Search This Blog
Powered by Blogger.

Blog Archive

Labels

About Me

Load More
Trendy Right Now

Popular Posts

Showing posts with label Accounts Hacked. Show all posts
Sydney
Accounts Hacked Credential stealing Cyber Security Netflix Sydney

Sydney Man Detained by AFP, Obliged to Pay AUS $1.66 Million

 

As punishment, a Sydney man who has been selling hijacked subscription service deets must now pay almost $1.66 million in cryptocurrency (and some cash). The 23-year-old had previously been sentenced to two years and two months in prison in April for running the massive illicit operation that sold Netflix, Hulu, and Spotify usernames and passwords. 

According to the AFP, the funds would be allocated by the Department of Home Affairs to assist crime prevention, law enforcement, and community safety activities. The accused will now face a two-year and two-month jail term also. 

The AFP launched an investigation in May 2018 after receiving information from the FBI concerning a now-defunct account-generating website named WickedGen.com. 

WickedGen was a portal that offered stolen login information for internet subscription services such as Netflix, Spotify, and Hulu. The account information belonged to unwitting individuals in Australia and across the world, including the United States. 

The Sydney resident was identified as the site's founder, operator, and major financial beneficiary, as well as the developer, of WickedGen and three additional sites which too provided similar services. The perpetrator had over 150,000 registered members throughout four websites and sold about 86,000 memberships to unlawfully access authorized streaming services. 

In October of last year, the Sydney-based man pled guilty to acquiring these log-ins and passwords. Following the guilty plea, the AFP's Criminal Assets Confiscation Taskforce (CACT) secured restraining orders on the individual's cryptocurrencies, as well as bank and PayPal accounts kept under fictitious identities. 

While comparing to all those who watch free-to-air television, the usage of online subscriptions has increased in Australia, with nearly the same amount of Australians consuming material via online subscription streaming platforms, such as Netflix. 

According to the observations published by the Australian Bureau of Communications, Arts, and Regional Research, the prominence of over-the-top services has been on the surge.
Read more »
US
Accounts Hacked Cyber Security Trump Twitter US

US President’s Twitter Account Hacked; The Ethical Hacker ‘Guessed’ The Password

 

According to reports by a Dutch media, US President Donald Trump's Twitter account was purportedly hacked, after a Dutch researcher accurately speculated the president's password: "maga2020!"

De Volkskrant, a Dutch daily morning newspaper revealed, the ethical hacker and security researcher Victor Gevers had been able to access Trump's direct messages, post tweets in his name and even change his profile. 

A Twitter spokesperson however has denied this hack, in a statement, they stated, "We’ve seen no evidence to corroborate this claim, including from the article published in the Netherlands today. We proactively implemented account security measures for a designated group of high-profile, election-related Twitter accounts in the United States, including federal branches of government." 

Jack Mannino, CEO at nVisium, a Falls Church, Virginia-based application security provider, explains, “A security-savvy team would assume that these controls were important and would likely opt to use a strong password as well as MFA to reduce the likelihood of account takeover attacks. However, in the event users of the account opted for convenience over safety, it is not Twitter's responsibility to force people to pick strong passwords or to implement the security features they offer to users. Twitter's job is to offer a secure platform and strong security features, which they do. If people are unable to convince the President to wear a mask during a pandemic, it's unlikely they could force him to use a strong password.” 

Supposedly gaining access to Trump's Twitter implied that Gevers was suddenly able to associate with all of Trump's followers i.e. approximately 87 million users as per De Volkskrant's story. 

He had attempted multiple times before utilizing the "correct" password, says, “I expected to be blocked after four failed attempts. Or at least would be asked to provide additional information.” 

Gevers revealed to De Volkskrant that President Trump was not utilizing fundamental safety measures, like the multifaceted authentication. 

As indicated by the news report, Gevers frantically reached out to Donald Trump to caution him, which ended up being a rather impossible task. Remarkably though, Gevers along two other Dutch ethical hackers had likewise hacked Trump's record somewhere four years back.

In those days Trump's password was "your fired", which according to VN news, was his 'catchphrase' from the reality television show that brought him half the popularity that he has today, before his election, The Apprentice.

