The Hacker News — Cyber Security, Hacking, Technology News

The same group of teenage hackers that hacked the AOL email account of the CIA director John Brennan two weeks ago has now hacked into AOL email accounts of the FBI Deputy Director, Mark Giuliano and his wife.

Yesterday, Cracka, a member of the teenage hacktivist group known as 'Crackas With Attitude' (CWA) posted a new trove of information belong to thousands of government employees online; however they claim to have accessed far more than that.

The hackers claimed to have obtained the personal information by hacking into AOL email accounts of the Giuliano and his wife.

The published information includes more than 3,500 names, email addresses and contact numbers of law enforcement and military personnel.

Though the FBI officials couldn't immediately verify the claims, Infowars has confirmed the authenticity of several people listed, which includes everyone from local police officers to FBI and military intelligence analysts.

Following the last CIA director's email hack, Mr. Giuliano made aggressive statements about catching the hackers and making an example out of CWA.

Also Read: WikiLeaks Publishes CIA Director's Hacked Emails

The CWA hacking group got angry over the statement made by Giuliano and moved forward to teach him a lesson by hacking his personal email account.

Cracka Twitter account was temporarily deleted, but before his account got deactivated by Twitter Thursday evening, Cracka claimed to have leaked the information in support of Palestine.

Motherboard spoke to the group of hackers that claimed they have access to a lot more than the information they shared Thursday.

Also Read: 4000 Malicious iOS Store Apps Linked to CIA

However, the FBI has declined to comment on whether or not Mark Giuliano was hacked, although Cracka said the group found deputy director's phone number in the email account’s contact lists.

The hacker also claimed to have called the number. "I called it and asked for Mark, and he is like 'I don't know you, but you better watch your back', and then he hung up, and I kept calling and he was getting mad then he didn't pick up," Cracka said.

A security researcher has publicly released a set of 10 Million usernames and passwords, which he collected from multiple data breaches over the last decade for the purpose of his research.

These 10 million usernames and passwords are collective of leaked database dumps those were already available publicly on the Internet. However, Mark Burnett, a well-known security consultant who has developed a specialty collecting and researching passwords leaked online, marked his decision to publish the password dump as legally risky, but necessary to help security researchers.

WHY IS THE RESEARCHER WILLING TO SHARE PASSWORDS ?
The researcher says the released set of passwords and usernames is like a sample data, which is important for other researchers to analyze and provide great insight into user behavior and is valuable for encouraging password security.

Also, the researcher was frequently receiving lots of requests from students and other security researchers to submit a copy of his password research data for their own analysis.

WHAT PANICS HIM OF SHARING HIS RESEARCH ?
At the time, he typically decline to share the passwords because he was worried that if he do so, it might harm him legally given the recent five-year sentence handed to former Anonymous activist and journalist Barrett Brown, for sharing the hyperlink to an IRC (Internet Relay Chat) channel where Anonymous members were distributing stolen information from the hack.

However, at the same time, Burnett wanted to share his password research data with the world in order to study the way people choose pass phrases.

"I think this is completely absurd that I have to write an entire article justifying the release of this data out of fear of prosecution or legal harassment," he wrote in his blog post published Monday. "I had wanted to write an article about the data itself but I will have to do that later because I had to write this lame thing trying to convince the FBI not to raid me."

FROM WHERE DID THE CREDENTIALS COME ?
Burnett has collected the data from major data breaches at big companies including Adobe Data Breach and Stratfor hack, all of which have already been publicly available over the Internet, which could be easily found through Web searches.

According to the researcher, most of the leaked passwords were "dead," meaning they had been changed already, and he has scrubbed other information such as domain names to make it unusable for cyber criminals and malicious hackers. However, usernames or passwords found on the list that are still in use should be changed immediately.

Burnett also explains the fact that he is not supposed to be arrested by the law enforcement agencies.

