Advertisements

CELEBRAGEDDON Hacking Scandal Update: Edward Majerczyk Sentenced to Nine Months

jlaw-academy-awards

Majerczyk faced up to five years in prison. His lawyers argued in a sentencing memo that his participation was limited to the unauthorized access of information on his personal computer, ‘for his personal use and viewing only.’

“Majerczyk sent phishing emails to his victims, tricking them into providing their usernames and passwords to a third-party website, according to a plea agreement. He in turn used the information to access their accounts, leading to material belonging to more than 300 victims.”

CHICAGO — A Chicago man was sentenced to nine months in a plea deal Tuesday for hacking the electronic accounts of 30 celebrities and stealing their personal data, including nude photos and videos.

[ARCHIVE – The CELEBRAGEDDON of 2014: Jennifer Lawrence Requests Nude Pics Investigation]

[MORE – Social Media Goes Cuckoo Bananas Over Massive Celebrity Nude Photo Leak]

Edward Majerczyk, 29, was accused of orchestrating a phishing scheme from November 2013 to August 2014 that netted personal information from celebrities including Jennifer Lawrence, Kate Upton and many more in Los Angeles.

Lawrence likened the privacy invasion to a “sex crime” and said she worried about its impact on her career.

dunst-freakout-celeb

Majerczyk, the son of two Chicago police officers, did not plead guilty to distributing the images. His plea was limited to
hacker-1his role in obtaining them.

“At the time of the offense, Mr. Majerczyk was suffering from depression and looked to pornography websites and Internet chat rooms in an attempt to fill some of the voids and disappointment he was feeling in his life.”

After his case was transferred from California to Chicago, he pleaded guilty in September to one count of unauthorized access to a protected computer to obtain information.

A spokesman for the US attorney’s office in Los Angeles told the Chicago Tribune that the investigation into who leaked the sensitive information was ongoing.

[Coconuts: Kirsten Dunst Leads Celeb Anger at Apple Over Stars’ Nude iCloud Images Stolen]

[MORE – Nude Celebrity Leak Panic on Horizon as Mainland China Attacks Apple’s iCloud]

Majerczyk sent phishing emails to his victims, tricking them into providing their usernames and passwords to a third-party website, according to a plea agreement. He in turn used the information to access their accounts, leading to material belonging to more than 300 victims, according to the plea agreement.

Jlaw-denounce-ap-story

Majerczyk faced up to five years in prison. His lawyers argued in a sentencing memo that his participation was limited to the unauthorized access of information on his personal computer, “for his personal use and viewing only.” Read the rest of this entry »

Advertisements

Powerful NSA Hacking Tools Have Been Revealed Online: ‘Keys to the Kingdom’

NSA headquarters. Image: Wikimedia Commons

Strings of code were released to the Internet by a group calling themselves ‘the Shadow Brokers’. They claim the code is a tool that can be used to hack into any computer. 

The cache mysteriously surfaced over the weekend and appears to be legitimate. 

Ellen Nakashima reports: Some of the most powerful espionage tools created by the National Security Agency’s elite group of hackers have been revealed in recent days, a development that could pose severe consequences for the spy agency’s operations and the security of government and corporate computers.

“Faking this information would be monumentally difficult, there is just such a sheer volume of meaningful stuff. Much of this code should never leave the NSA.”

— Nicholas Weaver, a computer security researcher at the University of California at Berkeley

A cache of hacking tools with code names such as Epicbanana, Buzzdirection and Egregiousblunder appeared mysteriously online over the weekend, setting the security world abuzz with speculation over whether the material was legitimate.

panic-betty

The file appeared to be real, according to former NSA personnel who worked in the agency’s hacking division, known as Tailored Access Operations (TAO).

[Read the full story here, at The Washington Post]

“Without a doubt, they’re the keys to the kingdom,” said one former TAO employee, who spoke on the condition of anonymity to discuss sensitive internal operations. “The stuff you’re talking about would undermine the security of a lot of major government and corporate networks both here and abroad.”

Said a second former TAO hacker who saw the file: “From what I saw, there was no doubt in my mind that it was legitimate.”

