The Search for Infamous Phone Phreaker Susy Thunder

The Verge has a cool story about searching for Susy Thunder, a phone phreaker and social engineer.

Susan found her way into the hacker underground through the phone network. In the late 1970s, Los Angeles was a hotbed of telephone culture: you could dial-a-joke, dial-a-horoscope, even dial-a-prayer. Susan spent most of her days hanging around on 24-hour conference lines, socializing with obsessives with code names like Dan Dual Phase and Regina Watts Towers. Some called themselves phone phreakers and studied the Bell network inside out; like Susan’s groupie friends, they knew how to find all the back doors.

A Crypto Wallet Crack Recovered $2 Million in Tokens

The Verge had a fascinating story out yesterday about a crypto wallet crack that helped two friends get their tokens back. It’s a long-ish read but not overly technical.

Reich gave up and wrote off the money in his mind. He was willing to take the loss — until the price started to rise again. From a low of around $12,000, the value of their tokens started to skyrocket. By the end of 2020, it would be worth more than $400,000, rising briefly to over $3 million. It would be hard to get into the wallet without the PIN — but it wasn’t impossible. And with potentially millions on the line, Reich and his friend vowed to find a way inside.

Saudi Activist With EFF Sues DarkMatter Group for Hacking iPhone

Saudi human rights activist Loujain AlHathloul, along with the Electronic Frontier Foundation, is suing DarkMatter for hacking her iPhone. DarkMatter Group was created and run by former U.S. intelligence operatives.

Reuters broke the news about the hacking program called Project Raven in 2019, reporting that when UAE transferred the surveillance work to Emirati firm DarkMatter, the U.S. operatives, who learned spycraft working for the National Security Agency and other U.S. intelligence agencies, went along and ran DarkMatter’s hacking program, which targeted human rights activists like AlHathloul, political dissenters, and even Americans residing in the U.S.

Hacking US Diplomats in Uganda May Have Led to NSO Group Downfall

ArsTechnica shares the story of how U.S. diplomats in Uganda were hacked by Pegasus, a spyware tool from NSO Group.

Israeli and US officials declined to confirm that the Ugandan hack directly triggered a decision to blacklist NSO. But one US official who discussed the issue with Israel’s defense ministry said: “Look at the entire sequence of events here—this is careful, not by chance.” He added that putting NSO, one of the jewels of Israel’s tech community, on a US blacklist was designed to “punish and isolate” the company.

Microsoft Seizes Domains From Chinese Group 'NICKEL' Used to Attack Governments

NICKEL is a China-based threat actor that targets governments, diplomatic entities, and NGOs around the world. Microsoft’s Digital Crimes Unit has disrupted their operation.

MSTIC has observed NICKEL actors using exploits against unpatched systems to compromise remote access services and appliances. Upon successful intrusion, they have used credential dumpers or stealers to obtain legitimate credentials, which they used to gain access to victim accounts. NICKEL actors created and deployed custom malware that allowed them to maintain persistence on victim networks over extended periods of time.

Cuba Ransomware Gang Made $43.9 Million in Ransom Payments

The FBI also said it traced attacks with Cuba ransomware to systems infected with Hancitor. This is a malware operation to access Windows machines.

It is also worth mentioning that Cuba is also one of the ransomware groups that gather and steal sensitive files from compromised companies before encrypting their files. If companies don’t pay, the Cuba group will threaten to dump sensitive files on a website they have been operating on the dark web since January this year.

Planned Parenthood Hack Leaked Data for 400,000 Patients

In October, a Planned Parenthood facility in Los Angeles suffered a data breach. It affected about 400,000 patients.

Letters from PPLA to affected patients warned that “we identified files that contained your name and one or more of the following: address, insurance information, date of birth, and clinical information, such as diagnosis, procedure, and/or prescription information.”

US Issues Joint Advisory Warning Companies of Iranian Ransomware

In a joint advisory issued on Wednesday, the U.S. is warning that Iranian state-backed hackers are targeting infrastructure companies with ransomware.

The Iranian government-sponsored APT actors are actively targeting a broad range of victims across multiple U.S. critical infrastructure sectors, including the Transportation Sector and the Healthcare and Public Health Sector, as well as Australian organizations. FBI, CISA, ACSC, and NCSC assess the actors are focused on exploiting known vulnerabilities rather than targeting specific sectors.

FBI Says Data Was Not Compromised After Hackers Took Over Email Server

Hackers took over an FBI server over the weekend, sending thousands of fake cyberattack warnings. The agency says no personal information or data was affected.

The agency said it has fixed the software vulnerability that allowed the attack.

The fake emails originated from an FBI-operated server, which was dedicated to pushing notifications to the Law Enforcement Enterprise Portal (LEEP), which the FBI uses to communicate with state and local agencies. The compromised server was not part of the FBI’s corporate email service, the FBI added.

'REvil' Ransomware Group Taken Down Through Multi-Country Effort

The FBI, working with Cyber Command, the Secret Service, and other countries, took down REvil.

According to three people familiar with the matter, law enforcement and intelligence cyber specialists were able to hack REvil’s computer network infrastructure, obtaining control of at least some of their servers. After websites that the hacker group used to conduct business went offline in July, the main spokesman for the group, who calls himself “Unknown,” vanished from the internet.

Anonymous Hacker Shares Twitch Source Code and Payout Data

An anonymous hacker shares data claimed to be Twitch source code. That’s right, not just Twitch data but Twitch itself, its source code and user payout data.

The user posted a 125GB torrent link to 4chan on Wednesday, stating that the leak was intended to “foster more disruption and competition in the online video streaming space” because “their community is a disgusting toxic cesspool”.

VGC can verify that the files mentioned on 4chan are publicly available to download as described by the anonymous hacker.

I have to chuckle about the part where they go on 4chan to complain about toxic websites. Update: Twitch has confirmed the incident.