What has been reported as hacked/ Tech Thread

Discussion in 'General Discussion' started by ravenanon, Jul 22, 2015.

  1. Supposedly the "on-off" switches have to be used by someone there physically. It's interesting how reassuring the announcement is, the packers are looking for vulnerabilities.
  2. * hackers", spell check. "Hackers"
  3. The Wrong Guy Member

  4. This is worrisome
    "A US Marshals spokesperson told Motherboard in an email, "my colleague in Las Vegas says this was an FBI arrest. Mr. Hutchins is not in U.S. Marshals custody."
  5. Disambiguation Global Moderator

    Cross post
    Highway sign near where Defcon met. They had to change hotels a few years ago because the elevators got hacked. The wireless mikes are hacked so they use the old fashioned kind. There must be a point system and this deserves an "A".
  6. Disambiguation Global Moderator

  7. Do not hack street signs. It's dangerous and childish.
  8. The Wrong Guy Member

    Lorenzo Franceschi-B‏ @lorenzoFB 6 hours ago
    The case against @MalwareTechBlog in Wisconsin is now on PACER. Case no: 2:2017-cr-00124. Docket only contains redacted indictment.
  9. Secret indictment..we've seen this before.
  11. The Wrong Guy Member

    Jake Davis‏ @DoubleJake 19 minutes ago
    Follow this list for full coverage of today's @MalwareTechBlog court hearing. It should be beginning very shortly.

    AJ Dellinger‏ @ajdell 16 minutes ago
    Trial scheduled for October 23.

    Researcher Who Stopped WannaCry Pleads Not Guilty to Creating Banking Malware | Motherboard
  12. The Wrong Guy Member

    Equifax asks consumers for personal info, even after massive data breach

    By Hamza Shaban and Hayley Tsukayama, The Washington Post


    Equifax said Thursday that it will offer free credit monitoring services to all U.S.consumers for one year, after announcing that roughly 143 million Americans' personal data could have been compromised when hackers gained access to its data earlier in the year.

    But before people can sign up and find out whether their personal information was compromised, consumers are prompted to enter their last name and the last six digits of their Social Security number.

    “This is very unusual — most security systems are hard-wired only to reveal the last four digits of an SSN for identification purposes,” said Satya Gupta, co-founder & chief technology officer at Virsec Systems, a cybersecurity firm. “This strongly implies that the typical four digits may have been compromised, and they need additional, previously ‘secret’ information to positively identify customers. This reinforces the conundrum of these breaches — with more information exposed, how do you now prove a person’s identity?”

    Continued at

    We tested Equifax's data breach checker — and it's basically useless | ZDNet

    Several people have confirmed they have mixed or inaccurate results from the Equifax checker.

    By signing up on Equifax’s help site, you risk giving up your legal rights

    By Brian Fung, The Washington Post


    Worried you may be affected by Equifax's massive data breach? The credit bureau has set up a site,, that allows you to check whether your personal information was exposed. But regulators are becoming concerned that the site could pose risks to consumers. As a result, you may want to think twice about using it. Here's why.

    Sharp-eyed social media users have combed through the data breach site's fine print — and have found what they argue is a red flag. Buried in the terms of service is language that bars those who enroll in the Equifax checker program from participating in any class-action lawsuits that may arise from the incident. Here's the relevant passage of the terms of service:


    This language is commonly known in the industry as an “arbitration clause.” In theory, arbitration clauses are meant to streamline the amount of work that's dumped onto the court system. But the Consumer Financial Protection Bureau concluded in the summer that arbitration clauses do more harm to consumers than good — and the agency put in place a rule to ban them.

    “In practice, companies use these clauses to bar groups of consumers from joining together to seek justice by vindicating their legal right,” Richard Cordray, the CFPB’s director, told reporters in July, according to my colleague Jonnelle Marte.

    For consumers affected by Equifax's breach, this is a live issue; there is already at least one class-action suit brewing against Equifax. Critics say that arbitration is problematic because it limits consumers' ability to find facts to support their case, a process otherwise known as discovery, to appeal decisions or to present their case before a jury.

    Equifax didn't immediately respond to questions about the arbitration clause.

    If the government is moving to bar arbitration clauses, then why is one in there?

    Despite the CFPB's move to ban arbitration clauses, the rule has not yet gone into effect, according to the agency. That won't happen until Sept. 18, the CFPB said. What's more, the rule doesn't work retroactively, meaning that the Equifax legalese would not be covered anyway. The ban only affects contracts made after March 19, 2018, six months after the rule takes effect.

    The CFPB said Friday that Equifax's arbitration clause was "troubling" and that the agency is investigating the data breach and Equifax's response.

