Your Tech Story

Hacking

Fast Company

After an Apple News feed hack, Fast Company takes down its website

Fast Company, a US-based business news publication, stated on Wednesday that two racist offensive push notifications were delivered to consumers via its Apple News alerts as a result of a high-profile media feed hack.

Fast Company
Image Source: economictimes.indiatimes.com

As soon as the situation was rectified, Apple took down the Fast Company channel from its platform. In order to offer push alerts to Apple consumers who subscribe to the news publisher’s channel, news publishers utilizing the Apple News aggregation application can link existing digital publishing tools to Apple News.

Fast Company claims that such publishing tools were compromised by hackers. Two offensive and racist push notifications were sent by hackers one minute apart, according to a tweet from Fast Company, which also stated that the Apple News stream had been suspended while the problem was examined.

Before it vanished, the hackers left a statement on Fast Company’s website explaining how they gained access by using a password that was used by numerous users, including an administrator.

The hackers gave the following message, “Wow, Fast Company. Despite the public defacement of your site, which boasts millions of visitors, all you did was hastily change your database credentials, disable outside connections to the database server, and fix the articles. What an absolute disgrace of a news source, and one that I would personally avoid due to how little they care about user security.”

The hacker behind the intrusion, who goes by the handle “Thrax,” however, released a sponsored content article before the site was taken down that described how the attackers were able to hack the magazine. According to the message, Fast Company had login details that were “ridiculously easy” and used on numerous accounts, such as an administrator.

The hacker was able to send out emails using any @fastcompany.com email thanks to the attacker’s access to a variety of sensitive data, namely authentication tokens, Apple News API credentials, and Amazon Simple Email Service (SES) tokens. The Fast Company hacker stated they were unable to access client records because they were probably kept in a database server.

The hacker claims to have earlier compromised the photo-sharing portal ClickASnap and the self-described free-speech social media platform USA Life. In a separate message posted on Sunday to a well-known hacking forum, the attacker stated they were going to release a database with 6,737 Fast Company employee information. This database included information on the employees’ email accounts, password hashes, unpublished drafts, etc.

Reuters attempted to access the Fast Company website on Tuesday night, but it was unavailable and the page gave a 404 error. Following the shutdown, Fast Company claimed that the notifications were sent using a hack of its content management system, which is used by news organizations to publish and maintain their stories.

Business, technology, and design are the main topics of the American business magazine Fast Company. It is accessible online and in print. Six print issues are published each year. Fast Company is owned by the publishing firm Mansueto Ventures LLC.

Predator spyware

New Predator Spyware Lets Government Hackers Break Into Chrome And Android.

Google said Monday that a rogue private surveillance firm sold access to almost half a dozen major security loopholes in Chrome and Android to government-affiliated hackers last year. These governments then employed Cytrox’s “predator” spyware to complete their hacking campaigns. Because of New Predator Spyware, your Android phone and Chrome browser may be in danger of state-sponsored hacking.

Cytrox, a murky North Macedonian business, is accused of selling access to four zero-day system vulnerabilities in the Chrome browser and one in the Android operating system. Clients included government-linked “threat actors” from a variety of nations who utilized the exploits to execute hacking campaigns using Cytrox’s invasive spyware “Predator.”
In a blog post, Google‘s Threat Analysis Group (TAG) announced the news and mentioned that they think likely government-backed entities acquiring these exploits are operating (at least) in Egypt, Armenia, Greece, Madagascar, Côte d’Ivoire, Serbia, Spain, and Indonesia, consistent with CitizenLab findings, Google noted.

Predator Spyware
Image source: tosshub.com

Cytrox exploited n-day vulnerabilities as well as zero-day weaknesses (vulnerabilities that have yet to be patched) (ones that have been already patched by Google). This frequently occurs when consumers do not regularly update their gadgets.
Surveillance organizations like Cytrox were responsible for a large portion of the zero-day vulnerabilities disclosed last year. Pegasus, anyone? Yes, the same instrument that governments around the world use to spy on journalists, public personalities, and members of opposition parties. It was created by the Israeli NSO Group and is said to have been used by the Indian government.

How the hacking took place:

One-time URLs that were shortened and delivered over email were used to target Android users. “Once the target clicked the link, the browser was transferred to an attacker-owned domain that delivered the attacks before redirecting to a legitimate website,” Google added.
The first case was discovered in August 2021 on an un-updated Samsung Galaxy S21. This was accomplished by exploiting existing Chrome flaws and opening URLs without the user’s knowledge. And this was only one of the campaigns.

