Shadow Brokers reveals list of Servers Hacked by the NSA

On my previous post I mentioned the Shadow Brokers.  The Shadow Brokers are a group of hackers that initially claimed to have stolen NSA surveillance tools.  Well today October 31, 2016 the Shadow Brokers published a list of foreign servers allegedly compromised by the NSA-linked hacking unit, Equation Group, in various countries to expand its espionage operations. Experts believe the list contains 306 domain names, and 352 IP addresses belonging to at least 49 countries. As many as 32 domains of the total were run by educational institutions in China and Taiwan.  The top 10 targeted countries include: China, Japan, Korea, Spain, Germany, India, Taiwan, Mexico, Italy , and last but certainly not least Russia.  The article also talks about other undisclosed tools that the Equation Group used.  To end this post I wanted to share a comment the Shadow Brokers made.

“TheShadowBrokers is having suggestion. On November 8th, instead of not voting, maybe be stopping the vote all together? Maybe being grinch who stopped the election from coming? Maybe hacking election is being the best idea? #hackelection2016.” 


– Andrew Villella





FCC Not Moving Forward with IoT Security Mandates

fcc_logoCurrently facing backlash from the widespread DDoS attacks last week, the FCC is being pressed on how they plan to manage and regulate the increase of IoT devices on the market. Many in congress are pressuring the FCC to regulate IoT devices as different entities than traditional computers, saying that their impact on network infrastructure is fundamentally different.

The current commissioners are pretty unanimous in their belief that the Open Internet Order gives ISP’s the correct amount of leeway to handle threats similar to the recent DDoS attacks themselves. The Open Internet Order grants ISP’s “Reasonable Network Management”. If that sound’s extremely flexible, that’s intentional.

Mostly, the FCC wants to keep their hands out of this mess, opting instead for a more advisory role.

You can read more on this subject by clicking here.

Watch Out Discord Users! Troy is Invading!


Well, it was about time the free, IRC/Teamspeak VOIP service has its holes punched. Discord has become an increasingly popular VOIP platform for gamers over the last couple of years and, with its popularity, hackers are now interested. Sources have warned that hackers are now abusing its servers to host and distribute remote access trojans. Ionut Arghire reports Symantec research on these RATs:

“According to Symantec, most of the malicious samples they discovered on the service include RATs such as NanoCore (Trojan.Nancrat), njRAT (Backdoor.Ratenjay), and SpyRat (W32.Spyrat), yet infostealers, Trojan Horse malware samples, and downloaders were also found being hosted on Discord. The security researchers believe that the malware might have been used in drive-by downloads or social-engineering campaigns.”

So what’s the motive? Experts are speculating that it’s simply to retrieve user credentials towards gaming. “The attackers behind the RATs and other malware may have distributed their threats on the service to steal sensitive information related to online gaming (credentials, items, in-game currency, and contacts) directly from the victim’s computer. This data can be valuable to attackers just as much as other personally identifiable information (PII), such as users’ bank account details, web service credentials, contact numbers, IP addresses, and biometric information. These could all be harvested by data thieves in the process,” Symantec notes.

Because Discord uses similar chat mechanics as IRC it’s easy for hackers to exploit/trick users into downloaded obscure files. Naturally common sense comes into play as Discord users should be careful giving out their information while roaming the streets of Discord servers. Discord has added additional virus scanning services to their software whenever an executable is uploaded as well as permission controls to encourage users to be safe while using the service. Naturally, however, common sense seems to be an easy pawn in the game of hacker vs user.

Good luck!


St. Jude Medical heart devices come under attack in security lawsuit

St. Jude Medical is currently being targeted due to security vulnerabilities in implanted heart devices. Back in August, MedSec and Muddy Waters released a report about how St. Jude’s pacemakers and defibrillators were vulnerable to cyberattacks that could result in battery drain or manipulation of pacemaker beat rates. This could in turn put a patient’s life at risk.

Bishop Fox, an independent security firm, recently provided a testimony stating that the St. Jude cardiac devices ecosystem does not meet the security requirements of a system responsible for safeguarding life-sustaining equipment implanted in patients. In addition, the wireless protocol used by the devices to communicate also have vulnerabilities that allow attackers to take control of the device and deliver shocks to patients at a range up to 10 feet and possibly more with additional components.

-AJ Agena

Chip in Security Camera’s Can Analyze the Scene it’s Capturing

Movidius, a chip maker specializing in artificial intelligence and computer vision has created a chip called the Myriad chip. The company has recently been acquired by Intel and the Myriad chip is now being added to Hikvision, a line of internet-connected security cameras.

The chip is designed to perform deep learning techniques without overwhelming smaller devices like video cameras. Movidius claims that since the analysis can be done on the actual device, the amount of data that gets sent is actually much smaller and could share small video clips when it detects a serious threat or problem that requires attention. They also claim that it lowers the rate of false positives.

However, some features could be exploited for invasive government surveillance or worked around by someone trying to commit a crime. It is a helpful device with seemingly many problems.

-Hannah Gallucci