The Hacker News — Cyber Security, Hacking, Technology News

Viacom—the popular entertainment and media company that owns Paramount Pictures, Comedy Central, MTV, and hundreds of other properties—has exposed the keys to its kingdom on an unsecured Amazon S3 server.

A security researcher working for California-based cyber resiliency firm UpGuard has recently discovered a wide-open, public-facing misconfigured Amazon Web Server S3 cloud storage bucket containing roughly a gigabyte's worth of credentials and configuration files for the backend of dozens of Viacom properties.

These exposed credentials discovered by UpGuard researcher Chris Vickery would have been enough for hackers to take down Viacom's internal IT infrastructure and internet presence, allowing them to access cloud servers belonging to MTV, Paramount Pictures and Nickelodeon.

Among the data exposed in the leak was Viacom's master key to its Amazon Web Services account, and the credentials required to build and maintain Viacom servers across its many subsidiaries and dozens of brands.

"Perhaps most damaging among the exposed data are Viacom's secret cloud keys, an exposure that, in the most damaging circumstances, could put the international media conglomerate's cloud-based servers in the hands of hackers," an UpGuard blog post says. 

"Such a scenario could enable malicious actors to launch a host of damaging attacks, using the IT infrastructure of one of the world's largest broadcast and media companies."

In other words, the access key and secret key for the company's AWS account would have allowed hackers to compromise Viacom's servers, storage, and databases under the AWS account.
According to the analysis performed by UpGuard, a number of cloud instances used within the media company's IT toolchain, including Docker, Splunk, New Relic, and Jenkins, could have "thus been compromised in this manner."

In addition to these damaging leaks, the unprotected server also contained GPG decryption keys, which can be used to unlock sensitive data. However, the server did not contain any customer or employee information.

Although it is unclear whether hackers were able to exploit this information to access important files belonging to Viacom and the firms it owns, the media giant said there's no evidence anyone had abused its data.

"We have analyzed the data in question and determined there was no material impact," the company said in a statement.

"Once Viacom became aware that information on a server—including technical information, but no employee or customer information—was publicly accessible, we rectified the issue."

All the credentials have now been changed after UpGuard contacted Viacom executives privately, and the server was secured shortly afterwards.

This is not the first time when Vickery has discovered a company's sensitive information stored on an unprotected AWS C3 server.

Vickery has previously tracked down many exposed datasets on the Internet, including personal details of over 14 million Verizon customers, a cache of 60,000 documents from a US military, information of over 191 Million US voter records, and 13 Million MacKeeper users.

An anti-malware detection service provider and premium security firm has been accused of leaking terabytes of confidential data from several Fortune 1000 companies, including customer credentials, financial records, network intelligence and other sensitive data.

However, in response to the accusations, the security firm confirmed that they are not pulling sensitive files from its customers; instead, it's up to companies—who are accidentally (but explicitly) sharing their sensitive data to leverage an optional cloud-based anti-malware service.

On Wednesday, Information security firm DirectDefense published a blog post, claiming that they found a major issue with endpoint detection and response (EDR) solution offered by US-based company Carbon Black, alleging that the company is leaking hundreds of thousands of sensitive files from its customers.

Carbon Black is a leading incident response and threat hunting company that offers security products to nearly thirty of the largest 100 public and privately held companies in the US, including Silicon Valley leaders in internet search, social media, government, and finance.

DirectDefense Claims 'Carbon Black' Leaking Data

According to DirectDefense, the company's CB Response is responsible for leaking a massive amount of its customers' data—from cloud keys and app store keys to credentials and other sensitive trade secrets—due to its dependence on third-party multi-scanner services.

Carbon Black specialises in next-generation antivirus plus endpoint detection and response (EDR) solutions in one cloud-delivered platform that stops malware and other cyber attacks.

The product works by identifying "good" and "bad" files and then creating their whitelist to prevent its clients from running harmful files on their systems. So, the tool continuously evaluates an enormous and ever-expanding pool of files for a potential infection.

DirectDefence claims whenever the tool encounters a new file on its clients' computer that it has never seen before, it first uploads the file to Carbon Black servers, and then company forwards a copy of that file to VirusTotal multiscanner service (owned by Google) that contains dozens of antivirus engines to check if the file is good or bad.

