Nytro

June 28, 2021

28 JUN 2021 NEWS

Mercedes Benz Data Leak Includes Card and Social Security Details

Phil Muncaster UK / EMEA News Reporter , Infosecurity Magazine

Mercedes Benz has released details of a data breach affecting customers and prospective buyers in the US.

The luxury carmaker said a vendor had informed the company on June 11 that the information was “inadvertently made accessible on a cloud storage platform.” It appears that a third-party security researcher first raised the alarm.

Although the initial investigation was set to discover whether 1.6 million unique records had been exposed, subsequent findings indicated far fewer customers and interested buyers were affected.

“The vendor reports that the personal information for these individuals (less than 1,000) is comprised mainly of self-reported credit scores as well as a very small number of driver’s license numbers, social security numbers, credit card information and dates of birth,” the statement noted.

“To view the information, one would need knowledge of special software programs and tools — an internet search would not return any information contained in these files.”

These individuals entered the information in question on dealer and Mercedes-Benz websites between January 1, 2014, and June 19, 2017.

Mercedes Benz USA confirmed that none of its systems were compromised in the incident and said the issue had been mitigated by the security vendor and can’t happen again.

Although it’s unlikely that threat actors managed to locate and access the information, it’s unclear how long it had been exposed for.

Mercedes-Benz USA has begun notifying those affected and said that anyone who had credit card information, driver’s license or social security numbers exposed will be offered a free 24-month subscription to a credit monitoring service.

Tom Garrubba, CISO at risk management firm Shared Assessments, welcomed the carmaker’s prompt action.

“With all the cyber-incidents that have been reported recently, it is refreshing to see that swift action taken by Mercedes Benz USA in addressing the incident with their cloud service provider and ultimately, with their customers," he added.

“The reported breach of 1000 existing and prospective customers via their cloud storage vendor’s platform should raise awareness of the importance of proper due diligence and understanding as to how your cloud service providers are protecting your data.”

Sursa: https://www.infosecurity-magazine.com/news/mercedes-benz-leak-card-social/

June 26, 2021

Windows 11 enables security by design from the chip to the cloud

David Weston Director of Enterprise and OS Security

Adult female sitting on couch inside working on Surface Laptop.

Share

Over the last year, PCs have kept us connected to family, friends, and enabled businesses to continue to run. This new hybrid work paradigm has got us thinking about how we will continue to deliver the best possible quality, experience, and security for the more than 1 billion people who use Windows. While we have adapted to working from home, it’s been rare to get through a day without reading an account of a new cybersecurity threat. Phishing, ransomware, supply chain, and IoT vulnerabilities—attackers are constantly developing new approaches to wreak digital havoc.

But as attacks have increased in scope and sophistication, so have we. Microsoft has a clear vision for how to help protect our customers now and in the future and we know our approach works.

Today, we are announcing Windows 11 to raise security baselines with new hardware security requirements built-in that will give our customers the confidence that they are even more protected from the chip to the cloud on certified devices. Windows 11 is redesigned for hybrid work and security with built-in hardware-based isolation, proven encryption, and our strongest protection against malware.

Security by design: Built-in and turned on

Security by design has long been a priority at Microsoft. What other companies invest more than $1 billion a year on security and employ more than 3,500 dedicated security professionals?

We’ve made significant strides in that journey to create chip-to-cloud Zero Trust out of the box. In 2019, we announced secured-core PCs that apply security best-practices to the firmware layer, or device core, that underpins Windows. These devices combine hardware, software, and OS protections to help provide end-to-end safeguards against sophisticated and emerging threats like those against hardware and firmware that are on the rise according to the National Institute of Standards and Technology as well as the Department of Homeland Security. Our Security Signals report found that 83 percent of businesses experienced a firmware attack, and only 29 percent are allocating resources to protect this critical layer.

With Windows 11, we’re making it easier for customers to get protection from these advanced attacks out of the box. All certified Windows 11 systems will come with a TPM 2.0 chip to help ensure customers benefit from security backed by a hardware root-of-trust.