Read more »
Twitter
Accounts Hacked cyber attack Twitter

Recent Twitter hacks raises security concerns and discredits the platform's credibility


The recent hack on Twitter leaves security researchers and others worried about the credibility of the platform, especially during the upcoming US presidential election and how a hack like this, if to be occurred during the elections, could be catastrophic.

Late Wednesday, a number of Twitter's verified accounts were hacked including former president Barack Obama, Democratic presidential candidate Joe Biden, Actress Kim Kardashian, Co-founder Microsoft Corporation Bill Gates, Amazon CEO Jeff Bezos, and Tesla founder Elon Musk. The hackers gained the login credentials of employees and hijacked these accounts. 

The company tweeted, “We detected what we believe to be a coordinated social engineering attack by people who successfully targeted some of our employees with access to internal systems and tools.” And "used this access to take control of many highly-visible (including verified) accounts and Tweet on their behalf.” 

This raises the concern that the platform has been compromised and that the hack was not performed from the user end rather it was attacked from the server.

Adam Conner, vice president for technology policy at the Center for American Progress, tweeted, “This is bad on July 15 but would be infinitely worse on November 3rd.” Twitter is a critical platform of political discourse and discussion and often serve as a news source. And if something similar to this was to occur on or near to Nov 3 Presidential Elections to say important political persons like Donald Trump; it would be cataclysmic.

“If the hackers do have access to the backend of Twitter, or direct database access, there is nothing potentially stopping them from pilfering data in addition to using this tweet-scam as a distraction,” said Michael Borohovski, Director at Synopsis.

These hacks have damaged Twitter's reputation especially since these are not the first attack on the platform but the worst one yet for sure. Dan Guido, CEO of security company Trail of Bits responded on the hack saying, “Twitter’s response to this hack was astonishing. It’s the middle of the day in San Francisco, and it takes them five hours to get a handle on the incident".

 The hijacked accounts tweeted to double the money sent to them via Bitcoin. By Wednesday evening 400 transfers were made and transactions worth $120,000 occurred.
Read more »
Youtube
Accounts Hacked Bill gates Cyber Attacks Microsoft Ponzi cryptocurrency Youtube

Hackers use Bill Gates themed video to sell off Ponzi Crypto Scheme


Recently, tens of YouTube accounts were hacked to broadcast a Ponzi cryptocurrency scheme by renaming the hacked YouTube accounts as Microsoft accounts bearing the message from the company's former CEO Bill Gates to invest in crypto.


This is not the only attack of it's kind, various other attacks like this have become frequent on YouTube where the hacker hijacks a popular account and broadcast a message from the account- a "crypto giveaway", where the user is offered that if they give some cryptocurrency they'll get it back doubled. And of course, this is a scam and the victim does not get any returns.

These frauds first made their appearance on Twitter but moved on to YouTube as Twitter started weeding these posers out.

These hackers very efficiently gave their scheme an air of legitimacy by live streaming (on 30+ accounts) one of Bill Gates talk given to an audience at Village Global in June 2019 and adding a pop of messages of the Ponzi Scheme. This Ponzi scheme was live streaming on these accounts on YouTube- Microsoft US, Microsoft Europe, Microsoft News, and others.

Though both YouTube and Microsoft denied that any official accounts were hacked some users did report that they found the stream on Microsoft's nonverified accounts.

Most of the scam videos were streaming from hacked accounts with high subscriber numbers, that were renamed as Microsoft US, Microsoft Europe and such to seem more official. The viewed number of the videos was in tens and thousands, also the Bitcoin address in the scheme received thousands of US dollars thus successfully scamming some users.

 Various other organizations have been used by such hackers like Chaos Computer Club, a famous Germany-based hacking community, had their accounts hacked and broadcasted with a similar cryptocurrency scheme.
The most recent and popular case was when the YouTube account of YouTube's founder was hacked back in January. So, these sorts of fraudulent schemes have now become a common affair and it's at the hands of the users not to pay heed to these. Always check the legitimacy of these accounts and it's good to remember to think twice before giving in to an offer that's too good to be real.
Read more »
Telegram
Accounts Hacked cyber attack Cyber Attacks One Time Password Russia Telegram

Russian Telegram Accounts Hacked by Intercepting One Time Password (OTP)


According to a firm Group-IB, in the last few weeks a dozen Russian entrepreneurs saw their Telegram accounts hacked. And what's disturbing is the way these accounts were accessed. The attackers intercepted the codes used to authenticate user and give access.

