Tag Archives: Hacking

Here’s the NSA Employee Who Kept Top Secret Documents at Home

nghia-hoang-pho-nsa-employee

A former employee—who worked for an elite hacking group operated by the U.S. National Security Agency—pleaded guilty on Friday to illegally taking classified documents home, which were later stolen by Russian hackers.

In a press release published Friday, the US Justice Department announced that Nghia Hoang Pho, a 67-year-old of Ellicott City, Maryland, took documents that contained top-secret national information from the agency between 2010 and 2015.

Pho, who worked as a developer for the Tailored Access Operations (TAO) hacking group at the NSA, reportedly moved the stolen classified documents and tools to his personal Windows computer at home, which was running Kaspersky Lab software.

According to authorities, the Kaspersky Labs’ antivirus software was allegedly used, one way or another, by Russian hackers to steal top-secret NSA documents and hacking exploits from Pho’s home PC in 2015.

“Beginning in 2010 and continuing through March 2015, Pho removed and retained U.S. government documents and writings that contained national defense information, including information classified as Top Secret and Sensitive Compartmented Information,” the DoJ said in disclosing Pho’s guilty plea. 

“This material was in both hard-copy and digital form, and was retained in Pho’s residence in Maryland.”

For those unaware, the U.S. Department of Homeland Security (DHS) has even banned Kaspersky Labs’ antivirus software from all of its government computers over suspicion of the company’s involvement with the Russian intelligence agency and spying fears.

Kaspersky CEO Says He Would Leave If Russia Asked Him To Spy

Though there’s no substantial evidence yet available, an article published by US news agency WSJ in October claimed that Kaspersky software helped Russian spies steal highly classified documents and hacking tools belonging to the NSA in 2015 from a staffer’s home PC.

However, Kaspersky Labs has denied any direct involvement with the Russian spies in the alleged incident.

Just last month, Kaspersky claimed that its antivirus package running on the Pho’s home PC detected the copies of the NSA exploits as malicious software, and uploaded them to its cloud for further analysis by its team of researchers.

According to the company, as soon as its analysts realized that its antivirus had collected more than malicious binaries, the company immediately deleted the copy of the classified documents, and also created a special software tweak, preventing those files from being downloaded again.

Even, when asked if Russian intel agency had ever asked him to help it spy on the West at a media briefing at the Kaspersky’s offices in London on Tuesday, CEO Eugene Kaspersky said “They have never asked us to spy on people. Never.”

Kaspersky further added that “If the Russian government comes to me and asks me to anything wrong, or my employees, I will move the business out of Russia.”

NSA Hacker Faces A Prison Sentence Of Up To 10 Years

In Pho’s plea deal with prosecutors, the NSA hacker admitted that he copied information from NSA computers multiple times between 2010 and 2015 and took it all home with him.

Taking classified documents at home is a clear violation of known security procedures—and in this process, Pho eventually exposed the top secret information to Russian spies.

Pho has pleaded guilty in a United States district court in Baltimore to one count of willful removal and retention of national defense information, with no other charges filed against him and there’s no mention of Pho selling or passing off that confidential data.

The retention of national defense information offense carries a possible 10-year prison sentence.

Federal prosecutors said they would seek an eight-year sentence for Mr. Pho. However, his attorney can ask for a more lenient sentence.

Pho remains free while awaiting sentencing on 6th April next year.

22-Year-Old Hacker Pleads Guilty to 2014 Yahoo Hack, Admits Helping Russian Intelligence

yahoo-hacker

Karim Baratov, a 22-year-old Kazakhstan-born Canadian citizen, has pleaded guilty to hacking charges over his involvement in massive 2014 Yahoo data breach that affected all three billion yahoo accounts.

In March, the US Justice Department announced charges against two Russian intelligence officers (Dmitry Dokuchaev and Igor Sushchin) from Russia’s Federal Security Service (FSB) and two hackers (Alexsey Belan and Karim Baratov) for breaking into yahoo servers in 2014.

