#1 Trusted Cybersecurity News Platform Followed by 4.50+ million
The Hacker News Logo
Get the Free Newsletter
SaaS Security

CIA Hacker | Breaking Cybersecurity News | The Hacker News

Ex-CIA Accused of Leaking Secret Hacking Tools to WikiLeaks Gets Mistrial

Ex-CIA Accused of Leaking Secret Hacking Tools to WikiLeaks Gets Mistrial

Mar 09, 2020
A federal judge in New York on Monday declared a mistrial in the case of a former CIA software engineer who was accused of stealing a massive trove of the agency's classified hacking and tools and leaking it to WikiLeaks whistleblower website. While the jury was unable to reach a verdict on eight counts of the theft and transmission of CIA's confidential documents, it did find ex-CIA Joshua Schulte guilty on two counts of contempt of court and making false statements to the FBI investigators. Schulte's lawyers last month asked the court for a mistrial in this case claiming the prosecutors withheld evidence that could exonerate his client during the four-week trial in the Manhattan federal court. Potentially, as a result of this, jurors failed to reach a unanimous agreement on the most severe charges against Schulte after deliberating since last week. Schulte, who designed hacking tools and malware for both the CIA and NSA to break into adversaries computers,
Accused CIA Leaker Faces New Charges of Leaking Information From Prison

Accused CIA Leaker Faces New Charges of Leaking Information From Prison

Nov 02, 2018
Joshua Adam Schulte , a 30-year-old former CIA computer programmer who was indicted over four months ago  for masterminding the largest leak of classified information in the agency's history, has now been issued three new charges. The news comes just hours after Schulte wrote a letter to the federal judge presiding over his case, accusing officials at Manhattan Metropolitan Correctional Center of interfering with his case pleading and subjecting him to "cruel and unusual punishment" in pre-trial detention. "The shit-filled showers where you leave dirtier than when you entered; the flooding of the tiers and cages with ice-cold water; the constant blast of cold air as we are exposed to extreme cold without blankets or long-sleeve shirts; the uncontrollable lights that are always on as we are sleep deprived...No human being should ever have to experience this torture," Schulte wrote. Schulte, who once designed hacking tools and malware for both the CIA and
How to Accelerate Vendor Risk Assessments in the Age of SaaS Sprawl

How to Accelerate Vendor Risk Assessments in the Age of SaaS Sprawl

Mar 21, 2024SaaS Security / Endpoint Security
In today's digital-first business environment dominated by SaaS applications, organizations increasingly depend on third-party vendors for essential cloud services and software solutions. As more vendors and services are added to the mix, the complexity and potential vulnerabilities within the  SaaS supply chain  snowball quickly. That's why effective vendor risk management (VRM) is a critical strategy in identifying, assessing, and mitigating risks to protect organizational assets and data integrity. Meanwhile, common approaches to vendor risk assessments are too slow and static for the modern world of SaaS. Most organizations have simply adapted their legacy evaluation techniques for on-premise software to apply to SaaS providers. This not only creates massive bottlenecks, but also causes organizations to inadvertently accept far too much risk. To effectively adapt to the realities of modern work, two major aspects need to change: the timeline of initial assessment must shorte
How CIA Agents Covertly Steal Data From Hacked Smartphones (Without Internet)

How CIA Agents Covertly Steal Data From Hacked Smartphones (Without Internet)

Jul 13, 2017
WikiLeaks has today published the 16th batch of its ongoing Vault 7 leak , this time instead of revealing new malware or hacking tool, the whistleblower organisation has unveiled how CIA operatives stealthy collect and forward stolen data from compromised smartphones. Previously we have reported about several CIA hacking tools, malware and implants used by the agency to remotely infiltrate and steal data from the targeted systems or smartphones. However, this time neither Wikileaks nor the leaked CIA manual clearly explains how the agency operatives were using this tool. But, since we have been covering every CIA leak from the very first day, we have understood a possible scenario and have illustrated how this newly revealed tool was being used. Explained: How CIA Highrise Project Works In general, the malware uses the internet connection to send stolen data after compromising a machine to the attacker-controlled server (listening posts), but in the case of smartphones,
cyber security

Automated remediation solutions are crucial for security

websiteWing SecurityShadow IT / SaaS Security
Especially when it comes to securing employees' SaaS usage, don't settle for a longer to-do list. Auto-remediation is key to achieving SaaS security.
Wikileaks Reveals CIA Malware that Hacks & Spy On Linux Computers

