Grant West, a notorious British hacker and dark web seller, was arrested in September 2017 while traveling from Wales to London on a first class train ticket. Thanks to the Metropolitan Police’s cybercrime unit his arrest was a result of an undercover operation in which he was caught redhanded while logging in to a Dark Web marketplace from his laptop.
He was on the wanted list for hacking into hundreds of companies and stealing their database and selling it on the dark web. He had made a surprising 47,000 sales on the dark web, generally selling a particular person's information, or somebody's credit card details etc.
West attacked targeted profile companies around the world including Apple, Argos, Asda, Uber, and JustEat, Groupon, and Nectar etc. West also sold illegal drugs on now seized AlphaBay marketplace and taught people how to carry cyber attacks on others.
The Bank Of Montreal was contacted by a group of cyber-criminals on Monday, saying that they had the financial and personal information of a number of the bank’s customers. The bank is certain that the hacking must have been done from outside the country, and are confident that the vulnerability in the system that led to such information falling in the wrong hands has been mitigated.
The Bank of Montreal is said to have been working with authorities to find the cause of the issue. Bank of Montreal is also Canada’s fourth biggest money lender. They have still not disclosed how many customers have been affected by this attack or if the customers have lost money.
They gave a statement saying, “Customers are recommended to monitor their accounts and notify BMO with any suspicious activity.”
Iranian Hackers Deface Iran By Putting Up Anti-Government Slogans On Airport Screens
On Thursday 24th May, the airport screens at Mashhad city in northeast Iran were hacked and defaced by an unknown group of hackers with messages against the Iranian government.
The hackers left images on the arrival and departure monitor screens at the airport displaying statements against the Iranian government and military’s activities and presence in the Middle East. According to Radio Farda, the messages were left in the Persian language which when translated into English accused the Iranian government of wasting Iranian lives and resources in Lebanon, Syria, and Gaza.
“Wasting Iranians lives and financial resources in Gaza, Lebanon, and Syria by the Islamic Revolution Guards Corps (IRGC),” said the deface message.
Moreover, hackers hacked into the official email account of Mohsen Eidizadeh, the head of Mashad airport civil aviation and used it to spread the word about their hack. Additionally, the group urged Iranians to take snapshots of deface screens and use social media platforms to spread the word using the hashtag “Protests_alloverthecountry.”
Max Schrems who is a longtime critic of the companies because of their data collection and data policies, filed a lawsuit against both Facebook and Google, of 3.9 Billion Euros each. It was filed a day after GDPR was to be enforced.
GDPR requires the companies to take clear consent before taking any personal data from the users and these guidelines have instructed the companies to revise their user privacy policies and data collection practices. There is also a lot of widespread uncertainty on how the European regulation and the government officials representing the European regulation committee will treat the requirements.
The lawsuit was filed on the basis of the findings of Schrems, which suggested that both the companies named had not totally complied with GDPR yet. There were some key and vital parts left out, which could put the users' private data at risk. The companies are currently disputing the lawsuits saying that “We build privacy and security into our products from the very earliest stages,” Google said in a statement, “and are committed to complying with the EU GDPR.” Similarly, Facebook has followed Google saying that they have prepared for the past 18 month trying to comply with the GDPR regulations.
A team from UpGuard discovered an unsecured AWS S3 bucket exposed to the Internet which contained about 3.2 Million records. The records were from a non-profit organization serving LA County named “211 LA County”. The records also had credentials of 211 system operators and email addresses of their contacts. There were more than 200,000 rows of detailed notes.
The notes held information such as abuser names, graphic descriptions of elder abuse, child abuse and suicidal distress, raising serious, large-scale privacy concerns. The bucket, which was located in the subdomain 'LA County', was found to be misfigured and anonymously accessible.
UpGuard later assured the public that the bucket was no longer accessible by everyone after they had informed LA County about it. But this incident throws light on all the big companies that store data online and that can they store such high risk information in unsafe places.
Hackers have found a new technique to access WordPress websites through weak accounts who do not have a two way authentication and through JetPack plugins. The technique is highly complex to compromise a website and a hacker must utilize multiple steps to attack a WordPress website.
