$1 million heist on Russian bank started with hack of branch router

A prolific hacking group has struck again, this time stealing close to $1 million from Russia’s PIR Bank. The July 3 heist came about five weeks after the sophisticated hackers first gained access to the bank’s network by compromising a router used by a regional branch.

The theft—which according to kommersant.ru is conservatively estimated at about $910,000—is the latest achievement of a group researchers at security firm Group-IB call the MoneyTaker group. In a report published last November that first detailed the group, researchers said its members had conducted 20 successful attacks on financial institutions and legal firms in the US, UK, and Russia. In a follow-up report, Group-IB said MoneyTaker netted about $14 million in the hacks, 16 of which were carried out on US targets, five on Russian banks, and one on a banking-software company in the UK.

While MoneyTaker is skilled at concealing its activities, Group-IB was able to connect the heists by tracing a common set of tactics, techniques, and procedures. After initially gaining access to a target’s network, members often spend months doing reconnaissance in an effort to elevate system privileges to those of a domain administrator. Members also try to remain active inside hacked networks long after the heists are carried out. The attackers also use a variety of freely available tools popular among hackers and security professionals alike, including the Metasploit exploit framework, Microsoft’s PowerShell management framework, and various Visual Basic scripts.

Read 3 remaining paragraphs | Comments

A $225 GPS spoofer can send autonomous vehicles into oncoming traffic *

Billions of people—and a growing number of autonomous vehicles—rely on mobile navigation services from Google, Uber, and others to provide real-time driving directions. A new proof-of-concept attack demonstrates how hackers could inconspicuously steer a targeted automobile to the wrong destination or, worse, endanger passengers by sending them down the wrong way of a one-way road.

The attack starts with a $225 piece of hardware that’s planted in or underneath the targeted vehicle that spoofs the radio signals used by civilian GPS services. It then uses algorithms to plot a fake “ghost route” that mimics the turn-by-turn navigation directions contained in the original route. Depending on the hackers’ ultimate motivations, the attack can be used to divert an emergency vehicle or a specific passenger to an unintended location or to follow an unsafe route. The attack works best in urban areas the driver doesn’t know well and assumes hackers have a general idea of the vehicle’s intended destination.

“Our study demonstrated the initial feasibility of manipulating the road navigation system through targeted GPS spoofing,” the researchers, from Virginia Tech, China’s University of Electronic Sciences and Technology, and Microsoft Research, wrote in an 18-page paper. “The threat becomes more realistic as car makers are adding autopilot features so that human drivers can be less involved (or completely disengaged).”

Read 10 remaining paragraphs | Comments

12 Russian intel officers indicted for hacking the DNC and Clinton campaign

The US Justice Department on Friday filed criminal indictments that accuse 12 Russian intelligence officers of carrying out the 2016 hacks on the Democratic National Committee and the campaign of Hillary Clinton. The officers—one of whom operated under the persona of Guccifer 2.0—then dispersed sensitive communications in an attempt to influence the results of the 2016 election, prosecutors alleged.

The indictments were filed by Special Prosecutor Robert Mueller, who is investigating possible collusion between the presidential campaign of President Donald Trump and the Russian spies US intelligence agencies say interfered with the 2016 election. So far, Mueller’s team has indicted 32 people, including members of a Russian company that blanketed social media with fake news stories and senior members of the Trump campaign. Friday’s indictments were disclosed by Deputy Attorney General Rod Rosenstein at a press conference in Washington, DC.

“The objective of the conspiracy was to hack into the computers of US persons and entities involved in the 2016 US presidential election, steal documents from those computers, and stage release of the stolen documents to interfere with the 2016 US presidential election,” prosecutors wrote in the 29-page indictment. The 12 Russians also allegedly breached computers at the Democratic Congressional Campaign Committee, a state board of elections, and a maker of software used to verify voter registration information. Friday’s indictments come ahead of next week’s scheduled meeting between President Trump and Russian President Vladimir Putin.

Read 3 remaining paragraphs | Comments

Nintendo hid a load-your-own NES emulator inside a GameCube classic

Fans of the early-2000s era GameCube version of the original Animal Crossing likely remember the game including a handful of emulated NES titles that could be played by obtaining in-game items for your house. What players back then didn’t know is that the NES emulator in Animal Crossing can also be used to play any generic NES ROM stored on a GameCube memory card.

