Search This Blog

Showing posts with label Hackers News. Show all posts

A Russian-speaking hacker put up for sale the accounts of the heads of the world's largest companies

 A Russian-speaking hacker under the pseudonym Byte leaked passwords from the personal profiles of managers of many large companies in the world

Data for accessing the personal accounts of Microsoft's online services and the email addresses of several hundred senior executives are put up for sale on a Russian-language hacker forum.  This was done by a Russian-speaking hacker under the pseudonym Byte. The seller claims that he has hundreds of passwords of different top managers from all over the world. He is ready to confirm the authenticity of the data to the buyer.

Offer to sell credentials appeared on a private forum Exploit.in for Russian-speaking cybercriminals. The description states that you can purchase email addresses and passwords to access the accounts of Office 365 and other Microsoft services of presidents, their deputies, CEOs, and other high-ranking executives of companies from around the world.

Byte asks for each address from $100 to $1500, the price directly depends on the size of the company and the position held by the account owner.

An information security specialist entered into negotiations with the seller to confirm how relevant the database offered for sale is. For verification, he received the credentials of two accounts: the CEO of an American software development company and the CFO of a chain of retail stores in one of the EU countries. As a result of verification, he got access to the data of these people. 

The attacker did not disclose the source of the data but claims that it can provide access to hundreds of accounts.

Analysts at KELA reported that the person selling these credentials previously tried to purchase information collected from computers infected with the Azorult malware. It usually contains usernames and passwords that the program extracts from victims' browsers.

This incident once again highlights the need for better data protection. Two-factor authentication or 2FA is often recommended.

Russia was included in the list of countries with the most active hackers

The company Group-IB, which specializes in the disclosure of IT crimes, listed the countries from which cyber attacks are most often committed. This list includes China, Iran, North Korea, and Russia

Hacker attacks are most often carried out from China, Iran, North Korea and Russia, according to the report Hi Tech Crime Trends 2020 of the company Group-IB. The Asia-Pacific region was the most attacked in the second half of 2019 and the first half of 2020.

Groups of hackers associated with the security services are mainly concentrated in China, where they counted 23, in Iran — 8 groups, in North Korea and Russia — 4 groups, in India-3 groups, in Pakistan and the Gaza Strip-2 groups. Another one is in Vietnam, Turkey and South Korea. At the same time, their main area of interest is the Asia - Pacific region, as well as Europe.

According to a report, Russia and the United States were less likely to be attacked. So, 15 campaigns were conducted in the United States and 9 in Russia. They were attacked by groups from China, North Korea and Iran. Russia also recorded one attack by Kazakhstan's security services and the United States - from the Gaza Strip and Pakistan.

Experts note that the attacking teams are actively replenished with tools for attacks on physically isolated networks. So, this year, incidents occurred at nuclear facilities in Iran and India.

Another high-profile attack was a sabotage attempt in Israel, where water supply systems were targeted, where hackers tried to change the level of chlorine content. 

The Russian was convicted as a LinkedIn hacker


The Federal court for the Northern District of California in San Francisco sentenced Russian Yevgeny Nikulin to seven years and four months in prison for computer fraud. According to the Americans, Nikulin hacked the databases of LinkedIn, Dropbox and Formspring,  as a result of which about 117 million account login codes were stolen.

One of his lawyers, Arkady Bukh, informed the Russian about the verdict. According to him, the four years spent in prison after the arrest of Yevgeny Nikulin in Prague in October 2016 at the request of the FBI will be counted in the sentence.

The Prosecutor's Office recommended that the court appoint Nikulin 12 years in prison after the jury ruled guilty on all nine counts. The Russian did not admit his guilt and refused the last word before sentencing.

The judge, determining the punishment, noted the mind, abilities and sense of humor of Nikulin, but considered that these qualities only aggravate the guilt of the Russian.

Yevgeny Nikulin was extradited to the United States in March 2018. He was accused of hacking the databases of LinkedIn, Dropbox and Formspring, as a result of which about 117 million login codes were stolen, causing damage to computer devices, and transferring stolen personal data to third parties. The prosecution materials are classified as "secret", their volume is six terabytes of information.