The Trusted Platform Module (TPM) is a chip that is either integrated into your PC’s motherboard or added separately into the CPU. Its purpose is to help protect encryption keys, user credentials, and other sensitive data behind a hardware barrier so that malware and attackers can’t access or tamper with that data.

PCs of the future need this modern hardware root-of-trust to help protect from both common and sophisticated attacks like ransomware and more sophisticated attacks from nation-states. Requiring the TPM 2.0 elevates the standard for hardware security by requiring that built-in root-of-trust.

TPM 2.0 is a critical building block for providing security with Windows Hello and BitLocker to help customers better protect their identities and data. In addition, for many enterprise customers, TPMs help facilitate Zero Trust security by providing a secure element for attesting to the health of devices.

Windows 11 also has out of the box support for Azure-based Microsoft Azure Attestation (MAA) bringing hardware-based Zero Trust to the forefront of security, allowing customers to enforce Zero Trust policies when accessing sensitive resources in the cloud with supported mobile device managements (MDMs) like Intune or on-premises.

Raising the security baseline to meet the evolving threat landscape. This next generation of Windows will raise the security baseline by requiring more modern CPUs, with protections like virtualization-based security (VBS), hypervisor-protected code integrity (HVCI), and Secure Boot built-in and enabled by default to protect from both common malware, ransomware, and more sophisticated attacks. Windows 11 will also come with new security innovations like hardware-enforced stack protection for supported Intel and AMD hardware, helping to proactively protect our customers from zero-day exploits. Innovation like the Microsoft Pluton security processor, when used by the great partners in the Windows ecosystem, help raise the strength of the fundamentals at the heart of robust Zero Trust security.
Ditch passwords with Windows Hello to help keep your information protected. For enterprises, Windows Hello for Business supports simplified passwordless deployment models for achieving a deploy-to-run state within a few minutes. This includes granular control of authentication methods by IT admins while securing communication between cloud tools to better protect corporate data and identity. And for consumers, new Windows 11 devices will be passwordless by default from day one.
Security and productivity in one. All these components work together in the background to help keep users safe without sacrificing quality, performance, or experience. The new set of hardware security requirements that comes with this new release of Windows is designed to build a foundation that is even stronger and more resistant to attacks on certified devices. We know this approach works—secured-core PCs are twice as resistant to malware infection.
Comprehensive security and compliance. Out of the box support for Microsoft Azure Attestation enables Windows 11 to provide evidence of trust via attestation, which forms the basis of compliance policies organizations can depend upon to develop an understanding of their true security posture. These Azure Attestation-backed compliance policies validate both the identity, as well as the platform, and form the backbone for the Zero Trust and Conditional Access workflows for safeguarding corporate resources.

This next level of hardware security is compatible with upcoming Pluton-equipped systems and also any device using the TPM 2.0 security chip, including hundreds of devices available from Acer, Asus, Dell, HP, Lenovo, Panasonic, and many others.

Windows 11 is a smarter way for everyone to collaborate, share, and present—with the confidence of hardware-backed protections.

Learn more

For more information, check out the other features that come with Windows 11:

To learn more about Microsoft Security solutions, visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us at @MSFTSecurity for the latest news and updates on cybersecurity.

Sursa: https://www.microsoft.com/security/blog/2021/06/25/windows-11-enables-security-by-design-from-the-chip-to-the-cloud/

June 26, 2021

Nobelium hackers accessed Microsoft customer support tools

By Lawrence Abrams

June 26, 2021

APT29

Microsoft says they have discovered new attacks conducted by the Russian state-sponsored Nobelium hacking group, including a hacked Microsoft support agent's computer that exposed customer's subscription information.

Nobelium is Microsoft's name for a state-sponsored hacking group believed to be operating out of Russia responsible for the SolarWinds supply-chain attacks.

In a new blog post published Friday night, Microsoft states that the hacking group has been conducting password spray and brute-force attacks to gain access to corporate networks.