While Karim Baratov (Kay, a.k.a Karim Taloverov, a.k.a Karim Akehmet Tokbergenov) was arrested in Toronto at his Ancaster home by the Toronto Police Department in March this year, Alexsey Belan and both FSB officers currently reside in Russia, unlikely to be extradited.

In the federal district court in San Francisco on Tuesday, Baratov admitted to helping the Russian spies and pleaded guilty to a total of nine counts which includes:

  • One count of conspiring to violate the Computer Fraud and Abuse Act by stealing information from protected computers and causing damage to protected computers.
  • Eight counts of aggravated identity theft.

yahoo-hacker

Prosecutors believe that FSB officers directed the Yahoo hack and contracted Baratov when their targets—which included journalists, government officials, and technology company employees—used email accounts outside of Yahoo’s system.

“Baratov’s role in the charged conspiracy was to hack webmail accounts of individuals of interest to the FSB and send those accounts’ passwords to Dokuchaev in exchange for money,” his plea agreement reads.

However, according to Baratov’s lawyers, at the time of the crime, Baratov had no idea he was working with Russian FSB agents.

Baratov gained unauthorized access to at least 80 non-Yahoo email accounts, including at least 50 Google accounts by obtaining their credentials through “spear phishing” attacks.

Baratov’s sentencing hearing will be held on 20th February next year in federal district court in San Francisco, where he could face 70 to 87 months in jail for the first charge and 24 months for the identity theft charges.

“The illegal hacking of private communications is a global problem that transcends political boundaries. Cybercrime is not only a grave threat to personal privacy and security, but causes great financial harm to individuals who are hacked and costs the world economy hundreds of billions of dollars every year,” US Attorney Brian Stretch said. 

“These threats are even more insidious when cybercriminals such as Baratov are employed by foreign government agencies acting outside the rule of law.”

Besides any prison sentence, Baratov has also agreed to pay compensation to the Yahoo victims and a fine up to $2,250,000 (at $250,000 per count).

Baratov’s arrest is the only one in this investigation. The three other men, including two FSB officers and one criminal hacker, currently reside in Russia, with whom the United States has no extradition treaty.

Vault 8: WikiLeaks Releases Source Code For Hive – CIA’s Malware Control System

Almost two months after releasing details of 23 different secret CIA hacking tool projects under Vault 7 series, Wikileaks today announced a new Vault 8 series that will reveal source codes and information about the backend infrastructure developed by the CIA hackers.

Not just announcement, but the whistleblower organisation has also published its first batch of Vault 8 leak, releasing source code and development logs of Project Hive—a significant backend component the agency used to remotely control its malware covertly.

In April this year, WikiLeaks disclosed a brief information about Project Hive, revealing that the project is an advanced command-and-control server (malware control system) that communicates with malware to send commands to execute specific tasks on the targets and receive exfiltrated information from the target machines.

Hive is a multi-user all-in-one system that can be used by multiple CIA operators to remotely control multiple malware implants used in different operations.

Hive’s infrastructure has been specially designed to prevent attribution, which includes a public facing fake website following multi-stage communication over a Virtual Private Network (VPN).

“Using Hive even if an implant is discovered on a target computer, attributing it to the CIA is difficult by just looking at the communication of the malware with other servers on the internet,” WikiLeaks says.

As shown in the diagram, the malware implants directly communicate with a fake website, running over commercial VPS (Virtual Private Server), which looks innocent when opened directly into the web browser.

CIA Malware Hive

However, in the background, after authentication, the malware implant can communicate with the web server (hosting fake website), which then forwards malware-related traffic to a “hidden” CIA server called ‘Blot’ over a secure VPN connection.

The Blot server then forwards the traffic to an implant operator management gateway called ‘Honeycomb.’

In order to evade detection by the network administrators, the malware implants use fake digital certificates for Kaspersky Lab.

“Digital certificates for the authentication of implants are generated by the CIA impersonating existing entities,” WikiLeaks says. 