Recall that in Prague, Nikulin claimed that an FBI employee during interrogation put pressure on him to get information about Russian interference in the US presidential election in 2016.

The Russian Foreign Ministry previously called the Nikulin case an example of how American intelligence agencies are hunting for Russians around the world.

Hackers threaten to bring down the tax, energy and banking system of Belarus

A group of hackers threatens to bring down the tax, energy and banking systems of Belarus if the head of state Alexander Lukashenko does not comply with the ultimatum

The union of hackers and IT-developers of Belarus has threatened President Alexander Lukashenko to bring down the tax, energy and banking systems if security forces continue to detain protesters.

The statement of attackers was published in the Telegram channel "Cyber Partisans". They demand that Lukashenko stop the arrests by September 13, go out with a loudspeaker and publicly apologize to the population, as well as leave his post. And if this does not happen, "Belarus will forget what taxes are."

"Alexander Lukashenko, we are addressing you personally. It will be very painful, first, the tax system will break down, then the electricity in the country will run out, then the banking system will break down… Do you need it?" the hackers asked the President of the Republic. In addition, the hackers stressed that they are able to "kill the ruble" and start blocking the bank accounts of people from Lukashenko's inner circle.

Recall that after the announcement of the election results in Belarus, mass protests began. The protesters are demanding Lukashenko's resignation and new fair elections. In addition, citizens report violence by the security forces.

The European Union refused to recognize the victory of Lukashenko, and the Kremlin, on the contrary, congratulated the permanent leader of the Republic on the next term.

An interesting fact is that during the elections and in the following days, the Internet stopped working several times in the country. The Belarusian authorities called the cause of the failure a cyberattack from abroad, but later it became known that the equipment for blocking local state security agencies was provided by the American company Sandvine.

Hackers broke into the system of the Georgian Ministry of Health to steal data on the Russian nerve agent Novichok


 According to the Georgian Ministry of Internal Affairs, the purpose of infiltrating the Ministry of Health's database was to get hold of important medical records

The Ministry of Internal Affairs reported that the Cyber Crimes Department of the Criminal Police Department of the Ministry of Internal Affairs of Georgia has begun an investigation into the fact of unauthorized entry into the computer system of the Ministry of Health of Georgia.

Recall that the Ministry of Internal Affairs established that on September 1, 2020, a cyberattack was carried out from one foreign country on the computer system of the Ministry of Labor, Health and Social Protection of Georgia in order to obtain and use important medical records from the database.

"According to the evidence collected at this stage, this cyberattack was carried out by a special service of a foreign country," stated the Georgian Interior Ministry.

The department claims that some original documents obtained as a result of illegal penetration into the computer system are currently uploaded to one of the foreign websites and are available to the mass user. In addition, clearly fabricated documents are uploaded to the website, which are deliberately fabricated in order to intimidate the public.

"The Ministry of Internal Affairs of Georgia will appeal to the relevant services of the partner countries with a request to provide effective assistance in a quick and effective investigation of this complex and specific crime,” said the ministry in a statement.

It is interesting to note that Yuri Shvytkin, Deputy Chairman of the State Duma Defense Committee, stated that there are laboratories in Georgia and the United States that produce Novichok, a Soviet-era chemical weapon.

Recall that Russian opposition leader Alexey Navalny, who is one of Russian President Vladimir Putin's fiercest critics, was poisoned with a nerve agent Novichok. Currently, he is in Charite hospital in Germany. This caused a violent reaction in the West.

Cyber Criminals broke into the database of patients of the Russian cancer center and demanded a ransom

The Sverdlovsk Regional Clinical Center was hacked. Svetlana Lavrova, a neurophysiologist, told about this on her Facebook page.

“The data of 400 patients who were operated on from the 10th to the 21st were encrypted," said Alexander Dorofeev, Deputy chief physician at the Sverdlovsk Regional Cancer Center.

The Department of information policy of the Sverdlovsk region said that the hack occurred on August 21 at the time of installation and integration of the laboratory information system.

