All posts in “Hackers”

The HBO hackers just hit us with another huge dump

HBO is having a bad week.

After HBO Spain accidentally released an unaired episode of Game of Thrones, the hackers that claim to have stolen 1.5 terabytes of data from the network just showed up to add insult to injury. Specifically, on August 16 they released what they’re calling the “4th Wave HBO Leak.”

Mashable was able to obtain a portion of the newly leaked documents, and oh boy, they’re quite something. 

The files in the dump contain everything from West World season 2 shooting schedules to 27 separate Game of Thrones Season 7 “shooting [diaries]” — along with plenty of other inside information. Mashable has reached out to HBO to confirm the legitimacy of the files and will update this story when we hear back.

Fans itching for an advanced look at the escapades of their favorite dragons will most likely be disappointed, because the dump doesn’t appear to contain any actual GOT episodes.

However, should someone be so inclined, West World season 2 spoilers could likely be gathered from the show’s detailed production calendar (we’ll refrain from including those here). 

A partial file list.

A partial file list.

Image: Mashable

A link to a webpage containing the files was sent to journalists this afternoon from someone identifying themselves as Mr. Smith. “If history repeats itself,” the email noted, “HBO may NEVER be the same Again. Winter Really is here.”

The hackers are demanding around $6.5 million in Bitcoin from HBO in exchange for not leaking additional files, but it appears that whoever was behind the breach was sick of sitting around and waiting for the execs to pay up.

Whether or not this latest leak will encourage anyone at the network to gather that Bitcoin ransom just a tad bit faster? Well, it seems we’ll all have to wait a little longer for that particular spoiler.

Https%3a%2f%2fblueprint api production.s3.amazonaws.com%2fuploads%2fvideo uploaders%2fdistribution thumb%2fimage%2f80862%2f108c53ef dce3 4549 bf2a ed1da042eccc

Safe-cracking robot proves nothing is secure

The safe doesn't stand a chance.
The safe doesn’t stand a chance.

Image: jack morse/mashable

If hackers want what’s on your computer, chances are they can find a way to get it. But what about your non-digital goods? Like, the ones you keep in a safe at home?

Turns out those aren’t that secure, either. 

This was made abundantly clear at the 25th annual DEF CON in Las Vegas, where professional tinkerer and founder of SparkFun Electronics Nathan Seidle could be found demonstrating an open source safe-cracking robot. Costing around $200 to build, the device uses magnets to attach to the exterior of a safe and is run by an Arduino microcontroller. 

Oh, and it’s very portable. Like, carry around in a backpack as you sneak into a house portable. What’s more, the robot basically runs itself. 

“We wanted to make this thing as autonomous as possible,” he told the gathered crowd. And autonomous it is: You just hit the red button, and off it goes. 

Checking out the details.

Checking out the details.

Image: jack morse/mashable

To demonstrate just how quickly the robot works (and it does work quickly), Seidle pulled a Sentry Safe that he bought from a Home Depot in Vegas — which he claimed is one of the more common personal combination lock safes — right out of the box at the start of his presentation. With just a few adjustments, his robot was off to the races.  

The safe was fully cracked by 12:31 p.m. The talk started at noon.

Importantly, this tool works for this specific type of safe, but that doesn’t mean your other options are much better. 

Toward the end of his talk, Seidle quickly ran through different methods for locking up your valuables. Say, for example, you want a safe with a key? Or maybe a fancy digital keypad? With a casual dismissal, he mentioned that many of those can be opened in minutes. 

“No matter how much money you spend on a safe, nothing is impervious,” noted Seidle. Which, well, was basically music to the crowd’s ears.  

Because, essentially, nothing can be kept out of reach from a dedicated hacker. Not your computer, not your cellphone, and definitely not whatever it is you keep in your safe at home. Consider yourself warned. 

Https%3a%2f%2fblueprint api production.s3.amazonaws.com%2fuploads%2fvideo uploaders%2fdistribution thumb%2fimage%2f80316%2ff500b367 c74e 4fa7 97cd cde8f19f3003

Creepy spyware has infected Macs for years, and we’re only just realizing it now

Your Mac is not safe. Well, at least not as safe as you think it is. 

That’s the big takeaway following the detailed investigation of a particularly insidious strain of Apple-focused malware that has potentially been around for up to a decade — all the while broadcasting video and audio from victims’ computers back to an unknown attacker. 

The malware, dubbed Fruitfly, was first reported on in January by Malwarebytes. However, it was Synack Chief Security Researcher Patrick Wardle who blew the lid off Fruitfly’s true nature on July 21. 