In the world of hacking, what Cytrox has done is considered incredibly advanced and clever. It is a next-level cyber company to sells access to security weaknesses that require its own spyware to exploit. The zero-day exploits were employed alongside n-day vulnerabilities, according to Google, since the spyware’s makers took advantage of the time gap between when major defects were patched but not recognized as security issues and when these fixes were fully carried out across the Android ecosystem.
In other words, the monitoring firm granted spyware rights to individuals who had not fully updated their gadgets, giving them access to security weaknesses. Google had released updates, but users took their time to install them. Google said that their findings highlight the extent to which commercial surveillance vendors have proliferated capabilities that were previously only employed by governments with the technical expertise to design and operationalize exploits.

Google stated that its Android and Chrome teams were quick to respond to the vulnerabilities and repair them. Cytrox appears to be comparable to NSO Group, which produces and distributes Pegasus, arguably the most destructive cyber weapon, to various countries for espionage on targeted devices.
In recent years, hacking scandals involving the private spy business have sparked much debate. This is bad news for businesses that must protect items that are used by hundreds of millions of people. Cytrox is making things difficult for the security teams at Google, Apple, and Microsoft, and it doesn’t appear that they’ll be getting a break anytime soon.

Verkada camera

Verkada camera breach caused by hackers exposing Tesla, Jail, and Hospitals.

Another massive hacking incident shook the world as a group of hackers successfully compromised the security camera systems of Verkada Inc. Verkada Inc is a Silicon Valley startup and the company’s camera security system is used widely from companies to hospitals around the world. The hackers have said that they were able to collect a massive amount of security camera data and have also gained access to live feeds of a hundred thousand cameras. These cameras are set up inside hospitals, police departments, schools, prisons, etc.

The hackers have also exposed a few footages of companies including Tesla and Cloudflare Inc (San Francisco, Austin, London, and New York offices). But, this is not it as they also broke into the camera systems of women’s health clinics and also hacked the camera system of Verkada’s office. The cameras that were hacked also use facial recognition systems to identify people from the live footage. Since the hackers claim to have full footage of Verkada’s every customer, the intended damages cannot be fathomed if it is true.

Verkada camera details of exposed videos

Since the hackers claim to have access to full surveillance footage of Verkada’s customers, a few of them were revealed. Video footage taken by Verkada camera system inside Halifax Heath (Florida-based hospital) shows that a total of eight hospital staffers tackling and pinning a man on his bed (reported by Bloomberg). Another video that was revealed by the hackers was of Tesla warehouse in Shanghai. The video footage showed workers on an assembly line. The hackers have claimed to hack 222 cameras in total within Tesla. The organizations who were exposed in the leaked videos declined to comment immediately.

Verkada camera
Image Source: bloombergquint.com

There was another video from the surveillance footage witnessed by Bloomberg showed a police station in Massachusetts. A police officer was questioning a man in the video. The hackers also got into the camera security system of Sandy Hook Elementary School, Newtown, Connecticut. There is not a single place that was spared by the hackers, as they also accessed 330 security cameras inside Madison County Jail, Alabama. The hackers were not only able to access live footage but also archived videos (including audio in some cases) in high-resolution quality.

Who hacked into the camera system?

The hacking into the Verkada’s camera system was done by International hackers who wanted to show the world the pervasiveness and ease at which this system can be infiltrated. Tillie Kottmann is one of the hackers who has claimed the responsibility for the hacking incident. Tillie has also previously admitted the hacking into Intel and Nissan Motor. Tillie said some of the major reasons why this chain of hacking surveillance footage has been carried out by the group is mostly out of curiosity and constant fighting for the freedom of information and against intellectual property. Kottmann also mentioned that it is too much fun not to do it.

Apart from taking credit for accessing all camera footage, Kottmann also mentioned that they have found the root access on the cameras. This means that they can now execute their own codes in each and every camera. In doing so, this will further help them to hack into the broader Verkada network and use the cameras as a platform to launch similar hacks in the future. Kottmann also mentioned that “Obtaining this degree of access to the camera didn’t require any additional hacking, as it was a built-in feature.” (Bloomberg)

A group of hackers got into the network of Verkada’s camera system as they found an exposed user name and password information on the internet. The information was of an administrator account and after Bloomberg contacted Verkada regarding this, the hackers lost all video footage of both live and archive data.

The action was taken against hacking

In the light of the information regarding the camera system comprising, a Verkada spokesperson said that “We have disabled all internal administrator accounts to prevent any unauthorized access.” The company also mentioned that both the company’s internal security team as well as external security agency have started investigating this matter. They have also contacted law enforcement.