“The three examples included in the source code build a fake certificate for the anti-virus company Kaspersky Laboratory, Moscow pretending to be signed by Thawte Premium Server CA, Cape Town.”

The whistleblowing organisation has released the source code for Project Hive which is now available for anyone, including investigative journalists and forensic experts, to download and dig into its functionalities.

The source code published in the Vault 8 series only contains software designed to run on servers controlled by the CIA, while WikiLeaks assures that the organisation will not release any zero-day or similar security vulnerabilities which could be abused by others.

Hacker Distributes Backdoored IoT Vulnerability Scanning Script to Hack Script Kiddies

iot-vulnerability-scanner-script

Nothing is free in this world.

If you are searching for free hacking tools on the Internet, then beware—most freely available tools, claiming to be the swiss army knife for hackers, are nothing but a scam.

For example, Cobian RAT and a Facebook hacking tool that we previously reported on The Hacker News actually could hack, but of the one who uses them and not the one you desire to hack.

Now, a security researcher has spotted another hacking tool—this time a PHP script—which is freely available on multiple popular underground hacking forums and allows anyone to find vulnerable internet-connected IP Cameras running the vulnerable version of GoAhead embedded web-server.

However, after closely analysing the scanning script, Newsky Security researcher Ankit Anubhav found that the tool also contains a secret backdoor, which essentially allows its creator to “hack the hacker.

“For an attacker’s point of view, it can be very beneficial to hack a hacker,” Anubhav said.

“For example, if a script kiddie owns a botnet of 10,000 IoT and if he gets hacked, the entire botnet is now in control of the attacker who got control of the system of this script kiddie. Hence, by exploiting one device, he can add thousands of botnets to his army.”

The rise of IoT botnet and release of Mirai’s source code—the biggest IoT-based malware threat that emerged last year and took down Dyn DNS service—has encouraged criminal hackers to create their massive botnet either to launch DDoS attacks against their targets or to rent them to earn money.

iot-vulnerability-scanner

As shown in the self-explanatory flowchart, this IoT scanning script works in four steps:

  • First, it scans a set of IP addresses to find GoAhead servers vulnerable to a previously disclosed authentication bypass vulnerability (CVE-2017-8225) in Wireless IP Camera (P2P) WIFI CAM devices.
  • In the background, it secretly creates a backdoor user account (username: VM | password: Meme123) on the wannabe hacker’s system, giving the attacker same privilege as root.
  • Script also extracts the IP address of the wannabe hacker, allowing script author to access the compromised systems remotely.
  • Moreover, it also runs another payload on the script kiddie’s system, eventually installing a well-known botnet, dubbed Kaiten.

This tool is another example of backdoored hacking tools increasingly being distributed at various underground forums to hack the hacker.

In September, a backdoored Cobian RAT builder kit was spotted on multiple underground hacking forums for free but was caught containing a backdoored module that aimed to provide the kit’s authors access to all of the victim’s data.

Last year, we reported about another Facebook hacking tool, dubbed Remtasu, that actually was a Windows-based Trojan with the capability to access Facebook account credentials, but of the one who uses it to hack someone else.

The bottom line: Watch out the free online stuff very carefully before using them.

Newly Uncovered ‘SowBug’ Cyber-Espionage Group Stealing Diplomatic Secrets Since 2015

Sowbug Hacking Group

A previously unknown hacking and cyber-espionage group that has been in operation since at least 2015 have conducted a series of highly targeted attacks against a host of government organizations in South America and Southeast Asia to steal their sensitive data.

Codenamed Sowbug, the hacking group has been exposed by Symantec security researchers, who spotted the group conducting clandestine attacks against foreign policy institutions, government bodies and diplomatic targets in countries, including Argentina, Brazil, Ecuador, Peru and Malaysia.

Symantec analysis found that the Sowbug hacking group uses a piece of malware dubbed “Felismus” to launch its attacks and infiltrate their targets.

