Apr 182019

Hacktivism is seeing a resurgence recently, in no small part fueled by the arrest of Julian Assange. #Op hashtags for the UK, Sweden, and Ecuador signal the intent of the attackers.

The police.uk site was back up at the time of this posting, but that was just one site hit. Rogue Media Labs reported that @Cyberghost404 of the Philippine Cyber Eagles (@PhCyberEagles) released a data dump with data from more than two dozen UK police-related agencies. The data dump, obtained by DataBreaches.net, does not appear to leak particularly sensitive personal information, and it is not clear what site the data were obtained from. The files, including spread sheets on stop-and-searches, organized by police unit/location, and outcomes, seem to be February data that was accessed or dumped at the beginning of April.

I suppose the question for now is:  what other files might these hacktivists have acquired that they have yet to dump?

Apr 152019

Catalin Cimpanu reports:

A hacker who spoke with ZDNet in February about wanting to put up for sale the data of over one billion users is getting dangerously close to his goal after releasing another 65.5 million records last week and reaching a grand total of 932 million records overall.

The hacker’s name is Gnosticplayers, and he’s responsible for the hacks of 44 companies, including last week’s revelations.

Since mid-February, the hacker has been putting batches of hacked data on Dream Market, a dark web marketplace for selling illegal products, such as guns, drugs, and hacking tools.

Read more on ZDNet.

Apr 142019

Ingrid Lunden and Zack Whittaker report:

…   Microsoft has confirmed to TechCrunch that a certain “limited” number of people who use web email services managed by Microsoft — which cover services like @msn.com and @hotmail.com — had their accounts compromised.

“We addressed this scheme, which affected a limited subset of consumer accounts, by disabling the compromised credentials and blocking the perpetrators’ access,” said a Microsoft spokesperson in an email.

According to an email Microsoft has sent out to affected users (the reader who tipped us off got his late Friday evening), malicious hackers were potentially able to access an affected user’s e-mail address, folder names, the subject lines of e-mails, and the names of other e-mail addresses the user communicates with — “but not the content of any e-mails or attachments,” nor — it seems — login credentials like passwords.

Read more on TechCrunch.

Apr 132019

AP reports:

The first online election for student government at Berkeley High School became a lesson in more than democracy. Students also learned about vote fraud, hacking and digital privacy after a high school junior who was running for class president cast hundreds of fake online votes for himself.

As many as 2,400 students were eligible to vote by email in last month’s weeklong election. When a sudden surge in votes for one candidate started coming in the day before the election was to end, though, the school’s director of student activities, John Villavicencio, became suspicious.

Read more on Westport News.

So how much of this was facilitated by the way schools use Google and EdTech?  The reporter notes:

The cheating candidate, a junior making his second run for class president whose name was not released, had access to a list containing students’ names and ID numbers. Voting in the election, it turned out, was done using a Google form that could be accessed using Gmail accounts issued to students by the district, with a default password that includes each student ID number.

I wonder what other mischief or mayhem could be perpetrated with a default password system…..

Apr 132019

Zack Whittaker reports:

A hacker group has breached several FBI-affiliated websites and uploaded their contents to the web, including dozens of files containing the personal information of thousands of federal agents and law enforcement officers, TechCrunch has learned.

The hackers breached three sites associated with the FBI National Academy Association, a coalition of different chapters across the U.S. promoting federal and law enforcement leadership and training located at the FBI training academy in Quantico, VA. The hackers exploited flaws on at least three of the organization’s chapter websites — which we’re not naming — and downloaded the contents of each web server.

The hackers then put the data up for download on their own website, which we’re also not naming nor linking to given the sensitivity of the data.

Read more on TechCrunch.