But according to DirectDefense President Jim Broome:

"Cloud-based multi-scanner service [VirusTotal] operate as for-profit businesses. They survive by charging for access to advanced tools sold to malware analysts, governments, corporate security teams, security companies, and basically whomever is willing to pay."

So, anyone who is willing to pay would get access to the multiscanner and eventually access to the files submitted to its database.

Broome called the scheme as "the world's largest pay-for-play data exfiltration botnet."

Broome says he discovered this issue in mid-2016 when his company was working on a potential breach on its client’s computer.

While using the VirusTotal cloud-based multi-scanner to search for a possible piece of malware which it suspected of infecting its client, his staff came across a batch of internal applications belonging to a "very large telecommunications equipment vendor."

After digging deeper, the team discovered that the files were uploaded by Carbon Black, as identified by its unique API key (32d05c66). Once the team had that primary key, it was able to locate "hundreds of thousands of files comprising terabytes of data."

"We downloaded about 100 files (we found JAR files and script files to be the easiest to analyse by script), and ran these files through some simple pattern matching," Broome writes.

"When we got hits, we’d try to extrapolate where they came from. We were not trying to be exhaustive in the analysis, and only repeated this operation a few times to see if it still held true."

DirectDefense Found Sensitive Data Leaked From Top Companies

Broome says he identified three companies to whom the files his team downloaded belonged, though he doesn't disclose the names of the affected companies.

Here is some information DirectDefense revealed about the three affected companies:

Large Streaming Media Company

The first company was a large streaming media firm, and files associated with this company contained, among other sensitive files:

• Amazon Web Services (AWS) Identity and Access Management (IAM) Credentials
• Slack API Keys
• The Company’s Crowd (Atlassian Single Sign On)
• Admin Credentials
• Google Play keys
• Apple Store ID

Social Media Company

The second company was a social media company, and files associated with this firm included:

• Hardcoded AWS and Azure keys
• Other internal proprietary information, like usernames and passwords

The third firm is a financial services provider, for which researchers discovered:

• Shared AWS keys that granted access to customer financial data
• Trade secrets that included financial models and possibly direct consumer data

"Our intention with releasing this information was not to attack customers or security vendors," Broome writes, and we don’t pretend that we’ve performed an exhaustive analysis of the breadth of the leaks. We only know that every time we looked, we found this same serious breach of confidentiality."

Carbon Black Explains the Origin of Data Leak

However, in response to DirectDefence allegations, Carbon Black Co-founder and CTO Michael Viscuso published a blog post today explaining that their CB Response tool doesn't upload all files automatically to VirusTotal; instead, the feature comes disabled by default, leaving the choice to users to use its multiscanner service.

"Cb Response has a feature that allows customers to send their unknown or suspicious binaries to these cloud-based multi-scanners (specifically VirusTotal) automatically," Viscuso writes.

"We allow customers to opt into these services and inform them of the privacy risks associated with sharing."

"If the customer enables the second option (complete binaries with VirusTotal) Cb Response ensures that the customer understands the risks associated with uploading full binaries to a public multi-scanner service with an explicit warning" 

This means, at first place, top-notch companies are accidentally (but explicitly) leaking their sensitive files on VirusTotal database.

Broome also suspects that this issue is not unique to Carbon Black, other EDR providers may also be leaking its customers' data in the same way.

Another day, Another data breach!

This time sensitive and personal data of millions of transporters in Sweden, along with the nation's military secrets, have been exposed, putting every individual's as well as national security at risk.

Who exposed the sensitive data? The Swedish government itself.

Swedish media is reporting of a massive data breach in the Swedish Transport Agency (Transportstyrelsen) after the agency mishandled an outsourcing deal with IBM, which led to the leak of the private data about every vehicle in the country, including those used by both police and military.

The data breach exposed the names, photos and home addresses of millions of Swedish citizen, including fighter pilots of Swedish air force, members of the military's most secretive units, police suspects, people under the witness relocation programme, the weight capacity of all roads and bridges, and much more.

The incident is believed to be one of the worst government information security disasters ever.

Here's what and How it Happened:

In 2015, the Swedish Transport Agency hand over IBM an IT maintenance contract to manage its databases and networks.