The controversial fact about this entire hacking incident is someone or the company has been careless enough that such sensitive information was lurking freely on the internet. Anyone can get into the surveillance system if they have a correct user name and password, but how easily are this information leaked is the main question. This will hurt the trust build between Verkada and its customers.

U.S

U.S government agencies attacked by hackers putting the Russians in question

According to FireEye, a top cybersecurity Silicon Valley company, hackers broke into the network during the software update. FireEye is the first call for any U.S. government agencies to detect and prevent major cyber attacks. The company said that the hackers used “novel techniques” to breach the network and these techniques could possess a new threat to the world. It was only a few days ago that the U.S. warned the nation’s cybersecurity department that cyber actors linked to the Russian government are trying to manipulate sensitive data.

After FireEye was attacked by this “global intrusion campaign” many experts including the company suspect that Russian hackers are responsible for this act. The U.S. government hasn’t publicly identified Russians as hackers. But, the fact that a few days ago foreign government hackers broke into FireEye’s network and stole their own hacking tools makes everything very shady.

How badly it can affect the U.S?

Yesterday, FireEye posted a blog post saying that they have identified a global campaign that introduces a compromise in private and public networks of any targeted organizations through the software supply chain. It also further said that “This compromise is delivered through updates to a widely-used IT infrastructure management software – the Orion network monitoring product from Solar Winds.”

If the nation, most probably, the Russians were able to successfully plant this compromise in the network, this will shake the security system of the United Nations. Solar Winds Corporation is responsible for selling technology products to a Who’s Who list of sensitive targets. It involves a vast network including the State Department, the Centers for Disease Control and Prevention, the FBI, the U.S. military, most companies of Fortune 500, and many more. This is a very intense situation as the vulnerable information of major departments of a nation’s security and the multination companies are involved.

U.S

FireEye further informs that these hackers not only hit organizations in the U.S. but also Europe, North America, Asia, and the Middle East. They target mainly government sectors, telecommunication industry, oil, and gas, etc. The U.S. government has been made aware of the entire situation. John Ullyot, a spokesperson for the National Security Council said that the government is taking all the necessary steps to provide a remedy to every identified damage caused. Currently, the FBI and the Department of Homeland Security’s cybersecurity arm are investigating the matter.

Focus on the U.S. government 

According to Reuters, the attack involved the hackers snooping around on emails of the U.S. Treasury Department and a part of the Commerce Department. According to some experts, these hackers are backed by the Russian government themselves. A thorough analysis by FireEye showed that this campaign has targeted the U.S. government and beyond involving top-tier operational tradecraft and resourcing companies from the spring of 2020.

These hackers are very efficient and they rarely keep track behind. It can be a possibility that the hackers saw an advantage of timing as the American government agencies including FireEye were all focused on securing the servers for the presidential election. This is not new as the Russians also targeted the election system during 2016. The 2016 hack was known as the biggest cybersecurity theft and the group remains unidentified.

For several months the U.S. government is focusing on detecting and countering the Russian interference in the nation’s presidential election. Through the government agencies were quite successful in creating stronger cybersecurity, a senior director at FireEye said that “it is the most effective cyber-espionage operations we have seen in quite some time.”

A proper investigation by the FBI

The number of casualties is increasing due to the compromise in the networks. Solar Winds mentioned that one of the software update systems for a particular product was used to send malware to the customers. Since the products got manipulated, the number of victims will eventually cross thousands. Yesterday, the company was aware of 25 entries that were affected by the update system.

The investigators are trying to trace the digital tracks of these hackers. While investigating they have discovered that FireEye is the first victim to spot this breach in the network. This means there are possibly many victims whose server has already been compromised. It will take days and weeks to estimate the damage already caused by these hackers. According to the Washington Post, a Russian hacking group known as Cozy Bear is behind this campaign.

ASUS Released the Fix for ShadowHammer Malware Pushed on Thousands of Computers

According to a recent report from Kaspersky, more than a million Asus computers running on Windows operating systems are under a malware threat. A malware named ShadowHammer has been injected to a pre-installed Asus utility software by some unknown hackers, making the software vulnerable to hack attacks.

asus malware

According to the Kaspersky, over 57000 Asus laptop and desktop users reported the issue, and the attack took place between the month of July and November, last year. However, Asus denied the number of reported issues saying that the number of affected laptops is lesser and now, it has finally developed the fix for the malware.

As per the reports, the hacker planted the malware through a back door to the Asus Live Update Utility software, such that whenever there is a new update for the system, the malware is pushed into the system as a new update itself. The size of the malware has also made equal to the utility software.

