Meet the French researcher the Shadow Brokers keep calling out

The Shadow Brokers appear to be obsessed with Matthieu Suiche. A bevy of security researchers have spent time studying the mysterious group of hackers best known for leaking a cache of National Security Agency hacking tools. But Suiche is one of few analysts to have been called out by the Shadow Brokers multiple times, with the acknowledgement straddling the line between begrudging respect and reverent admiration. No one, even Suiche, understands why. A 29-year-old French security researcher and entrepreneur, Suiche is one of the foremost experts when it comes to the peculiar group.  In an effort to understand why and who The Shadow Brokers — an entity still at the center of an expansive federal counterintelligence investigation — are so enamored by his work, it’s important to understand how Suiche’s background led to this point in time.  In late July, Suiche spoke at the large Vegas-based cybersecurity conference known as BlackHat about […]

The post Meet the French researcher the Shadow Brokers keep calling out appeared first on Cyberscoop.

Continue reading Meet the French researcher the Shadow Brokers keep calling out

In wake of Equifax breach, government shines light on entire industry

Government agencies have contacted Equifax’s largest competitors to learn more about the potential for cyberattacks on the credit monitory industry as a whole, a senior federal official told CyberScoop. The recently revealed breach at Equifax — one of three multinational corporations that rely on comparable software to manage consumers’ credit reports and other highly sensitive records — caused upwards of 143 million records to be compromised and drew immediate attention by federal law enforcement. But other federal agencies, like the Department of Homeland Security, have been focusing on understanding the threat posed to the larger industry, according to the senior federal official, who spoke to CyberScoop on condition of anonymity to discuss an ongoing government investigation. The official said that because Equifax’s biggest competitors — namely TransUnion and Experian — also rely on the software like Apache Struts, a popular web server application, the outreach was necessary in order to learn more about the industry’s […]

The post In wake of Equifax breach, government shines light on entire industry appeared first on Cyberscoop.

Continue reading In wake of Equifax breach, government shines light on entire industry

Equifax Data Breach – Hack Due To Missed Apache Patch

Equifax Data Breach – Hack Due To Missed Apache Patch

The Equifax data breach is pretty huge with 143 million records leaked from the hack in the US alone with unknown more in Canada and the UK.

The original statement about the breach is as follows for those that weren’t up to date with it, which came out Sept 7th (4 months AFTER the breach happened).

Equifax Inc. (NYSE: EFX) today announced a cybersecurity incident potentially impacting approximately 143 million U.S.

Read the rest of Equifax Data Breach – Hack Due To Missed Apache Patch now! Only available at Darknet.

Continue reading Equifax Data Breach – Hack Due To Missed Apache Patch

U.S. officials looking at Apache vulnerability as cause for Equifax breach

It’s likely that whomever was responsible for the giant data breach at credit reporting giant Equifax likely targeted an old version of the Apache Struts framework, according to a senior government official who spoke on condition of anonymity to discuss an ongoing investigation. The attackers, the official said, appear to have relied on a known vulnerability in the open-source web application that was disclosed in March 2017. The vulnerability is different from that one that was widely reported on last week. The official’s comments to CyberScoop are the first from a government source regarding the cause behind one of the largest data breaches in history, which was publicly announced last week. The official cautioned that while the Struts vulnerability is currently considered the mostly likely avenue, an investigation is ongoing and still developing. The FBI is currently working with Equifax in order to fully investigate the cause of the breach […]

The post U.S. officials looking at Apache vulnerability as cause for Equifax breach appeared first on Cyberscoop.

Continue reading U.S. officials looking at Apache vulnerability as cause for Equifax breach

Hacker posted stolen material from Mandiant researcher in attempt to damage FireEye stock

A hacker broke into an Israeli-based security researcher’s personal email account one year ago, but waited until the day before his employer, U.S. cybersecurity firm FireEye, announced earnings to publish the stolen material in an effort designed to damage the company’s stock value, people familiar with the matter told CyberScoop. While the investigation is ongoing, it’s believed that the attacker’s underlying motive was to cause financial and reputational damage to FireEye. The incident highlights how a hacker can stoke fears of a corporate breach to negatively affect the stock price of a specific, targeted company. The attacker behind this widely publicized incident, dubbed operation “LeakTheAnalyst,” first started posting evidence on July 31 of breached email and social media accounts belonging to a single analyst who worked for Mandiant, a FireEye subsidiary. FireEye posted earnings for their second fiscal quarter the next day. The hacker’s first message included a cache of documents, […]

The post Hacker posted stolen material from Mandiant researcher in attempt to damage FireEye stock appeared first on Cyberscoop.

Continue reading Hacker posted stolen material from Mandiant researcher in attempt to damage FireEye stock

Mandiant researcher doxed by hackers; FireEye counters claim that internal info dumped

A hacker claiming to have compromised cybersecurity firm Mandiant published a trove of leaked emails Sunday apparently connected to a single employee’s personal computer. While the attacker boasted of breaking into the company’s corporate network, the available evidence only suggests that a personal computer, which stored some work documents, was hacked. “It was fun to be inside a giant company named ‘Mandiant’ we enjoyed watching how they try to protect their clients and how their dumb analysts are trying to reverse engineer malwares and stuffs,” the hacker’s message reads. “Now that ‘Mandiant’ knows how deep we breached into its infrastructure its so-called threat analysts are trying to block us. Let’s see how successful they are going to be :D.” In a statement provided to CyberScoop, a spokesperson for Mandiant’s parent company FireEye said: “We are aware of reports that a Mandiant employee’s social media accounts were compromised. We immediately began […]

The post Mandiant researcher doxed by hackers; FireEye counters claim that internal info dumped appeared first on Cyberscoop.

