Lipetsk hacker made transport cards to be unlimited

Since 2017, the citizens of the city of Lipetsk can pay for travel in transport using special electronic travel cards, the balance of which must be regularly replenished.

However, the 22-year-old hacker managed to bypass the system and recorded the transport cards to unlimited.

The young man managed to create a virtual card account, which was recognized by the bus validators and accepted as a real payment. He sold unlimited cards to four residents for a thousand rubles ($ 16) each.

According to owners of unlimited cards, they didn't suspect that the young man carried out illegal manipulations.

The truth came out when one of the buyers appealed to the transport company with complaints about the failure, the validator stopped reading the card. Managers found that the card did not appear in the database, the balance was not replenished for a long time, but at the same time, the owner of the card actively traveled in public transport. After that, the employees of the transport company appealed to the police.

It is worth noting that the transport company lost about 11 thousand rubles.

The criminal case was opened under two articles: fraud and illegal access to computer information.

Hacker who was offering Cybercrime-as-a-service detained in Novokuznetsk



Employees of the Ministry of Internal Affairs of Russia with the assistance of experts of Group-IB, an international company specializing in the prevention of cyber attacks, detained a hacker in Russian city Novokuznetsk who hacked computers around the world.

The detainee offered Cybercrime-as-a-service services to cyber criminals.  He created and maintained admin panels for managing malware and botnets. 
 
According to the local report, he infected more than 50 thousands computers across the world.  He managed to steal usernames and passwords from browsers, mail clients of the infected computers.  He also reportedly stole financial information such as bank card details.

The investigation began in the spring of 2018, when the hacker infected around 1000 of computers with malicious software Formgrabber.

"He administered the botnet, which counted several thousand infected computers of Russian and foreign users,” the press service of the Ministry of Internal Affairs reported.

It turned out that the hacker is only 26 years old, since 15 he has earned money by creating websites for computer games, but then he decided to learn the profession of a hacker.  More recently, he was testing malware targeting Android platform.

He has already been charged under the article "Creation and distribution of malicious computer programs". He completely admitted his guilt.

The Deputy Director hacked the education management Server of Ulyanovsk

The Prosecutor's Office of the Ulyanovsk region reported an extraordinary case in which an employee of an educational institution became a hacker.

According to the Prosecutor's office, the man knew that he had no right to any actions with the information stored on the Management Servers. However, he gained access to the Server of the Education Department of the Ulyanovsk Administration.

Namely, he got access to the data containing personal data of pupils, parents and employees of Ulyanovsk schools and deleted them. These actions led to the failure of the structural units of the Education Department.

Moreover, he found on the Internet a malicious computer program designed to neutralize computer information protection tools and installed it on the hard magnetic disk of the service computer. Thus, he managed to find password-code information to the education management Server.

Finally, the former Deputy Director of the school stopped the work of the structural units of the Education Department.

The man was exposed by the staff of the regional FSB. The suspect explained his actions as revenge to the authority for unfair actions against him. The man was charged with imprisonment for up to 5 years.

The Security Service of Ukraine tracked down a Russian hacker on the territory of Zaporozhye


As previously reported the Ukrainian President Petro Poroshenko accused Russia of hacker attacks on the Ukrainian Central Election Commission, but there was no real evidence of Russian interference in the elections.

This time the Security Service of Ukraine (SBU) claim that stopped the activities of a hacker allegedly hired by Russia to interfere in the work of servers of state institutions.

According to the press center of the SBU, the suspect is the resident of Zaporozhye region, who worked as an administrator of a closed Internet forum for cybercriminals created in the Russian Federation. There he was looking for people who had to send malicious software to the e-mail addresses of State Institutions for a fee.

Experts noted that such computer viruses are used to block the activities of information resources through connection to the State register of Ukraine. The SBU stressed that it could pose a threat to the servers or computers of the Election Commission.

Law enforcement officers searched the hacker's house and found computer equipment with programs to create and transform computer viruses. Also, they found 10 samples of harmful ready-made software which was prepared for distribution between members of a hacker forum.

An interesting fact is that the SBU earlier exposed the resident of Chernihiv region, who "worked for the Kremlin," placing the social media posts criticizing the Kiev authorities and doubts about the combat capability of the Ukrainian army, with the purpose to influence the Election of the President.