A Telegram App logo in QR code

 How the attackers gained access?

In normal procedure, whenever someone logs into Telegram using a different device, a one-time password (OTP), is texted to them and the user can log into their account using this secret code. Now, these hackers managed to access this one-time secret code and snooped on Telegram chats of various users.

Dmitry Rodin, one of the victims of this attack, runs a coding school in Russia. He told the media, he was given a warning by telegram, that someone is trying to access his account. He ignored the notification but another notification came saying some has successfully logged in from Samara, Russia, he immediately terminated all active sessions except for his.

Like Group-IB, he also believes that there was a problem with the telecom operators or his phone was hacked and not the messaging app Telegram. “Perhaps someone logged into my account by intercepting the SMS, which suggests that there might be a problem on the side of the telecom operator,” he said. “This means that other accounts using SMS as an authentication factor are also threatened.” 13 such cases have been reported so far.

"However, this number is likely to increase since we are speaking about a new threat, which has just started spreading,” a company spokesperson said.

 Is SS7 being abused?

The most worrying part is that One-time password (OTP) were hacked, if this hypothesis is indeed true then we are looking at a very big security threat as this technology is used in many log-ins and financial transactions. Another hypothesis is that victim's devices were hacked and the attackers were spying on their messages but Group-IB found no traces of such activity on the victims' phones. And thus Group-IB is tilting towards a mobile network SS7, that's being abused.

Forbes reported, "Think of SS7 as the part of telecom infrastructure that deals with shifting users between networks as they travel abroad. It also manages the changes in charges when traversing different nations’ networks. But in recent years, hackers have learned that if they can get leverage on that network they can silently intercept text messages. Previously, such attacks have been used in bank account breaches and by surveillance companies."

Now, this same network could be used for hacking Telegram accounts.

 Selling access to accounts on the dark web 

Group-IB also suspects that access to these accounts is being sold on the dark web-based Hydra forum for 3,900$ as well as selling access to WhatsApp messages and user info. Now, they think that these could be linked.

“What made us think that the attacks might have something in common with these advertisements is the fact that the incidents coincided with the time the posts were published,” the company spokesperson added.“But we cannot rule out that there are far more connections between these  two events, which is yet to be established in the course of an investigation.”
Read more »
Twitter account hacked
Accounts Hacked Bengaluru bengaluru police cyber attack Cyber Crime Twitter account hacked

Bengaluru's Police Accounts Hacked: Culprits changed Twitter ID’s



BENGALURU: In the last four days, five of Bengaluru’s Traffic Police Twitter accounts have been cracked where the hacker alleged access to the accounts, posting spams and changing their usernames.

While the police exhort about strengthening cyber security and the need to use strong unique passwords to safeguard online accounts, their own accounts are being hacked by simple password guessing techniques.

Jayanagar Traffic Police was the first account to be hacked at around 10 pm on Friday, followed by ACP South East Division and soon KR Puram, Shivajinagar and Airport traffic police twitter accounts too were hacked by Sunday.

This is not the first time when Bengaluru’s traffic police have been made a victim of cyber crime - Elliot Alderson, a French based hacker broke into the city’s traffic police website in march this year exposing directories. Even other government sites are not well protected, the Aeronautical Development Agency’s (ADA) TRACES account of the Income Tax Department was hacked with impunity with the culprit still unidentified.

Though, in this case, the culprits simply second-guessed common passwords. A man called up various traffic police stations, claiming to be from the IT Department and asked account details and passwords to reset them. It is suspected that one of the staff members fell for the con and shared the password.

The black hat tried the password on other accounts and voila, it worked!

After breaching their twitter handles, the miscreants posted spam messages from these accounts and changed their usernames resulting in Shivnagar Traffic police handle being renamed as ‘SHIVAJINAGAR CINEMA’ and KR Puram became ‘KR PURAM T BOLIWOOD’.

These consequences could have been avoided by quick thinking and strong passwords. Cyber security experts repeatedly identify the use of strong, unique passwords so that malicious cyber threats can’t find or guess your password. SplashData, a password security company estimates that approximately 10% of individuals used at least one of the 25 worst passwords on this year's list, and approximately 3% used the worst — 123456.

