Search This Blog

Showing posts with label E Hacker News. Show all posts

Hacker to stand trial for stealing and distributing Russian Railways data


The investigating authorities completed a criminal investigation into the theft of data from Russian Railways employees. This was reported by the press service of the Investigative Committee of Russia.

According to the Committee, in June 2019, the accused, using illegally obtained accounts of two employees of Russian Railways and 96 unique IP addresses, was able to get to the internal website of the state company. There, he copied several hundred thousand photos and information of the Russian Railways management, as well as other employees of the organization. Later, he posted the data on one of the sites that have hosting in Germany.

Investigators were able to identify the computer genius. It turned out to be a 26-year-old IT specialist from Krasnodar, who admitted his guilt. It was possible to establish the identity of the attacker through joint work with the K department of the Ministry of Internal Affairs of Russia and the security service of Russian Railways. In December 2019, he was charged under the article "illegal receipt and disclosure of information constituting a trade secret".

The leak of data of Russian Railways employees became known in August 2019. They were published on the website infach[dot]me, which allowed users to anonymously publish personal data of other people. Among the data of Russian Railways employees published on the site were their names, phone numbers, positions, photos in the uniform and pictures of the insurance documents. The attackers added a note to the publication "Thank you to Russian Railways for the information provided by carefully handling the personal data of their employees". Later, the information was hidden.

Later, Ashot Hovhannisyan, the founder and technical Director of DeviceLock, a company specializing in preventing data leaks from corporate computers, said that unknown people had posted personal data of 703 thousand people for free access. He also suggested that the leak occurred from the database of the security service of the state company. According to the report for the first half of 2019, the number of employees of Russian Railways amounted to 732 thousand people.
After the leak, Russian Railways assured that the passenger data was not stolen.

Hack an iPhone, win $ 1 million


Apple has massively increased the amount it’s offering hackers for finding vulnerabilities in iPhones and Macs, up to $1 million. It’s by far the highest bug bounty on offer from any major tech company.

That’s up from $200,000, and in the fall the program will be open to all researchers. Previously only those on the company’s invite-only bug bounty program were eligible to receive rewards.

As Forbes reported on Monday, Apple is also launching a Mac bug bounty, which was confirmed Thursday, but it's also extending it to watchOS and its Apple TV operating system. The announcements came in Las Vegas at the Black Hat conference, where Apple’s head of security engineering Ivan Krstić gave a talk on iOS and macOS security.

Forbes also revealed on Monday that Apple was to give bug bounty participants “developer devices”—iPhones that let hackers dive further into iOS. They can, for instance, pause the processor to look at what’s happening with data in memory. Krstić confirmed the iOS Security Research Device program would be by application only. It will arrive next year.

$1 million for an iPhone hack

The full $1 million will go to researchers who can find a hack of the kernel—the core of iOS—with zero clicks required by the iPhone owner. Another $500,000 will be given to those who can find a “network attack requiring no user interaction.” There’s also a 50% bonus for hackers who can find weaknesses in software before it's released.

Apple is increasing those rewards in the face of an increasingly profitable private market where hackers sell the same information to governments for vast sums.

As Maor Shwartz told Forbes, the cost of a single exploit (a program that uses vulnerabilities typically to take control of a computer or phone) can fetch as much as $1.5 millon. An exploit targeting WhatsApp where no clicks are required from the user, for instance, can be sold to a government agency for that much, though such tools are rare. Only one or two a year will be sold, from a pool of around 400 researchers who focus on such high-end hacking. “It’s really hard to research them and produce a working exploit,” he said.

Bulgaria’s tax agency hacker released

A cybersecurity expert accused of hacking the data of more than 5 million Bulgarian taxpayers was released by police Wednesday after his charges were downgraded.

Kristian Boykov, a 20-year-old Bulgarian cybersecurity worker, was arrested in Bulgaria's capital Sofia last week in connection to the breach. Police raided his home and seized computers and mobile devices with encrypted information. The hacker was found by police through the computer and software used in the attack, according to the Sofia prosecutor's office.

Due to his work, which involves testing computer networks for potential vulnerabilities, some believe Boykov is a "white hat hacker" — a hacker that breaks into computer networks to expose vulnerabilities and push for the weaknesses to be fixed.

He has made news in Bulgaria before. In 2017, he hacked the Bulgarian education ministry's website to expose its vulnerabilities. In a television interview, he described the work as "fulfilling my civic duty."

Sofia prosecutors claim they tracked one of the stolen files from the latest data breach to a username used by Boykov. Boykov and his lawyer reject the allegations against him and say he was not involved in the incident.

The hack of the nation's tax agency database is believed to be the largest data breach in Bulgaria's history. Nearly every working adult in Bulgaria was impacted. In a country of 7 million, more than 5 million people had personal data such as social security information, addresses, incomes and names leaked and made easily accessible on the Internet.

Boykov was initially charged with a computer crime against critical infrastructure, with a maximum sentence of eight years in jail. Those charges were dropped and he was given a lesser charge of crime against information systems, which has a maximum jail sentence of three years.

The initial hack is believed to have happened in June. The breach remained undetected until an email from a Russian email address was sent to Bulgarian news outlets last week claiming responsibility for the attack. In the email, the sender claimed to be a Russian hacker, gave downloadable links to the stolen information and mocked Bulgaria's cybersecurity efforts.

Facebook page of Mancera,Mayor of Mexico City hacked

An unknown cybercriminals compromised the official facebook page of the Miguel Ángel Mancera, the Head of Government of the Mexican Federal District.

After hackers hijacked the page, the officials immediately suspended the facebook page to prevent misuse.

"Please note that the account of # Facebook's # JefeDeGob @manceramiguelmx has been hacked." reads the message posted in the @GobiernoDF. (translated)


"We have suspended the Facebook page to detect the causes of the inadequate functioning. Thanks for your understanding" The tweet posted by the @ManceraConecta .(translated)

South African Police Service website breached by #Anonymous


The official website of South African Police Service has been breached by the Anonymous hacktivist with online name "DomainerAnon". 

"This action is to serve as a reminder to the government regarding the murders of 34 protesting miners outside the Marikana platinum mine by police. "Hacker stated as reason for the attack.

"To date no officers have been brought to justice... This situation will NOT be tolerated. #OpMarikanaMiners"

The hacker provided a link to the database dump(pastebay.com/1232460) that includes Usernames, hashed passwords, Telephone numbers and few other details.

He also shared a 13Mb size file named "EMAILS.csv" in the DatafileHost which is said to be contain emails.

Sri Lanka Ports Authority(SLPA) website hacked by Davy Jones

A Hacker called himself as Davy Jones hacked into the official website of Sri Lanka Ports Authority (SLPA.lk) and uploaded the defacement page in the site.

Sri Lanka Ports Authority (also abbreviated SLPA) is a government agency responsible for the development and maintenance of all commercial ports in Sri Lanka.

The Defacement page

The main page is not affected by the defacement. The hacker simply uploaded a html file "deface3.html" in the upload folder of Admin(slpa.lk/admin/upload/deface3.html)

The hacker recently breached the two famous Sri Lankan Tv Channel websites namely Rupavahini TV and One SriLanka.

Recently a hacker with online handle "Game over" has defaced Sri Lankan National Security Media Centre website.