Almost three years after the massive leakage of high-profile celebrities’ nude photos—well known as “The Fappening” or “Celebgate” scandal—a fourth hacker has been charged with hacking into over 250 Apple iCloud accounts belonged to Hollywood celebrities.
A federal court has accused George Garofano, 26, of North Branford, of violating the Computer Fraud and Abuse Act, who had been arrested by the FBI.
Garofano has admitted to illegally obtaining credentials for his victims’ iCloud accounts using a phishing scheme, which eventually allowed him to steal personal information on his victims, including sensitive and private photographs and videos.
Among celebrities whose nude photographs were posted online back in 2014 are Jennifer Lawrence, Kim Kardashian, Kirsten Dunst, and Kate Upton. Also, female victims also include American Olympic gold medallist Misty May Treanor and actors Alexandra Chando, Kelli Garner and Lauren O’Neil.
Between April 2013 to October 2014, Garofano engaged in sending phishing emails pretended to be from Apple security team to several celebrities, tricking them into providing their iCloud account credentials, which they stole to access their accounts illegally.
“Garofano admitted that he sent emails to victims that appeared to be from security accounts of Apple and encouraged the victims to send him their usernames and passwords, or to enter them on a third-party website, where he would later retrieve them,” the Justice Department said.
Besides stealing victims’ personal information, including sensitive and private photographs and videos, from their iCloud accounts using stolen credentials, Garofano, in some instances, also traded the stolen credentials, along with the materials he stole from the victims’ accounts, with other individuals.
In a plea agreement signed Thursday in U.S. District Court in Los Angeles, Garofano agreed to plead guilty to one count of unauthorised access to a protected computer to obtain information, facing up to 5 years in prison.
Garofano is the fourth hacker charged in connection with the Celebgate incident. Emilio Herrera, 32, Edward Majerczyk, 28, and Ryan Collins, 36, pleaded guilty last year to being involved in the celebrity photo hack.
While Herrera is waiting for sentencing next month, Majerczyk was sentenced to nine months in prison and Collins was sentenced to 18 months last year.
The investigation into the Celebgate scandal is being conducted by the U.S. Federal Bureau of Investigation.
The United States Justice Department has charged three Chinese nationals for allegedly hacking Moody’s Analytics economist, German electronics manufacturer Siemens, and GPS maker Trimble, and stealing gigabytes of sensitive data and trade secrets.
According to an indictment unsealed Monday in federal court in Pittsburgh, Pennsylvania, the three men worked for a Chinese cybersecurity company, Guangzhou Bo Yu Information Technology Company Limited (Boyusec), previously linked to China’s Ministry of State Security.
Earlier this year, security researchers also linked Boyusec to one of the active Chinese government-sponsored espionage groups, called Advanced Persistent Threat 3 (or APT3), which is also known as Gothic Panda, UPS Team, Buckeye, and TG-0110.
In 2013, APT3 allegedly stole the blueprints for ASIO’s new Canberra building using a piece of malware that was uploaded to an ASIO employee’s laptop.
According to the indictment, the three Chinese nationals—identified as Wu Yingzhuo, Dong Hao, and Xia Lei—launched “coordinated and unauthorized” cyber attacks between 2011 and 2017, and successfully steal information from a number of organizations by compromising their accounts.
The trio of hackers has alleged to have attacked Moody’s Analytics, Siemens, and Trimble by sending spear-phishing emails with malicious attachments or links to malware.
The men also used customized tools collectively known as the ‘ups’ or ‘exeproxy’ malware to gain unauthorized, persistent access to the targeted companies’ networks, allowing them to search for and steal confidential business information and user credentials.
“The primary goal of the co-conspirators’ unauthorized access to victim computers was to search for, identify, copy, package, and steal data from those computers, including confidential business and commercial information, work product, and sensitive victim employee information, such as usernames and passwords that could be used to extend unauthorized access within the victim systems,” the DOJ said.
The most affected one of the three companies was IT giant Siemens. According to the indictment, the defendants:
Stole approximately 407 gigabytes of data from Siemens’ energy, technology and transportation businesses in 2014.
Hacked into Trimble’s network and stole at least 275 megabytes of data, including trade secrets related to global navigation satellite systems technology the company spent millions of dollars developing, in 2015 and 2016.
Accessed an internal email server at Moody’s in 2011 and forwarded the account of an unidentified “prominent employee” to their own accounts, and eventually accessing the confidential messages sent to that account until 2014.
According to the DoJ, both Wu and Dong were co-founders and shareholders of Boyusec, while Lei was an employee. All the three defendants were residents of Guangzhou.
The Chinese men have been charged with a total of eight counts, including one charge of committing computer fraud and abuse, two charges of committing trade secret theft, three counts of wire fraud and four to eight counts of aggravated identity theft.
If found guilty in the court of law, the hackers face a maximum sentence of 42 years in prison.
However, security researchers from security firm Check Point Software Technologies have discovered a potential security issue with the WSL feature that could allow malware families designed for Linux target Windows computers—undetected by all current security software.
The researchers devised a new attack technique, dubbed Bashware, that takes advantage of Windows’ built-in WSL feature, which is now out of beta and is set to arrive in the Windows 10 Fall Creators Update in October 2017.