“[A] hacker built this to spy on users for probably perverse reasons.”

In a conversation with Mashable, Wardle explained that he was sent the malicious software by a friend earlier this year, and that he found it interesting enough to investigate. That investigation led to some unexpected places. 

Wardle discovered that the malware directed infected computers to contact a command and control server for instructions — known as “tasking” — but that the primary server was offline. As such, he realized the computers would look for specific backup domains for their directions. It just so happened that “one or two” of those domains were available for registration.  

So he registered one, and created a server that could talk to the malware. What he found, well, is pretty damn creepy. 

First, Fruitfly gave him both the infected computers’ IP addresses — which can be used to determine their locations — and the computers’ names. With most Macs, the computer name is just the owner’s name. 

So, for starters, Wardle was sitting on the names and locations of many of the victims. But that’s not all. The malware gave him the power to remotely switch on webcams and microphones, take control of mice, change files, and would even notify him if the computer was in use by its owner. 

“Usually you see that in government or nation-state software,” Wardle, who used to work for the NSA, observed. 

But the victims weren’t nation-state actors — they were regular people. Strangely, however, the system didn’t seem designed for financial gain as is more typical of malware infecting the devices of everyday folks. Instead, it appeared to have a completely different objective. 

“[A] hacker built this to spy on users for probably perverse reasons,” explained Wardle, emphasizing that it was “designed to performance surveillance.” 

Approximately 90 percent of the infected computers are located in the U.S., with Wardle identifying around 400 compromised devices. He cautioned that those are just the infected systems he found, and that the total could be in the low thousands. Why so low? He speculated two reasons: To keep things manageable for the aforementioned creep, and to avoid detection. 

Speaking of detection, how did this thing go undiscovered for so long? Well, according to Wardle, a lot of that has to do with Macs.

“Mac security software is not that good,” he noted before elaborating that while Macs are good at detecting known threats, they are not that good at identifying new threats. Which, well, is a not-so-gentle reminder that even Mac users should get webcam covers. What’s more, Wardle added that Macs are actually easier to hack than recent versions of Windows — a statement which is sure to not win him any love in the Apple community. 

Wardle contacted law enforcement with his findings, and he says the entire Fruitfly malware net appears to be shut down at this time. And while that is good news for the 400 victims he identified, the findings suggest that a host of Mac-focused malware may already be out there under all of our noses. All someone needs to do is look for it. 

Https%3a%2f%2fblueprint api production.s3.amazonaws.com%2fuploads%2fvideo uploaders%2fdistribution thumb%2fimage%2f80316%2ff500b367 c74e 4fa7 97cd cde8f19f3003

These hackers stole $85 million in Ether to save it from *the real crooks* (or so they say)

One for you, 85 million for me...
One for you, 85 million for me…

Image: Backyard Production/Getty Images

The clock was ticking. Thieves stole $32 million worth of Ether out of a popular Ethereum wallet, and with every passing minute the potential for additional losses grew. 

And so the White Hat Group stepped in. 

Like something out of a weird cryptocurrency reboot of National Treasure, the unidentified WHG hackers decided to steal the remaining Ether before the crooks could. All $85 million of it. 

Or so they say. 

The claim was posted to Reddit on July 19, and details a plan to return the funds to their rightful owners. Here’s how the poster, jbaylina, says it went down:

“The White Hat Group were made aware of a vulnerability in a specific version of a commonly used multisig contract,” explained the post, referring to a vulnerability in the popular Ethereum wallet Parity that was successfully exploited by unknown thieves. “This vulnerability was trivial to execute, so they took the necessary action to drain every vulnerable multisig they could find as quickly as possible. Thank you to the greater Ethereum Community that helped finding these vulnerable contracts.”

Essentially, the White Hat Group says they came across the vulnerability — likely because hackers were exploiting it to steal the aforementioned loads of Ether — and went ahead and boosted every last bit they could. But for a good cause.  

“If you hold a multisig contract that was drained, please be patient,” the post continued. “We will be creating another multisig for you that has the same settings as your old multisig but with the vulnerability removed and we will return your funds to you there.”

In other words, the WHG says it saw your money sitting in a busted safe, removed it before thieves could, and now promises to return it to you in a new safe that works. Unsurprisingly, people flocked to Reddit to thank them.

“You guys are literal fucking heros [sic],” wrote one person who may or may not have had Ether stolen. “Good fucking job.”

