Thousands of sensitive emails stolen in intrusion of Republican campaign arm

Thousands of sensitive emails stolen in intrusion of Republican campaign arm

An email intrusion targeting a key Republican campaign committee allowed unknown people to steal thousands of sensitive emails from four senior aides, Politico reported Tuesday.

The attack on the National Republican Congressional Committee, the main group that works to elect Republicans to the US House of Representatives, allowed the person or group responsible to monitor the aides’ email accounts for several months, Politico said. The intrusion was detected in April by a managed security services provider the NRCC had retained to monitor the security of its network.

The unnamed provider informed NRCC officials, who in turn alerted security firm Crowdstrike. Crowdstrike, which was called in to investigate the Russian government’s 2016 hack of the Democratic National Committee, had already been retained by the NRCC when the intrusion was discovered in April, Politico said.

Read 5 remaining paragraphs | Comments

Marriott says hacking of Starwood Hotel database may have exposed info on 500 million people

Marriott International said on Friday that a guest reservation database of its Starwood Hotel brand was breached, potentially exposing information on about 500 million guests.

The company said its investigation showed that an unauthorized party had copied and encrypted information, and that there had been unauthorized access to the Starwood network since 2014.

The company said it had taken steps to rectify the situation. Marriott was not immediately available for further comments.

For about 327 million of these guests, the information includes some combination of name, mailing address, phone number, email address, passport number, Starwood Preferred Guest account information, date of birth, gender among other personal details, Marriott said.

For some, the information also includes payment card numbers and expiration dates, but those numbers were encrypted, the hotel chain said.

There are two components needed to decrypt the payment card numbers, and at this point, Marriott said it has not been able to rule out the possibility that both were stolen.

The company said it reported this incident to law enforcement and continues to support their investigation and has already begun notifying regulatory authorities.

Marriott bought Starwood in 2016.

© Thomson Reuters 2018

Grand Theft Auto V hack exposed single-player games to malicious trolls

Hackers could briefly create a scene like this at will even in targets' single-player games of <em>Grand Theft Auto V</em>.

Over the years, we’ve written a lot about the apparently easy-to-hack Grand Theft Auto Online and Rockstar’s many, many, many attempts to prevent cheaters from ruining the online experience for legitimate players. Last week, though, players reported that trolls were briefly able to mess with the single-player portion of Grand Theft Auto V through an exploit targeting players’ Rockstar Social Club accounts.

You can see an example of the single-player hacking in action in this Twitch clip, where a troll follows user SnowieLive after kicking him from an online session and continually kills his avatar in the single-player mode. “You’re not safe in single player,” the hacker says in a somewhat on-the-nose message in the clip. Similar clips from GTA speedrunner FriendlyBaron show hackers loading jets into his path and simply killing his character in mid-drive during a run.

Players that track the state of cheating tools in the Grand Theft Auto universe noted last week that one popular “mod menu” was advertising the newfound ability to discover an online player’s Rockstar ID, a hidden string of numbers associated with their Rockstar Social Club account. With that number, hackers using that tool could take control of an online user’s single-player games, with new abilities including “Rockstar admin kick, Network kick, Ragdoll, Fake money correction, Kill, Spawn vehicle, and send crew message.”

Read 2 remaining paragraphs | Comments

Fortnite, GTA V hackers face legal action for online cheating

Fortnite, GTA V hackers face legal action for online cheating

It’s pretty standard for game developers to use a variety of technical and community management methods to try to stop cheaters from ruining the online experience for legitimate players. But some game makers are increasingly using the courts to try to stop the spread of mods that give players an unfair advantage, as highlighted by a pair of stories this week.

The first such story comes from Rockstar and Take-Two, which have convinced an Australian court to freeze the assets of five people believed to be behind Grand Theft Auto V cheating software known as “Infamous.” The full court order, as reported by TorrentFreak, also allows authorities to search the homes and computers of Christopher Anderson, Cycus Lesser, Sfinktah, Koroush Anderson, and Koroush Jeddian. Authorities are looking for evidence of the creation or distribution of “any software that provides a player of Grand Theft Auto V access to unauthorized features…”

The Infamous “mod menu” gives users pretty much full control over the world of Grand Theft Auto universe, online or off, granting abilities that include teleportation, flying, and full environmental manipulation. Perhaps most distressingly for Rockstar and Take-Two, the mod also let players generate arbitrary amounts of virtual currency for themselves or other players online, which could have a direct effect on the game’s microtransaction-driven bottom line.