 0624-ANSA-NSA_Phone_Records_Big_Data_full_600

“Without a doubt, they’re the keys to the kingdom. The stuff you’re talking about would undermine the security of a lot of major government and corporate networks both here and abroad.”

Strings of code were released to the Internet by a group calling themselves “the Shadow Brokers”. They claim the code is a tool that can be used to hack into any computer.

The file contained 300 megabytes of information, including several “exploits,” or tools for taking control of firewalls in order to control a network, and a number of implants that might, for instance, exfiltrate or modify information.

The exploits are not run-of-the-mill tools to target everyday individuals. They are expensive software used to take over firewalls, such as Cisco and Fortinet, that are used “in the largest and most critical commercial, educational and government agencies around the world,” said Blake Darche, another former TAO operator and now head of security research at Area 1 Security.

The software apparently dates back to 2013 and appears to have been taken then, experts said, citing file creation dates, among other things.

us_nsa_cyber_ap

“The tools were posted by a group calling itself the Shadow Brokers using file-sharing sites such as BitTorrent and DropBox.”

“What’s clear is that these are highly sophisticated and authentic hacking tools,” said Oren Falkowitz, chief executive of Area 1 Security and another former TAO employee.

Several of the exploits were pieces of computer code that took advantage of “zero-day” or previously unknown flaws or vulnerabilities in firewalls, which appear to be unfixed to this day, said one of the former hackers.

The disclosure of the file means that at least one other party — possibly another country’s spy agency — has had access to the same hacking tools used by the NSA and could deploy them against organizations that are using vulnerable routers and firewalls. It might also see what the NSA is targeting and spying on. And now that the tools are public, as long as the flaws remain unpatched, other hackers can take advantage of them, too.

The judge says the government learned from its mistakes on 9/11. | AP Photo

“The disclosure of the file means that at least one other party — possibly another country’s spy agency — has had access to the same hacking tools used by the NSA and could deploy them against organizations that are using vulnerable routers and firewalls. It might also see what the NSA is targeting and spying on. And now that the tools are public, as long as the flaws remain unpatched, other hackers can take advantage of them, too.”

The NSA did not respond to requests for comment.

“Faking this information would be monumentally difficult, there is just such a sheer volume of meaningful stuff,” Nicholas Weaver, a computer security researcher at the University of California at Berkeley, said in an interview. “Much of this code should never leave the NSA.”

The tools were posted by a group calling itself the Shadow Brokers using file-sharing sites such as BitTorrent and DropBox. Read the rest of this entry »


[VIDEO] More Leaked DNC Data Coming 

Congressional Democrats are scrambling to assess the scope of an unprecedented leak that revealed the personal data of nearly 200 current and former House Democrats, and they are bracing for more leaked data. Iconic Security CEO Adam Ghetti joins Lunch Break and explains how the FBI deals with data breaches.

pelosi-incandescentspy-data-nsa-gop-nro Read the rest of this entry »


America: “No! We’re Not!

emails


15 Million T-Mobile Customers Affected by Experian Data Breach, Including Social Security Numbers, More 

cool-blue-servers-data

T-Mobile has confirmed this evening that as many as 15 million of its customers have been affected by a data breach. As the company is quick to point out, however, the breach did not occur on its servers, but rather its credit partner’s, Experian.

While Experian and T-Mobile both confirm that no credit card or banking information was compromised in the breach, a variety of other sensitive information was. Customer names, addresses, birthdates, Social Security numbers, and ID numbers were all leaked as part of the attack.

The attack affects approximately 15 million people who required a credit check when signing up for device financing through T-Mobile. Perhaps most notably, however, the vulnerability was open for more than two years, from September 1, 2013 though September 16, 2015.

T-Mobile says that it is offering two years of free credit monitoring to anyone who fears they could have been affected by the breach. T-Mobile CEO John Legere wrote in an open letter on the carrier’s website that he is “incredibly angry about this data breach” and that T-Mobile will be reevaluating its relationship with Experian.