First identified in late March of this year, Felismus is a sophisticated, well-written piece of remote access Trojan (RAT) with a modular construction that allows the backdoor trojan to hide and or extend its capabilities.

The malware allows malicious actors to take complete control of an infected system and like most RATs, Felismus also allows attackers to communicate with a remote server, download files, and execute shell commands.

By analysing Felismus, researchers were able to connect previous attack campaigns with the Sowbug hacking group, indicating that it had been active since at least early-2015 and may have been operating even earlier.

“To date, Sowbug appears to be focused mainly on government entities in South America and Southeast Asia and has infiltrated organizations in Argentina, Brazil, Ecuador, Peru, Brunei and Malaysia,” the Symantec report said.

“The group is well resourced, capable of infiltrating multiple targets simultaneously and will often operate outside the working hours of targeted organisations.”

Although it is still unclear how the Sowbug hackers managed to gain a foothold in computer networks, evidence gathered by researchers suggested the hackers have made use of fake, malicious software updates of Windows or Adobe Reader.

The researchers also found that the group have used a tool known as Starloader to deploy additional malware and tools, such as credential dumpers and keyloggers, on victims’ networks.

Symantec researchers have found evidence of Starloader files being spread as software updates entitled AdobeUpdate.exe, AcrobatUpdate.exe, and INTELUPDATE.EXE among others.

Instead of compromising the software itself, Sowbug gives its hacking tools file names “similar to those used by software and places them in directory trees that could be mistaken for those used by the legitimate software.

This trick allows the hackers to hide in plain sight, “as their appearance is unlikely to arouse suspicion.”

The Sowbug hackers took several measures to remain under-the-radar by carrying out their espionage operations outside of standard office hours to maintain the presence on targeted networks for months at a time.

In one instance, the hacking group remained undetected on the target’s network for up to six months between September 2016 and March 2017.

Besides the Felismus malware’s distribution method used in the Sowbug operation, the identity of Sowbug attackers also remains unknown.

Dangerous Malware Allows Anyone to Empty ATMs—And It’s On Sale!

ATM Malware

Hacking ATM is now easier than ever before.

Usually, hackers exploit hardware and software vulnerabilities to hack ATMs and force them to spit out cash, but now anyone can simply buy a malware to steal millions in cash from ATMs.

Hackers are selling ready-made ATM malware on an underground hacking forum that anybody can simply buy for around $5000, researchers at Kaspersky Lab discovered after spotting a forum post advertising the malware, dubbed Cutlet Maker.

The forum post provides a brief description and a detailed manual for the malware toolkit designed to target various ATMs models with the help of a vendor API, without interacting with ATM users and their data.

Therefore, this malware does not affect bank customers directly; instead, it is intended to trick the bank ATMs from a specific vendor to release cash without authorisation.

The manual also mentions an infamous piece of ATM malware, dubbed Tyupkin, which was first analysed in 2014 by Kaspersky Lab and used by an international cybercrime gang to conduct Jackpotting attack and make Millions by infecting ATMs across Europe and beyond.

The list of crimeware contains in the toolkit includes:

  • Cutlet Maker—ATM malware which is the primary element of the toolkit
  • Stimulator—an application to gather cash cassette statuses of a targeted ATM
  • c0decalc—a simple terminal-based application to generate a password for the malware.

According to Kaspersky researchers, the functionality of the Cutlet Maker malware suggests that two people are supposed to be involved in the ATM money theft—the roles are called “drop” and “drop master.”

ATM Malware
ATM Malware

“Access to the dispense mechanism of CUTLET MAKER is password protected. Though there could be just one person with the c0decalc application needed to generate a password,” the researchers say.

“Either network or physical access to an ATM is required to enter the code in the application text area and also to interact with the user interface.”

In order to operate, the application needs a special library, which is part of a proprietary ATM API and controls the cash dispenser unit—this shows how cyber “criminals are using legitimate proprietary libraries and a small piece of code to dispense money from an ATM.”