Password spray and brute force attacks are similar in that they both attempt to gain unauthorized accounts to an online account by guessing a password. However, password spray attacks will attempt to use the same passwords across multiple accounts simultaneously to evade defenses. In contrast, brute force attacks repeatedly target a single account with different password attempts.

Microsoft says that Nobelium's recent attacks have been mostly unsuccessful. However, they know of three entities that were breached by Nobelium in these attacks.

"This activity was targeted at specific customers, primarily IT companies (57%), followed by government (20%), and smaller percentages for non-governmental organizations and think tanks, as well as financial services," Microsoft said in a blog post about the attacks.

"The activity was largely focused on US interests, about 45%, followed by 10% in the UK, and smaller numbers from Germany and Canada. In all, 36 countries were targeted."

Microsoft support tools accessed by hackers

During the investigation into the attacks, Microsoft also detected an information-stealing trojan on a Microsoft customer support agent's computer that provided access to "basic account information" for a limited number of customers.

Nobelium used this customer information in targeted phishing attacks against Microsoft customers.

Microsoft reported these attacks after Reuters obtained an email sent to affected customers warning them that the threat actors gained access to information about their Microsoft Services subscriptions.

"A sophisticated Nation-State associated actor that Microsoft identifies as NOBELLIUM accessed Microsoft customer support tools to review information regarding your Microsoft Services subscriptions," read the Microsoft email obtained by Reuters.

Nobelium's recent activity

The Nobelium hacking group, also known as APT29, Cozy Bear, and The Dukes, has been attributed to the recent SolarWinds supply chain attack that compromised numerous US companies, including Microsoft, FireEye, Cisco, Malwarebytes, Mimecast, and various US government agencies.

As part of these attacks, the threat actors replaced legitimate modules in the SolarWinds Orion IT monitoring platform that were distributed to customers via the software's normal auto-update process. These malicious modules allowed the threat actors to gain remote access to compromised devices, where further internal attacks could be launched.

In April, the US government formally accused the Russian government and hackers from the Russian Foreign Intelligence Service, the SVR, of the attacks on Solarwinds and US interests.

More recently, Microsoft revealed that the hacking group compromised the Constant Contact account for USAID, a US agency responsible for providing foreign aid and development assistance.

Using this marketing account, Nobelium conducted targeted phishing attacks to distribute malware and access internal networks.

USAID phishing email sent by Nobelium hackers

The US Department of Justice later seized two domains used in the phishing attacks to distribute malware.

Sursa: https://www.bleepingcomputer.com/news/microsoft/nobelium-hackers-accessed-microsoft-customer-support-tools/

June 25, 2021

E suspect, ca anul trecut prin octombrie zicea ca nu are de gand sa faca asta.

Pe de alta parte, daca era extradat in SUA nu mai iesea din puscarie.

Oricum e ciudat ce s-a intamplat cu el.

June 24, 2021

Haaa, ce tare, yolo :))

I'm not even mad, that's amazing :))

Da, e o problema, probabil o vor rezolva cei cu template-ul, fac update cand apare.

June 24, 2021

https://www.agerpres.ro/economic-extern/2021/06/24/microsoft-prezinta-joi-o-noua-versiune-a-sistemului-de-operare-windows--736653?

June 24, 2021

Salut, am facut ceva modificari pe forum:

- IPBoard: https://invisioncommunity.com/release-notes/ (si security dar si multe features, nu am idee referitoare la ce sunt dar poate sunt utile)

- Baza de date, schimbat engine tabele (sugestie de la ipboard), sper sa nu crape ceva

- Ultima versiune template

E posibil sa apra probleme dar si mici schimbari (nu intrebati ce, nu am idee ) - va rog sa imi ziceti daca ceva nu e in regula.

PS: Mai am idei si sper sa le pot pune in aplicare in curand, sa imi dedic si eu mai mult timp.

June 23, 2021

John McAfee dead: Antivirus tycoon found lifeless in prison after court OKs extradition

UK-born wild man of infosec faced trial in America for tax evasion

Iain Thomson in San Francisco

Wed 23 Jun 2021 // 19:52 UTC

John McAfee was found dead in his cell in a Barcelona prison on Wednesday, according to the Catalan justice department.