However, the Swedish Transport Agency uploaded IBM's entire database onto cloud servers, which covered details on every vehicle in the country, including police and military registrations, and individuals on witness protection programs.

The transport agency then emailed the entire database in messages to marketers that subscribe to it.

And what’s terrible is that the messages were sent in clear text.

When the error was discovered, the transport agency merely thought of sending a new list in another email, asking the subscribers to delete the old list themselves.

If you think the scandal ends there, you are wrong. The outsourcing deal gave IBM staff outside Sweden access to the Swedish transport agency's systems without undergoing proper security clearance checks.

IBM administrators in the Czech Republic were also given full access to all data and logs, according to Swedish newspaper Dagens Nyheter (DN), which analysed the Säpo investigation documents.

According to Pirate Party founder and now head of privacy at VPN provider Private Internet Access Rick Falkvinge, who brought details of this scandal, the incident "exposed and leaked every conceivable top secret database: fighter pilots, SEAL team operators, police suspects, people under witness relocation."

Tons of Sensitive Info Exposed about Both Individuals and Nation's Critical Infrastructures

According to Falkvinge, the leak exposed:

• The weight capacity of all roads as well as bridges (which is crucial for warfare, and gives a lot idea about what roads are intended to be used as wartime airfields).
• Names, photos, and home addresses of fighter pilots in the Air Force.
• Names, photos, and home addresses of everybody in a police register, which are believed to be classified.
• Names, photos, and residential addresses of all operators in the military's most secret units that are equivalent to the SAS or SEAL teams.
• Names, photos, and addresses of everybody in a witness relocation program, who has been given protected identity for some reasons.
• Type, model, weight, and any defects in all government and military vehicles, including their operator, which reveals a much about the structure of military support units.

Although the data breach happened in 2015, Swedish Secret Service discovered it in 2016 and started investigating the incident, which led to the fire of STA director-general Maria Ågren in January 2017.

Ågren was also fined half a month's pay (70,000 Swedish krona which equals to $8,500) after finding her guilty of being "careless with secret information," according to the publication.

What's the worrying part? The leaked database may not be secured until the fall, said the agency's new director-general Jonas Bjelfvenstam. The investigation into the scope of the leak is still ongoing.

Good news, we bring an amazing deal of this month for our readers, where you can get hacking courses for as little as you want to pay and if you beat the average price you will receive the fully upgraded hacking bundle!

Verizon, the major telecommunications provider, has suffered a data security breach with over 14 million US customers' personal details exposed on the Internet after NICE Systems, a third-party vendor, mistakenly left the sensitive users’ details open on a server.

Chris Vickery, researcher and director of cyber risk research at security firm UpGuard, discovered the exposed data on an unprotected Amazon S3 cloud server that was fully downloadable and configured to allow public access.

The exposed data includes sensitive information of millions of customers, including their names, phone numbers, and account PINs (personal identification numbers), which is enough for anyone to access an individual's account, even if the account is protected by two-factor authentication.

"The exposure of Verizon account PIN codes used to verify customers, listed alongside their associated phone numbers, is particularly concerning," explained UpGuard's Dan O'Sullivan in a blog post.

NICE Systems is an Israel-based company that is known for offering wide-range of solutions for intelligence agencies, including telephone voice recording, data security, and surveillance.
According to the researcher, it is unknown that why Verizon has allowed a 3rd party company to collect call details of its users, however, it appears that NICE Systems monitors the efficiency of its call-center operators for Verizon.

The exposed data contained records of customers who called the Verizon's customer services in the past 6 months, which are recorded, obtained and analyzed by NICE.

Interestingly, the leaked data on the server also indicates that NICE Systems has a partnership with Paris-based popular telecommunication company "Orange," for which it also collects customer details across Europe and Africa.

"Finally, this exposure is a potent example of the risks of third-party vendors handling sensitive data," O'Sullivan said. 

"NICE Systems' history of supplying technology for use in intrusive, state-sponsored surveillance is an unsettling indicator of the severity of this breach of privacy."

Vickery had privately informed Verizon team about the exposure in late June, and the data was then secured within a week.

Vickery is a reputed researcher, who has previously tracked down many exposed datasets on the Internet.

Just last month, he discovered an unsecured Amazon S3 server owned by data analytics firm Deep Root Analytics (DRA), which exposed information of more than 198 Million United States citizens, that's over 60% of the US population.

