The Hacker News Logo
Subscribe to Newsletter

The Hacker News — Cyber Security and Hacking News Website: source code

Snapchat Hack — Hacker Leaked Snapchat Source Code On GitHub

Snapchat Hack — Hacker Leaked Snapchat Source Code On GitHub

August 08, 2018Swati Khandelwal
The source code of the popular social media app Snapchat was recently surfaced online after a hacker leaked and posted it on the Microsoft-owned code repository GitHub. A GitHub account under the name Khaled Alshehri with the handle i5xx , who claimed to be from Pakistan, created a GitHub repository called Source-Snapchat with a description " Source Code for SnapChat ," publishing the code of what purported to be Snapchat's iOS app. The underlying code could potentially expose the company's extremely confidential information, like the entire design of the hugely-successful messaging app, how the app works and what future features are planned for the app. Snapchat's parent company, Snap Inc., responded to the leak by filing a copyright act request under the Digital Millennium Copyright Act (DMCA), helping it takedown the online repository hosting the Snapchat code. SnapChat Hack: Github Took Down Repository After DMCA Notice Though it is not clear
Confirmed—Microsoft Buys GitHub For $7.5 Billion

Confirmed—Microsoft Buys GitHub For $7.5 Billion

June 04, 2018Swati Khandelwal
Here's the biggest news of the week—Microsoft has reportedly acquired GitHub for $7.5 billion. For those unaware, GitHub is a popular code repository hosting service that allows developers to host their projects, documentation, and code in the cloud using the popular Git source management system, invented in 2005 by Linux founder Linus Torvalds. GitHub is used by many developers and big tech companies including Apple, Amazon, Google, Facebook, and IBM to store their corporate code and privately collaborate on software, but Microsoft is one of the top contributors to the web-hosting service. Microsoft has uploaded several of its most important projects, including PowerShell , the .NET framework, and the Microsoft Edge JavaScript engine , to the website under open source licenses. Microsoft also partnered with Canonical to bring Ubuntu to Windows 10 . Citing sources familiar with the matter, Bloomberg reports that GitHub opted to sell to Microsoft in part because it was impr
Apple's iBoot Source Code for iPhone Leaked on Github

Apple's iBoot Source Code for iPhone Leaked on Github

February 08, 2018Swati Khandelwal
Apple source code for a core component of iPhone's operating system has purportedly been leaked on GitHub, that could allow hackers and researchers to discover currently unknown zero-day vulnerabilities to develop persistent malware and iPhone jailbreaks. The source code appears to be for iBoot —the critical part of the iOS operating system that's responsible for all security checks and ensures a trusted version of iOS is loaded. In other words, it's like the BIOS of an iPhone which makes sure that the kernel and other system files being booted whenever you turn on your iPhone are adequately signed by Apple and are not modified anyhow. The iBoot code was initially shared online several months back on Reddit , but it just resurfaced today on GitHub (repository now unavailable due to DMCA takedown). Motherboard consulted some security experts who have confirmed the legitimacy of the code. However, at this moment, it is unclear if the iBoot source code is complete
Vault 8: WikiLeaks Releases Source Code For Hive - CIA's Malware Control System

Vault 8: WikiLeaks Releases Source Code For Hive - CIA's Malware Control System

November 09, 2017Swati Khandelwal
Almost two months after releasing details of 23 different secret CIA hacking tool projects under Vault 7 series , Wikileaks today announced a new Vault 8 series that will reveal source codes and information about the backend infrastructure developed by the CIA hackers. Not just announcement, but the whistleblower organisation has also published its first batch of Vault 8 leak, releasing source code and development logs of Project Hive —a significant backend component the agency used to remotely control its malware covertly. In April this year, WikiLeaks disclosed a brief information about Project Hive , revealing that the project is an advanced command-and-control server (malware control system) that communicates with malware to send commands to execute specific tasks on the targets and receive exfiltrated information from the target machines. Hive is a multi-user all-in-one system that can be used by multiple CIA operators to remotely control multiple malware implants used
Kaspersky Opens Antivirus Source Code for Independent Review to Rebuild Trust