Hackers chose the moment when the system was most vulnerable, during the installation of new software. A specially designed virus encrypted data on test results - information that is so necessary to prescribe an effective treatment. They became unreadable without a special key.

Then the hackers demanded one thousand dollars for the decoder. The management agreed to pay, but the hackers stopped communicating.

As a result, a lot of work had to be done in a few days: manually restore medical reports, re-enter them into the database.

"Especially for those who doubt confidentiality: the missing data was not transferred to someone, no one found out who had what kind of tumor, just hackers "broke" our access to them," wrote a neurophysiologist Svetlana Lavrova on Facebook.

As a result, a statement to the police has not yet been written, since there was no time.  Now, when all the data has been restored and the patients received the necessary treatment, a check will be carried out. Police need to find out who these scammers are who tried to sell the lives of 400 people for a thousand dollars. And most importantly, how they managed to find out at what point the system will be vulnerable.

Experts found targeted attacks by hackers from North Korea on Russia


Kaspersky Lab revealed that the well-known North Korean hacker group Lazarus has become active in Russia. The attackers attack through applications for cryptocurrency traders in order to steal data for access to the wallets and exchanges. In addition, the group collects research and industrial data.

Experts believe that hackers are particularly interested in the military-space sphere, energy and IT, and the interest in bitcoin can be explained by the need for North Korea  to bypass sanctions

The first cases of Lazarus targeted attacks on Russia appeared at the beginning of last year. According to Kaspersky Lab,  since at least spring 2018 Lazarus has been carrying out attacks using the advanced MATA framework. Its peculiarity is that it can hack a device regardless of what operating system it runs on — Windows, Linux or macOS.

According to Kaspersky Lab, the victims of MATA include organizations located in Poland, Germany, Turkey, South Korea, Japan and India, including a software manufacturer, a trading company and an Internet service provider.

Several waves of attacks have been detected this year. So, this month, Lazarus attacks were discovered in Russia, during which the backdoor Manuscrypt was used. This tool has similarities to MATA in the logic of working with the command server and the internal naming of components.

"After studying this series of attacks, we conclude that the Lazarus group is ready to invest seriously in the development of tools and that it is looking for victims around the world," said Yuri Namestnikov, head of the Russian research center Kaspersky Lab.

According to Andrey Arsentiev, head of Analytics and Special Projects at InfoWatch Group, Lazarus is one of the politically motivated groups. It is supported by the North Korean authorities and is necessary for this state: cybercrimes are committed to obtain funds for developing weapons, buying fuel and other resources. He explained that the anonymous nature of the cryptocurrency market makes it possible to hide transactions, that is, by paying for various goods with bitcoin, North Korea can bypass the sanctions,

Kaspersky Lab noted that data from organizations involved in research related to the coronavirus vaccine is currently in high demand in the shadow market.

Azerbaijani hackers obtained information from the Armenian Ministry of Defense


Passport data of several hundred Armenian citizens, including military personnel, as well as documents related to the Republic's military units, were leaked to the network by Azerbaijani hackers over the past three days. This was stated by media expert and information security specialist Samvel Martirosyan on July 8.

The expert noted that over the past month personal information of Armenian citizens infected with the coronavirus was leaked to the network six times. According to him, the criminals may have much more information than they published.

This is an extremely dangerous situation because among the documents there is such information as the number of vehicles in the military unit, and passport data can be used by fraudsters to issue loans.
Martirosyan believes that Azerbaijani hackers get access to official information mainly through email, taking advantage of the low level of computer literacy of the Armenian population. A significant amount of this information is sent via personal emails, which hackers can easily hack. To solve the problem, the expert suggests developing clear instructions on how to use the information and train people.

The National Security Service (NSS) of the Republic noted that they do not have information on the last data leakage but confirmed the fact of the previous two.