“They’re like ‘The Avengers’, but for buggy smart contracts instead of aliens,” noted another

And so, just like we would with a real-life caped crusader, we are left wondering the identity of the White Hat Group’s members. We reached out to the Reddit user who posted the WHG message, curious as to the group’s motivation and future plans, but perhaps unsurprisingly didn’t receive a response. 

Notably, however, this isn’t the first time WHG members have swooped in to save the day. As ETHNews notes, the WHG previously made waves when it hacked a hacker that had ripped off The DOA, “an investor-directed venture capital fund on Ethereum.” Just like in the recent case, WHG announced it would return the stolen funds that it had recovered. 

Even so, skeptics remain. After all, this unknown person or persons now controls around $85 million worth of Ether. Are they really going to just give it all back?

It’s the $85 million question, and one that an untold number of people in the cryptocurrency community are waiting with bated breath to see answered. 

Https%3a%2f%2fblueprint api production.s3.amazonaws.com%2fuploads%2fvideo uploaders%2fdistribution thumb%2fimage%2f80316%2ff500b367 c74e 4fa7 97cd cde8f19f3003

Remotely hacking ships shouldn’t be this easy, and yet …

The Internet of Things has shown us time and time again that nothing connected to the internet is safe from hackers, and yet we’ve mostly written off security-camera fueled botnets as someone else’s problem. 

But what if the thing in question happens to be a boat loaded with weapons?

A group of cybersecurity researchers is having a field day online with the discovery that the configuration of certain ships’ satellite antenna systems leaves them wide open to attack — and the possible consequences are startling.

Anyone who gained access to the system in question, and was so inclined, could manually change a ship’s GPS coordinates or possibly even brick the boat’s navigation system entirely by uploading new firmware. And why would anyone want to do that?

“Next gen boat ransomware?,” suggested the security researcher x0rz over Twitter direct message with Mashable. “Military special operations? Somalian pirates 2.0?” 

The recent revelation appears to have kicked off with the creation of a ship-tracking map, credited to Jeff Merrick, which shows the real-time locations of boats around the globe. The map is powered by data from Shodan, a search engine that lets users search for internet-connected devices and, according to x0rz, uses data from boats’ very small aperture terminals (VSAT) to pinpoint their locations.

VSATs are common tech on yachts, and allow for internet access and communication even when boats are in movement. Interestingly, at least some boats with one type of VSAT, the SAILOR 900, have public IPv4 addresses without any firewall. And, you guessed it, Shodan makes it possible to search for this type of device. 

Once located, data about the boat — such as its location — is readily available. 

Oh there it is.

Oh there it is.

Image: mashable

But here’s where things get wild: The default login credentials, which are easily found online, remain unchanged on at least some of these devices (we’re choosing not to publish those credentials for what we hope are obvious reasons) — allowing anyone to gain administrator-level access. Once in, x0rz confirmed to Mashable, a ship’s GPS coordinates can be manually changed. What’s more, an attacker could upload their own firmware and possibly brick the entire navigation system in the process. 

“It’s just badly configured,” explained x0rz, “but just like as the rest of the Internet (banking, energy, corporate, …).”

With just a little googling, a person can determine a bit more about the vessel in question — like, for example, that it contains a “secure, sealed, climate-controlled armoury.”  

This isn’t the first time someone has called out Cobham, the UK company that manufactures the SAILOR 900, for potentially problematic security vulnerabilities. A 2014 security white paper from IOActive, a cybersecurity research team, dived into the SAILOR 900 and found that the “vulnerabilities in these terminals make attacks that disrupt or spoof information consumed by the on-board navigations systems, such as ECDIS, technically possible, since navigation charts can be updated in real time via satellite.”

So what does Cobham have to say about all of this? We reached out to the company, but have yet to receive a response. We’ll update if and when we do. 

How worried should we be?

Like so many things, the answer to whether or not we should be concerned about ships being hacked is: it depends. Importantly, x0rz pointed out that the number of boats easily accessible in the above-described manner is limited. However, he also noted that “one is enough to cause a catastrophic event, right?”

And if the boat in question is carrying hazardous material, weapons, or happens to be something other than a pleasure yacht? Well, then we may suddenly find ourselves taking these kind of vulnerabilities a lot more seriously. 

Https%3a%2f%2fblueprint api production.s3.amazonaws.com%2fuploads%2fvideo uploaders%2fdistribution thumb%2fimage%2f80316%2ff500b367 c74e 4fa7 97cd cde8f19f3003