recentpopularlog in

hacking

« earlier   
Twitter
Today exactly 6 years ago, I decided to come to Twitter to share what I learned about .

It was just a litt…
hacking  from twitter_favs
2 days ago by blackthorne
Equifax IT staff had to rerun hackers' database queries to work out what was nicked – audit • The Register
John Dunn:
<p>Equifax was so unsure how much data had been stolen during its 2017 mega-hack that its IT staff spent weeks rerunning the hackers' database queries on a test system to find out.

That's just one intriguing info-nugget from the US Government Accountability Office's (GAO) report, <a href="https://www.gao.gov/assets/700/694158.pdf">Actions Taken by Equifax and Federal Agencies in Response to the 2017 Breach</a>, dated August but publicly released this month.

During that attack, hackers broke into the credit check agency's systems, getting sight of highly personal information on roughly 150 million people in America plus 15 million Brits, and others.

Computer security breaches are rarely examined in this much detail, however, several departments of the US government are Equifax customers, which meant the Feds wanted the GAO to convince them it's not going to happen again.

The cyber-break-in happened on May 13 when criminals started exploiting a vulnerability in the Apache Struts 2 framework running on Equifax's online portal. The company didn't clock it until July 29. However, the report confirmed that failing to patch this flaw earlier was not the only screw-up.</p>


And yet they still had the chutzpah to offer people "one year's free protection" on their accounts, chargeable after that. A great way to drum up business. (That bit wasn't a screw-up. It was intentional greed.)
equifax  hacking 
3 days ago by charlesarthur
The Mirai botnet architects are now fighting crime with the FBI • WIRED
Garrett Graff:
<p>Josiah White, Paras Jha, and Dalton Norman, who were all between 18 and 20 years old when they built and launched Mirai, pleaded guilty last December to creating the malware. Mirai, which hijacked hundreds of thousands of internet-of-things devices and united them as a digital army, began as a way to attack rival Minecraft videogame hosts, but it evolved into an online tsunami of nefarious traffic that knocked entire web-hosting companies offline. At the time, the attacks raised fears amid a presidential election targeted online by Russia that an unknown adversary was preparing to lay waste to the internet…

…In a separate eight-page document, the government lays out how, over the 18 months since the FBI first made contact with the trio, they have worked extensively behind the scenes with the agency and the broader cybersecurity community to put their advanced computer skills to noncriminal uses. “Prior to even being charged, the defendants have engaged in extensive, exceptional cooperation with the United States Government,” prosecutors wrote, saying that their cooperation was “noteworthy in both its scale and its impact.”

As it turns out, the trio have contributed to a dozen or more different law enforcement and security research efforts around the country and, indeed, around the globe. In one instance, they helped private-sector researchers chase what they believed was an “advanced persistent threat” from a nation-state hacking group; in another, they worked with the FBI in advance of last year’s Christmas holiday to help mitigate an onslaught of DDoS attacks. Court documents also hint that the trio have been engaged in undercover work both online and offline, including traveling to “surreptitiously record the activities of known investigative subjects,” and at one point working with a foreign law enforcement agency to “ensur[e] a given target was actively utilizing a computer during the execution of a physical search.”

The government estimates that the trio have already collectively logged more than 1,000 hours of assistance, the equivalent of half a year of full-time employment.</p>


So that's positive, sort of. <a href="https://www.justice.gov/usao-ak/pr/hackers-cooperation-fbi-leads-substantial-assistance-other-complex-cybercrime">More details at the US Justice Department site</a>.
botnet  alaska  mirai  hacking  fbi 
3 days ago by charlesarthur

Copy this bookmark:





to read