Breaking News »

Latest Hacking News

Hacker steal $39m from Kenya Revenue Authority

An IT expert in Kenya has been charged with hacking into the country's tax authority and stealing $39m by Kenyan authorities, according to local media.

Alex Mutunga Mutuku, 28, is accused of electronic fraud, who had stolen money from various institutions and companies in the East African nation, The Standard newspaper reported. However, he denies all the charges against him.

Edwin Okello, the state prosecutor says that he has been working with an international network and is involved in many cases of stealing money from several state bodies.

""It is a case of remote control hacking where the suspects operate smoothly with their machines and the next minute you realize you have no money in your account," said Okello.

"The information we have is just a tip of the iceberg. The racket is big and involves people outside the country."

The government says that the members of the group are from the United States and other countries, and some of them are police officers and civil servants.

According to reports of the Daily Nation newspaper, in 2015 he was arrested for hacking into the country's biggest telephone network provider, Safaricom, and stealing airtime worth $150. In 2014 also, he has been accused of hacking into the system of a local bank.

As per the cybercrime unit,  Kenya has lost $165m (£132m) through hacking in 2016.

The trial will continue from March 28.

12 Million hacked account credentials for sale on Dark Web

Around 12million account credentials from 11 separate cryptocurrency forums surfaced on the dark web for as low as $400. The vendor under the pseudonym 'doubleflag' claims the database includes records from 2011-2017 which includes names, email addresses, usernames, phone numbers, date of birth, location passwords and even IP addresses. The vendor has claimed that some of the passwords are in plain text.

The vendor is marketing the trove of stolen credentials as a "package" deal and any one can buy this leaked information from the dark web after paying 0.3817 BTCs. The package is said to include content from compromised cryptocurrency forums like BitcoinTalk, MtGox, Bitcoinsec, and BTC-E. Other leaked databases on sale include user information from Whois, Paddy Power, Experian, Brazzers, GTAGaming, Dota2, CDProjektRed, XHamster, and Lastfm. The publication also informs about the presence of datasets containing US voter records.

While some of these platforms are not functional anymore, the hacked data can still come in handy as many people tend to reuse the same credentials across multiple accounts. A hacker equipped with so much data can potentially reuse it on other platforms successfully.

The thriving dark web marketplaces are known for trading in stolen databases, each typically containing tens of thousands of hacked accounts. One can buy almost anything there, provided they know where to go and have enough cryptocurrency balance to pay for it. Over the past 12 months, massive leaks have ended up there – from Dropbox to MySpace.

There have been numerous reports of large-scale hacking incidents that went unnoticed for a while. Like in the case of Yahoo, the company didn’t realise that the security has been compromised until a separate incident led the cyber security experts to a previously undetected incident. Other prominent platforms that have been targeted by hackers in the past include LinkedIn and even Google accounts.

One service named in the batch,, was hacked back in May 2015. When the batch emerged a year later it was selling for one Bitcoin, or £480 ($600). It contained over 500,000 accounts consisting of names, emails, passwords and more.

These incidents keep reminding internet users about the importance of security and best practices when it comes to online activities. It is advisable to change passwords frequently and to use a mix of complex characters instead of easily deducible words.

Scotland’s secretive unit uses Indian hackers to snoop on protesters and journalists

An anonymous letter by a whistle-blower to Green Party peer Jenny Jones has claimed that a secretive Scotland Yard unit with the help of Indian hackers snooped on political campaigners’ passwords and accessed private email accounts of activists, journalists and at least one press photographer for a number of years without any legal authority.

"Hacked passwords passed to cops; e-mails spied on illegally," claims whistleblower.

The whistle-blower has claimed to have worked with the team that scrutinised the activities of political campaigners and alleged that the Metropolitan police’s Domestic Extremism and disorder intelligence unit were in touch with the Indian cops, who in turn used hackers to illegally collect email passwords.

Hacked passwords were passed to Met which then regularly checked the emails of the campaigners and the media to gather information.

The letter has also revealed the names of 10 political campaigners and journalists, including four from Greenpeace and two from The Guardian, whose email account details have been compromised. Jones' lawyer contacted six of the victims to check if the passwords matched and five of them did while the sixth one too was close. The remaining four people either couldn't be traced or were yet to be approached.

The peer passed on the information to the Independent Police Complaints Commission (IPCC) for investigation and has urged them to find out more about the individuals whose privacy was compromised.

The letter stated that the documents were allegedly shredded by cops to cover up the "illegal gathering of intelligence on protest groups." After months of investigation, the IPCC has agreed that the documents were shredded over a number of days in May 2014 despite a specific instruction that files should be preserved to be examined by a judge-led public inquiry into the undercover policing of political groups. The letter claimed that the shredding “has been happening on a far greater scale than the IPCC seems to be aware of”.

All possible steps are being taken to ensure that all relevant material and associated computer systems are preserved to assist the IPCC's investigation. The IPCC has assured that the MPS will provide full support during the investigation. IPCC has met Jones twice with her lawyer regarding the case.

The secretive Scotland Yard unit had in the past justified monitoring of thousands of activists citing the need to track those who resort to criminal activities, but it has received a huge backlash this time around after it was revealed that some of the campaigners and journalists, who were snooped upon, are law-abiding citizens.

No official involvement in Yahoo hacking: Kremlin

Kremlin has not received any official data regarding the involvement of the Federal Security Service (FSB) in hacking billions of Yahoo accounts, the press Secretary of the President Dmitry Peskov told reporters on March 16.

Peskov,  commenting on the accusation said that they got to know about the involvement in Yahoo cyber attack through the media.

"To our knowledge, we have not received through official channels of any information, so, unfortunately, do not possess the details," - said the president's press secretary.
However, the representative of the Kremlin said that Moscow has always expressed their interest in cooperation to counter cybercrime around the world.

"We hope that we will take over any official information on this matter," he said.

Peskov said that one must not pay heed to the allegation made by the media, and it's not the information of the official agencies.

On March 15, the U.S. Justice Department has accused three Russain citizens of cyber attacks on Yahoo three years ago, and two of them were the former employees of the FSB.