Security researcher James Chambers discovered the previously unused and undocumented feature buried in the original Animal Crossing game code and detailed his methodology and findings in a technically oriented Medium post this week.

The key to opening Animal Crossing‘s NES emulator is the game’s generic “NES console” item. Usually, this item simply tells players who try to use it that “I want to play my NES, but I don’t have any software” (separate in-game items are used to play the NES ROMs that are included on the Animal Crossing disc).

Read 6 remaining paragraphs | Comments

Nintendo reportedly rolling out new, more hack-resistant Switch hardware

Months ago, word leaked out to the public of an “unpatchable” exploit method that allowed Switch users to run custom firmware, homebrew code, and even pirated software on all existing hardware. Now, Nintendo is reportedly selling Switch systems that have been fixed at the factory to protect against this exploit.

The report comes from prolific Switch hardware hacker SciresM, who writes that at least some Switches currently on retail shelves are not vulnerable to the coldboot exploit known in hacking circles as “Fusée Gelée.” SciresM suspects that Nintendo has used the iPatch system on the system’s Nvidia Tegra chip to burn new protective code into the boot ROM, cutting off the USB recovery mode overflow error that previously let hackers in.

These boot-ROM iPatches are relatively simple for Nintendo to implement in the factory when the system is manufactured, but they are impossible to load onto the tens of millions of Switch units that had already been sold before the exploit was made public.

Read 4 remaining paragraphs | Comments

Switch pirates don’t want you to pirate their piracy-enabling firmware

As expected, the unpatchable Nintendo Switch exploit published months ago has now led to the existence of piracy-enabling custom firmware for the system. In an ironic twist, though, the makers of that firmware have introduced anti-piracy code to prevent people from pirating their own work.

While there is a free version Team Xecutor’s custom SX OS available online, loading that firmware only allows Switch players to play homebrew software. To load pirated (or “backed up”) versions of copyrighted Switch games, you have to buy a licensed copy of SX OS from an authorized reseller.

Trying to load the paid version of SX OS without a valid license leads the firmware to execute a “brick code” path, locking up the system’s internal NAND memory behind a password. It’s possible to recover your hardware from this “bricked” state, but regaining control can be an opaque process if you don’t know what you’re doing.

Read 8 remaining paragraphs | Comments

China-based hackers burrow inside satellite, defense, and telecoms firms

An advanced hacking campaign originating in China has spent the past year infiltrating satellite operators, defense contractors, and telecoms companies in the US and Southeast Asia, researchers from Symantec said.

The attackers specifically looked for and infected computers one target used to monitor and control satellites, Symantec researchers reported in a blog post published Tuesday. A hack on a second target in the geospatial industry zeroed in on the software-development tools it used. The focus on the operational sides of the unnamed companies suggests that the hackers sought the ability not just to intercept but possibly to also alter communications traffic sent by businesses and consumers.

“Espionage is the group’s likely motive, but given its interest in compromising operational systems, it could also adopt a more aggressive, disruptive stance should it choose to do so,” Symantec researchers wrote.

Read 4 remaining paragraphs | Comments

Rise of the machines: has technology evolved beyond our control?

Technology is starting to behave in intelligent and unpredictable ways that even its creators don’t understand. As machines increasingly shape global events, how can we regain control?

The voice-activated gadget in the corner of your bedroom suddenly laughs maniacally, and sends a recording of your pillow talk to a colleague. The clip of Peppa Pig your toddler is watching on YouTube unexpectedly descends into bloodletting and death. The social network you use to keep in touch with old school friends turns out to be influencing elections and fomenting coups.

Related: YouTube to clamp down on disturbing kids’ videos such as dark Peppa Pig

The cloud is the central metaphor of the int­ernet: a global system of great power that is almost impossible to grasp

While traders might have played a longer game, the machines, faced with uncertainty, got out as quickly as possible

Related: UK homes vulnerable to ‘staggering’ level of corporate surveillance

Users are encouraged to keep their phones in their beds, to record their sleep patterns. Where does all this data go?

In 2016 three networks at Google developed a private form of encryption. The machines are learning to keep their secrets

Continue reading…