    "Equifax could remove this clause so that consumers can receive this service without condition," the CFPB said in a statement.

    The future of the ban is itself in doubt; just after the CFPB approved the rule, House lawmakers voted to repeal it. The motion to repeal must still be voted on by the Senate and signed by President Trump to become official, but if it does, then the CFPB's regulation could be nixed.

    On Friday, New York Attorney General Eric Schneiderman took aim at Equifax's arbitration clause, tweeting that his staff has contacted the company urging it to remove that part of the fine print.

    "This language is unacceptable and unenforceable," the state's top lawyer said in his tweet. Minutes later, Schneiderman's office announced a formal probe into the Equifax breach. In a release, the state attorney general's office said Schneiderman had sent a letter to Equifax asking for more information. Among the questions were whether any consumer information has found its way to the "black market," according to a person familiar with the investigation.

    A spokesperson for Schneiderman declined to comment on whether officials were investigating the sale of company stock by Equifax executives prior to the discovery of the hack.

    Continued at

    Equifax updates user agreement at prodding of New York Attorney General | TheHill


    New York Attorney General Eric Schneiderman (D) lambasted the arbitration language in Equifax’s terms of service on Friday, calling it “unacceptable and unenforceable.” Schneiderman tweeted that his office had contacted Equifax’s office demanding the clause be removed.

    Democratic lawmakers quickly blasted the clause as well.

    Ohio Sen. Sherrod Brown (D) called it “shameful,” and Sen. Elizabeth Warren (D-Mass.) hammered Equifax’s terms of service in a series of tweets, while praising a new rule by the Consumer Financial Protection Bureau that would ban such clauses.

    The bureau in July released the controversial rule that will prevent banks and financial services companies from blocking class-action lawsuits with arbitration clauses in future contracts. The rule will also force companies to report data from arbitration agreements reached with customers.

    Later in the day, Schneiderman tweeted that Equifax had complied and added language noting that its arbitration clause does not apply to "the cybersecurity incident."

    The New York and Illinois attorneys general both announced formal investigations into the Equifax breach on Friday.

    More at

    Equifax Faces Multibillion-Dollar Lawsuit Over Hack

    Class action seeking to represent 143 million consumers alleges company didn’t spend enough on protecting data.

    By Polly Mosendz, Bloomberg


    A proposed class-action lawsuit was filed against Equifax Inc. late Thursday evening, shortly after the company reported that an unprecedented hack had compromised the private information of about 143 million people.

    In the complaint filed in Portland, Ore., federal court, users alleged Equifax was negligent in failing to protect consumer data, choosing to save money instead of spending on technical safeguards that could have stopped the attack. Data revealed included Social Security numbers, addresses, driver’s license data, and birth dates. Some credit card information was also put at risk.

    Equifax first discovered the vulnerability in late July, though it chose not to announce it publicly until more than a month later. The company was widely criticized for its customer service approach in the aftermath of the hack, as users struggled to understand whether their information had been affected. Others expressed frustration that three senior executives sold about $1.8 million in stock in the days following the discovery of the hack. A spokeswoman for Equifax said the men “had no knowledge that an intrusion had occurred at the time.”

    The plaintiffs in the lawsuit are Mary McHill and Brook Reinhard. Both reside in Oregon and had their personal information stored by Equifax.

    “In an attempt to increase profits, Equifax negligently failed to maintain adequate technological safeguards to protect Ms. McHill and Mr. Reinhard’s information from unauthorized access by hackers,” the complaint stated. “Equifax knew and should have known that failure to maintain adequate technological safeguards would eventually result in a massive data breach. Equifax could have and should have substantially increased the amount of money it spent to protect against cyber-attacks but chose not to.”

    The case was filed by the firm Olsen Daines PC along with Geragos & Geragos, a celebrity law firm known for blockbuster class actions. Ben Meiselas, an attorney for Geragos, said the class will seek as much as $70 billion in damages nationally.

    Continued at
  13. The Internet Member

    So who did Equifax. North Korea? If so we probably should freeze our credit for 90 days or whatever.
  14. The Wrong Guy Member

    Russia, Banned From The Winter Olympics, Apparently Is Hacking Olympic Emails | BuzzFeed News


    Just over a month after Russia was banned from participating in the 2018 Winter Olympics, and 30 days before those games start, hackers associated with the Russian government have released a handful of emails that appear to have been stolen from the International Olympic Committee.

    Calling themselves “Fancy Bears” — a trolling reference to the games' mascots and the cybersecurity firm ThreatConnect saying a related, earlier hack was the work of Russian military intelligence hackers known in the industry as Fancy Bear — the hackers published the emails Wednesday. They used the same website and the same format used to publish documents in 2016 that had been hacked from the World Anti-Doping Agency (WADA) in response to that agency's finding that hundreds of Russian athletes had taken banned substances.