Kaspersky Opens Antivirus Source Code for Independent Review to Rebuild Trust

October 23, 2017Mohit Kumar
Kaspersky Lab — We have nothing to hide! Russia-based Antivirus firm hits back with what it calls a " comprehensive transparency initiative ," to allow independent third-party review of its source code and internal processes to win back the trust of customers and infosec community. Kaspersky launches this initiative days after it was accused of helping, knowingly or unknowingly, Russian government hackers to steal classified material from a computer belonging to an NSA contractor. Earlier this month another story published by the New York Times claimed that Israeli government hackers hacked into Kaspersky ’s network in 2015 and caught Russian hackers red-handed hacking US government with the help of Kaspersky. US officials have long been suspicious that Kaspersky antivirus firm may have ties to Russian intelligence agencies. Back in July, the company offered to turn over the source code for the U.S. government to audit. However, the offer did not stop U.S. Dep
Decompiled SLocker Android Ransomware Source Code Published Online

Decompiled SLocker Android Ransomware Source Code Published Online

July 24, 2017Swati Khandelwal
Bad news for Android users — Decompiled source code of for one of the oldest mobile and popular Android ransomware families has been published online, making it available for cyber criminals who can use it to develop more customised and advanced variants of Android ransomware. Decompiled source code for the SLocker  android ransomware, which saw a six-fold increase in the number of new versions over the past six months, has just been published on GitHub and is now available to anyone who wants it. The SLocker source code has been published by a user who uses 'fs0c1ety' as an online moniker and is urging all GitHub users to contribute to the code and submit bug reports. SLocker or Simple Locker is mobile lock screen and file-encrypting ransomware that encrypts files on the phone and uses the Tor for command and control (C&C) communication. The malware also posed as law enforcement agencies to convince victims into paying the ransom. Famous for infecting thousands
Source Code for another Android Banking Malware Leaked

Source Code for another Android Banking Malware Leaked

January 23, 2017Swati Khandelwal
Another bad news for Android users — Source code for another Android banking malware has been leaked online via an underground hacking forum. This newly discovered banking Trojan is designed to steal money from bank accounts of Android devices' owners by gaining administrator privileges on their smartphones. Apparently, it will attract the attention of many cyber criminals who can recompile the source code or can also use it to develop more customized and advanced variants of Android banking Trojans. According to security researchers from Russian antivirus maker Dr. Web, the malware's source code was posted online, along with the information on how to use it, meaning Android devices are most likely to receive an increasing number of cyber attacks in upcoming days. Leaked: Trojan Source Code + 'How to Use' Instructions Dr. Web researchers said they have already discovered one banking trojan in the wild developed using this leaked source code, adding that th
Hacker Downloaded Vine's Entire Source Code. Here’s How...

Hacker Downloaded Vine's Entire Source Code. Here’s How...

July 24, 2016Mohit Kumar
Guess What? Someone just downloaded Twitter’s Vine complete source code. Vine is a short-form video sharing service where people can share 6-second-long looping video clips. Twitter acquired the service in October 2012. Indian Bug bounty hunter Avinash discovered a loophole in Vine that allowed him to download a Docker image containing complete source code of Vine without any hassle. Launched in June 2014, Docker is a new open-source container technology that makes it possible to get more apps running on the same old servers and also very easy to package and ship programs. Nowadays, companies are adopting Docker at a remarkable rate. However, the Docker images used by the Vine, which was supposed to be private, but actually was available publically online. While searching for the vulnerabilities in Vine, Avinash used Censys.io – an all new Hacker’s Search Engine similar to Shodan – that daily scans the whole Internet for all the vulnerable devices. Using Censys, Avina
Apple left iOS 10 Kernel Code Unencrypted, Intentionally!

Apple left iOS 10 Kernel Code Unencrypted, Intentionally!