Read 9 remaining paragraphs | Comments

Why is a Lisbon soccer team trying to unmask Portuguese bloggers in US court?

Pizzi of SL Benfica in action during the Liga NOS match between SL Benfica and FC Porto at Estadio da Luz on October 7, 2018 in Lisbon, Portugal.

In April 2018, a professional Portuguese soccer team sued three major American tech companies—Google, Cloudflare, and Automattic—in federal court in Los Angeles.

The soccer club, Benfica, alleged that the American companies were partially responsible for disseminating internal memos, presentations, and emails obtained via a 2017 phishing attack against it.

However, in recent weeks, American lawyers for Benfica agreed to remove the tech firms from the lawsuit, most of whom had formally filed motions to dismiss previously.

Read 11 remaining paragraphs | Comments

Bloomberg stands by Chinese chip story as Apple, Amazon ratchet up denials

A hoody man stands before a multi-story glass building.

On Thursday morning, Bloomberg published a bombshell story claiming that the Chinese government had used tiny microchips to infiltrate the data centers of Apple and Amazon. Apple and Amazon, for their part, responded with unusually specific and categorical denials. It’s clear that someone is making a big mistake, but 24 hours later, it’s still not clear whether it’s Bloomberg or the technology companies.

On Thursday afternoon, Apple laid out its case against the story in a lengthy post on its website. The post specifically disputed a number of Bloomberg’s claims. For example, Bloomberg says that after discovering a mysterious chip in one of its servers, Apple “reported the incident to the FBI,” leading to an investigation. Apple flatly denies that this occurred.

“No one from Apple ever reached out to the FBI about anything like this,” Apple writes. “We have never heard from the FBI about an investigation of this kind.”

Read 6 remaining paragraphs | Comments

Russian spies hacked officials to protect doping athletes, US charges

Article intro image

The US government announced on Thursday that it has indicted seven Russian intelligence officials for hacking targets in the United States.

Ordinarily, intelligence agencies focus on issues related to national security. But a federal indictment announced on Thursday charges that Russian spies waged a long-running campaign to undermine investigations into doping activities by Russian athletes during the 2014 Winter Olympics in Sochi.

Key Russian attacks were carried out in 2016, days after the World Anti-Doping Agency released an initial report on Russian doping activities. Russian agents targeted anti-doping organizations to gather information to undermine the investigation and embarrass non-Russian athletes.

Read 4 remaining paragraphs | Comments

NewEgg hit by card-stealing code injected into shopping code

The popular computer and electronics Web retailer NewEgg has apparently been hit by the same payment-data-stealing attackers who targeted TicketMaster UK and British Airways. The attackers, referred to by researchers as Magecart, managed to inject 15 lines of JavaScript into NewEgg’s webstore checkout that forwarded credit card and other data to a server with a domain name that made it look like part of NewEgg’s Web infrastructure. It appears that all Web transactions over the past month were affected by the breach.

Details of the breach were reported by the security research firms RiskIQ (which exposed the code behind the British Airways attack) and Volexity Threat Research today. The attack was shut down by NewEgg on September 18, but it appears to have been actively siphoning off payment data since August 16, according to reports from the security researchers. Yonathan Klijnsma, head researcher at RiskIQ, said that the methods and code used are virtually identical to the attack on British Airways—while the Ticketmaster breach was caused by code injected from a third-party service provider, both the BA breach and the NewEgg attack were the result of a compromise of JavaScript libraries hosted by the companies themselves.

The domain used by the attack, neweggstats.com, was hosted on a server at the Dutch hosting provider WorldStream and had a certificate. The domain was registered through Namecheap on August 13, using a registration privacy protection company in Panama. The domain’s TLS certificate was purchased through Comodo on the same day. The Comodo certificate was likely the most expensive part of the attackers’ infrastructure.

Read 4 remaining paragraphs | Comments