Spain’s high court – the Audiencia Nacional – had just hours earlier agreed to his extradition to America to stand trial for alleged tax evasion.

The 75-year-old, British-born former antivirus baron, who founded McAfee Associates in the late 1980s and made his millions before more or less retiring in the mid-1990s, was being held at a prison in Sant Esteve Sesrovires following his arrest at Barcelona airport in October 2020.

Prosecutors are investigating his death, and believe at this stage it was suicide, Spanish newspaper El Pais reported. Officials confirmed to Reuters the infosec world's wild man had been discovered lifeless in his cell.

This is a developing story. Stand by for updates

Sursa: https://www.theregister.com/2021/06/23/john_mcafee_dead/

June 23, 2021

Da, te inteleg ca si eu am tot auzit de asta. O posibila problema ar fi supraincalzirea daca sunt prost facute dar cred ca toate se incing daca sunt putin forjate.

Eu ti-as recomanda sa te iei dupa specificatii dar sa tii si cont la partea de racire sau chiar ce tastatura are (am avut probleme dupa 7 ani cu Asus Rog, dar sarmanul a indurat multe )

June 22, 2021

De ce as avea nevoie de telefon? Acum postez doar gandidu-ma la asta.

June 22, 2021

Am avut Toshiba acum 10 ani. Inca merge, se uita tata la filme pe el.

Apoi am avut un ASUS RoG, inca merge dar nu il mai folosesc.

Acum am un Lenovo care la fel, e impecabila.

La munca cred ca am avut HP, Dell, MacBook si Lenovo.

Nu prea am inteles aceste comparatii intre brand-uri deoarece eu nu am avut niciodata nicio problema cu vreun laptop.

June 22, 2021

Pe mine m-ar interesa mai mult parte de stabilitate decat de security. Windows 10 e ok din acest punct de vedere deci nu imi fac griji in privinta unei versiuni noi.

June 22, 2021

Sunt si vaccinat, am facut si un test PCR acum ceva timp si mai multe teste antigen (facute singur, acasa, inainte sa merg in diverse locuri).

Nu am murit, dar banuiesc ca nu mai am mult de trait nu?

June 17, 2021

Da, iti dai seama ca e bine.

June 17, 2021

Frumos, vad ca aparent se foloseste sa trimiti bani, puteau da ceva mai bine.

June 15, 2021

Din cate stiam nu mai conteaza deloc diploma. Nu mai sunt la curent.

June 15, 2021

Salut, nu stiu daca ajuta la ceva. Daca ai nevoie de scutirea de impozit, e nevoie ca angajatorul sa indeplineasca niste conditii.

Nu cred ca ajuta la angajare, acolo te vor intreba lucruri ca sa vada daca stii sa le faci practic, in functie de ce au ei nevoie.

June 14, 2021

Interesanta intamplarea, despre ce tip era vorba? Roman?

Daca crashuieste ceva e un bug si uneori astfel de bug-uri pot fi exploatabile (desi sanse foarte mici).

Daca faci rost de acel fisier sa ni-l dai si noua pe el. Nu ca as incepe sa ma uit eu pe el, dar il pot da unor persoane care au prezentat lucruri pe subiect la conferinte mari.

June 14, 2021

(Technical) Infosec Core Competencies

June 9th, 2021

Screenshot from 'Jurassic Park': It's a Unix system - I know this!

Every so often, I get asked how people can enter into information security, what they should study or what certifications they should pursue. I don't have a good answer to this question. Or rather, I don't have an easy answer to this question.

I don't find much value in any specific certification program, and I know that everybody's path is different, so I'm hesitant to give any more specific advice but a broad recommendation to work with your organization's security team on practical projects to gain experience and an understanding of how the team functions.

However, at the same time, there are a number of things that I regard as, well, a common body of knowledge in the field, a set of core competencies.