June 24, 2016Mohit Kumar
Apple’s new iOS 10 recently made headlines after MIT Technology Review revealed that the company had left the kernel of the mobile operating system unencrypted. Yes, the first developer preview of iOS 10 released at WWDC has an unencrypted kernel. When the headline broke, some of the users were surprised enough that they assumed Apple had made a mistake by leaving unencrypted kernel in iOS 10, and therefore, would get reverted in the next beta version of the operating system. However, Apple managed to confirm everyone that the company left the iOS 10 kernel unencrypted intentionally, as the kernel cache does not contain any critical or private information of users. On iOS, the kernel is responsible for things like security and how applications are capable of accessing the parts of an iPhone or an iPad. But, Why Apple had left the iOS wide open when other features like iMessage offer end-to-end encryption ? Apple did this on purpose, because by leaving the iOS 10 kernel
US charges Chinese ex-IBM employee with Espionage

US charges Chinese ex-IBM employee with Espionage

June 15, 2016Wang Wei
The United States federal authorities have boosted charges against a former IBM Corp. software developer in China for allegedly stealing valuable source code from his former employer in the US. Chinese national Xu Jiaqiang, 30, was arrested by the FBI in December last year, when he was charged with just one count of theft of a trade secret. However, Jiaqiang has been charged with six counts: three counts of economic espionage and three counts of theft of a trade secret, as US prosecutors accused him of selling the stolen information to other companies, according to the Justice Department indictment [ PDF ]. The proprietary source code, which Jiaqiang was intended to sell for the benefit of the Chinese government, has been described as "a product of decades of work." Jiaqiang worked as a software developer for an unnamed American company that developed networking software from November 2010 to May 2014. In May 2014, Jiaqiang resigned the company only to sell the c
China wants Apple's Source Code, but the Company Refused

China wants Apple's Source Code, but the Company Refused

April 20, 2016Swati Khandelwal
In Brief Apple's head of legal has denied all rumors about providing its complete source code or any backdoor to the Chinese government. Apple officially confirmed that the Chinese government has asked Apple twice in the past two years to hand over the source code for its operating system, but the company refused in both the cases. In a Tuesday hearing entitled "Deciphering the Debate Over Encryption: Industry and Law Enforcement Perspectives,"  the police officials put allegations on Apple for handing over user data to Beijing while refusing the authorities at its home in the US. However, speaking under oath at the congressional hearing, Apple's General Counsel Bruce Sewell denied the claims, saying "We have been asked by the Chinese government" for the source code behind the iPhone. But, "we refused." The response came just after Indiana State Police Captain Charles Cohen accused Apple of providing its source code to China. N
GM Bot (Android Malware) Source Code Leaked Online

GM Bot (Android Malware) Source Code Leaked Online

February 22, 2016Swati Khandelwal
The source code of a recently discovered Android banking Trojan that has the capability to gain administrator access on your smartphone and completely erase your phone's storage has been LEAKED online. The banking Trojan family is known by several names; Security researchers from FireEye dubbed it SlemBunk, Symantec dubbed it Bankosy, and last week when Heimdal Security uncovered it, they dubbed it MazarBot . All the above wave of Android banking Trojans originated from a common threat family, dubbed GM Bot, which IBM has been tracking since 2014. GM Bot emerged on the Russian cybercrime underground forums, sold for $500 / €450, but it appears someone who bought the code leaked it on a forum in December 2015, the IBM X-Force team reported. What is GM Bot and Why Should You Worry about it? The recent version of GM Bot ( dubbed MazarBOT ) has the capability to display phishing pages on the top of mobile banking applications in an effort to trick Android users
Employee Stole 'Yandex Search Engine' Source Code, Tried to Sell it for Just $29K

Employee Stole 'Yandex Search Engine' Source Code, Tried to Sell it for Just $29K