Bashware Attack Undetectable by All Anti-Virus & Security Solutions
According to CheckPoint researchers, the Bashware attack technique could be abused even by a known Linux malware family, because security solutions for Windows are not designed to detect such threats.
This new attack could allow an attacker to hide any Linux malware from even the most common security solutions, including next generation anti-virus software, malware inspection tools, anti-ransomware solution and other tools.
But why so? Researchers argue that existing security software packages for Windows systems have not yet been modified to monitor processes of Linux executables running on Windows operating system.
“Existing security solutions are still not adapted to monitor processes of Linux executables running on Windows OS, a hybrid concept which allows a combination of Linux and Windows systems to run at the same time,” Check Point researchers say.
“This may open a door for cyber criminals wishing to run their malicious code undetected, and allow them to use the features provided by WSL to hide from security products that have not yet integrated the proper detection mechanisms.”
Who is the Culprit? Microsoft or Security Vendors?
In order to run the target Linux application in an isolated environment, Microsoft introduced “Pico processes“—containers that allow running of ELF binaries on the Windows operating system.
During their tests, the Check Point researchers were able to test the Bashware attack on “most of the leading antivirus and security products on the market,” and successfully bypass all of them.
It is because no security product monitors Pico processes, even when Microsoft already provides Pico API, a special application programming interface that can be used by security companies to monitor such processes.
“Bashware does not leverage any logic or implementation flaws in WSL’s design. In fact, WSL seems to be well designed,” the researchers concluded.
“What allows Bashware to operate the way it does is the lack of awareness by various security vendors, due to the fact that this technology is relatively new and expands the known borders of the Windows operating system.”
Bashware Attackers Requires Admin Rights—Is that Hard on Windows PC?
Yes, Bashware requires administrator access on the target computers, but gaining admin privileges on Windows PCs via phishing attacks and/or stolen admin credentials is not a difficult task for a motivated attacker.
However, these additional attacks could also alert antivirus and security products, subverting the attack before the actual Bashware attack can be executed to hide malware.
Since WSL is not turned on by default, and users are required to manually activate “development mode” on their computer systems in order to use it and reboot the system, the risks posed by the feature are mitigated to some extent.
However, the Check Point researchers say it is a little-known fact that the developer mode can be enabled by modifying a few registry keys, which can be done silently in the background by the attackers with the right privileges.
The Bashware attack technique automates the required procedures by silently loading the WSL components, enabling developer mode, even downloading and extracting the Linux file system from Microsoft’s servers, and running malware.
No Need to Write Separate Malware Programs
What’s interesting about Bashware? Hackers using Bashware are not required to write malware programs for Linux to run them through WSL on Windows computers.
This extra effort is saved by the Bashware technique which installs a program called Wine inside the downloaded Ubuntu user-space environment, and then launches known Windows malware through it.
The malware then initiates into Windows as pico processes, which will hide it from security software.
400 Million Computers Potentially Exposed to Bashware
The newly discovered attack technique does not leverage any implementation of WSL vulnerability, but is due to the lack of interest and awareness by various security vendors towards WSL.
Since the Linux shell is now available to Windows users, researchers believe that Bashware can potentially affect any of the 400 million PCs currently running Windows 10 across the world.
Check Point researchers said their company had already upgraded its security solutions to combat such attacks and are urging other security vendors to modify and update their next-generation anti-virus and security solutions accordingly.
Two of the three co-founders of The Pirate Bay—Fredrik Neij and Gottfrid Svartholm Warg—have been ordered by a Finnish court to pay record labels $477,800 in compensation for copyright infringement on the site.
Last year in a similar case, Helsinki District Court in Finland ordered Peter Sunde, the third co-founder of The Pirate Bay, to pay nearly $395,000 (350,000 Euros) in damages to several major record labels, including Sony Music, Universal Music and Warner Music.
However, Sunde did not pay any penalty yet, and instead, he later announced his plans to sue those record labels for defamation.
All the three co-founders of The Pirate Bay were facing criminal copyright infringement and abuse of electronic communications charges in a Belgian court but were acquitted after it was found that they sold The Pirate Bay file-sharing website in 2006.
The International Federation of the Phonographic Industry (IFPI), which represents the world’s major labels, with support from Finnish Copyright Information and Anti-Piracy Center (CIAPC), filed a lawsuit in November 2011 in the Helsinki District Court against The Pirate Bay.
In these last six years, Fredrik Neij and Gottfrid Svartholm never appeared in the court, neither they appointed someone to represent their defence, which eventually led the decision in favour of IFPI record labels.
Besides ordering both the founders to jointly pay compensation of 405,000 euros (over $477,800) to record labels, the District Court also ordered them to “cease-and-desist” the illegal operations of The Pirate Bay, TorrentFreak reported.
However, it is still unclear how Neij and Svartholm are supposed to do anything about stop sharing of content on the site since they have no association with The Pirate Bay.
It has also been reported that Neij, Svartholm, and Sunde also owes large sums of money to other copyright holders as a result of various court judgments over the past few years.
However, so far, none of those court penalties has been “satisfied,” neither Sunde paid the fines imposed on him last year, and it is likely that this penalty will also go unpaid.