Earlier it became known that Azerbaijani hackers once again posted the data of Armenian citizens infected with Covid-19. On June 24, two files with names, addresses and mobile phones were published, but without passport data. Two weeks earlier, Azerbaijani hackers distributed the data of about 3,500 Armenian citizens with confirmed coronavirus infection, as well as residents of the Republic who were in contact with patients. "The e-mail of one of the outpatient regional medical centers was hacked and there was an attempt to extract information," said the NSS.

Hackers "showed ethics" and did not attack medical services in Russia during the pandemic


During the pandemic, there were no hacker attacks on medical institutions in Russia, unlike in many countries of the world, Group-IB reported. The company believes that the hackers showed "rare ethics for our observation"

Many computer hackers during the coronavirus pandemic refused to attack the information system s of Russian medical institutions, said Ilya Sachkov, CEO of a cybersecurity company Group-IB.

According to Sachkov, attackers who launch DDoS attacks can have “professional ethics” - unlike those who create fraudulent resources for fraud. Group-IB noticed attacks on medical institutions in many countries of the world, but this did not happen in Russia: there weren’t even any announcements on hacker forums or attacks by ransomware, said Sachkov.

The head of Group-IB added that the company noticed "some rare ethics for our observation" from hackers. “As if taking into account what is happening, everyone understood that in Russia medical facilities are a matter of life or death for many people ... This, of course, is my guess, I did not communicate with hackers, but I noticed. In principle, this [attack on the hospital] would be super-moral,” added Sachkov.

In April, Group-IB reported that the pandemic had divided the hacker community: some tried to profit from people's panic, while others condemned it. Several users on hacker forums at the time urged others to stop using the coronavirus for harmful purposes. In the spring, fraudsters actively used the COVID-19 theme to trick money from the Russians. The Central Bank also noticed the problem.

In May, Group-IB said that fraudsters activated a theft scheme with online purchases and false courier services. Due to the fact that many people were self-isolated and began to actively use the services of couriers, the number of registrations of fake sites similar to the sites of real delivery services has increased several times.

Hackers hacked Twitter account of the Russian Foreign Ministry and put up for sale data from tourists


Hackers hacked the Twitter account of the situation and crisis center of the Russian Foreign Ministry and put up a database of Russian tourists there for sale. The Foreign Ministry confirmed the hacking but called the message about the sale of data false. The Department said that the account has now been restored and is fully functioning.

Hackers offered to buy the database for June 2020 for 66 bitcoins (about $9000). They claimed that the database contains more than 115 thousand people. A Jabber account was specified for communication.

"Last night, attackers hacked the account of the situation and crisis center of the Russian Foreign Ministry. The information published on the feed in the morning of July 2 is "fake" and has no relation to the Russian Foreign Ministry. The account has been restored and is fully operational,” the Russian Foreign Ministry said on Twitter.

According to Alexey Kubarev, the Development Manager of the DLP Solar Dozor, Rostelecom-Solar, a number of signs in the announcement of the sale of the base cast doubt on its authenticity. First, the phone numbers listed in it are not valid.  At the same time, the base price is surprisingly high — about $5 per line. If we recall similar cases in 2019, then in them the price for one line in the database did not exceed $1.70.

According to the expert, the seller’s goal could not be a deal, but an informational throw about the alleged leak.

Earlier, E Hacking News reported that hackers tried to disrupt the website of the Public Chamber of Russia several times. In the evening of June 30, and then on July 1, they made a series of DDoS attacks on the Internet resource. The attackers also blocked the work of a special website of the chamber dedicated to public monitoring of voting on amendments to the Constitution.

Hackers who were preparing attacks on hospitals arrested in Romania


Romanian law enforcement officials stopped the activities of the cybercriminal group PentaGuard, which was preparing to carry out attacks on Romanian hospitals using ransomware.

Four hackers were arrested, and searches were conducted at their place of residence (at three addresses in Romania and one address in Moldova). According to the Romanian Directorate for Investigating Organized Crime and Terrorism (DIICOT), hackers had various malicious programs at their disposal, including Trojans for remote access, ransomware, as well as tools for defacing sites and SQL injections.

In addition, hackers developed malicious computer applications for use in computer attacks, such as rasomware-cryptolocker and RAT (Remote Trojan Access). Such malicious attacks were directed against several state institutions, as in Bucharest.