President of Ukraine accused Russia of cyber attacks on the website of the Central Election Commission of Ukraine



Petro Poroshenko accused Russia of hacker attacks on the Ukrainian Central Election Commission. According to him, Ukrainian experts on February 24 and 25 recorded a DDoS attack on the Central Election Commission.

Poroshenko pointed out that the National Security and Defense Council, the Security Service of Ukraine and the Department of Information Security, together with their American partners, have developed mechanisms to protect the CEC.

The Head of Ukraine also spoke about the negotiations with representatives of the Armed Forces and the US State Department on cooperation in the field of cybersecurity, which took place in Odessa.

Two weeks earlier, Sergey Demedyuk, the Head of the Cyber Police Department of the National Police of Ukraine, said that Russia is preparing a large-scale cyber attack on the Ukrainian CEC. According to Demedyuk, Russian hackers are going to penetrate into the computer systems of the Election Committee in order to be able to influence the results of the presidential elections, which will be held on March 31, 2019.

The director of national intelligence of the United States, Dan Coats, also agreed with Demedyuk, who admitted that Russia will try to intervene in the elections in Ukraine with the help of hackers.

The Kremlin denied the statements of the Ukrainian authorities about Russia's cyber attacks on the eve of the presidential elections.

"We do not know anything about this. I can only say that we hear a huge number of similar statements from around the world, it seems that it takes the character of some mania or phobia," - said Dmitry Peskov, press secretary of the Russian president.

A spokesman for Vladimir Putin noted that Russia had never had anything to do with various manifestations of cyber crime.

Interestingly, at the beginning of this month, hackers attacked the website of the showman and presidential candidate of Ukraine Vladimir Zelensky immediately after the launch.

A little earlier, the YouTube channel of another candidate for President of Ukraine, mayor of Lviv Andrei Sadovoi was attacked by a hacker and was destroyed.


Moldovan Parliament Speaker accused Russia of trying to interfere in the elections


Andrian Candu, Speaker of the Moldovan Parliament, Vice-Chairman of the Democratic Party, said that Russia tried to interfere in the electoral process in Moldova.

As previously stated by the official representative of the Russian Foreign Ministry, Maria Zakharova, Russia does not interfere in the elections in Moldova. Moscow has repeatedly denied accusations of trying to influence the elections in different countries and stressed that there is no evidence to confirm this.

Candu told reporters that the Russian authorities used a number of tools to influence the election campaign. "This includes the Amnesty for migrants, and the removal of customs duties, and the situation with the pilots rescued from Afghanistan," the politician said.

However, the President of Moldova, Igor Dodon, denied the allegations Andrian Candu.

"Russia does not interfere in our elections, and the speaker's statements are blasphemous," Dodon said after visiting the polling station.

The President accused the Democrats of carrying out an anti-Russian policy and that they did not care about the difficulties of Moldovan producers, who lost the main Russian market.

The Head of State expressed the hope that the vote will help change the Parliament and Government and improve the difficult situation in the country.

A massive hacking incident occurred in the Russian social network Vkontakte


On Thursday, February 14, the work of the major Russian social network Vkontakte failed. In VK groups appeared the same link to the post, which was reported that users will now see ads in private messages.

Soon the administrators of the social network reacted and stopped the failure. The vulnerability was completely closed for 20 minutes. Subsequently, representatives of VK apologized for the inconvenience. At the moment, the work of the social network is fully normalized.

After some time, it turned out that the massive hacking was done by hackers who for a year tested the social network for various vulnerabilities and identified the bug. However, the administration of VK has not paid them a reward for finding and eliminating vulnerabilities in the code.

According to them, they did not purposefully report the only error in the code that they used to remind themselves. However, they noted that they did not harm users.

An interesting fact is that the Russian State Duma demanded an investigation of the incident. Alexei Zhuravlev, State Duma Deputy, said that it could be the intervention of the United States or Britain. At the moment, these publications are removed from the network.


Ukrainian Hacker detained for remotely spying on Politicians



A 23 year old Ukrainian Hacker from Kharkiv City detained by the National Police of Ukraine for hacking into personal computers of Ukrainian Citizens and other states.

According to the local press report, the hacker used a malicious software(probably RAT - Remote Access Trojan) to control the victim's computers for almost two years.  It is said he also observed the activities of victims using web camera. The hacker is said to invaded personal life of about 100 people.

A Search and Seizure warrant was executed at the hacker's home, leading to the video recordings of victims and malicious software used in the Cyber espionage.