The price of this ATM malware toolkit was $5000 at the time of Kaspersky’s research.

The advertisement of this Cutlet Maker ATM malware was initially published on the AlphaBay Darknet marketplace, which was recently taken down by the FBI.

Powered by WPeMatico

Learn Ethical Hacking — Get 8 Online Courses For Just $29

learn-hacking

With the rise in cyber-crimes, ethical hacking has become a powerful strategy in the fight against online threats.

In general terms, ethical hackers are authorised to break into supposedly ‘secure’ computer systems without malicious intent, but with the aim of discovering vulnerabilities to bring about improved protection.

Ethical Hackers are now kind of becoming the alchemists of the 21st century.

More and more organisations are being targeted in cyber-attacks, and they must get to know their enemy if they are to protect vital networks. Meet the professional, ethical hacker.

Despite this, the common belief among many at-risk companies is that ‘to outwit a hacker, you need to hire one’.

With so much at stake, even technology providers are turning to those with hacking skills to find the flaws in their products and fix them before the baddies can exploit them.

Infamous Apple Hacker Turned Ethical; Hired by Facebook

23-year-old George ‘GeoHot’ Hotz gained notoriety in 2007 when he became the first person to ‘jailbreak’ Apple’s iPhone by creating a program that enabled iPhone users to modify their devices to run on other carrier networks, despite AT&T having an exclusive deal with Apple.

Two years later Hotz cracked Sony’s PlayStation 3 games console, giving him access to the machine’s processor which helped gamers to amend their game consoles and run unapproved applications and pirated games.

However, despite his reputation, social networking giant Facebook hired Hotz and is reported to be engaged in building an anti-hacker defence programme.

Start Your Career in Ethical Hacking

As companies begin to employ ethical hackers, the need for IT specialists with accredited skills is growing, but ethical hackers require support too.

Learning how to hack helps information security professionals implement the most robust possible security practices. It is as much about finding and fixing security vulnerabilities as it is anticipating them.

As you learn more about the methods hackers use to infiltrate systems, you will be able to pre-emptively resolve issues; if you do not understand how black hat hackers could get into your systems, you are going to have a hard time securing them.

Think of it this way: a computer network is like a yard with a fence to keep people out. If you have put something valuable inside the yard, someone may want to hop the fence and steal it.

Ethical hacking is like regularly checking for vulnerabilities in and around the fence, so you can reinforce weak areas before anyone tries to get in.

8 Online Ethical Hacking Training Courses (With Samples)

Here is an excellent opportunity for you to learn to hack through live demonstrations and hands-on experience with the latest tools.

This week we are introducing a new package of 8 online courses: The Zero to Hero Cyber Security Hacker Bundle, which usually costs $360, but you can exclusively get this 8-in-1 online training course for just $29 after 91% discount.

Here below you can watch sample videos of all training programs before joining:

Fundamentals of Computer Hacking

Learn computer hacking and become a cyber-warrior.

This course forms the basis for anyone who wants to become a real-time penetration tester. You will learn how to research and gather information about a target without leaving any traces, all in an ethical way.

By the end of the course, you will be familiar with how attackers gather their information before launching an attack and know how to mitigate it beforehand.


Information Security Awareness: ISO 27001:2013

Get information on Information security needed to operate organisational processes.

In this course, you will learn how employees, business owners, and other computer users tend to have their security compromised, and what you can do to help safeguard yourself and others from digital attacks.

Information Gathering: Basic to Intermediate Level

Become a real-time penetration tester.

In this course, you will learn how client-based, server-based, and application-based web attacks are performed in a simulated test environment ethically.

This course helps the web security professional to mitigate these attacks using the recommended solution at the end of each module.

By course’s end, you will be familiar with various types of web hacks and be fully equipped to test and safeguard a web infrastructure against different real-time attack vectors.


Web Hacking: Basics to Intermediate

Learn how client-based, server-based, and application-based web attacks occur.

