a subsequent article in The Wall Street Journal (WSJ). 

In February 2022, News Corp said a third-party cloud service it used was the target of a “persistent cyberattack activity” a month earlier. Security firm Mandiant, which helped News Corp in investigating the intrusion, told the WSJ it believed the attack was conducted by a threat actor aligned with the Chinese government.

News Corp then went quiet. Analysts failed to follow up the report with questions at post-earnings release briefings, and as the company doesn’t allow media to participate in briefings, there was no chance for further questioning. But in late February this year, news emerged in the US of a letter sent to at least one affected employee concerning the hacking.

Go deeper on the issues that matter.

Become a subscriber to get full access to the website, as well as our premium newsletters.

Join us

Already a subscriber?

Source…

Password protection giant LastPass admits the major data breach that came of its August hack

/in


Popular password manager LastPass has admitted encrypted password vaults were stolen by hackers in an August data breach affecting the company’s millions of users.

The company denied that any sensitive data was accessed at the time, but now claims that the threat actor has since collected data which could be used to guess master passwords.

WATCH THE VIDEO ABOVE: Telstra customers exposed in data breach.

Watch the latest news and stream for free on 7plus >>

Hackers made copies of account information like phone numbers, billing and email addresses, as well as encrypted passwords.

No unencrypted master passwords, used to login to the password aggregate, were obtained, but by using the basic information, LastPass CEO Karim Toubba warned: “The threat actor may attempt to use brute force to guess your master password.”

If best password practices outlined by LastPass were followed by customers, the company said it would be “difficult” for the hackers to guess master passwords this way.

The people behind the hack may also attempt to decrypt the encrypted customer vault, Toubba said.

While the initial breach didn’t appear to access any sensitive customer data, it did access technical information which was used to target a LastPass employee, the company made known in November.

It is now clear that hackers were able to obtain “credentials and keys” from the employee “which were used to access and decrypt some storage volumes within the cloud-based storage service,” Toubba said on Thursday.

“The threat actor copied information from backup that contained basic customer account information and related metadata including company names, end-user names, billing addresses, email addresses, telephone numbers, and the IP addresses from which customers were accessing the LastPass service.”

“The threat actor was also able to copy a backup of customer vault data from the encrypted storage container.”

The company says this vault “contains both unencrypted data, such as website URLs, as well as fully-encrypted sensitive fields such as website usernames and passwords, secure notes, and form-filled data.”

The extent of an August LastPass hack has recently become clear, after threat…

Source…