Hackers first try and hijack websites by trying reused passwords of the usernames they have. This is where the two way authentication loophole is compromised. There is an analytics module named Jetpack which is one of the most popular plugins for WordPress Sites. JetPack provides an ability to install various plugins across different sites by just using the wordpress.com Jetpack dashboard. The plugin doesn’t even have to be hosted or hidden on the official WordPress.org repository, and criminals can easily upload a ZIP file with the malicious code that then gets sent to each site.
Hackers are taking advantage of this remote management feature to deploy backdoored plugins across previously secured websites. Experts say that attacks started on May 16, with the hackers deploying a plugin named “pluginsamonsters,” later switching to another plugin named “wpsmilepack” on May 21.
Popular hacking Linux distro Parrot Security has upgraded to version 4.0, and comes with all the fixes and updated packages along with many new changes. According to Parrot Security, the development process of this version required a lot of time, and many important updates to make this release an important milestone in the history of the project.
As you probably know, Parrot Security is perhaps the most popular Linux distro after Kali Linux among hackers, pentesters and security researchers. The new update will ship with netinstall images to enable those interested to create their own system with only the bare core and software components they need.
Besides this, the company has also released Parrot on Docker templates that allows users to quickly download a Parrot template and instantly spawn unlimited and completely isolated parrot instances on top of any host OS that supports Docker. Also, different Docker images with only the bare system, a more comprehensive environment with several useful tools, and a dedicated Metasploit container environment has also been provided.
This version also ships with Linux kernel 4.16, which includes AMDGPU multi-display fixes, optimized in-kernel filesystem operations and other important updates.
Other changes also include stable and reliable sandbox applications for better security; MATE 1.20 has been added with many graphic bug fixes and new features; Nginx has been introduced as the new default web server daemon; LibreOffice 6 with better documents support, memory efficiency and stability, Firefox 60, and MD Raid support has been added by default.
Maltese Government Under Fire After Blogger Accuses Them Of Crashing His Website Multiple Times
Manuel Delia's website crashed yet again, with the first one on the 16th of May. He claims that it has been done by a group of hackers hired by the Maltese government.
It seems to have taken place through DDoS (Distributed Denial of Services), which means millions of users ask for access to the website together, which makes the website crash. The crash seems to have been deliberately orchestrated exactly 6 months after Daphne Caruana Galizia, a Maltese journalist and anti corruption activist was murdered.
The government, of course, put down and denied the allegations made by Manuel and said that they didn't have any role in it. Manuel then responded by asking them why they weren't helping him find those hackers in that case. He said that the Maltese government did not support his right to freedom of speech and that they weren't equipped to protect the people from computer misuse and cyber-crime.
The Sun Team, an old name in the cyber attack world, came up again when they injected 3 infected applications into the android Playstore to detect data of North Korean users, who had deviated from the country. This was identified as an act of revenge by North Korea.
It wasn't until about a 100 downloads were made, that someone privately informed Google about the infected applications that were present in their Playstore. This isn't the first time hackers have used infected applications to gain access to user details, and it has been reported that it is really easy to do it.
The uploaded apps were:
However, the real motive behind making and uploading these apps was to pass malware into Android devices that downloaded and installed the program. The data that might have been hacked with the apps include user photos, addresses, text messages, call recordings, contacts etc. After the malware was uploaded, it accessed data through Dropbox and Yandex which allowed the hackers to pass commands and install plugin files for controllability.
The British General Attorney said that the key infrastructure and services that are being targeted by states will be given same importance as that of any other attacks. He said that acts such as targeting of essential medical facilities, the downing of civilian aircraft, the sabotage of nuclear power stations, are no less unlawful and no less deserving of a robust and legitimate response when they are undertaken by cyber means than when they are done by any other means.
When asked whether these actions would be justified and applicable under international laws, he responded by saying that “The question is not whether or not international law applies, but rather how it applies and whether our current understanding is sufficient".
In an attempt to defame the states that had already tried to attack the UK by cyber means, they released names of countries responsible for various attacks like the WannaCry attack as well as the NotPetya attack, attributing these to North Korea and Russia respectively.
Team Trojan Hunt