Hackers Threaten To Reveal Secret Data Linked To 9/11 Attacks

A hacker group has threatened to reveal “secret” data related to September 11 attacks in the US after claiming to have got access to a large cache of confidential files.

In its announcement published on Pastebin, the group known as The Dark Overlord pointed to several different insurers and legal firms, claiming specifically that it hacked Hiscox Syndicates Ltd, Lloyds of London, and Silverstein Properties, the Motherboard reported on Tuesday.

“Hiscox Syndicates Ltd and Lloyds of London are some of the biggest insurers on the planet insuring everything from the smallest policies to some of the largest policies on the planet, and who even insured structures such as the World Trade Centers,” the group said in the announcement.

The group threatened to reveal the documents unless the victims pay them an undisclosed ransom fee in Bitcoin.

While it is not clear what exact files the group has got access to, it is trying to capitalise on conspiracy theories around the 9/11 attacks.

“We’ll be providing many answers about 9.11 conspiracies through our 18.000 secret documents leak,” the group tweeted on Monday.

A spokesperson for the Hiscox Group confirmed to Motherboard that the hackers had breached a law firm that advised the company, and likely stolen files related to litigation around the 9/11 attacks.

The hacking group published a small set of letters, emails and other documents that mention various law firms, as well as the Transport Security Administration (TSA) and Federal Aviation Administration in the US, according to the Motherboard report.

The group has threatened to release more documents.





Hackers using leaked NSA hacking tools to covertly hijack thousands of computers

More than a year after patches were released to thwart powerful NSA exploits that leaked online, hundreds of thousands of computers are unpatched and vulnerable.

First they were used to spread ransomware. Then it was cryptocurrency mining attacks. Now, researchers say that hackers are using the leaked tools to create an even bigger malicious proxy network.

New findings from security giant Akamai say that the previously reported UPnProxy vulnerability, which abuses the common Universal Plug and Play network protocol, can now target unpatched computers behind the router’s firewall.

Attackers traditionally used UPnProxy to remap the port forwarding settings on an affected router, allowing the obfuscation and routing of malicious traffic — which can be used to launch distributed denial-of-service attacks or spread malware or spam. In most cases, computers on the network were unaffected because they were shielded by the router’s network address translation (NAT) rules.

But now, Akamai says that attackers are using more powerful exploits to burrow through the router and infect individual computers on the network. That gives the attackers a far greater scope of devices it can target, and makes the malicious network far stronger.

“While it is unfortunate to see UPnProxy being actively leveraged to attack systems previously shielded behind the NAT, it was bound to happen eventually,” said Akamai’s Chad Seaman, who wrote the report.

The injections use two exploits — EternalBlue, a backdoor developed by the National Security Agency to target Windows computers; and its “sibling” exploit EternalRed, used to backdoor Linux devices, found independently by Samba. Where UPnProxy modified the port mapping on a vulnerable router, the Eternal family of exploits target the service ports used by SMB, a common networking protocol used on most computers.

Together, Akamai calls the new attack “EternalSilence,” drastically expanding the spread of the proxy network to many more vulnerable devices.

Akamai says more than 45,000 devices are already under the thumb of the massive network — potentially amounting to more than a million computers waiting for commands.

“The goal here isn’t a targeted attack,” said Seaman. “It’s an attempt at leveraging tried and true off the shelf exploits, casting a wide net into a relatively small pond, in the hopes of scooping up a pool of previously inaccessible devices.”

But Eternal-based intrusions are difficult to detect, making it difficult for administrators to know if they’re infected. That said, fixes for both EternalBlue and EternalRed have been available for more than a year — yet millions of devices remain unpatched and vulnerable.

The number of vulnerable devices is going down, but Seaman said that UPnProxy’s new capabilities “may be a last ditch effort to utilize the known exploits against a set of possibly unpatched and previously inaccessible machines.”

Patching against the Eternal exploits is better late than never, but it’s not a silver bullet to fixing the problem. Even disabling UPnP isn’t a one-stop solution. Seaman said it’s “the equivalent of plugging the hole in the boat, but it does nothing to address the water that has made it into your sinking ship.”

Flashing an affected router and disabling UPnP may remediate the issue, but Seaman said in his opinion that the router should probably be “completely replaced.”



I Alexa bug let hackers turn into covert listening device

Amazon Echo speakers listen out for the word “Alexa”, the name of its voice assistant, before completing a command, like “Alexa, read tell me today’s news”. Any interaction with Alexa is recorded to improve the service, but once the command is finished, Alexa stops recording.

But security researchers from Checkmarx developed an Alexa Skill that would have been an Echo user’s worst nightmare. The Skill, a voice app that can be installed on an Echo speaker, would keep Alexa listening long after it should have switched itself off and automatically transcribe what it hears for an attacker.

When an Alexa skill completes its task it is supposed to stop listening. However, sometimes Alexa doesn’t hear a command correctly, which will lead the Echo to ask for the user to repeat it. This “re-prompt” feature could be exploited, the researchers found, and be programmed to carry on listening, while muting Alexa’s responses.



Japanese cryptocurrency exchange loses more than $500 million to hackers

Hackers stole several hundred million dollars’ worth of a lesser-known cryptocurrency from a major Japanese exchange Friday.

Coincheck said that around 523 million of the exchange’s NEM coins were sent to another account around 3 a.m. local time (1 p.m. ET Thursday), according to a Google translate of a Japanese transcript of the Friday press conference from Logmi. The exchange has about 6 percent of yen-bitcoin trading, ranking fourth by market share on CryptoCompare.

The stolen NEM coins were worth about 58 billion yen at the time of detection, or roughly $534.8 million, according to the exchange. Coincheck subsequently restricted withdrawals of all currencies, including yen, and trading of cryptocurrencies other than bitcoin.



Vault 8: WikiLeaks Begins Publishing Source Code for CIA Hacking Tools 

WikiLeaks began publishing the source code of alleged CIA hacking tools Thursday in a new series dubbed “Vault 8.”

The source code, according to a press release from the anti-secrecy organization, is intended to “enable investigative journalists, forensic experts and the general public to better identify and understand covert CIA infrastructure components.”

“Source code published in this series contains software designed to run on servers controlled by the CIA,” WikiLeaks writes, stressing that the material does not contain 0-day or undisclosed vulnerabilities that could be utilized by others.

Hive, the first tool featured in Vault 8, aids the agency in controlling malware installed on target devices.

“Even the most sophisticated malware implant on a target computer is useless if there is no way for it to communicate with its operators in a secure manner that does not draw attention,” WikiLeaks writes. “Using Hive even if an implant is discovered on a target computer, attributing it to the CIA is difficult by just looking at the communication of the malware with other servers on the internet.”

“Hive provides a covert communications platform for a whole range of CIA malware to send exfiltrated information to CIA servers and to receive new instructions from operators at the CIA.”



WikiLeaks website apparently hacked by OurMine 

As of early Thursday morning, the WikiLeaks.org homepage displayed a message that read: “Hi, it’s OurMine (Security Group), don’t worry we are just testing your…. blablablab, oh wait, this is not a security test! Wikileaks, remember when you challenged us to hack you?”