In March this year, Vickery discovered a cache of 60,000 documents from a US military project for the National Geospatial-Intelligence Agency (NGA) which was also left unsecured on Amazon cloud storage server for anyone to access.

In the same month, the researcher also discovered an unsecured and publicly exposed database, containing nearly 1.4 Billion user records, linked to River City Media (RCM).

In 2015, Vickery also reported a huge cache of more than 191 Million US voter records and details of as many as 13 Million MacKeeper users.

Turkey is again in the news for banning online services, and this time, it's a bunch of sites and services offered by big technology giants.

Turkey government has reportedly blocked access to cloud storage services including Microsoft OneDrive, Dropbox, and Google Drive, as well as the code hosting service GitHub, reports censorship monitoring group Turkey Blocks.

The services were blocked on Saturday following the leak of some private emails allegedly belonging to Minister of Energy and Natural Resources Berat Albayrak — also the son-in-law of President Recep Tayyip Erdogan.

Github, Dropbox, and Google Drive are issuing SSL errors, which indicates interception of traffic at the national or ISP level. Microsoft OneDrive was also subsequently blocked off throughout Turkey.

The leaks come from a 20-year-old hacktivist group known as RedHack, which leaked 17GB of files containing some 57,623 stolen emails dating from April 2000 to September this year. A court in Turkish confirmed the authenticity of the leak.

The move to block aforementioned services is seemingly to suppress circulation of these stolen emails and to stop Internet users from hosting the email dumps on their accounts, which may allegedly reveal a widespread campaign of propaganda and deception.

According to Turkey Blocks, Google Drive had already been unblocked on Sunday, while other services are still unavailable in the country.

Like China, Turkey has long been known for blocking access to major online services in order to control what its citizens can see about its government on the Internet. In March, the country banned its people from accessing Facebook and Twitter, following a car bomb explosion in Turkey capital Ankara.

The same happened in March 2014, when Twitter was banned in Turkey after an audio clip was leaked on YouTube and Twitter about the massive corruption of Turkey Prime Minister Recep Tayyip Erdoğan instructing his son to dispose of large amounts of cash in the midst of a police investigation.

Also, it is not the first time when some group of hackers has exposed personal emails of the member of Turkey government. A few months ago, personal details of almost 50 Million Turkish citizens, including the country's President Recep Tayyip Erdogan, was posted online.

Wikileaks completed its 10 years today, and within this timespan, the whistleblower site has published over 10 million documents, and there’s more to come.

In the name of celebration of its 10th Anniversary, Wikileaks promises to leak documents pertaining to Google, United States presidential election and more over the next ten weeks.

Speaking by video link to an anniversary news conference at the Volksbuhne Theater in Berlin on Tuesday morning, WikiLeaks founder Julian Assange eagerly announced his plans to release a series of publications every week for the next 10 weeks.

The upcoming leaks will include "significant material" related to Google, the US presidential election, military operations, arms trading and, the hot topic of past few years, mass surveillance.

Assange also promised to publish all documents related to the US presidential race before the election day on November 8.

"There is an enormous expectation in the United States," Assange said for the forthcoming leaks. "Some of that expectation will be partly answered; but you should understand that if we're going to make a major publication in relation to the United States at a particular hour, we don't do it at 3AM."

Assange initially planned to announce today's release from the balcony of the Ecuadorian Embassy in London, where he has been living since 2012 in an asylum for avoiding extradition to Sweden where he is facing sexual assault allegations. But he canceled his appearance, citing "security concerns."

When asked whether the upcoming leaks are aimed at damaging the image of US presidential candidate Hillary Clinton, Assange denied the claims, saying some of his statements in this regard had previously been misquoted.

"I certainly feel sorry for Hillary Clinton and Donald Trump," Assange said. "These are two people who are tormented by their ambitions, in different ways."

You can watch the video of the conference, marking WikiLeaks 10th Anniversary.
WikiLeaks has released 10 Million classified documents over past 10 years, among which include documents detailing US military operations in Afghanistan and Iraq, documents relating to the detention of prisoners by the America in Guantanamo Bay, and NSA's mass surveillance of world leaders.

