Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label Hacktivist group. Show all posts

Navalny's Revenge? Hackers Siphon Huge Russian Prisoner Database: Report

 

Following the murder of Russian opposition leader Alexey Navalny, anti-Kremlin militants seized a database comprising hundreds of thousands of Russian prisoners and hacked into a government-run online marketplace, according to a report. 

Navalny was the most prominent Russian opposition figure and a strong critic of Russian President Vladimir Putin. He died on February 16 at a penal colony in Russia's Arctic region while serving his jail sentence. 

CNN reported that an international group of 'hactivists', comprising Russian expats and Ukrainians, stole prison documents and hacked into the marketplace by acquiring access to a computer linked to the Russian prison system. 

Following Navalny's death in February, overseas 'hactivists' allegedly acquired a Russian database containing hundreds of thousands of convicts, relatives, and contacts. 

As per the report, the hackers also targeted the jail system's online marketplace, where relatives of inmates purchase meals for their family members. The rate of products like noodles and canned meat was changed by the hackers from nearly $1 to $.01 once they gained access to the marketplace.

It took many hours for the administrators of the prison system to realise that something was wrong, and it took an additional three days to undo the hacker's work completely. 

The hackers also posted a photo of Navalny and his wife, Yulia Navalnaya, on the jail contractor's website, along with the statement "Long live Alexey Navalny". While the hackers claimed the database included information on approximately 800,000 prisoners, the report said there were some duplicate entries, but the data spilt by the hackers "still contains details on hundreds of thousands of inmates". 

What is 'hacktivism' and why did hackers siphon Russian databases? 

The terms "hacking" and "activism" are combined to form the phrase "hacktivism." It alludes to hacking operations in which hackers participate in activism for a specific cause. 

According to Clare Stouffer of the cybersecurity company Norton, hacktivism is a lot like activism in the real world, when activists create disruption to push for the change they want.

"With hacktivism, the disruption is fully online and typically carried out anonymously. "While not all hacktivists have malicious intent, their attacks can have real-world consequences," Stouffer wrote in a Norton blog.

Idaho National Laboratory Suffers Data Breach, Employee Data Compromised


Idaho National Laboratory, the nuclear energy testing lab that comprise of an estimated 5,700 experts, has recently suffered a major data breach in their systems.

The data breach took place last Sunday, on November 19. The stolen data comprise of the laboratory’s employees’ critical data, which was later leaked on online forums. 

The investigation on the breach is being carried out by the U.S. Cybersecurity and Infrastructure Security Agency (CISA) and the FBI, who are working in collaboration with INL, a spokesperson informed. Physical addresses, bank account details, and Social Security numbers are among the data that are impacted.

In an interview regarding the incident, the spokesperson told local news outlet EastIdahoNews.com that the breach has impacted INL’s Oracle HCM system, a cloud-based workforce management platform that offers payroll and other HR solutions, was impacted by the attack.

SiegedSec, a self-entitled hacktivist group has since taken responsibility of the attack, following which it published a sample of the stolen employee data online, which included full names, dates of birth, email addresses, contact details and other identity info of the INL employees to their data breach forum. 

The group, which seems to have political motivations, was also accused in the past of stealing information from the Communities of Interest Cooperation Portal, an unclassified information-sharing portal run by NATO.

However, INL has not implied that the breach has had any impact on its classified information or nuclear research, and CISA did not immediately respond to the request for a comment. 

Regardless of whether the classified nuclear details were accessed by the threat actors, Colin Little, security engineer at the cybersecurity firm Centripetal, said it is "highly disconcerting that the staff generating that intellectual property and participating in the most advanced nuclear energy research and development have had their information leaked online."

"Now those who are politically motivated and would very much like to know the names and addresses of the top nuclear energy researchers in the U.S. have that data," he said. 

INL supports large-scale initiatives from the Department of Energy, the Department of Defense. The laboratory bills itself as "a world leader in securing critical infrastructure systems and improving the resiliency of vital national security and defense assets."