The motive of the espionage is not clear.  One of the theory says that he received order from some one to target people and got money.  The theory might be true as some of the victims were also members of Ukrainian political parties.

If convicted, the hacker will face up to six years imprisonment.

- Christina


Hackers' attempt to bring down Rostelecom failed



At the end of August, a powerful DDOS attack was launched against Rostelecom, a largest Internet provider in Russia.  According to the local news report, the experts from the company managed to detect and defend the attack within 8 minutes.

If the attack was successful, it coulld disrupted the usage of 170,000 customers and disrupted the work in Kirov region.  Moreover, this attack would have done economic and reputation damages for the Rostelekom.

It is to note that "Rostelecom" is serving a large number of users: about 130,000 people use the Internet, 44000 use the interactive TV, another 300000 use telephony. The customers not only include normal users but also a corporates which includes largest ones.

"Our company has powerful monitoring tools, we can identify these attacks, reflect them and, in most cases, determine where the attack has been initiated. Generally, the purpose of these attacks is to create problem for service provider and users, limiting their access to the Internet, in order to cause commercial and reputation risks.", The technical Director of "Rostelecom" in Kirov region, Alexey Dolzhenkov said.

It is still unknown who is behind this attack, the experts are gathering evidence of the attack.

- Christina


Official forum of Unity Hacked by OurMine Hacking Group


Representatives of the company Unity Technologies released an official statement concerning the hacking of the Unity forum last weekend. Hackers from the notorious group OurMine took responsibility for the attack on the defacement page and told about the theft of data.

Through integrated system for mailing the hackers sent letters to all users of the forum with a message, in which they called themselves a "group of experts". In e-mail attackers also reported on the hacking of the website Unity3D and recommended to change passwords. Hackers claimed that the database of resource was at their disposal. And they have information of more than two million users.

The staff of Unity Technologies confirmed the attack, however, the company denied that hackers got user-level passwords and other personal information. The company explained that the incident occurred as result of "using weak password," but members of the OurMine and the attackers compromised "small number of data". Separately, it emphasized that financial information of users were not affected, and the attack did not affect other services of Unity.

Developers warned that in this incident passwords were not "lost", but they still recommend users to change passwords. Because it is possible that the group have e-mail addresses and passwords obtained from other sources.

Directly after the attack on April 30, 2017 the forum time were not available for some, but now it is operating normally. Representatives from Unity Technologies promise to work on their security, in particular, in the coming weeks two-factor authentication and a more serious password policy should appear on forum.

The group OurMine is known for regularly hacking accounts of different famous personalities. List of victims from hands of hackers include: Mark Zuckerberg (head of Facebook, hacked Pinterest and Twitter), Dick Costolo (ex-head of Twitter, hacked Pinterest and Twitter), Sundar Pichai (head of Google, hacked Quora and messages from the hackers were duplicated in Twitter), Ev Williams (co-founder of Twitter, Blogger and Medium, hacked Twitter), Daniel Ek (head of Spotify, hacked Twitter) and Brendan Iribe (head of Oculus Rift, hacked Twitter), and YouTube-user Pewdiepie, Hollywood actor Channing Tatum and many others.

Vietnamese Hacker who stole identities of 200 million American, sentenced to 13 years

After breaking into the computers of several business entities and stealing the personal identification information of over 200 million Americans, a Vietnamese hacker has finally been sentenced for 13 years in prison.

The Department of Justice on Tuesday, released a report announcing that Hieu Minh Ngo, 25, bagged $2 mn from hacking and stealing the personal identification and selling it to other cyber criminals.

A District Court in New Hampshire finally sentenced Ngo on Tuesday for various fradulent charges, as reported by the Financial Times. Ngo was arrested in february 2013, soon as he entered America.

Back in his home in Vietnam, Ngo was active from 2007 till 2013, for breaking into computer systems and stealing identifiable information like Social security numbers, credit card details, bank account, phone numbers, and advertising about the data on his websites, from where the fellow hackers used to buy the information.

A press release by the Justice Department specified that 'Ngo admitted that he offered access to PII (personally identifiable information) for 200 million U.S. citizens, and that more than 1,300 customers from around the world conducted more than three million "queries" through the third-party databases maintained on his websites'.

The Internal Revenue Service stated that the information sold on Ngo's website to other hackers was used to file income tax returns for more than 13000 people, who saw $65 million returned on their behalf.

