Tag Archive for: Hijacked

Twitter glitch allows CIA informant channel to be hijacked


  • By Joe Tidy
  • Cyber correspondent

Image source, Getty Images

A cyber-security researcher has exploited a glitch on the CIA’s official Twitter account, to hijack a channel used for recruiting spies.

The US Central Intelligence Agency (CIA) account on X, formerly known as Twitter, displays a link to a Telegram channel for informants.

But Kevin McSheehan was able to redirect potential CIA contacts to his own Telegram channel.

“The CIA really dropped the ball here,” the ethical hacker said.

The CIA is a US government organisation known for gathering secret intelligence information, often over the internet, from a vast network of spies and tipsters around the world

Its official X account, with nearly 3.5 million followers, is used to promote the agency and encourage people to get in touch to protect US national security.

Biggest fear

Mr McSheehan, 37, who lives in Maine, in the US, said he had discovered the security mistake earlier on Tuesday.

“My immediate thought was panic,” he said.

“I saw that the official Telegram link they were sharing could be hijacked – and my biggest fear was that a country like Russia, China or North Korea could easily intercept Western intelligence.”

At some point after 27 September, the CIA had added to its X profile page a link – https://t.me/securelycontactingcia – to its Telegram channel containing information about contacting the organisation on the dark net and through other secretive means.

The channel said, in Russian: “Our global mission demands that individuals be able to reach out to CIA securely from anywhere,” while warning potential recruits to “be wary of any channels that claim to represent the CIA”.

Image caption,

Anyone clicking on the link was directed to Mr McSheehan’s Telegram channel

But a flaw in how X displays some links meant the full web address had been truncated to https://t.me/securelycont – an unused Telegram username.

As soon as Mr McSheehan noticed the issue, he registered the username so anyone clicking on the link was directed to his own channel, which warned them not to share any secret or sensitive information.

“I did it as a security precaution,” he said.

“It’s a problem with the X site that I’ve seen before – but I was…

Source…

Steam Store Spreaded Malware After Hacker Hijacked Developer Accounts


Valve’s Steam store was reportedly exploited to spread malware to a small number of users. 

The incident occurred after a hacker breached several game developer accounts on Steam. The attacker then circulated malware over the platform through game updates to users. 

The problem came to light after Valve was spotted sending out a message to affected users last month about the malware infections. “The Steam account for the developer of this game was recently compromised and the attackers uploaded a new build that contained malware,” the company wrote in the notice. 

Simon Carless, founder of the Game Discover Co newsletter, then connected the message to an announcement Valve made this week, notifying game developers about a new security requirement for their accounts. “Looks like it’s related to hackers taking over Steam dev accounts and adding malware to game builds,” he wrote. 

Valve has since told PCGamer that multiple game developer accounts were recently compromised. Fortunately, the intrusions only led to fewer than 100 Steam users receiving malware through the game updates. These users have since received warnings from Valve notifying them about the threat. 

To prevent future hijackings, Valve is essentially requiring game developers on Steam to enroll in two-factor authentication. However, the company is demanding developers do so by registering their accounts with a phone number to receive the SMS-based two factor codes. 

“This change will go live on October 24, 2023, so be sure to add a phone number to your account now. We also plan on adding this requirement for other Steamworks actions in the future,” Valve said in the announcement

The problem is that SMS-based two factor authentication can be vulnerable to SIM swap attacks and other forms of phishing capable of stealing the access codes. As a result, some game developers have been complaining about the new requirement and instead urging Valve to ditch the SMS-based two factor authentication for more secure authenticator apps

“Why does every company and their grandpa think they’re entitled to my PRIVATE phone number, that so far I’ve managed to keep reasonably spam free,” added one developer…

Source…

Microsoft SQL servers hijacked to deliver Cobalt Strike and ransomware


Unknown threat actors are targeting poorly protected Microsoft SQL servers, in an attempt to infect them with a new strain of ransomware

A new report from cybersecurity researchers Securonix outlines a campaign in which hackers first try to brute-force their way into MS SQL servers.

Source…

Man known as ‘PlugwalkJoe’ admits to Twitter hack that hijacked celebrity accounts


By Margi Murphy | Bloomberg

A British man has admitted to his involvement in one of the most high-profile social media hacks, a plot that included the hijacking of top US political and business leaders’ Twitter accounts.

Joseph James O’Connor pleaded guilty in New York on Tuesday to hacking into the social network, a move that led to the impersonation of Barack Obama, Joe Biden, Jeff Bezos, Warren Buffett and others to advertise a Bitcoin scheme.

The 23-year-old, also known as “PlugwalkJoe,” was extradited from Spain on April 26, according to the Department of Justice. The crimes involved SIM swaps — a process in which a phone number is transferred to a new device in order to bypass security measures — but went far beyond that, prosecutors said.

“O’Connor used his sophisticated technological abilities for malicious purposes — conducting a complex SIM swap attack to steal large amounts of cryptocurrency, hacking Twitter, conducting computer intrusions to take over social media accounts, and even cyberstalking two victims, including a minor,” said US Attorney Damian Williams for the Southern District of New York.

“O’Connor’s guilty plea today is a testament to the importance of law enforcement cooperation, and I thank our law enforcement partners for helping to bring to justice to those who victimize others through cyberattacks,” he said.

The Department of Justice alleges that O’Connor plotted with others to hijack Twitter accounts to promote a scheme to defraud the public, with O’Connor paying $10,000 for just one of the accounts he requested. The co-conspirators used social engineering techniques to convince a Twitter employee into giving them access to administrative tools to the platform. Those tools were used to take control of the high-profile accounts.

According to the charge sheet, O’Connor pleaded guilty to a variety of cybercrimes, including the exploitation of social media accounts, online extortion and cyberstalking.

Source…