In this course, you will learn how client-based, server-based, and application-based web attacks are performed in a simulated test environment ethically, at an advanced level.

This course helps the web security professional to mitigate these attacks using the recommended solution at the end of each module.

By course’s end, you will be familiar with various types of web hacks and be fully equipped to test and safeguard a web infrastructure against different real-time attack vectors.


Advanced Web Hacking and Security

This is an advanced course and helps build on foundation knowledge.

In this course, you will learn how cryptography, steganography, password cracking, game hacking, reverse engineering, and privilege escalation based attacks are performed in a simulated test environment ethically.

This course helps system security professionals mitigate these attacks. It is perfect for anybody who is passionate about developing their skills in the field of internet security.

Network Hacking and Security

Learn how wired and wireless network attacks are performed.

In this course, you will learn how wired and wireless network attacks are performed in a simulated test environment ethically.

This course helps the network security professional to mitigate each of these attacks. By course’s end, you will be well equipped to test and safeguard network infrastructure against attack.

System Hacking

Understand how cryptography, steganography, password cracking, game hacking, reverse engineering, and privilege escalation based attacks are performed.

In this course, you will learn how viruses, worms, Trojans, and backdoor-based attacks are performed in a simulated test environment ethically.

It has been designed to enable you to learn core concepts on malware and become familiar with how various types of attacks are performed.

Ultimately, you will come out fully prepared to test and safeguard a system against various real-time attack vectors.

Virus, Worm, Trojan, Backdoor & Antivirus-Malware and Security

Understand how viruses, worms, Trojans, and backdoor-based attacks are performed.

From viruses to social engineering, malicious hackers cause havoc with a wide range of attacks. This bundle takes you through all the common threats, one by one.

Through hands-on lessons, you create your malware and discover how to secure your system.

How to Join Zero to Hero Cyber Security Hacker Bundle

If you have dreams of becoming an IT security professional, then this is the right way to begin.

For any business that uses online platforms, security is a significant concern. As a result, cybersecurity experts are in demand.

You do not need a college degree to enter this niche—the Zero to Hero Cyber Security Hacker Bundle offers eight courses that cover all the basics that will you get the career of your dreams.

So are you smart enough to invest?

It is the perfect way to start your security career, So what you are waiting for? The deal is for a limited time only.

Powered by WPeMatico

Equifax leaks its business model

Three lessons from Equifax for greater online security

The hacking of Equifax and the subsequent leaking of private data on an estimated 143 million people has created a furor that reaches from top governmental levels down to the little guys worried that their data is being distributed and misused all over the internet. There are big reasons to be concerned Equifax is not […]

The post Equifax leaks its business model appeared first on Avira Blog.

Read More

Hacker Who Hacked US Spy Chief, FBI & CIA Director Gets 5-Year in Prison

crackas-with-attitude-hacker

Remember “Crackas With Attitude“?

The hacking group behind a series of embarrassing hacks that targeted personal email accounts of senior officials at the FBI, the CIA, and the White House, among other United States federal agencies in 2015.

A member of Crackas With Attitude, who was arrested last year in September, has now been sentenced to five years in federal prison.

Justin Liverman, a 25-year-old man from Morehead City, who was known under the online alias “D3F4ULT,” was arrested last year along with another member of the group—Andrew Otto Boggs, 23, of North Wilkesboro, who allegedly used the handle “INCURSIO.”

The duo hacked into multiple government organizations between October 2015 and February 2016. Boggs was sentenced to two years in prison on June 30, 2017, for his role.

Liverman pleaded guilty on January 6 this year to conspiracy to hack U.S. government computers and accounts and was sentenced to 5 years in prison on Friday. He will also be forced to pay $145,000 in restitution.

According to the plea agreement, “beginning in November 2015, Liverman conspired to attempt to intimidate and harass U.S. officials and their families by gaining unauthorized access to victims’ online accounts, among other things.”