The company has released a patch in the form of an actual security update, which the users can download through a Live Update software tool. The Live Update software tool has also been updated to the V3.6.8 version. Also, the company has rolled out an online security diagnostic tool that can be used to scan the system for any malicious software.

“We have also updated and strengthened our server-to-end-user software architecture to prevent similar attacks from happening in the future,” stated Asus in a statement.

Though the Taiwanese laptop maker Asus unknowingly pushed the malware to the systems of its customers, it was expected from the company to be apologetic about the matter. The company stated in the news post, “Asus customer service has been reaching out to affected users and providing assistance to ensure that the security risks are removed.”

Asus has also asked the ones with the infected Asus systems to take the backup of their data on the computer. They can fix their systems by simply resetting the system or reinstalling the Window to their computers, as it’s a software-level malware attack.

George Hotz : The First Person to Unlock the iPhone & the Founder of AI Startup comma.ai

iPhone indeed is the most loved smartphone and was one of the first keyboard-less mobile phones available in the market. iPhone is not only known for its unique features, but also for the high security it provides to its users. But there was a 17 years old hacker, George Hotz, from New Jersey, who unlocked the newly launched iPhone, allowing the phone to be used with other wireless carriers and became the first person to do so. He is not only a famous hacker but has also founded his vehicle automation machine learning company named comma.ai. Also known as Geohotz, even having hacked major security programs, Hotz has always said that he never support hacking into someone else’s server and stealing databases of user information.

Early Life

Hotz was born on 2 October 1989 in Glen Rock, New Jersey, as George Francis Hotz Jr. He completed his high school from Bergen County Academies in Hackensack, New Jersey and attended the Academy for Engineering and Design Technology. Hotz also attended the Rochester Institute of Technology and Carnegie Mellon University for a brief time.

Being a brilliant student and always ahead in every competition in science and technology in middle and high school, he even won the $15,000 scholarship at the Intel International Science and Engineering Fair in 2007.

Hacking Career

Hotz was always interested in programming and had developed his interest in hacking. In August 2007, only after two months of the launch of the iPhone, Hotz was able to unlock the iPhone. After doing so, he became the first person to unlock an iPhone. Also in 2009, he released a jailbreaking tool for the iPhone 3GS on iPhone OS 3.0. Though in 2010, he discontinued the jailbreaking software.

George Hotz
Image Source: spectrum.ieee.org

In December 2009, he started working on a new program to breach security on the Sony PlayStation 3. by January 2010, he was able to create a thesis on the hack, but soon in July 2010, he abandoned the idea of entering the security of PS3. But another hacking group fail0verflow also started working on the same, generating the root signing and encryption keys for PS3.

Hotz too published those root signing and encryption keys over his website that led to a serious lawsuit from Sony for both Hotz and fail0verflow. After many court sessions, Sony and Hotz settled the matter outside the court on the condition that Hotz will never try to do any hacking work on Sony products.

Career with Facebook and Google

Hacking had always been his hobby, and his early achievements and knowledge of security algorithms landed Hotz a job with Facebook in 2011 for an unknown role.

Later in July 2014, Google hired Hotz to work with its security auditing team on Project Zero. He stayed in the team for five months and developed an open source program, for dynamically analysing application binaries, named Qira.

In January 2015, he joined Vicarious.com where he worked for 7 months and developed AI algorithms for the company.

Founding Comma.AI

In September 2015, Hotz founded comma.ai, that works on building AI based vehicular automation technology. In 2016, the company built a working self-driving Acura ILX. Later, the company started working on Comma One, a $1,000 software kit that could allow some cars to operate semi-autonomously. But after receiving a special order from the National Highway Traffic Safety Administration, the further production of the software was cancelled.

During the same time, he was also in talks with Elon Musk to sell his autonomous software for Tesla cars, but the talks never met any conclusion.

On 30 November 2016, the company open sourced its self-driving car software. The open source driving agent from the company runs on some of the car models from companies like Honda, Toyota, and GM, making those models semi-autonomous. Reportedly in 2018, the company served over 4,500 drivers.

Personal Life

Hotz aka Geohotz has been always a keen learner for AI and software development. In 2004 he participated in the ISEF competition in Portland where he demonstrated “The Mapping Robot”. He was among the finalists and got featured on the Today Show and Larry King. He also developed another project named The Googler in 2005 and participated in the ISEF competition with the project, here too, he was one of the finalists.

In 2008, he was among the top 10 Overachievers under 21 listed in the March edition of PC World magazine. In 2014 he won the DEF CON CTF tournament for the second time in a row.

On 14 September 2018, Hotz stepped down from the post of the CEO of the company and became the Head of Research Team.