During the investigation, it became clear that cybercriminals planned to attack hospitals. The attackers intended to send phishing emails on the subject of COVID-19 to medical institutions, and use them to infect networks with ransomware Locky or BadRabbit, encrypt files and demand a ransom for recovery. According to the Romanian media, this is how the cybercriminals wanted to protest against the quarantine measures taken by the Romanian government.

This type of attack makes it possible to block and seriously disrupt the functioning of the IT infrastructure of these hospitals. They are part of the healthcare system, which currently plays a decisive and decisive role in combating the pandemic with the new coronavirus.

The hacker group PentaGuard has existed since about 2000. In January 2001, the group carried out a massive deface of the sites of the British and Australian governments. Over the past few years, PentaGuard has not conducted any deface campaigns but has remained active on hacker forums. In January 2020, the group resumed defacing attacks.

Germany has put a Russian "Dmitry Badin" on the international wanted list on suspicion of a cyberattack


The Office of the German Federal Public Prosecutor issued an arrest warrant for a Russian whom they suspect of hacking into the computer systems of the German Parliament in 2015, writes the newspaper Sueddeutsche Zeitung. The publication reports that the suspect's name is Dmitry Badin, he is allegedly an officer of the GRU.

Mr. Badin is also wanted by US authorities for hacking attacks, including the theft of emails from Hillary Clinton and the Democratic Party on the eve of the 2016 presidential election. US investigators rank him among a group of seven Russians suspected of cyber-hacking. The FBI believes that he is a Russian military intelligence officer from the GRU.

According to German law enforcement agencies, Badin is a member of the hacker group Fancy Bear. The Russian is accused of carrying out secret intelligence activities and illegally extracting computer data. Sources say that the Russian was one of the organizers of the attack on the networks of the German Parliament. Cybercrime was investigated by the Federal Criminal Investigation Agency and the police.

The newspaper reported that investigators are confident that 29-year-old Mr. Badin was also involved in a hacker attack on the German Bundestag Parliament in April 2015.

Recall that in January 2019, Germany experienced the largest leak of personal data of politicians in the history of the country. The German authorities suspected Moscow of the cyberattacks that had occurred before. Then Der Spiegel reported with reference to the country's counterintelligence that the hacker group Snake, linked to the Russian special services, tried to get access to the electronic resources of the Bundestag, the Bundeswehr and the German Foreign Ministry. The German intelligence services previously accused the same group of massed cyberattacks against German government agencies registered at the end of 2017.

Russia repeatedly denied accusations of involvement in hacker attacks. None of the German law enforcement agencies has ever provided any evidence in support of the media version about the connections of cybercriminals with Moscow.

Hackers switched from direct theft of money to gaining control over the infrastructure of companies


According to the report by Rostelecom Solar JSOC, hackers changed the focus of attacks, switching from direct theft of money to gaining control over the infrastructure of companies. Experts explain this trend by the fact that the average level of security of banks has increased significantly, which forces hackers to look for more vulnerable targets. Moreover, the demand for industrial espionage has increased on the black market. However, experts said that the activity of such hacker groups began to decrease against the background of the pandemic.

According to the report, by the end of 2019, the number of attacks aimed at gaining control over the infrastructure of companies and organizations has increased by 40%, while attacks for the purpose of stealing money have become 15% less frequent.

A long and unnoticeable presence in the organization's infrastructure allows attackers to investigate its internal processes in detail, gain deeper access to IT systems and control over them, says Vladimir Drukov, Director of Solar JSOC. He notes that hackers monetize this information by selling it on the black market, blackmailing the victim organization, or engaging in competitive intelligence.

In addition, in recent years, attacks are increasingly targeted at industrial and energy facilities, as well as government agencies whose control over infrastructure is critical for the country.

Kaspersky Lab confirmed that the number of attacks on corporate infrastructure is increasing. According to antivirus expert Denis Legezo, about 200 groups engaged in cyber espionage are currently being observed. However, the expert notes that during the coronavirus pandemic, a decline in their activity is noticeable.