They are, in no particular order, and with no claim to completeness:

How to read a CVE announcement and assess the impact based on its CWE / CVSS score and description. Understand that CVSS scores are relative and impact in your environment may be different.
How to read a hyped, name- and logo branded, corporation backed vulnerability announcement -- as well as the relevant RFCs and actual research paper, if any, instead of just the breathless webpage -- and distill the actual, realistic threat to your environment.
The difference between a vulnerability, a threat, risk, an exploit, and attack surface; the likelihood of an exploit based on an adversary's motivation, goals, and capabilities; being able to ballpark the cost of defense within a given scope.
The difference between authentication (authN) and authorization (authZ); between secrecy and authenticity; between authenticity and integrity. Be able to translate these concepts across different contexts.
The difference between symmetric or private and asymmetric or public key cryptography; between encryption and hashing; between a key derivation function and an HMAC used for message authentication.
You don't need to be cryptographer, but you should know roughly what the cryptographic right answers for your developers' questions are -- and why.
The difference between encryption in transit and encryption at rest.
Know to use TLS >= 1.2, but you don't need to know the details of all the ciphers and algorithms. But you should understand mTLS and client cert validation vs. server cert validation conceptually.
Understand the x509 PKI concepts, trusted CA bundles, cert chains, and common client behavior.
Know how to use 'openssl s_client' and 'openssl x509' to troubleshoot TLS connections, including STARTTLS.
HTTP basics: be able to make manual HTTP requests via telnet(1) / openssl s_client; know enough HTTP headers and the general concepts of CSP; be able to use in-browser developer tools to troubleshoot, debug, and replay requests.
Enough of the JavaScript and HTML DOM to understand the different XSS attack types conceptually.
How to use curl(1) to post data to and pull information from an API; use jq(1) to manipulate JSON.
Be able to use tcpdump(1) to at least get the gist of what's going on on the wire. I.e., protocol, type, port, TCP S/R/P/F/., sequence numbers, payload...
Be able to use e.g., Wireshark to drill down into specific flows, filter and pick outliers out of the noise, debug TLS with logged pre-master secret.
Be aware of the different ICMP types beyond echo request/reply: time exceeded, fragmentation required, destination unreachable...
Be able to spot certain CIDRs. E.g., for IPv4: 127/8, 169.254/16, 224/4, 240/4, RFC1918; for IPv6: ::1, fc00::/7, fe80::/10, ff00::/8
Understand that RFC1918 does not imply the host cannot be reached from the internet; internalize that NAT is not a security control.
How to send arbitrary packets between two hosts, e.g., via nc(1) or bash /dev/tcp.
The difference between "Connection refused", "Connection timed out", and "Name or service not known/host not found".
Be able to use dig(1), nslookup(1) and host(1) and understand why they don't care about what you put into /etc/hosts.
Understand basic DNS resolution. I.e., lookups from client->stub resolver->resolver and resolvers<->auths.
Understand domain registration, NS records, TTLs, and zone delegation. Grasp the difference in threat model between plain DNS, DoH, and DNSSEC.
Understand cache poisoning as a concept and as applied to different protocols, such as ARP, DNS, HTTP Proxy, ...
Have a general awareness of the physical internet, peering, ASNs, BGP hijacking, and how (and when) governments can (and do) censor or intercept/inspect (parts of) the internet for their jurisdiction.
How to use ktrace(1) / strace(1) / dtrace(1) to figure out just what files or sockets a program is accessing.
Be able to use nmap(1) to identify a host's open ports and fingerprint them.
Be able to use SSH port forwarding, SSH pubkey options (from=, command= / ForceCommand), ProxyCommand, and use of SSH agents.
Basic Unix skills, pipes and common tools: grep(1), sed(1), awk(1), sort(1), uniq(1), diff(1), comm(1), tr(1), ...
Know how to use screen(1) / tmux(1) to keep long sessions uninterrupted, to resume if needed, to juggle multiple remote terminals in a single window.
Really understand the Unix permissions model: owner, group, others; permissions on directories (e.g., 1777, 0711), Unix groups; su(1) and sudo(1); how setuid/setgid works.
Understand TOCTOU attacks, mktemp(3), and umask(2).
Be able to convert timestamps between formats and know to look for UTC offset when correlating log entries.
Enough shell scripting to automate the execution of repeated commands, including flow control using loops, functions, and variable expansion.
Enough Python, Perl, PHP, C, Go, Java, and JavaScript to be able to read all the random code you come across and at least make some sense of it.
Enough C to understand how a buffer overflow works and how to spot one. (90% of the time a sprintf(3) of a user-generated string into a fixed-size buffer.)
Enough SQL to be able to explain Little Bobby Tables and to pull records from multiple tables.
Enough input- and shell meta-characters escaping to detect, abuse, and fix unsanitized system(3) / popen(3) command-injections (in the various languages).
Be able to efficiently use your preferred packaged manager to identify file/package ownership, dependencies, package integrity. Be able to create a package in your commonly used package manager format (.deb, .rpm, ...) for a non-trivial piece of software to understand packaging, install scripts, signatures, validation etc.
Enough AWS to be able to spin up an instance when needed. Grok the difference between NACLs and Security Groups. Be able to manage simple IAM resources and to inspect and lock down an S3 bucket.
Enough Kerberos to understand the concept of client authentication versus service authorization and replay attacks.
Enough PGP to be able to send/receive, encrypt/decrypt, and sign/verify encrypted and signed messages.
Understand SMTP basics, email headers, etc. Know enough about SPF/DKIM/DMARC to identify those headers and understand what they are telling you.
Shamir's 3 Laws of Cryptography:
- Absolutely secure systems do not exist
- To halve your vulnerability, you have to double your expenditure
- Cryptography is typically bypassed, not penetrated
Schneier's Law (Any person can invent a security system so clever that she or he can't think of how to break it.) and not to attempt to invent your own cryptographic protocol.
Be able to explain core concepts like Zero Trust, Defense in Depth, Least Privilege, Failing Closed, and Kerckhoff's Principle vs. Security by Obscurity.
How containers are different from virtual machines, and what their respective trust- and control boundaries are.
How to file an actionable, useful bug report. Know how to manage your own ticket queue.
When to seek input from others: there's not just domain specific, but plenty of general security expertise outside of the information security team.
Nothing, absolutely nothing about cryptocurrencies. "Crypto" means "cryptography". That's all you need to know.