Wikileaks Reveals CIA Malware that Hacks & Spy On Linux Computers

Jun 30, 2017
WikiLeaks has just published a new batch of the ongoing Vault 7 leak , this time detailing an alleged CIA project that allowed the agency to hack and remotely spy on computers running the Linux operating systems. Dubbed OutlawCountry , the project allows the CIA hackers to redirect all outbound network traffic on the targeted computer to CIA controlled computer systems for exfiltrate and infiltrate data. The OutlawCountry Linux hacking tool consists of a kernel module, which the CIA hackers load via shell access to the targeted system and create a hidden Netfilter table with an obscure name on a target Linux user. "The new table allows certain rules to be created using the "iptables" command. These rules take precedence over existing rules, and are only visible to an administrator if the table name is known. When the Operator removes the kernel module, the new table is also removed," CIA's leaked  user manual reads. Although the installation and persi
Brutal Kangaroo: CIA-developed Malware for Hacking Air-Gapped Networks Covertly

Brutal Kangaroo: CIA-developed Malware for Hacking Air-Gapped Networks Covertly

Jun 22, 2017
WikiLeaks has published a new batch of the ongoing Vault 7 leak , this time detailing a tool suite – which is being used by the CIA for Microsoft Windows that targets "closed networks by air gap jumping using thumb drives," mainly implemented in enterprises and critical infrastructures. Air-gapped computers that are isolated from the Internet or other external networks are believed to be the most secure computers on the planet have become a regular target in recent years. Dubbed Brutal Kangaroo (v1.2.1), the tool suit was allegedly designed by the Central Intelligence Agency (CIA) in year 2012 to infiltrate a closed network or air-gapped computer within an organization or enterprise without requiring any direct access. The previous version of Brutal Kangaroo was named as EZCheese , which was exploiting a vulnerability that was zero-day until March 2015, though the newer version was using " unknown link file vulnerability (Lachesis/RiverJack) related to the lib
Symantec Connects 40 Cyber Attacks to CIA Hacking Tools Exposed by Wikileaks

Symantec Connects 40 Cyber Attacks to CIA Hacking Tools Exposed by Wikileaks

Apr 10, 2017
Security researchers have confirmed that the alleged CIA hacking tools recently exposed by WikiLeaks have been used against at least 40 governments and private organizations across 16 countries. Since March, as part of its " Vault 7 " series, Wikileaks has published over 8,761 documents and other confidential information that the whistleblower group claims came from the US Central Intelligence Agency (CIA). Now, researchers at cybersecurity company Symantec reportedly managed to link those CIA hacking tools to numerous real cyber attacks in recent years that have been carried out against the government and private sectors across the world. Those 40 cyber attacks were conducted by Longhorn — a North American hacking group that has been active since at least 2011 and has used backdoor trojans and zero-day attacks to target government, financial, energy, telecommunications, education, aerospace, and natural resources sectors. Although the group's targets were a
WikiLeaks Reveals CIA's Grasshopper Windows Hacking Framework

WikiLeaks Reveals CIA's Grasshopper Windows Hacking Framework

Apr 07, 2017
As part of its Vault 7 series of leaked documents, whistleblowing website WikiLeaks today released a new cache of 27 documents allegedly belonged to the US Central Intelligence Agency (CIA). Named Grasshopper , the latest batch reveals a CLI-based framework developed by the CIA to build "customised malware" payloads for breaking into Microsoft's Windows operating systems and bypassing antivirus protection. All the leaked documents are basically a user manual that the agency flagged as "secret" and that are supposed to be only accessed by the members of the agency, WikiLeaks claims. Grasshopper: Customized Malware Builder Framework According to the leaked documents, Grasshopper framework allows the agency members to easily create custom malware, depending upon the technical details, such as what operating system and antivirus the targets are using. The Grasshopper framework then automatically puts together several components sufficient for attack
10 Things You Need To Know About 'Wikileaks CIA Leak'

10 Things You Need To Know About 'Wikileaks CIA Leak'

Mar 08, 2017
Yesterday WikiLeaks published thousands of documents revealing top CIA hacking secrets , including the agency's ability to break into iPhones, Android phones, smart TVs, and Microsoft, Mac and Linux operating systems. It dubbed the first release as Vault 7 . Vault 7 is just the first part of leak series " Year Zero " that WikiLeaks will be releasing in coming days. Vault 7 is all about a covert global hacking operation being run by the US Central Intelligence Agency (CIA). According to the whistleblower organization, the CIA did not inform the companies about the security issues of their products; instead held on to security bugs in software and devices, including iPhones, Android phones, and Samsung TVs, that millions of people around the world rely on. One leaked document suggested that the CIA was even looking for tools to remotely control smart cars and trucks, allowing the agency to cause "accidents" which would effectively be "nearly undetectable assas
WikiLeaks Exposed CIA's Hacking Tools And Capabilities Details