December 29, 2015Mohit Kumar
A former employee of Russian search engine Yandex allegedly stole the source code and key algorithms for its search engine site and then attempted to sell them on the black market to fund his own startup. Russian publication Kommersant reports that Dmitry Korobov downloaded a type of software nicknamed " Arcadia " from Yandex's servers, which contained highly critical information, including the source code and some of the "key algorithms," of its search engine. Korobov then tried to sell the stolen codes to an electronics retailer called NIX, where a friend of his allegedly worked, and on the dark underground market in search of potential buyers. But What's the Punchline? The funniest part is that Korobov requested only $25,000 and 250,000 rubles (a total of almost $29,000) for Yandex's source code and algorithms, which actually cost "Billions of Rubles," or somewhere near $15 Million USD . However, Korobov was arrest
Hacking Team Spyware preloaded with UEFI BIOS Rootkit to Hide Itself

Hacking Team Spyware preloaded with UEFI BIOS Rootkit to Hide Itself

July 14, 2015Mohit Kumar
Last Week someone just hacked the infamous Hacking Team , The Italy-based cyber weapons manufacturer and leaked a huge trove of 400GB internal data , including: Emails Hacking tools Zero-day exploits Surveillance tools Source code for Spyware A spreadsheet listing every government client with date of purchase and amount paid Hacking Team is known for its advanced and sophisticated Remote Control System (RCS) spyware , also known as Galileo , which is loaded with lots of zero-day exploits and have ability to monitor the computers of its targets remotely. Today, Trend Micro security researchers found that the Hacking Team " uses a UEFI  (Unified Extensible Firmware Interface)  BIOS Rootkit to keep their Remote Control System (RCS) agent installed in their targets' systems ." That clearly means, even if the user reinstalls the Operating System, formats the hard disk, and even buys a new hard disk, the agents are implanted after Microsoft Windows is
Cloud Source Repositories: Google Quietly Launches GitHub Competitor

Cloud Source Repositories: Google Quietly Launches GitHub Competitor

June 26, 2015Mohit Kumar
After the death of Google code this winter, Google is apparently back in the business through the launch of its private Git repository hosting service on Google Cloud Platform called Cloud Source Repositories . Not yet officially announced, but Google started providing free beta access to its new Cloud Source Repositories earlier this year, VentureBeat reported. Similar to the popular source code repository hosting service GitHub, Cloud Source Repositories provides developers with the ability to host and edit code on the ever-expanding Google Cloud Platform . Though it will not be easy to take hold of all GitHub's customers overnight, Google is taking a successive approach with its new service -- Cloud Source Repositories can serve as a 'remote' Git repositories for users sitting elsewhere on the Internet or locally. Moreover, it is also possible for users to connect a Cloud Source Repository to a hosted repository service like GitHub or Bitbucket that will automatical
Russian Government Asks Apple to Hand Over iOS and Mac Source Code

Russian Government Asks Apple to Hand Over iOS and Mac Source Code

July 31, 2014Swati Khandelwal
Just few days after the announcement that Russian government will pay almost 4 million ruble (approximately equal to $111,000) to the one who can devise a reliable technology to decrypt data sent over the Tor , now the government wants something which is really tough. APPLE & SAP, HAND OVER YOUR SOURCE CODES Russian government has asked Apple to provide the access to the company’s source code in an effort to assure its iOS devices and Macintoshes aren’t vulnerable to spying. Not just this, the government has demanded the same from SAP as well, which is an enterprise software that manages business operations and customer relationships. Russia proposed this idea last Tuesday when Communications Minister Nikolai Nikiforov met SAP’s Russian managing director Vyacheslav Orekhov , and Apple’s Russian general manager Peter Engrob Nielsen, and suggested that both the companies give Russian government access to their source code. APPLE iOS BACKDOOR CONTROVERSIES The idea
'Tinba' Banking Malware Source Code Leaked Online