Screenshot from Wikipedia's page on Cryptosporidiosis, noting that 'crypto is a parasitic disease'

Now granted, the above list is shaped by my own personal background and experience, and you may do well without many of them, making up for gaps with experience and knowledge in areas that I lack. That's quite ok.

You may also notice that a lot of this overlaps with a general understanding of... well, computering on the internet, with operations and system administration concepts. This is no coincidence. Good ops is good security.

A fair bit of what I regard as essential in this field is covered in my video lectures; if you are interested, please do check them out and don't hesitate to hit me up with any follow-up questions you might have.

Oh, and if you note the absence of all the "soft skills" here: well, those are harder. Perhaps another time...

June 9th, 2021

Sursa: https://www.netmeister.org/blog/infosec-competencies.html

June 13, 2021

Right in the feelings

June 12, 2021

Audi, Volkswagen data breach affects 3.3 million customers

By Lawrence Abrams

June 12, 2021
12:27 PM

Audi

Audi and Volkswagen have suffered a data breach affecting 3.3 million customers after a vendor exposed unsecured data on the Internet.

Volkswagen Group of America, Inc. (VWGoA) is the North American subsidiary of the German Volkswagen Group. It is responsible for US and Canadian operations for Volkswagen, Audi, Bentley, Bugatti, Lamborghini, and VW Credit, Inc.

According to data breach notifications filed with the California and Maine Attorney General's office, VWGoA disclosed that a vendor left unsecured data exposed on the Internet between August 2019 and May 2021.

On March 20th, VWGoA was notified by the vendor that an unauthorized person had accessed the data and may have obtained the customer information for Audi, Volkswagen, and some authorized dealers.

