All posts in “hacking”

Cybersecurity researchers say Olympics hacker aimed to embarrass

Ya burnt.
Ya burnt.

Image: Matthias Hangst/Getty Images

The hot new trend in Winter Olympics fashion? Making the host country look like a chump. 

Following reports that Olympic organizers had their servers hacked during the opening ceremony, security researchers have dug into the malware responsible and come to an interesting conclusion: Embarrassment was the name of the game. 

According to Talos, “Cisco’s industry-leading threat intelligence team,” the attack that knocked Olympic press center TVs offline and forced the temporary shutdown of the Pyeongchang 2018 website was tailored to be destructive. 

In other words, unlike the ransomware that swept the globe last year, there was no clear financial motive. And it doesn’t look like the attackers were after information, either. 

“The purpose of this malware is to perform destruction of the host, leave the computer system offline, and wipe remote data,” explained report authors Warren Mercer and Paul Rascagneres. “Disruption is the clear objective in this type of attack and it leaves us confident in thinking that the actors behind this were after embarrassment of the Olympic committee during the opening ceremony.”

The researchers at Talos dubbed the malware “Olympic Destroyer,” just in case anyone was unclear about their conclusions. 

Deleting that data.

Deleting that data.

Image: Talos

Importantly, there is no foolproof way to know with 100 percent certainty what motivated the hackers. However, a plot to muck things up isn’t that farfetched. After all, there is at least one powerful actor that could conceivably have such a motive. 

Russia was banned from officially competing in this year’s Winter Olympics by the International Olympic Committee, and hasn’t taken that reality well. The Washington Post reported today that Russian foreign minister Sergei Lavrov claimed the reason for the ban — state-sponsored doping — was invented by the United States because the U.S. “can’t beat us fairly.”

So, yeah, clearly someone is upset — and Russia has been known to wield its powerful hacking skills in a variety of unsavory ways

Does that mean Russia perpetrated the hack? At this point, it’s too early to say. However, if an attack during the opening ceremony is any indication of what’s to come, we may just end up with plenty more opportunities to find out. 

Https%3a%2f%2fblueprint api production.s3.amazonaws.com%2fuploads%2fvideo uploaders%2fdistribution thumb%2fimage%2f84484%2f4e01c3d4 79b9 46fe adaf 6776164bdd41

Olympic organizers hit with hack during opening ceremony

Burn.
Burn.

Image: Ian MacNicol/Getty Images

International unity be damned.

The 2018 Winter Olympics opening ceremony was an opportunity for athletes around the world to proudly wave their nation’s flag and welcome the start of a time-honored tradition of peaceful competition. Oh, and it was also a chance for another highly skilled subset of the planet’s population to strut their stuff — specifically, hackers. 

According to the South Korean news agency Yonhap News, servers belonging to Olympic organizers were hacked during this year’s Feb. 9 opening ceremony. As a result, the TVs at the main press center are said to have malfunctioned. 

What’s more, in response to the attack, organizers briefly shut down their own servers — temporarily knocking the Pyeongchang 2018 website offline in the process. 

At present, not much is known about the individual or individuals behind the attack. However, that the Olympics and related organizations are a prime target for hackers is nothing new. In 2016, the World Anti-Doping Agency admitted to being the victim of a hack, saying that Russian hackers had stolen confidential medical data pertaining to athletes.  

Not a hack in sight.

Not a hack in sight.

Image: Jamie Squire/Getty Images

On top of that, officials have long suspected that this year’s games were going to present a unique cybersecurity challenge. In January, for example, security firm McAfee disclosed the existence of a hacking campaign targeting Olympic-affiliated organizations and noted that more was likely to come. 

“With the upcoming Olympics, we expect to see an increase in cyberattacks using Olympics-related themes,” the company explained in its report. “In similar past cases, the victims were targeted for their passwords and financial information. In this case the adversary is targeting the organizations involved in the Winter Olympics by using several techniques to make it more tempting to open the weaponized document.”

In other words, the opening ceremony hack might just be the first of many we’ll see over the course of this year’s Olympic Games. Here’s hoping that malfunctioning televisions are the worst thing that comes of it. 

Https%3a%2f%2fblueprint api production.s3.amazonaws.com%2fuploads%2fvideo uploaders%2fdistribution thumb%2fimage%2f84484%2f4e01c3d4 79b9 46fe adaf 6776164bdd41

Apple thinks you should really chill about that iBoot leak

Just chilllllll out already mannnnnn.
Just chilllllll out already mannnnnn.

Image: Stephen Lam/Getty Images

Everyone, take a deep breath. It’s going to be OK. 

Yes, a piece of Apple’s iOS source code was posted to GitHub this week, but it turns out that when it comes to the security of your iPhone the iBoot leak might just be much ado about nothing. 

This, of course, is Apple’s official line — but it turns out that the three-quarters of a trillion-dollar company may be doing more than covering its own ass. It might just be, surprise, telling the truth. 

Maybe.

“Old source code from three years ago appears to have been leaked, but by design the security of our products doesn’t depend on the secrecy of our source code,” the company insisted in a statement to Mashable. 

And that’s more or less the thinking of security researcher Patrick Wardle, who you may remember from his work exposing the super creepy Fruitfly malware. When asked about the possible impact of this leak on iOS security, he explained why we can all probably rest easy. 

“Having access to source code shouldn’t make a system less secure (e.g. Linux is open source and very secure),” he noted over Twitter direct message. “[Real] hackers don’t need access to source code — they can reverse a binary and find bugs.”

Now, this doesn’t mean that there won’t be any security effects of the leak, just likely not ones that will shake your personal iPhone to its core.  