Continue reading Mandiant researcher doxed by hackers; FireEye counters claim that internal info dumped

How The Intercept Outed Reality Winner

Today, The Intercept released documents on election tampering from an NSA leaker. Later, the arrest warrant request for an NSA contractor named “Reality Winner” was published, showing how they tracked her down because she had printed out the documents and sent them to The Intercept. The document posted by the Intercept isn’t the original PDF file, but a PDF containing the pictures of the printed version that was then later scanned in.

As the warrant says, she confessed while interviewed by the FBI. Had she not confessed, the documents still contained enough evidence to convict her: the printed document was digitally watermarked.

The problem is that most new printers print nearly invisibly yellow dots that track down exactly when and where documents, any document, is printed. Because the NSA logs all printing jobs on its printers, it can use this to match up precisely who printed the document.

In this post, I show how.

You can download the document from the original article here. You can then open it in a PDF viewer, such as the normal “Preview” app on macOS. Zoom into some whitespace on the document, and take a screenshot of this. On macOS, hit [Command-Shift-3] to take a screenshot of a window. There are yellow dots in this image, but you can barely see them, especially if your screen is dirty.

We need to highlight the yellow dots. Open the screenshot in an image editor, such as the “Paintbrush” program built into macOS. Now use the option to “Invert Colors” in the image, to get something like this. You should see a roughly rectangular pattern checkerboard in the whitespace.

It’s upside down, so we need to rotate it 180 degrees, or flip-horizontal and flip-vertical:

Now we go to the EFF page and manually click on the pattern so that their tool can decode the meaning:

This produces the following result:

The document leaked by the Intercept was from a printer with model number 54, serial number 29535218. The document was printed on May 9, 2017 at 6:20. The NSA almost certainly has a record of who used the printer at that time.

The situation is similar to how Vice outed the location of John McAfee, by publishing JPEG photographs of him with the EXIF GPS coordinates still hidden in the file. Or it’s how PDFs are often redacted by adding a black bar on top of image, leaving the underlying contents still in the file for people to read, such as in this NYTime accident with a Snowden document. Or how opening a Microsoft Office document, then accidentally saving it, leaves fingerprints identifying you behind, as repeatedly happened with the Wikileaks election leaks. These sorts of failures are common with leaks. To fix this yellow-dot problem, use a black-and-white printer, black-and-white scanner, or convert to black-and-white with an image editor.

Copiers/printers have two features put in there by the government to be evil to you. The first is that scanners/copiers (when using scanner feature) recognize a barely visible pattern on currency, so that they can’t be used to counterfeit money, as shown on this $20 below:

The second is that when they print things out, they includes these invisible dots, so documents can be tracked. In other words, those dots on bills prevent them from being scanned in, and the dots produced by printers help the government track what was printed out.

Yes, this code the government forces into our printers is a violation of our 3rd Amendment rights.


While I was writing up this post, these tweets appeared first:

oh wow, @knowtheory just pointed out the microdots on the first and late page of the intercept’s docs. printer dots kill puppies, folks. pic.twitter.com/w8qxJ9zvhf

— Quinn’s internet 👻 (@quinnnorton) June 6, 2017

The date in the microdots is 6:20 2017/05/09 from a printer with serial number #5429535218, according to https://t.co/PVVm7AAjlL pic.twitter.com/6BY7Y3MFhL

— Tim Bennett (@flashman) June 6, 2017


Comments:
https://news.ycombinator.com/item?id=14494818

Continue reading How The Intercept Outed Reality Winner

Cryptocurrency company pushes back against Shadow Brokers’ latest claims

The Shadow Brokers say they will be accepting Zcash for subscriptions to their monthly dumps of leaked NSA files — a decision intended to needle the U.S. government over its role in the cryptocurrency’s creation. But the company that oversees Zcash says that federal agencies have no ties to the cryptocurrency beyond some general connections to its academic roots. In announcing the subscription service, the Shadow Brokers insinuated that Zcash has links to the Defense Advanced Research Projects Agency, other U.S. military agencies and Israel. “Maybe USG is needing to be sending money outside from banking systems? If USG is hacking and watching banking systems (SWIFT) then adversaries is also hacking and watching banking systems. Maybe is for sending money to deep cover foreign assets? Maybe is being trojan horse with cryptographic flaw or weakness only NSA can exploit? Maybe is not being for money?” the blog post written in broken English reads. Though the hacking group has claimed Zcash’s privacy […]

The post Cryptocurrency company pushes back against Shadow Brokers’ latest claims appeared first on Cyberscoop.

Continue reading Cryptocurrency company pushes back against Shadow Brokers’ latest claims

The leaked NSA hacking tool that will wreak havoc for years to come

A powerful hacking tool original used by the National Security Agency and subsequently leaked in April by the Shadow Brokers will give defenders problems for years to come as hackers continue to adopt and repurpose the malicious computer code, experts and former U.S. intelligence officials tell CyberScoop. The tool, codenamed EternalBlue, effectively leverages two different coding flaws in older versions of Microsoft Windows to propagate malware on a targeted computer network. In practice, this exploit breaks a network file sharing protocol known as the server message block, or SMB. Although Microsoft promptly released several software updates for affected versions of Windows in March, and then again most recently in May, millions of systems remain unpatched and therefore vulnerable to hackers using EternalBlue. Experts believe that the high-quality exploit will be used in the coming years by both amateurish hackers and sophisticated threat actors to steal information. “EternalBlue will exist and […]

The post The leaked NSA hacking tool that will wreak havoc for years to come appeared first on Cyberscoop.

Continue reading The leaked NSA hacking tool that will wreak havoc for years to come