VWGoA states that the breach involved 3.3 million customers, with over 97% of those affected relating to Audi customers and interested buyers.

The data exposed varies per customer but could range from contact information to more sensitive information such as social security numbers and loan numbers.

"The data included some or all of the following contact information about you: first and last name, personal or business mailing address, email address, or phone number. In some instances, the data also included information about a vehicle purchased, leased, or inquired about, such as the Vehicle Identification Number (VIN), make, model, year, color, and trim packages," explains the VWGoA data breach notification first reported by TechCrunch.

"The data also included more sensitive information relating to eligibility for a purchase, loan, or lease. More than 95% of the sensitive data included was driver’s license numbers. There were also a very small number of dates of birth, Social Security or social insurance numbers, account or loan numbers, and tax identification numbers."

For those customers 90,000 customers who had more sensitive information exposed, Volkswagen is providing free credit protection and monitoring services, including $1 million of insurance against identity theft.

VWGoA began notifying affected customers and prospective customers yesterday via mail and warn that customers should be on the lookout for suspicious emails, calls, or texts.

What should Audi and Volkswagen customers do?

As the Audi and Volkswagen data was unsecured for a long time, there is no telling how many people had gained unauthorized access.

Therefore, all communications claiming to be from Audi or Volkswagen should be treated suspiciously, especially email or SMS text messages.

For those who had more sensitive data exposed, you should freeze your credit report to make it harder for third parties to perform identity theft and take credit out under your name.

Sursa: https://www.bleepingcomputer.com/news/security/audi-volkswagen-data-breach-affects-33-million-customers/

June 11, 2021

How Hackers Used Slack to Break into EA Games

A representative for the hackers explained to Motherboard how the group stole a wealth of data from the game publishing giant.

By Joseph Cox

June 11, 2021, 4:10pm

IMAGE: CHESNOT/GETTY IMAGES

Hacking. Disinformation. Surveillance. CYBER is Motherboard's podcast and reporting on the dark underbelly of the internet.

SEE MORE →

The group of hackers who stole a wealth of data from game publishing giant Electronic Arts broke into the company in part by tricking an employee over Slack to provide a login token, Motherboard has learned.

The group stole the source code for FIFA 21 and related matchmaking tools, as well as the source code for the Frostbite engine that powers games like Battlefield and other internal game development tools. In all, the hackers claim they have 780GB of data, and are advertising it for sale on various underground forums. EA previously confirmed the data impacted in the breach to Motherboard.

A representative for the hackers told Motherboard in an online chat that the process started by purchasing stolen cookies being sold online for $10 and using those to gain access to a Slack channel used by EA. Cookies can save the login details of particular users, and potentially let hackers log into services as that person. In this case, the hackers were able to get into EA's Slack using the stolen cookie. (Although not necessarily connected, in February 2020 Motherboard reported that a group of researchers discovered an ex-engineer had left a list of the names of EA Slack channels in a public facing code repository).

"Once inside the chat, we messaged a IT Support members we explain to them we lost our phone at a party last night," the representative said.

Do you work at EA? Do you know anything else about this breach? We’d love to hear from you. Using a non-work phone or computer, you can contact Joseph Cox securely on Signal on +44 20 8133 5190, Wickr on josephcox, OTR chat on jfcox@jabber.ccc.de, or email joseph.cox@vice.com.

The hackers then requested a multifactor authentication token from EA IT support to gain access to EA's corporate network. The representative said this was successful two times.

Once inside EA's network, the hackers found a service for EA developers for compiling games. They successfully logged in and created a virtual machine giving them more visibility into the network, and then accessed one more service and downloaded game source code.

The representative for the hackers provided screenshots to help corroborate the various steps of the hack, including the Slack chats themselves. EA then confirmed to Motherboard the contours of the description of the breach given by the hackers.