The hacker, who recently claimed responsibility for the high-profile hack of Democratic National Committee (DNC), has now taken credit for hacking into the Democratic Congressional Campaign Committee (DCCC) as well.

To prove his claims, the hacker, going by the moniker Guccifer 2.0, dumped on Friday night a massive amount of personal information belonging to nearly 200 Democratic House members onto his blog.

The notorious hacker published several documents that include cell phone numbers, home addresses, official and personal e-mail addresses, names of staffers, and other personal information for the entire roster of Democratic representatives.

The data dump also includes several memos from House Minority Leader Nancy Pelosi's personal computer, detailing fundraisers and campaign overviews.

"As you see the US presidential elections are becoming a farce, a big political performance where the voters are far from playing the leading role," the hacker wrote in a blog post. "Everything is being settled behind the scenes as it was with Bernie Sanders."

What's more worrisome?

The leaked data dump includes passwords to access multiple DCCC accounts as well as coordinated shared passwords used by the committee.

The Guccifer 2.0 is the same hacker who claimed responsibility for the recent widespread DNC hack last month, although the United States officials believed he's actually a persona created by Russian government hackers to influence the US presidential election.

WikiLeaks published nearly 20,000 emails from top DNC officials that were obtained from Guccifer 2.0’s previous hack.

However, Guccifer 2.0 has dismissed any connection to Russia, but in his blog post, he called the US political system a "farce," in which voters are no longer playing any leading role.

Guccifer 2.0 said the DCCC hacking was "even easier than in the case of the DNC breach."

In response to the latest leak, Representative of the House Permanent Select Committee on Intelligence Adam Schiff released the following statement:

"The unauthorized disclosure of people's personally identifiable information is never acceptable, and we can fully expect the authorities will be investigating the posting of this information."

Although Guccifer 2.0 said this latest leak is for people who have "right to know what’s going on inside the election process," not a single leaked documents appear to prove this, rather they disclosed personal details and choice of passwords by the Democrats.

There's a lot more to come from the DNC Hack.

The Associated Press confirmed yesterday that the computer systems used by Hillary Clinton's presidential campaign were hacked as part of the recent Democratic National Convention (DNC) hack.

Last week's email dump containing almost 20,000 emails from top DNC officials was just the beginning, which led DNC Chairwoman Debbie Wasserman Schultz to resign as the group’s leader, as WikiLeaks announced that it was part one of its new Hillary Leaks series.

This suggests WikiLeaks Founder Julian Assange has had his hands on more data from the DNC hack that, according to him, could eventually result in the arrest of Hillary Clinton.

Assange — Wikileaks' Next Leak will lead to Arrest of Hillary Clinton

In an interview with Robert Preston of ITV last month, Assange made it clear that he hopes to harm Hillary Clinton’s chances from becoming president of the United States, opposing her candidacy on both policies as well as personal grounds.

Assange also stressed that he had "a lot more material" about Clinton's presidential campaign that could possibly provide enough evidence for the indictment of Hillary Clinton.

Now, when it has been reported that the computer systems used by Clinton's presidential campaign were breached as part of the DNC hack, one could guess this could be the next release in the Hillary Leaks series by Assange.

According to federal law enforcement officials and some cybersecurity experts, the DNC hack is believed to be an attempt by the Russian intelligence services to influence the presidential election.

U.S. intelligence agencies have reportedly concluded that the Russian government was behind the theft of the DNC emails and documents. Although, it's unclear whether the attack was fairly routine espionage or an effort to manipulate the presidential election.

DNC Hack Malware Based Upon Chinese Open-Source Tool

Even, security firm CrowdStrike, who first investigated the DNC hack, said that the group that hacked into the DNC servers in April 2016 was engaged in extensive political and economic espionage to benefit Russian government and closely linked to the Russia's powerful and highly capable intelligence services.

According to the firm, the Fancy Bear APT (also known as APT28 and Pawn Storm) used a piece of malware called X-Tunnel to steal data from the system without getting detected.

Most recently, security firm Invincea also released its own report, saying X-Tunnel was used to steal the data from the DNC servers, but since the malware appeared to be a repurposed open source tool from a Chinese company, the firm did not support or refute "the Russian origins of the XTunnel binary."

The F.B.I. said in a statement that it "is aware of media reporting on cyber intrusions involving multiple political entities, and is working to determine the accuracy, nature, and scope of these matters."