A SHORT INTERVIEW WITH MARK BURNETT
In a quick Interview on an email chat, I personally asked Mark few questions about exposing usernames/passwords publicly, and his answers are as follows:

Q: Could exposing the passwords publicly cause any threat to Online users?
A: As I said, "If a hacker needs this list to hack someone, they probably aren't much of a threat." It is important to note that I didn't leak these passwords, they are already out there.

Q: Have any Law enforcement agencies approached you yet?
A: Not yet, but its still early.

Q: Are these Usernames/Passwords include data from Adobe and LinkedIn breaches?
A: I only included breaches where there was both a username and password so that I could combine data from multiple sites. This would exclude LinkedIn and a few others. I also did not release any passwords that were not already available publicly unencrypted so that would exclude Adobe. Other than that it includes a bit of everything.

Q: Is there any strong reason behind sharing passwords publicly?
A: The primary purpose is to get good, clean, and consistent data out in the world so others can find new ways to explore and gain knowledge from it. I am frequently asked for my data but I have always been hesitant to share it due to privacy issues. While not perfect, this is a consistent data set we can all use to help further security.

'WHY THE FBI SHOULDN'T ARREST ME'
"Although researchers typically only release passwords, I am releasing usernames with the passwords. Analysis of usernames with passwords is an area that has been greatly neglected and can provide as much insight as studying passwords alone," Burnett wrote.

"Most researchers are afraid to publish usernames and passwords together because combined they become an authentication feature. If simply linking to already released authentication features in a private IRC channel was considered trafficking, surely the FBI would consider releasing the actual data to the public a crime."

Almost 10 million passwords released by the researcher, for instance, could help other researchers to determine how often users include all or part of their usernames in their passwords. However, 10 Million is a very big number, but Burnett defended that all of the leaked data was already available online.

We are all aware of the mass surveillance conducted by the government agencies on us. From our phone calls, emails to web activities, chats and social network activities, everything has been interrupted by the law enforcements. And now they have crossed every limits by using a new way to spy on you. Guess What?

Dozens of US law enforcement agencies are quietly taking advantage of the technology that allows them to effectively "see" through walls of buildings to monitor people's activity. This has once again raised privacy questions. Privacy has become just a word as there’s nothing private left, not even our homes.

According to a recent report from USA Today, over 50 law enforcement agencies, including Federal Bureau of Investigation (FBI) and U.S. Marshals, have secretly been using the new radars for the past two years, but it came to light just last month during a court hearing in Denver .

The device, dubbed Range-R, sends out radio waves that can detect the slightest movements, including breathing, from as much as 50 feet away, as a police officer during the court hearing described the Range-R as a "hand-held Doppler radar device. It picks up breathing, human breathing and movement within a house."

Just by holding the device against the outside of your home, police can transmit radar pulses through the wall, allowing them to scan every object inside your house. Using it, they can detect bouncing off a moving object in particular, classifying it as either a "mover" (more active) or a "breather" (less active).

Over 200 Range-R devices have been sold to "50 law enforcement agencies at a cost of about $6,000 each" by a New York-based company called L-3 Communications.

On its official website, the company describes:

• The device covers a conical view of 160 degrees and works in a range of around 50 feet.
• The sensitivity of the Range-R is sufficient to detect people breathing, making it difficult for individuals to hide from Range-R.
• It will "penetrate most common building wall, ceiling or floor types including poured concrete, concrete block, brick, wood, stucco glass, adobe, dirt, etc. However, It will not penetrate metal."
• If a wall is saturated with water, this also may reduce the device's effect.

I completely understand that police forces would want to use the most updated equipment to search criminals, even I understand their silence about admitting the technology's use — but is the use of such technology is Right? If yes then What is the need for a search warrant?

If you were thinking to just be in your homes after knowing the extent of government surveillance, sadly you have to drop those ideas. Now that we know these radar devices are in use from past two years, it's no wonder if other sorts of secret surveillance may be waiting for you. Till then, remember that Your home is under surveillance!