In its earlier statement, EA said, "We are investigating a recent incident of intrusion into our network where a limited amount of game source code and related tools were stolen. No player data was accessed, and we have no reason to believe there is any risk to player privacy. Following the incident, we’ve already made security improvements and do not expect an impact on our games or our business. We are actively working with law enforcement officials and other experts as part of this ongoing criminal investigation."

The representative of the hackers also provided Motherboard with a series of documents they say were stolen as part of the hack. They include an assortment of material on PlayStation VR, how EA creates digital crowds in the FIFA games, and documents about AI in games. Sony, which owns the PlayStation brand, did not respond to a request for comment.

Sursa: https://www.vice.com/en/article/7kvkqb/how-ea-games-was-hacked-slack

June 11, 2021

ionut@kali:~$ sudo su
[sudo] password for ionut: 
root@kali:/home/ionut#

Got root! Ce fac acum?

root@kali:/home/ionut# find / -name arhiva_de_scan
root@kali:/home/ionut# find / -name hack_nasa.pl
root@kali:/home/ionut#

Nu pare sa mearga.

June 11, 2021

Electronic Arts (EA) a recunoscut joi că hackerii au furat codul sursă al unor titluri din catalogul său, dezvoltatorul american de jocuri video dând însă asigurări că atacul cibernetic nu va avea consecinţe asupra jucătorilor, informează vineri AFP.

Compania EA, aflată la originea seriilor ''Battlefield'', ''Medal of Honor'' şi ''The Sims'', a confirmat că a fost victima piratajului informatic în urma publicării unui articol de către Vice Media în care se afirma că au fost furate mai multe coduri sursă, printre care cel al celebrului joc FIFA 21 şi al motorului Frostbite, utilizat la mai multe titluri EA.

Un cod sursă este text scris într-un limbaj de programare care conţine instrucţiuni pentru executarea unui program informatic.

"Investigăm un incident recent privind o intruziune în reţelele noastre de unde a fost furată o cantitate limitată de cod sursă şi de instrumente asociate", a declarat pentru AFP un purtător de cuvânt al EA.

''Nu au fost furate date despre jucători şi nu avem niciun motiv să credem că există vreun risc în ceea ce priveşte protecţia vieţii private a jucătorilor'', a dat asigurări purtătorul de cuvânt.

''Ca urmare a acestui incident, am realizat deja îmbunătăţiri la nivelul securităţii şi nu ne aşteptăm la un impact asupra jocurilor noastre sau a afacerii noastre'', a adăugat purtătorul de cuvânt al EA.

EA a dat asigurări că ''în această anchetă penală în curs colaborează activ cu forţele de ordine şi cu alţi experţi''.

Potrivit Vice, hackerii s-au lăudat cu atacul lor pe forumurile de internet clandestine. ''Acum aveţi capacitatea maximă de a exploata toate serviciile EA'', ar fi scris ei într-un mesaj publicat pe una dintre aceste platforme.

Infractorii cibernetici au pus la vânzare datele furate pe diferite forumuri din spaţiul ''dark web'', versiunea ascunsă a internetului, a relatat Vice.

Acest atac vine după un val de atacuri informatice care a avut loc în ultimele luni în Statele Unite şi care a vizat, printre altele, grupuri industriale, spitale, instituţii guvernamentale şi ONG-uri.

De asemenea, atacul are loc cu câteva zile înaintea celebrului salon internaţional dedicat jocurilor video, Electronic Entertainment Expo (E3), la care urmează să participe şi EA. Evenimentul, care se va desfăşura exclusiv online anul acesta, în contextul pandemiei de COVID-19, debutează sâmbătă. AGERPRES/(AS - autor: Dana Purgaru, editor: Ana Alecu, editor online: Gabriela Badea)

* Sursa foto: EA - Electronic Arts / Facebook.com

Sursa: https://www.agerpres.ro/zig-zag/2021/06/11/codul-sursa-al-unor-jocuri-video-dezvoltate-de-ea-furat-de-infractori-cibernetici--729304

June 6, 2021

Ciudat, la mine apare. Nu am mai modificat ceva de destul de mult timp.

Sign In

Profiles

Forums

Posts posted by Nytro