Democratic Party Hack Influences the Presidential Election

We still have to accept the fact that someone is attacking America's computer systems in an attempt to influence the presidential election.

So this kind of politically motivated attack can become even worse in November — at the time of voting.

Security expert Bruce Schneier stressed that since Clinton's computer systems can be targeted as part of DNC attack, it is possible that America's election systems and voting machines could also be vulnerable to a similar attack.

"We need to secure our election systems before autumn," says Schneier via the Washington Post. "If Putin's government has already used a cyber attack to attempt to help Trump win, there's no reason to believe he won't do it again — especially now that Trump is inviting the "help.""

Since more and more states have moved to electronic voting machines and Internet voting over the past years, it has made a way for hackers to manipulate these systems.

Schneier suggests the government to "create tiger teams to test the machines’ and systems’ resistance to attack, drastically increase their cyber-defenses" and if can not guarantee their security online, take them offline.

The world came to know about massive data breaches in some of the most popular social media websites including LinkedIn, MySpace, Tumblr, Fling, and VK.com when an unknown Russian hacker published the data dumps for sale on the underground black marketplace.

However, these are only data breaches that have been publicly disclosed by the hacker.

I wonder how much more stolen data sets this Russian, or other hackers are holding that have yet to be released.

The answer is still unknown, but the same hacker is now claiming another major data breach, this time, in Twitter.

Login credentials of more than 32 Million Twitter users are now being sold on the dark web marketplace for 10 Bitcoins (over $5,800).

LeakedSource, a search engine site that indexes leaked login credentials from data breaches, noted in a blog post that it received a copy of the Twitter database from Tessa88, the same alias used by the hacker who provided it hacked data from Russian social network VK.com last week.

The database includes usernames, email addresses, sometimes second email addresses, and plain-text passwords for more than 32 Million Twitter accounts.

Twitter strongly denied the claims by saying that "these usernames and credentials were not obtained by a Twitter data breach" – their "systems have not been breached," but LeakedSource believed that the data leak was the result of malware.

"Tens of millions of people have become infected by malware, and the malware sent every saved username and password from browsers like Chrome and Firefox back to the hackers from all websites including Twitter," LeakedSource wrote in its blog post.

But, do you remember how Facebook CEO Mark Zuckerberg Twitter account was compromised?

The hackers obtained Zuck's account credentials from the recent LinkedIn data breach, then broke his SHA1-hashed password string, tried on his several social media accounts and successfully hacked Zuckerberg’s Twitter and Pinterest account.

So, one possibility could also be that the alleged Twitter database dump of over 32 Million users is made up of already available records from the previous LinkedIn, MySpace and Tumblr data breaches.

The hacker might just have published already leaked data from other sites and services as a new hack against Twitter that actually never happened.

Whatever the reason is, the fact remain that hackers may have had their hands on your personal data, including your online credentials.

So, it’s high time you changed your passwords for all social media sites as well as other online sites if you are using the same password.

CompTIA, a global provider of vendor-neutral IT certifications, offers a wide range of popular certifications such as A+, Network+, Cloud+, Linux+, and Security+ certifications [...]

50 Million Turkish Citizens' Personal Data leaked Online

• First and last names
• National identifier numbers (TC Kimlik No)
• Gender
• City of birth
• Date of birth
• Full address
• ID registration city and district
• User's mother and Father's first names

"Who would have imagined that backwards ideologies, cronyism and rising religious extremism in Turkey would lead to a crumbling and vulnerable technical infrastructure?"

Lessons Posted by Hackers 

• 'Bit shifting isn't encryption,' referring to the fact that the data was improperly protected.
• 'Index your database. We had to fix your sloppy DB work.'
• 'Putting a hardcoded password on the UI hardly does anything for security,' though the hackers didn't specify in what UI.
• 'Do something about Erdogan! He is destroying your country beyond recognition.'

Links to Download the Database

THN Deals Store this week brings you the Cybersecurity Certification Mega Bundle, which will walk you through the skills and concepts you need to master three elite cybersecurity certification exams: CISA, CISM, and CISSP [...]

Over 11.5 Million Leaked Files including 2.6 Terabytes of Data

World's Top Leaders and Rich Personalities Exposed