'Tinba' Banking Malware Source Code Leaked Online

July 12, 2014Mohit Kumar
The source code for the smallest but sophisticated banking Trojan Tinba has been leaked through an online post in an underground forum, which make it available for anyone who knows where to look for free malware generation tools. The files posted on the closed russian underground forum turned out to be the source code of Tinba version1 , which was discovered around mid-2012 and they say it is the original, privately sold version of the crimeware kit that infected thousands of computers in Turkey. Tinba , also known as Zusy, is a tiny but deadly banking Trojan that comprises just 20 Kilobytes of code that gives it ability to slip past detection by some antivirus engines and uses a number of well-word man-in-the-browser tricks in an attempt to defeat two-factor authentication. It infects systems without any advanced encryption or packing and has capability to hook into browsers and steal login data and sniff on network traffic. Last week, researchers at CSIS in Denmark
Student Decrypts Simplocker Android Ransomware that Encrypts Files

Student Decrypts Simplocker Android Ransomware that Encrypts Files

June 17, 2014Swati Khandelwal
In a previous story, I reported about a new ransomware threat known as Simplocker discovered by researchers at the security firm ESET, targeting Android users in the UK, Switzerland, Germany, India and Russia, for ransom. Simplocker (Android/Simplocker.A) is the latest Android ransomware that has ability to encrypt the files using Advanced Encryption Standard (AES) on the Android device SD cards demanding users pay a ransom of 260 UAH ( Ukrainian hryvnias ), which is roughly equal to $21 US, for those files to be decrypted. To hide their track, the malware author is using the Command-and-Control server hosted on TOR .onion domain, which makes it difficult to trace the server's physical location or determine who is operating it. The malware collects information about the users’ phone such as IMEI number, Operating System, phone model and manufacturer to send it all to Command-and-Control server. STUDENT CRACKS SIMPLOCKER RANSOMWARE Now, an undergraduate stu
TrueCrypt is Secure; Encryption Tool cleared the First Phase of Security Audit

TrueCrypt is Secure; Encryption Tool cleared the First Phase of Security Audit

April 15, 2014Swati Khandelwal
Is TrueCrypt Audited Yet? Yes, In Part!  One of the world's most-used open source file encryption software trusted by tens of millions of users - TrueCrypt is being audited by a team of experts to assess if it could be easily exploited and cracked. Hopefully it has cleared the first phase of the audit and given a relatively clean bill of health. TrueCrypt is a free, open-source and cross-platform encryption program available for Windows, OSX and Linux that can be used to encrypt individual folders or encrypt entire hard drive partitions including the system partition.  The program is also capable to do some amazing things, such as can create a hidden operating system on a computer, essentially an OS within an OS where users can keep their most secret files. EVERYONE HAS SOMETHING TO HIDE TrueCrypt developers are anonymous and used the aliases “ ennead ” and “ syncon ”, perhaps to avoid unwelcome attention from their own governments. But when we talk about Privacy an
NSA Hacked Servers of Chinese telecom Huawei, Stole Source Codes

NSA Hacked Servers of Chinese telecom Huawei, Stole Source Codes

March 23, 2014Wang Wei
The US Government was publicly accusing Chinese electronics manufacturer Huawei of espionage from the past few years. Ironically, it has now been revealed that the  National Security Agency conducted a major offensive cyber operations against the  Chinese government and networking company Huawei,  in early 2009. According to reports based on classified documents leaked by Edward Snowden   and viewed by The Times and Der Spiegel , NSA has infiltrated servers in the headquarters of Chinese telecommunications and hacked into the email servers of Huawei five years ago. Code-named as " Operation Shotgiant " was conducted with the involvement of the CIA, White House intelligence coordinator and the FBI; aimed to find a link between  Huawei  and China’s People’s Liberation Army. NSA accessed the emails of many Huawei employees' for this purpose. NSA STOLE SOURCE CODES NSA also aimed to conduct surveillance through computer and telephone networks Huawei sold
Exclusive Deals

Get Daily News Updates By Email

Join over 350,000 information security professionals — Get the best of our cyber security coverage delivered to your inbox every morning.