    In December, citing evidence that the Russian government had created a vast, state-sponsored doping scheme, the IOC took the unprecedented step of banning the country from participating in the Winter Olympic Games in Pyeongchang, South Korea, in February.

    Continued at
    • Like Like x 1
  15. Disambiguation Global Moderator

    This isn't a hack
    . I can't post images. Google chrome doesn't work for image sharing. I get a long link that doesn't end in .jpg or .png of anything recognizable. Even terms of use "free to share" doesn't work. There isn't a "open in new tab"option

  16. [IMG]
  17. The Wrong Guy Member

    Google+ is Shutting Down After a Vulnerability Exposed 500,000 Users' Data


    Google is going to shut down its social media network Google+ after the company suffered a massive data breach that exposed the private data of hundreds of thousands of Google Plus users to third-party developers.

    According to the tech giant, a security vulnerability in one of Google+'s People APIs allowed third-party developers to access data for more than 500,000 users, including their usernames, email addresses, occupation, date of birth, profile photos, and gender-related information.

    Since Google+ servers do not keep API logs for more than two weeks, the company cannot confirm the number of users impacted by the vulnerability.

    However, Google assured its users that the company found no evidence that any developer was aware of this bug, or that the profile data was misused by any of the 438 developers that could have had access.

    Continued at
    • Like Like x 1
  18. The Wrong Guy Member

    Hackers accessed personal information of 30 million Facebook users | CNN


    Almost 30 million Facebook users' phone numbers and email addresses were accessed by hackers in the biggest security breach in the company's history, Facebook said Friday. The attackers accessed even more details on 14 million of those users, including the area where they live, their relationship status, their religion, and part of their search history.

    The FBI is "actively investigating" the breach, Guy Rosen, a Facebook vice-president, told reporters on a call Friday. He said the FBI has asked the company"not to discuss who may be behind this attack" or to share other details that could compromise its investigation.

    The company said that it may still not know the full extent of the attack and wasn't ruling out the possibility of other "smaller-scale attacks" linked to the breach. The company said it will continue to investigate "other ways the people behind this attack used Facebook."

    The new details come two weeks after Facebook first announced that attackers had access to 50 million users' accounts -- meaning they could have logged in as those users. Facebook said on Friday that, "We now know that fewer people were impacted than we originally thought," and said that 30 million people had been impacted.

    For the 14 million worst hit by the breach, the attackers were able to access the following information, Facebook said: "username, gender, locale/language, relationship status, religion, hometown, self-reported current city, birthdate, device types used to access Facebook, education, work, the last 10 places they checked into or were tagged in, website, people or Pages they follow, and the 15 most recent searches."

    Facebook said it will send a message to the 30 million users affected in the coming days and will be posting information to its help center.

    Facebook is regulated by Irish authorities in Europe as its European headquarters is located there. A spokesperson for the Irish data regulator said of Friday's announcement, "The update from Facebook today is significant now that Facebook has confirmed that the personal data of millions of users was taken by the perpetrators of the attack."

    The attack prompted Facebook to take the unprecedented step of logging out the 50 million users whose accounts were exposed and logged out another 40 million users as a precautionary measure.

    The attackers exploited a series of bugs on Facebook's platform. The vulnerability, Facebook said, had existed since July 2017. It wasn't patched until last month, after the company's engineers noticed some unusual activity that turned out to be the attack.

    Despite Friday's announcement, there are still many details about the hack that have not been made public, including who was behind it and if the attackers were targeting particular users or countries.

  19. Disambiguation Global Moderator
  20. Disambiguation Global Moderator

  21. The Moth Member

    Why Scientists Believe Self-Driving Cars Will Be Used for Sex
  22. The Wrong Guy Member

    Marriott reveals data breach of 500 million Starwood guests | CNN


    Marriott says its guest reservation system has been hacked, potentially exposing the personal information of approximately 500 million guests.

    The hotel chain said Friday the hack affects its Starwood reservation database, a group of hotels it bought in 2016 that includes the St. Regis, Westin, Sheraton and W Hotels.

    Marriott said hackers had gained "unauthorized access" to the Starwood reservation system since 2014, but the company only identified the issue last week.

    "The company recently discovered that an unauthorized party had copied and encrypted information, and took steps towards removing it," Marriott said in a statement.

    For 327 million people, Marriott says the guests' exposed information includes their names, phone numbers, email addresses, passport numbers, date of birth and arrival and departure information. For millions others, their credit card numbers and card expiration dates were potentially compromised.