WikiLeaks Exposed CIA's Hacking Tools And Capabilities Details

Mar 07, 2017
WikiLeaks has published a massive trove of confidential documents in what appear to be the biggest ever leak involving the US Central Intelligence Agency (CIA). WikiLeaks announced series Year Zero , under which the whistleblower organization will reveal details of the CIA's global covert hacking program. As part of Year Zero, Wikileaks published its first archive, dubbed Vault 7 , which includes a total of 8,761 documents of 513 MB ( torrent  | password ) on Tuesday, exposing information about numerous zero-day exploits developed for iOS, Android, and Microsoft's Windows operating system. WikiLeaks claims that these leaks came from a secure network within the CIA's Center for Cyber Intelligence headquarters at Langley, Virginia. The authenticity of such dumps can not be verified immediately, but since WikiLeaks has long track record of releasing such top secret government documents, the community and governments should take it very seriously. CIA's Zero-D
15-year-old Teenage Hacker Arrested Over FBI Computer Hack

15-year-old Teenage Hacker Arrested Over FBI Computer Hack

Feb 19, 2016
Another 15-year-old teenager got arrested from the land of cakes, Scotland, by British Police for breaking into the FBI Systems on 16th February. Under the Britain's anti-hacking law, Computer Misuse Act 1990 , the boy has been arrested for his role in hacking and unauthorized access to the digital material. Federal Agents had fled to Glasgow in an attempt to carry out a raid on his home before proceeding with the boy's arrest. "He has since been released and is the subject of a report to the procurator fiscal," a Police Spokesman told a Scottish journal. As with the present scenario, reports say that the boy could be extradited to the United States to face the Intrusion and hacking charges. Second Member of the Hacking Group Arrested The suspect is believed to be an active member of the notorious hacking group called " Crackas with Attitude " aka "CWA", Motherboard confirms . Another member of the same group got arrested f
Police Arrest 16-year-old Boy Who Hacked CIA Director

Police Arrest 16-year-old Boy Who Hacked CIA Director

Feb 12, 2016
The teenage hacker, who calls himself a member of hacktivist group " Cracka with Attitude ," behind the series of hacks on the United States government and its high-level officials, including CIA director, might have finally got arrested. In a joint effort, the Federal Bureau of Investigation (FBI) and British police reportedly have arrested a 16-year-old British teenager who they believe had allegedly: Leaked the personal details of tens of thousands of FBI agents and US Department of Homeland Security (DHS) employees. Hacked into the AOL emails of CIA director John Brennan . Hacked into the personal email and phone accounts of the US spy chief James Clapper . Broke into the AOL emails of the FBI Deputy Director Mark Giuliano . Federal officials haven't yet released the identity of the arrested teenager, but the boy is suspected of being the lead hacker of Cracka With Attitude, who calls himself Cracka, the South East Regional Organised Crime Unit (SER
Hackers have Hacked into US Arrest Records Database

Hackers have Hacked into US Arrest Records Database

Nov 07, 2015
The Group of teenage hackers, which previously hacked into the personal email of the CIA director John Brennan and published a large trove of sensitive data, has now had its hands on even more important and presumably secure target. Hackers Accessed Law Enforcement Private Portal The hacking group, Crackas With Attitude ( CWA ), claims it has gained access to a Law Enforcement Portal through which one can access: Arrest records Tools for sharing information about terrorist events and active shooters The system in question is reportedly known as the Joint Automated Booking System ( JABS ), which is only available to the Federal Bureau of Investigation (FBI) and law enforcement. Hackers Gained Access to FBI's Real-Time Chat System Moreover, the hacking group also says it has gained access to another tool that is something like a real-time chat system for the FBI to communicate with other law enforcement agents around the US. Two days ago, CWA published
High school Student Hacked Into CIA Director's Personal Email Account

High school Student Hacked Into CIA Director's Personal Email Account

Oct 20, 2015
A self-described teenage hacker has claimed to have hacked into personal AOL email account of Central Intelligence Agency (CIA) Director John Brennan and swiped sensitive top-secret data. It's Really a major embarrassment for Brennan as well as the CIA. The hacker, who describes himself as an American high school student, called the New York Post to describe his exploits. According to the teenage hacker, Brennan's private email account held a range of sensitive files, which includes: His 47-page application for top-secret security clearance Social Security numbers (SSNs) and personal information of more than a dozen top US intelligence officials A government letter discussing " harsh interrogation techniques " used on terrorist suspects Sensitive Information Leaked The teenage hacker operates with under the Twitter name " Crackas With Attitude " with Twitter handle @_CWA_ . He confirmed the Post that he also controlled the
Cybersecurity Resources