Head of Analytics and Special Projects at InfoWatch Group of Companies Andrei Arsentyev noted that hackers are usually engaged in industrial espionage by order, including “hunting for various know-how, business development plans, pricing schedules”.

Attackers can monetize attacks not only through theft of funds but also by selling already configured connections to the victim’s local network to other criminals, says Evgeny Gnedin, head of Positive Technologies information security analytics department. Such a model of “access as a service” is gaining momentum today, which explains the increase in the number of such attacks.

The FBI arrested a Russian associated with Deer.io


The Federal Bureau of Investigation arrested a Russian citizen who allegedly supported the sale of hacked accounts and personal data of Internet users. The arrest occurred at the John F. Kennedy Airport.

"We received information from American law enforcement agencies that he was detained on March 7. He is in New York now in a Manhattan detention center," said Alexei Topolsky, a spokesman for the Russian Consulate.

According to him, the initial initiative for the arrest comes from the San Diego FBI. The Russian has not yet contacted the Consulate.

According to the FBI, Mr. Firsov managed the platform Deer.io where online stores engaged in illegal activities were located. The arrest warrant indicates that Firsov took part in the work Deer.io since its launch (October 2013).

According to the prosecution, Firsov is the administrator of this platform, which is located in Russia and provides an opportunity for criminal elements to sell their "products and services". The prosecution claims that the platform is selling the hacked American and international financial and corporate information, personal data, stolen accounts of many American companies.

The prosecution said that a cybercriminal who wants to sell contraband or offer criminal services through the platform can do it for $12 a month. The monthly fee is paid in bitcoins or via a number of Russian payment systems, such as WebMoney. According to Firsov, more than 24 thousand stores worked on the site, which brought in more than $17 million.

American law enforcement officers opened a criminal case, according to which Deer.io almost completely used for cybercrime purposes. FBI found stores on the Firsov site that sell access to hacked accounts, servers and personal data of users.

The Bureau said that Kirill Firsov was aware of who uses his platform, and more than once advertised Deer.io on cybercrime forums.

Russian hackers included in the US sanctions list may be associated with the criminal world


Russian hackers from the group Evil Corp, which the British intelligence services call the most dangerous in the world, can be associated with crime, in particular, with the thief in law Vyacheslav Ivankov, better known as Yaponchik ("the little Japanese").

On December 9, it became known that Maxim Yakubets, the alleged leader of the group, was married to Alena Benderskaya, who is the daughter of Eduard Bendersky, a veteran of the FSB special forces Vympel.

Journalists wrote that Benderskaya is the founder of companies associated with the security business of her father, as well as co-owner of two stores of the Italian brand Plein Sport. It's sportswear stores that Yakubets and his friends from Evil Corp liked to wear.

According to the database, the share in these stores belongs to Otari Sadov. Journalists call him "the son of an authoritative businessman Leni Assiriysky, the right hand and nephew of Yaponchik."
According to a source familiar with the details of the investigation, the hacker group was engaged in money laundering, including through real estate investments. He emphasized that Yakubets attracted a thief in law to Evil Corp.

Earlier it became known that one of the participants of the hacker group Evil Corp was Andrei Kovalsky, the son of Vladimir Strelchenko, the former mayor of the Moscow city of Khimki.

On December 5, the US government imposed sanctions against 17 Evil Corp hackers and companies associated with them. The US Treasury Department estimated the damage from their activities at $100 million.

The leader of the group Maxim Yakubets arrested in absentia. The US State department has announced a five-million-dollar reward for information leading to his arrest.

The Ukrainian Security Service and the FBI eliminated a powerful hacker group


Previously, Ehacking News reported that on July 16, it became known that the Ukrainian Security Service and the FBI detained hackers controlling 40% of the Darknet. Since 2007, members of the group have provided hackers and criminals from around the world access through Ukrainian networks in the Darknet.