    Continued at
  23. The Wrong Guy Member

    Chinese Hackers Breach U.S. Navy Contractors | Wall Street Journal

    Review of cyber vulnerability is ordered after intruders gain access to information about military technology


    Chinese hackers are breaching Navy contractors to steal everything from ship-maintenance data to missile plans, officials and experts said, triggering a top-to-bottom review of cyber vulnerabilities.

    A series of incidents in the past 18 months has pointed out the service’s weaknesses, highlighting what some officials have described as some of the most debilitating cyber campaigns linked to Beijing.


    One major breach of a Navy contractor, reported in June, involved the theft of secret plans to build a supersonic anti-ship missile planned for use by American submarines, according to officials. The hackers targeted an unidentified company under contract with the Navy’s Naval Undersea Warfare Center in Newport, R.I.

    The hackers have also targeted universities with military research labs that develop advanced technology for use by the Navy or other service branches, according to analysis conducted by cyber firms as well as people familiar with the matter.


    Navy officials declined to say how many attacks had taken place during the 18-month period except to say that there were “more than a handful,” calling the breaches troubling and unacceptable.

    More at
  24. Disambiguation Global Moderator

    This is tech I guess
  25. The Wrong Guy Member

    Germany, hacked | Vox

    • Someone on Twitter hacked and leaked the personal information of hundreds of German lawmakers, from letters to contact details. The breach apparently affected politicians from all parties except the far-right Alternative for Germany, a.k.a. AfD. [New York Times / Melissa Eddy]
    • Twitter shut down the account leaking the private information on Friday. The account had apparently been publishing the information going back to December, but it wasn’t really noticed until Thursday. [The Guardian / Josie Le Blond]
    • It remains unclear if all of the leaked data is authentic, but at least some of it seems to be. [Associated Press / Geir Moulson]
    • The data breach is just the latest to hit a major government, with France experiencing a similar hack during its 2017 election. Similar to the hack in Germany, the French incident seemed to benefit the far right. [BuzzFeed / Zeynep Tufekci]
    • And, of course, Democrats got hacked during the 2016 election — to the benefit of Donald Trump. [Vox / Alvin Chang]
  26. The Wrong Guy Member

    What does cyberwar look like? We're about to find out, but from an unlikely source | TheHill


    In the summer of 2017, the Russian government implanted malware in a commercial accounting software called M.E. Doc, used by the majority of Ukrainians to file their taxes. The malware known as NotPetya spread quickly throughout Ukraine. But what began as targeted attack against a regional rival soon morphed into a global campaign that wreaked havoc on dozens of companies around the world. Multinational giants such as Merck and FedEx each suffered hundreds of millions of dollars in damages as the malicious code spread from their business networks to critical industrial control systems. With total damages estimated at approximately $10 billion, NotPetya was the single most costly known cyberattack in history. Almost two years later it may have an impact on the legal standards related to cyberwar.

    Among the other victims of NotPetya’s collateral damage was Mondelez, the U.S. food company that claims Oreo as one of its brands. After the malware rendered 1,700 servers and 24,000 laptops “permanently dysfunctional,” Mondelez submitted a $100 million property insurance claim, citing their coverage for “physical loss or damage to electronic data, programs or software, including physical loss or damage caused by the malicious introduction of a machine code or instruction.” Zurich, their insurer, refused to pay, citing an exclusion for “hostile or warlike action in time of peace or war... by any government or sovereign power, military, naval or air force, or agent or authority of any party specified above.” Mondelez is suing, putting an Illinois state judge in the unusual role of interpreting the law of armed conflict.

    Continued at
    • Like Like x 1
  27. Disambiguation Global Moderator

    In this case our genome has been hacked Stories&pgtype=Homepage
    “PALO ALTO, Calif. — “Success!” read the subject line of the email. The text, in imperfect English, began: “Good News! The women is pregnant, the genome editing success!”

    The sender was He Jiankui, an ambitious, young Chinese scientist. The recipient was his former academic adviser, Stephen Quake, a star Stanford bioengineer and inventor.

    “Wow, that’s quite an achievement!” Dr. Quake wrote back. “Hopefully she will carry to term...””

    “Months later, the world learned the outcome of that pregnancy: twins born from genetically engineered embryos, the first gene-altered babies. Reaction was fierce. Many scientists and ethicists condemned the experiment as unethical and unsafe, fearing that it could inspire rogue or frivolous attempts to create permanent genetic changes using unproven and unregulated methods.”
    “Chinese scientists have put genes of human brains into transgenic rhesus monkeys to make them smarter.”
    “The world's first gene-edited reptile is a finger-sized albino lizard”

Share This Page

Customize Theme Colors


Choose a color via Color picker or click the predefined style names!

Primary Color :

Secondary Color :
Predefined Skins