“Liverman publicly posted online documents and personal information unlawfully obtained from a victim’s personal account; sent threatening text messages to the same victim’s cellphone; and paid an unlawful ‘phonebombing’ service to call the victim repeatedly with a threatening message,” U.S. prosecutors in the Eastern District Court of Virginia said.


Crackas With Attitude targeted more than ten U.S. government officials including the following and caused more than $1.5 million in losses to victims:
The hacking group also leaked the personal details of 31,000 government agents belonging to almost 20,000 FBI agents, 9,000 Department of Homeland Security officers, and some number of DoJ staffers.

According to the federal officials, the hacking group used social engineering to trick victims into revealing their account numbers, passwords, and other sensitive details, using which they gained access to their accounts.

However, a 17-year-old British teenager, who is known as CRACKA and the leader of the “Crackas With Attitude” hacking group, is actually responsible for carrying out the above attacks. His prosecution is still ongoing in the United Kingdom.

Powered by WPeMatico

Shadow Brokers Leaks Another Windows Hacking Tool Stolen from NSA’s Arsenal

nsa-windows-hacking-tool

The Shadow Brokers, a notorious hacking group that leaked several hacking tools from the NSA, is once again making headlines for releasing another NSA exploit—but only to its “monthly dump service” subscribers.

Dubbed UNITEDRAKE, the implant is a “fully extensible remote collection system” that comes with a number of “plug-ins,” enabling attackers to remotely take full control over targeted Windows computers.

In its latest post, the hacking group announced a few changes to its monthly dump service and released encrypted files from the previous months as well.

Notably, the September dump also includes an unencrypted PDF file, which is a user manual for the UNITEDRAKE (United Rake) exploit developed by the NSA.

According to the leaked user manual, UNITEDRAKE is a customizable modular malware with the ability to capture webcam and microphone output, log keystrokes, access external drives and more in order to spy on its targets.

UNITEDRAKE-windows-hacking-malware

The tool consists of five components—server (a Listening Post), the system management interface (SMI), the database (to store and manage stolen information), the plug-in modules (allow the system capabilities to be extended), and the client (the implant).

Snowden Leak Also Mentions UNITEDRAKE

UNITEDRAKE-windows-hacking-tool

UNITEDRAKE initially came to light in 2014 as a part of NSA’s classified documents leaked by its former contractor Edward Snowden.

The Snowden documents suggested the agency used the tool alongside other pieces of malware, including CAPTIVATEDAUDIENCE, GUMFISH, FOGGYBOTTOM, GROK, and SALVAGERABBIT, to infect millions of computers around the world.

  • CAPTIVATEDAUDIENCE is for recording conversations via the infected computer’s microphone
  • GUMFISH is for covertly taking control over a computer’s webcam and snap photographs
  • FOGGYBOTTOM for exfiltrating Internet data like browsing histories, login details and passwords
  • GROK is a Keylogger Trojan for capturing keystrokes.
  • SALVAGERABBIT is for accessing data on removable flash drives that connect to the infected computer.

New Terms for Shadow Brokers Monthly Dump Service

The Shadow Brokers is now only accepting payments in ZCash (ZEC) from its monthly subscribers, rather than Monero since it uses clear text email for delivery, and has also raised the rates for exploits, demanding nearly $4 Million.

The group demanded 100 ZEC when it started its first monthly dump service in June, but now the hackers are demanding 16,000 ZEC (which costs $3,914,080 in total) for all NSA dumps. Zcash currently trades at $248 per unit.

Those who want to gain access only to the September dump that includes the new NSA malware files need to pay hackers 500 ZEC.

The Shadow Brokers gained popularity after leaking the SMB zero-day exploit, called Eternalblue, that powered Wannacry ransomware attack that crippled large businesses and services around the world in May.

After that, the mysterious hacking group announced a monthly data dump service for those who want to get exclusive access to the NSA arsenal, which they claim to have stolen from the agency last year.

Powered by WPeMatico