Intelligence service established that the organizer of the group is the citizen of Ukraine, a resident of Odessa Mikhail Rytikov (Titov). He got serious about hacking in Moscow in the mid-2000s. In 2007, he began to provide services to hackers around the world through Ukrainian networks, carefully hiding the actual location of his equipment. From time to time, Ukrainian, Russian, and American law enforcement officers found the equipment, confiscated it, but the hacker group soon resumed its activities.

It turned out that about 10 accomplices were under command of Ukrainian hacker, as well as dozens of intermediaries in different countries and thousands of customers. Among them, for example, Eugene Bogachev, the developer of the virus ZeuS, who is wanted by the FBI.

It is established that Rytikov sold his services through closed hacker forums and specialized web resources, claiming that his server equipment is located in data centers in Lebanon, Iraq, Iran, Germany, Panama, the Netherlands, Belize, Russia. In fact, the equipment was located near Odessa, in one of the unfinished houses. The room was equipped with secret telecommunication channels and even had its own elevator.

“Nearly one hundred and fifty servers were seized during the authorized investigative actions on the territory of a private house with a hidden data center with a backup autonomous power supply, security and powerful Internet access channels. Thousands of hacker resources were placed on them, some remained encrypted, many were set up in such a way as not to keep traces of criminal activity”, said the acting Head of the Cyber Security Department of SBU (the Ukrainian Security Service) Nikolay Kuleshov.

According to law enforcement officers, they seized 146 servers for hundreds of terabytes of illegal information. The total cost of the equipment, a powerful electric generator, construction and home improvement, agreements with power engineers on a dedicated electric line is estimated at 700 thousand dollars. Only one generator could cost about 150 thousand dollars. The data center could work for a long time even in the absence of electricity.

It’s interesting to note that among the crimes committed with the participation of Rytikov, law enforcement officers distinguish the spread of malicious software ZeuS, which was used to steal financial, the case of hacking the NASDAQ exchange, called "the greatest fraudulent scheme of this type ever implemented in the United States."

Hacker uses a nanocomputer to steal NASA data

It wasn’t a good day for NASA when an unidentified cyber-attacker was able to steal 500 MB of mission data, through a Raspberry Pi nanocomputer.

First introduced by the charity Raspberry Pi Foundation in 2012, the Raspberry Pi is a credit-card sized device intended for the general public, young and old, beginners and amateurs. It is sold for about $35 that plugs into home televisions and is used mainly to teach coding to children and promote computing in developing countries.

The Raspberry Pi organization has just announced the release of the fourth generation of its budget desktop PC, the completely re-engineered Raspberry Pi 4.

The April 2018 attack went undetected for nearly a year, according to an audit report issued on June 18, and an investigation is still underway to find the culprit.

The hacker infiltrated into NASA’s Jet Propulsion Laboratory network and stole sensitive data and forced the temporary disconnection of space-flight systems, the agency has revealed.

Prior to detection, the attacker was able to exfiltrate 23 files amounting to approximately 500 megabytes of data, the report from NASA’s Office of inspector General said.

These included two restricted files from the Mars Science Laboratory mission, which handles the Curiosity Rover, and information relating to the International Traffic in Arms Regulations which restrict the export of US defense and military technologies.

“More importantly, the attacker successfully accessed two of the three primary JPL networks,” the report said.

"Officials were concerned the cyberattackers could move laterally from the gateway into their mission systems, potentially gaining access and initiating malicious signals to human space flight missions that use those systems."

NASA came to question the integrity of its Deep Space Network data “and temporarily disconnected several space flight-related systems from the JPL network.”

Flaws in LTE can allow hackers to spoof presidential alerts


Last year, the United States performed the first public test of the national Wireless Emergency Alert (WEA), an alert system designed to send messages to smartphones, TVs, and other systems simultaneously. The test was specifically for the 'Presidential Alert,' a new category that can't be opted out of (like AMBER alerts). It turns out these types of alerts can be easily spoofed, thanks to various security vulnerabilities with LTE towers.

Researchers figured out a way to exploit the system that sends presidential emergency alerts to our phones, simulating their method on a 50,000 seat football stadium in Colorado with a 90 percent success rate.