T-Mobile CEO on Experian’s Data Breach

I’ve always said that part of being the Un-carrier means telling it like it is. Whether it’s good news or bad, I’m going to be direct, transparent and honest.We have been notified by Experian, a vendor that processes our credit applications, that they have experienced a data breach. The investigation is ongoing, but what we know right now is that the hacker acquired the records of approximately 15 million people, including new applicants requiring a credit check for service or device financing from September 1, 2013 through September 16, 2015. These records include information such as name, address and birthdate as well as encrypted fields with Social Security number and ID number (such as driver’s license or passport number), and additional information used in T-Mobile’s own credit assessment. Experian has determined that this encryption may have been compromised. We are working with Experian to take protective steps for all of these consumers as quickly as possible. Read the rest of this entry »


Full Scale Non-Stop Global Panic Update: Obama’s Cyber Meltdown Keeps Getting Worse

cyber-meltdown-wsj

When the Administration disclosed the OPM hack in early June, they said Chinese hackers had stolen the personal information of up to four million current and former federal employees. The suspicion was that this was another case of hackers (presumably sanctioned by China’s government) stealing data to use in identity theft and financial fraud. Which is bad enough.

Yet in recent days Obama officials have quietly acknowledged to Congress that the hack was far bigger, and far more devastating. It appears OPM was subject to two breaches of its system in mid-to-late 2014, and the hackers appear to have made off with millions of security-clearance background check files.

These include reports on Americans who work for, did work for, or attempted to work for the panic_300Administration, the military and intelligence agencies. They even include Congressional staffers who left government—since their files are also sent to OPM.

[Read the full text here, at WSJ]

This means the Chinese now possess sensitive information on everyone from current cabinet officials to U.S. spies. Background checks are specifically done to report personal histories that might put federal employees at risk for blackmail. The Chinese now hold a blackmail instruction manual for millions of targets.

These background checks are also a treasure trove of names, containing sensitive information on an applicant’s spouse, children, extended family, friends, neighbors, employers, landlords. Each of those people is also now a target, and in ways they may not contemplate. In many instances the files contain reports on applicants compiled by federal investigators, and thus may contain information that the applicant isn’t aware of.

viv-light-nsa

Of particular concern are federal contractors and subcontractors, who rarely get the same security training as federal employees, and in some scenarios don’t even know for what agency they are working. These employees are particularly ripe targets for highly sophisticated phishing emails that attempt to elicit sensitive corporate or government information. Read the rest of this entry »


Want to Read Hillary’s E-mails? Ask China

chinese-hacker-reuters

China appears to have scored a major win here

Tom Roganunnamed-1 writes: ‘We have a lot of information about people, and that is something that our adversaries want.”

That’s how Donna Seymour, an Office of Personnel Management (OPM) official recently described the OPM hacking to a reporter for the Washington Post. As we found out yesterday, in April, Chinese hackers intruded OPM networks and potentially acquired the personal information of 4 million U.S. government employees.

“China has exceptionally capable, experienced, and wide-ranging cyber-hacking forces. These units are experts at both physical access and remote penetration of network-security systems.”

So how did this happen? Well, according to an OPM press release, the agency has been upgrading its network security over the past year. That said, yesterday’s press release also notes that it was only after the April hacking that OPM focused on “restricting remote access for network administrators…and deploying anti-malware software” against
programs that might “compromise the network.” In short, OPM hasn’t beenmoving fast enough to prevent hacking.

China12-553x360

“In short, everything you would never want your enemy to know about you – from a counterintelligence viewpoint, this breach represents a true nightmare scenario.”

Regardless, it makes sense that China was involved in the intrusion. For a start, China has exceptionally capable, experienced, and wide-ranging cyber-hacking forces. These units are experts at both physical access and remote penetration of network-security systems.

[Read the full text here, at National Review Online]

Moreover, China has a penchant for attacking the OPM. In July last year, the New York Times reported on China’s hacking of OPM information on applicants for top-secret security clearances.

[Also see – Obama Needs to Respond to the Chinese Government Hack — and All Their Other Provocations, Too]

That the OPM didn’t urgently upgrade its security after that 2014 incident is inexcusable. We’ve paid the price in our damaged national security. Read the rest of this entry »