'Criminals buy and sell stolen identity information because they see it as a low-risk, high-reward proposition,' Assistant Attorney General Leslie Caldwell said a statement.
'Identifying and prosecuting cyber criminals like Ngo is one of the ways we're working to change that cost-benefit analysis.'

The US Office of Personnel Management revealed that the hackers have stolen more than 21.5 mn social security numbers till now, and out of them 1.1 mn include fingerprints.

Sentencing Ngo has finally taken an initiative for stopping cyber crimes that are breaching the personal identity of civilians.

Digital Constitution hacked, to promote online gambling

Digital Constitution, the Microsoft web site which protects online privacy in a digital world, was hacked to promote online casinos.

According to ZDNet, which first reported about the hacking, the Digital Constitution was running an older version of WordPress when the spammy links were discovered.

Though the links were removed from the front page in the hours following the ZDNet report, a variety of other pages continued link to the gambling sites.

The news reports says that it is unknown how long ago the site was hacked to promote online gambling, whether other Microsoft websites were hacked or not. It is still not clear who was behind the attack.

Ars Technica noted that it was not unusual for hack-by-numbers exploit kits to automatically inject malicious links into vulnerable pages that when viewed by vulnerable computers, perform drive by download attacks.

However, when the company was asked, the Microsoft answered not more than "it's fixed."

According to the news report, the attacker had injected text with keywords like "online casino," "poker, "craps," "roulette," and "blackjack." New pages were added to inject to show content that embeds content from other casino-related websites. 

Hackers steal $24k from Mahwah businessman’s bank account

After big corporations and the government agencies, hackers are now targeting individuals. The hackers stole $240,000 from a local businessman’s bank account in Mahwah by hijacking his phone number.  

According to a report published on CSB New York, at first, the hackers followed and observed the local businessman and gained enough his personal information to convince his bank to wire $240,000 overseas.

Chief of Police James Batelli said that the phone number of the businessman had been hijacked so when the bank called to verify the hackers answered. However, the bank did not get a clue that it was talking to the hackers overseas.

“That is call forwarded to Brussels and the person on that end answers all the proper security questions, which was social security numbers, mother’s maiden name, hospital they were born in; and the bank thinks they’re talking to the person authorized to allow that transfer to go through,” said Batelli.

Batelli said that in order to protect personal information, people should regularly change their security questions.

Kreditech Suspects Insider In Data Breach

Kreditech, a Germany-based  micro-loan startup is investigating a data breach of personal and financial records of thousands of its online applicants, according to Brian Krebs report.

A Web site accessible via Tor, a software that transfers  Internet traffic  to a global network of relays, included links to countless documents, drivers licenses, national Ids, scanned passports, and credit agreements taken from Kreditech’s servers.

A group of  hackers 'A4' professes to have posted the screen shots of the hundreds of gigabytes documents of Kreditech.

Kreditech head of communications Anna Friedrich said, “There is no access to any customer data. This incident stemmed from a form on our website that was stored data in a caching system that deleted data every few days. What happened was that a subset of application data was affected. We are collaborating with the police, but unfortunately there is no more further information that I have to share.”

Further adding Friedrich said that Kreditech believes the data was leaked by an insider, can be former or current employee.

Kreditech, has raised $63 million from investors since 2012. The company grant credit to applicants using traditional data scoring and social media, and provide loans  in Spain, the Czech Republic, Poland, Mexico, Australia, Russia,  Peru, the Dominican Republic and Kazakhstan.

Twitch advises users to change passwords after potential hack

Gaming video broadcaster Twitch recently announced that the site could have potentially been hacked and all users should set new passwords for their accounts on the website.

The company has given out an official statement on the matter saying that hackers could have gained access to personal account information of its users. The website has not given out any information as to how hackers accessed the user information.

Not taking any chances, Twitch has expires the passwords of all its user accounts and also accounts linked from Youtube and Twitter. The company has gone a step further and also asked users to change their similar passwords on other websites.

Twitch is also contacting users personally via email, who they think might have been directly impacted because of the potential breach. In the email (obtained from Twitter user Chris Seymour) Twitch has further stated the information of the affected users at risk.

The email read, 'We are writing to let you know that there may have been unauthorized access to some of your Twitch user account information, including possibly your Twitch username and associated email address, your password, the last IP address you logged in from, limited credit card information (card type, truncated card number and expiration date), and any of the following if you provided it to us: first and last name, phone number, address, and date of birth.'