A group of researchers at the University of Colorado Boulder released a paper that details how Presidential Alerts can be faked. An attack using a commercially-available radio and various open-source software tools can create an alert with a custom message.

Why it matters: The Wireless Emergency Alert (WEA) system is meant to allow the president to promptly broadcast alert messages to the entire connected US population in case of a nationwide emergency. It can also send out bad weather or AMBER alerts to notify citizens in a particular region or locality, thus making its operation critical. However, the exploitation of LTE networks used in it can enable the transmission of spoofed messages that can cause wide spread of misinformation and panic among the masses.

The researchers didn’t perform an actual attack on a live crowd at the stadium or on actual mobile devices, Eric Wustrow, a researcher on the paper, told Gizmodo in an email. The tests performed were instead done in isolated RF shield boxes, Wustrow said, “and our analysis of Folsom Field was a combination of empirically gathered data and simulation.”

First, alerts come from a specific LTE channel, so malicious alerts can be sent out once that channel is identified. Second, phones have no way of knowing if an alert is genuine or not. Adding digital signatures to alerts could potentially solve the latter problem, but the task would require device manufacturers, carriers, and government agencies to work together.

Criminal Case Filed Against Hackers For Hacking Koltsovo Airport Database And Stealing Money From Banks


Two residents of the city Yekaterinburg are in custody for stealing money from several bank accounts and hacking into Database of Koltsovo international airport(Yekaterinburg, Russia).

Authorities found out that Cyber criminals Konstantin Melnik and Igor Makovkin created a virus through which they got access to the accounts of Bank customers.

Hackers stole 1.2 billion rubles (about 18 million USD) from their cards. In addition, hackers infected the computers of Yekaterinburg airport "Koltsovo" with malicious programs and got access to the air harbor database. The airport could not say the amount of the company's losses.

It is important to note that the hacker group was called Lurk and consisted of 24 members. Igor is one of the organizers, and Konstantin is his active participant.

The group of hackers successfully worked for five years, as it was difficult to detect the virus. The virus was self-removing and left no traces after gaining access to the accounts.

Specialists of Kaspersky Lab helped to find cyber criminals. They identified the virus in corporate networks with Sberbank's programmers.

According to some sources, the hacker group Lurk probably stole more than 124 million rubles (about 1.9 million USD) from the Bank accounts of members of the Liberal Democratic Party of Russia, holding senior positions in the party.

Pulkovo Airport's air-traffic control system malfunctioned after receiving threatening emails from Hackers



On August 8th, the Air-Traffic control system "Galaxy" in the international airport "Pulkovo" (Saint Petersburg, Russia) is malfunctioned.  The system  controls the movement of aircraft in the area of approach to the airport.

An interesting fact is that the failure occurred not only on the server but also on all the computers in the control room. Suddenly, they were frozen.

At the time of the incident, four Airplane were in the air without control for about ten minutes.

Few days back (August 3rd) before this incident the Airport's Quality Control Department received threatening e-mail.  The Pulkovo airport received these threatening emails at least three times starting from July 30.

The Cyber Criminals demanded 200 Bitcoins (around 89 million rubles/90 million rupees) otherwise they will disrupt the navigation control system.  Employees assume that these threats and system failure have a direct connection.

Law enforcement agencies found that the letters were sent from Switzerland, and the SIM cards to which the addresses are linked are registered on British citizens. Most likely, hackers used fake IP-addresses to mislead the police.  The police said that no one can hack the air navigation system of the airport from external sources.

Could it be a just coincidence that the control system malfunctioned after these threatening letters? or the hackers really behind the attack? It is still unknown. The experts are trying to find the root cause of the failure. Thankfully, there was no damage.

The cyber criminals can be punished with three years imprisonments or can be fined up to 300 thousand rubles.

This is not the first time an Airport receiving threatening letters from cyber criminals.  But, it appears that this is first time a malfunctioning-incident reported after such kind of letters.  It should be noted that Airport "Domodedovo" (Moscow International airport) also received a threatening letter with a demand of several hundred in Bitcoins.  However, there was no incident reported in this case.