Additional commissioner of police (traffic) BR Ravikanthe Gowda said they have filed a complaint with city cyber crime police and told officials to immediately change passwords to secure their accounts (quoting TOI). They also reported the hacking to twitter awaiting a response.

An officer said they are unable to take back control of their accounts on grounds of lack of trained men for the job.

Bengaluru has only one cyber crime police station with a tally of 8,200 cases this year, though to open more of these has been repeatedly proposed to no effect.
Read more »
Instagram
Accounts Hacked Business hacking Designer Fashion Fashion designer Instagram

Fashion designer lost business after her Instagram account got hacked

Twenty-three-year-old Bree Kotomah almost gave up on a burgeoning career in fashion design when hackers compromised her business's Instagram account in November 2018.

"Unfortunately, at the time I ran everything on Instagram, so when that was gone, that was the whole business gone," she told BBC Radio 5 Live.

At least half of micro businesses - companies with fewer than nine employees - in the UK are victims of cyber-attacks every year, compared to just a third of other companies, according to the Association of Independent Professionals and the Self-Employed (IPSE).

Ms Kotomah, whose business Boresa Kotomah is based in London, had not studied fashion. She taught herself to sew and began designing clothes in 2018. Due to interest on Twitter in her fashion styles, she started an Instagram account and gained 5,000 followers in seven months, after a photo of a dress she made went viral.

Interested customers would send her a direct message on Instagram enquiring about prices, and commission her to make the dresses.

Ms Kotomah would invoice her customers using PayPal and mobile app Invoice2go, and her reputation grew by word of mouth and through shares of her outfits on Instagram and Twitter.

But then it all stuttered to a halt.

"I woke up one morning and my account was deleted. I received an email from Instagram saying I had violated some terms and I had done certain things that I know I didn't do," she said.

"My business at that time was my livelihood. That was what I was doing full-time. I'm self-employed. So if I'm not making money from working, I'm not making money at all so I was just thinking like, 'What am I going to do?'"

Ms Kotomah's designs have been worn by actors, influencers, singers, models and dancers.

Ms Kotomah was so disheartened that she stopped designing for two months and considered other jobs. But then she decided to give it one more try. She started a new Instagram account, learned more about running a business, and set up a website showcasing her work that offered ready-to-wear clothing available for immediate purchase.
Read more »
User Security
Accounts Hacked Bug Bounty Hunter Hacker Instagram Laxman Muthiyah User Security

Instagram account can be easily hacked, finds hacker

A professional hacker discovered what he considered a fairly simple way to seize control of any Instagram user's account. Fortunately for the site's 500 million active daily users, he told Instagram exactly how it could be done.

Laxman Muthiyah is a professional bounty hunter. Not the kind who tracks down bail jumpers, mind you. He uses his hacking skills to collect bug bounties, money companies pay to hackers who find and report vulnerabilities in their software.

Muthiyah found the account-breaking bug in the mobile version of Instagram's password reset system. When a user wants to reset his or her password, Instagram tries to validate their identity by sending a 6-digit code to a recovery phone number.

A six-digit code is child's play for a hacker with any amount of computing power at their disposal, which is why Instagram has a system in place that can detect brute-force attacks. Muthiyah found that out of 1,000 attempts around 75% were blocked.

By creating a race condition -- a nasty situation that occurs when a computer tries to process multiple requests at the same time -- and making attempts from a huge number of IP addresses -- Muthiyah was able to do an end run around Instagram's brute force blocker.

He bombarded Instagram with 200,000 codes from 1,000 different IP addresses. That might sound like a Herculean task, but Muthiyah notes that it's actually quite simple using cloud-based tools.

In his estimation it would have cost about $150 to reset anyone's password.

Gaining control of an account with hundreds of thousands -- or even millions -- of followers is well worth the investment. It provides an opportunity to spam users with links to infected downloads or phishing pages from an account they are likely to trust.

There's no telling how many unsuspecting fans would've blindly clicked a malicious link posted from a celeb's verified IG account. It's quite possible that a major incident was avoided thanks to Muthiyah's hard work and Facebook's (which owns Instagram) rapid deployment of a fix.
Read more »
Subscribe to: Posts (Atom)