Twitch has declined to comment publicly what personal information of its users might be at risk.

LAX Police investigating credit card breach at Tom Bradley International Airport

Police have begun investigating what appears to be a credit card fraud at one of the shopping vendors at the Tom Bradley International Airport.

The police are being reclusive on the matter and haven failed to comment what led them to finding out about the credit card breach. They have also refused to tell the press about which shopping vendor might have been compromised for card payments. No suspects have been identified as of yet by the police.

The Tom Bradley International Airport is the sixth busiest airport in the world, and the third in United States. The terminal has three levels and 18 gates and 39 airlines operate out of their. There are dozens of vendors present throughout the airport.

LAX Police have asked anyone who finds unauthorized charges on their card statements at the airport terminal after March 4 to call  (424) 646-6100 immediately.

Yahoo says ShellShock vulnerability is NOT the cause of the servers hack

Researcher Jonathan Hall says he found evidence that Romanian hackers used the recent "ShellShock" vulnerability to hack a number of high profile websites including Yahoo, WinZip.

Hall said he informed Yahoo, WinZip and FBI about the issue.

Yahoo earlier today said their servers were compromised by the ShellShock vulnerability.  But, Yahoo's Chief Information Security Officer Alex Stamos published a statement in Hacker News that the breach is not a result of 'Shell Shock'.

"Three of our Sports API servers had malicious code executed on them this weekend by attackers looking for vulnerable Shellshock servers." Stamos wrote.

"These attackers had mutated their exploit, [and] this mutation happened to exactly fit a command injection bug in a monitoring script our Sports team was using at that moment to parse and debug their web logs."

The company claimed hackers did not gain access to any user data and the affected servers are used to provide live streaming for its sports service that don't store user data.

In response, Hall said in his blog "The Yahoo! infiltration WAS from the 'Shellshock' vulnerability, and it did NOT originate on the sports servers / API’s".

Monsanto hacked, 1300 individuals affected

Monsanto, a chemical and agricultural biotech corporation, has admitted that hackers managed to breach the server of its subsidiary Precision planting.

The breach occurred in late March, affecting less than 1,300 customers and employees.

The affected server contained sensitive information including customer names, addresses, tax ID numbers, Social Security numbers and financial information.

The server was also used for storing Human Resources Department data which includes employee names, addresses, social security numbers and driver's license numbers of small number of employees.

The company claims that it does not believe the breach was an attempt to steal customer information.

The affected individuals are being offered one year free membership of credit monitoring and identity theft insurance. 

Spotify suffers Data Breach, You should upgrade the android app

Music Streaming Service Spotify is the latest high-profile company to report a Data breach.  Spotify has announced on its blog that it had been hacked.

According to the blog post, the breach affected only one user.  The affect user has been notified about the incident.  The company says the breach did not involve any password, financial or payment information.

"Based on our findings, we are not aware of any increased risk to users as a result of this incident." Oskar Stål, Chief Technology Officer at Spotify said in the blog post.

As an additional security measure, the company also recommends android users to upgrade their spotify application.  iOS and Windows Phone users do not need to take any actions.

"We apologise for any inconvenience this causes, but hope you understand that this is a necessary precaution to safeguard the quality of our service and protect our users." the blog post reads.

Official websites of Taj Mahal and Agra Fort hacked by Pakistani hackers


The Pakistani hackers continue to target Indian Government and other websites.  'Pakistan Haxors Crew' is to be one of the most active groups that targeting Indian websites.

Today, the hacker known as 'H4$N4!N H4XOR' from the group hacked into one of the popular Indian Government websites ; The main page of Taj Mahal website(www.tajmahal.gov.in) is now displaying the Pakistan's flag.

The message posted on the defaced page reads follows:
"Whatever you fail to detect, will cause your downfall..Pakistan Haxors Crew is here to remind you of your Security.. Our fight is not against any individual but the system as whole"

It is not the only website defaced in the recent attack. The group also changed the contents of other popular government websites including Agra Fort official site(agrafort.gov.in) and Fatehpur Sikri site.

While other sites are modified to display the hacker's content in the front page of the site, hackers have placed their defacement page in Fatehpur Sikrisite at "http://fatehpursikri.gov.in/r00t.html"  

At the time of writing, all of the affected websites still display the contents modified by the hackers.