YOU GOOD?

YOU GOOD?

Image: Scott Olson/Getty Images

“[This] does make it way easier for pretty much anybody to look for bugs now,” observed Wardle, “and since iOS bugs are so valuable — it may be unlikely that if somebody finds a bug they will report it to [Apple], vs sell it for wayyy more $$$.”

Of course, some skepticism of Apple’s everything is fine claim is definitely warranted. As security researcher and penetration tester Dan Tentler pointed out over email, “ask yourself this: would [Apple] release a press statement saying the sky is falling and that this [iBoot] leak will allow people to break into [iPhones] easier?”

Point taken. And we can assume there will be some ramifications, but explosive ones? Hard to say. 

“Apple saying it’s old, yah that’s true,” noted Wardle, “but a lot of that code is likely still used in iOS 11. So if you find a bug in the leaked [source] code, it may still be applicable today.”

In the end, while the leak of the iBoot source code obviously isn’t a good look for Apple, according to Wardle it doesn’t presage a security apocalypse for the average iPhone owner. He assured us that the “sky isn’t falling” and that access to source code does not automatically equal exploits. 

So, like we said, you can take a deep breath. And, once you’ve done that (and updated your phone to the latest operating system), go back to worrying about Spectre and Meltdown

[embedded content]

Aperio raises a $4.5M seed round to protect power plants from hackers


Protecting critical infrastructure like power plants and other industrial plants is just as important as it’s challenging. It’s one thing to take over a remote machine to mine some Bitcoin, but you’ve got a totally different problem when those hackers try to manipulate the physical infrastructure of your power plant with the goal of causing an explosion. With their thousands of connected sensors, valves and actuators, power stations also make for attractive targets.

Israel’s Aperio Systems, which today announced that it has raised a $4.5 million seed round, aims to make it easier for operators to detect and mitigate potential intrusions before they can cause any harm.

The round includes a strategic investment from Energias de Portugal, one of Europe’s largest utilities which started out as a pilot customer for Aperio. Other investors including Data Point Capital, Jump Capital and Scopus Ventures.

As Aperio co-founder CEO Michael Shalyt tells me, hackers often try to manipulate the physical infrastructure of a plant, but at the same time, they try to hide their activities by tricking sensors into reporting that everything is working as usual, even as the pressure in a valve is rising. That’s not something that your typical security system is able to detect, but that’s what Aperio specializes in.

The company’s tools can detect when this physical data is tampered with because it doesn’t just look at the data that these sensors report but also at all of the noise from the existing sensors that’s typically filtered out. By using machine learning techniques, Aperio essentially creates fingerprints of these sensors based on this noise. When hackers forge this data, they can’t reproduce this noise, so the system knows when things go awry. Looking at the plant as a whole, Aperio can also typically tell you what’s actually happening underneath the forged data so that operators can decide whether they have to hit the red button and shut down operations or whether they have enough time for a controlled shutdown.

One advantage here is that plants don’t have to change their existing setup — something most of them are loath to do anyway.

Aperio, which currently has about a dozen employees (mostly engineers), plans to use the new funding to improve its core technology, build out more tools for its customers and to expand into new geographies. Currently, Aperio is mostly active in Israel and Europe, but it’s also now starting to work with a company in Australia and it’s looking at Asia and the U.S. for further expansion.

Featured Image: zhuyongming/Getty Images

Purchased a OnePlus phone? Yeah, your credit card might have been stolen.

Phone with a side of theft.
Phone with a side of theft.

Image: RAYMOND WONG/MASHABLE

Things aren’t looking so hot for approximately 40,000 OnePlus customers. And no, not because they’ll probably have to wait until June to upgrade to the OnePlus 6. 

It turns out that the company’s website was hacked, and in the process credit card numbers and other payment information was likely stolen. 

According to a statement issued by the Chinese smartphone manufacturer, “a malicious script was injected into the payment page code to sniff out credit card info while it was being entered.”

What this means in practice is that, from roughly mid November of 2017 to January 11, 2018, any customer who put their credit card into OnePlus.net could have had it lifted by hackers. Some customers are already reporting fraudulent charges

“The malicious script operated intermittently, capturing and sending data directly from the user’s browser,” the company said in a statement. “It has since been eliminated. We have quarantined the infected server and reinforced all relevant system structures.”

OnePlus emailed the customers it believes might have been affected, and noted that both card expiration dates and security codes could also have been stolen. 

Image: RAYMOND WONG/MASHABLE

Security researchers at Fidus Information Security looked into the breach, and what they found doesn’t look so good for OnePlus. According to a Fidus blogpost, “OnePlus do not appear to be PCI compliant, nor do they mention this anywhere on the website.”

Why does this matter? PCI is short for Payment Card Industry Data Security Standard, and, according to the PCI Security Standards Council, the standards are “the operational and technical requirements for organizations accepting or processing payment transactions, and for software developers and manufacturers of applications and devices used in those transactions.”

In other words, according to Fidus, OnePlus may not have been taking basic steps to protect its customers data. Like we said, not looking good. 

So, what can you do if you got an email from OnePlus notifying you of the breach? Not much, unfortunately. OnePlus says you should check your bank statement for fraudulent charges, and reach out to the company for any “enquiries.” 

OnePlus will also offer “one year of credit monitoring to affected customers,” according to a company spokesperson. 

Somehow, for those who already had their credit cards stolen, we don’t imagine these measures will provide much solace.

This story has been updated to note that OnePlus is offering limited credit monitoring.

Https%3a%2f%2fvdist.aws.mashable.com%2fcms%2f2017%2f11%2fac0b75c3 6d62 ce77%2fthumb%2f00001