Largest Hack of 2016 (so far)

In the past few weeks, FriendFinder Networks has had a number of major data breaches that resulted in over 412 million user accounts exposed.

FriendFinder Networks owns AdultFriendFinder, Cams.com, Penthouse, Stripshow and iCams.com all which suffered breaches but AdultFriendFinder suffered the worst with over 300 million accounts leaked. 

“Over the past several weeks, FriendFinder has received a number of reports regarding potential security vulnerabilities from a variety of sources,” Diana Ballou, FriendFinder vice president and senior counsel, told ZDNet which is a sister site of cnet.com. “While a number of these claims proved to be false extortion attempts, we did identify and fix a vulnerability that was related to the ability to access source code through an injection vulnerability.”

The breach was a result of a local file inclusion exploit according to LeakedSource who also said the exposed information was not going to be made publicly available. Also according to LeakedSource FriendFinder used a number of bad security practices such as passwords stored in plaintext or hashed using SHA1 which is notoriously easy to crack. They also still had account information for deleted user accounts and sites they no longer ran such as Penthouse.com which is now owned by Penthouse Global Media.

This is the second time the AdultFriendFinder site has been hacked in two years with the last leaking 3.5 million account in May of 2015 according to LeakedSource.

-Robert Arnold

Sources:

https://www.cnet.com/au/news/hack-reportedly-exposes-412m-friendfinder-networks-accounts-adult-dating-swinger/

FriendFinder Networks hack reportedly exposed over 412 million accounts

Android Rooting Easier for Malware with DRAMMER attack

Last year security researchers had gotten access to Linux operating systems by using a design flaw in the memory storage to get higher kernel privileges on the system. Now for the first time with dynamic random access memory exploit called Rowhammer, which was already known about but not implemented on a mobile device, hackers will be able to gain “root” access to many android phones.

VUSec Lab at Vrije Universiteit Amsterdam was able to gain access for the first time using the Rowhammer exploit. The exploit works by “executing a malicious application that repeatedly accesses the same “row” of transistors on a memory chip in a tiny fraction of a second in a process called Hammering.” This can disturb a neighboring row causing energy to leak into more rows which causes a bit to flip. Bit flipping allows anyone to change the contents of memory in an operating system.

Drammer has no quick fix so it could become a very big problem for android phone users. They were able to gain access to many phones but none of the newer phones they only got up to the s5 for Samsung’s Galaxy model. The way they were able to access the phones was using something called ION in the android phones DRAM memory. Once the malicious app is downloaded within minutes it will have root access to your phone.

source: http://thehackernews.com/2016/10/root-android-phone-exploit.html

-Gavin Millikan

iPhone Passcode Hack

Just a few days ago, Dr Sergei Skorobogatov, who works at the University of Cambridge laboratory, was able to develop a method to crack an unknown pin code on an iPhone 5c.  He did it by removing the Nand chip, which is the main memory of the phone, studying how it communicated with the phone and successfully cloning it.

The purpose of this is to allow for an unlimited number of passcode attempts as usually an iPhone will lock up after a few incorrect tries. This directly contradicts a claim by the FBI that this method (called Name mirroring) would not work during the time they were attempting to access San Bernardino gunman Syed Rizwan Farook’s iPhone 5c.

Dr Skorobogatov made a YouTube video demonstrating his method of removing and replacing the Nand chip and the successful reset of the passcode lockout counter.

Using this method, he was able to crack a 4 digit code in about 40 hours and a 6 digit code could take hundreds of hours. In order to crack newer phones, Dr Skorobogatov said more information was needed about how Apple stored data in memory and he would need a more sophisticated set-up to extract the memory chip.

Apple has not responded to this yet.

Link to original article: http://www.bbc.com/news/technology-37407047

Hacking group claims to offer cyberweapons in online auction

nsa-logo

Hackers going by the name Shadow Brokers said they will auction stolen surveillance tools that are linked to the U.S. National Security Agency.   The group said interested parties had to send funds in advance of winning the auction via Bitcoin currency and would not get their money back if they lost.  To arouse interest in the auction, the hackers released samples of programs they said could break into popular firewall software made by companies including Cisco Systems, Juniper Networks and Fortinet.  The companies did not respond to request for a comment and there was no response from the NSA.  The Shadow Brokers promised in postings on a Tumblr blog that the auctioned material would contain “cyberweapons” developed by the Equation Group, a hacking group that cybersecurity experts widely believe to be an arm of the NSA.

The Shadow Brokers said the programs they will auction will be “better than Stuxnet,” which is a  malicious computer worm.  Reuters could not contact the Shadow Brokers or verify their assertions. Some experts who looked at the samples posted on Tumblr said they included programs that had previously been described and therefore were unlikely to cause major damage.  Professionals stated that some of the data released was fairly old and even a couple years old in some cases.  Still, they appeared to be genuine tools that might work if flaws have not been addressed. Other security experts warned the posting could prove to be a scam.

You can find the whole article at

http://www.cnbc.com/2016/08/16/hacking-group-claims-to-offer-cyberweapons-in-online-auction.html

-Andrewvcsec

 

OurMine Strikes Again: Hacks Variety, Floods Readers with Spam

The hacking group OurMine carried out another cyberattack on September 3, 2016. This time it was on the news publication, Variety. In addition to that, the hackers also targeted the readers by bombarding their emails with spam stating that it’s just testing its security. Along with that message, a link was provided to the website ourmine.org and a video; although it does not state what the content was and has been removed. Variety quickly responded to subscribers saying that they are working to resolve the unauthorized communications, and to ignore and delete the messages.

What’s interesting is that OurMine isn’t out to steal data or take down websites. The group states that their purpose is to make “bigwigs in the industry aware of their security flaws by hacking them.” Variety also states that OurMine doesn’t shut down websites and abscond with data. The group positions itself as a cybersecurity group that raises awareness by hacking into prominent people and brands.

Along with Variety, OurMine has also hacked the Quora account of Google CEO Sundar Pichai, the Twitter account of Twitter CEO Jack Dorsey, and the Twitter and Pinterest accounts of Facebook CEO Mark Zuckerberg. They also claim to be the ones responsible for the distributed denial of service attacks on the servers of Pokemon Go in July.

Source: OurMine Strikes Again

-AJ Agena