This Tool Lets Hackers Dox Almost Anyone in the US

The US Secret Service’s ties to the Oathkeepers are revealed, the Tornado Cash co-founder is indicted, and a UK court says a teen is behind the Lapsus$ hacking spree.

On Wednesday, August 23, Yevgeny Prigozhin, head of the Russian mercenary Wagner Group, was killed when his plane exploded from the sky. While details of exactly what happened are still scarce, open-source information helps fill in the gaps.

To study technology, you need to be able to examine it. Researchers and journalists have found ingenious ways to scrutinize big tech companies in the past, but such digital investigations are becoming increasingly difficult. Data journalist Surya Mattu, who leads the Digital Witness Lab at Princeton University, makes the case for inspectability APIs.

A mysterious hacker group has launched a new supply chain attack. Hackers hijacked software updates for specific security software and injected malware into 100 computers across Asia. Since the victims of most of the attacks were in Hong Kong, the researchers said hackers linked to China were likely to be to blame.

Political turmoil has continued this week in the US, with former President Donald Trump indicted in Georgia for trying to overturn the results of the state’s 2020 presidential election. We dig into why this prosecution is both dangerous and necessary for America’s future. We also detailed why it was important to have his mug shot.

In other news, we caught up with The Chainsmokers’ Alex Pall to find out why he’s been working with (and investing in) niche cybersecurity firms. Finally, some news you could use: We’ve ranked the most popular digital abortion clinics based on data privacy practices, and here’s some advice on how to talk to your kids about social media and mental health.

Also Read:

That’s not all. Each week, we round up security and privacy news that we haven’t covered in depth ourselves. Click on a title to read the full text. And stay safe outside.

This tool could allow hackers to target almost anyone in the US

A groundbreaking investigation launched this week by worker-owned tech outlet 404 Media found that criminals are exploiting a terrifying new tool to gain access to the personal data of nearly every adult in the United States. The “secret sauce” not mentioned in the article is a Telegram bot that can provide criminals with the addresses, dates of birth, phone numbers, emails, and sometimes even their Social Security numbers of virtually any American in a matter of minutes.

The tool retrieves sensitive data by exploiting unauthorized access to third-party data brokers that can access sensitive information from credit bureaus such as Experian, Equifax, and TransUnion, the report said.

The personal information of most adults is collected and stored by credit bureaus, which amass vast amounts of data to monitor credit scores. Credit bureaus sell access to some of the data to third-party companies, which in turn resell it to people like private investigators or real estate investors. In fact, as long as criminals can gain access to one of these companies, they can do-dozen almost any American with a credit card. That appears to be what has happened, according to reports.

“The government needs to stop these companies from packaging and selling our personal information,” Senator Ron Wyden of Oregon told 404 Media in a statement. The tube should be punished accordingly.”

Also Read:  There’s Finally a Way to Secure a Crucial Piece of the Cloud

U.S. Secret Service Agents Colluded With Oath Keepers

A new report by Citizens for Responsibility and Ethics in Washington (CREW), a nonprofit government watchdog, found that U.S. Secret Service agents stayed close to the leader of the far-right militant group Guardians of the Oath in the final months of the presidential election. connect. Trump administration. Emails released in the report suggest a friendly relationship between the agents and the group’s leader, Stuart Rhodes.

In one email, an agent wrote that they had just spoken to Rhodes about former President Donald Trump’s upcoming visit to Fayetteville, North Carolina. The agent described himself as “the unofficial liaison to the Keeper of the Oath (slowly becoming official)”.The agent also said Rhodes “has specific questions and would like to contact [sic] with our personnel,” and shared Rod’s cell phone number.

In May, Rhodes was found guilty of sedition for his role in the Jan. 6 uprising at the Capitol. He was sentenced to 18 years in prison and 36 months of supervised release.

DOJ charges Tornado Cash co-founder with money laundering

In an indictment unsealed on Wednesday, Aug. 23, the U.S. Department of Justice accused the developers behind cryptocurrency mixer Tornado Cash of laundering more than $1 billion, including hundreds of millions of dollars for a North Korean hacking group. Roman Semenov and Roman Storm are charged with conspiracy to launder money and sanctions violations, as well as conspiracy to operate an unlicensed money transmission business. Storm, who lives in Washington state, was arrested on Wednesday, while Semyonov, a Russian citizen, has not yet been detained.

Also Read:

Tornado Cash is a privacy service that obfuscates the trajectory of cryptocurrency ownership. According to the indictment, the service violated U.S. sanctions and its operators knowingly helped “hackers and fraudsters conceal the fruits of their crimes.”

Storm’s attorney, Brian Klein, called the allegations dangerous and unprecedented in a statement.He said: “We are deeply disappointed that prosecutors chose to charge Mr Storm because he helped develop the software, and they did so on a novel legal theory that has dangerous implications for all software developers. ” Klein explain Storm has been released on bail.

Behind UK teen Lapsus$ hacking spree

Also on Wednesday, a London court found a key member of the cybercriminal group Lapsus$ responsible for several high-profile hacks targeting companies including Uber, Nvidia and Rockstar Games. Arion Kurtaj, 18, faces 12 charges including three counts of extortion, two counts of fraud and six charges under the UK’s Computer Misuse Act.

The jury found that from 2021 to 2022, Kurtaj, along with other members of Lapsus$, believed to be mostly teenagers, carried out a series of attacks focused on extorting large corporations and government agencies around the world. For example, the Uber hack reportedly cost the company $3 million. At the time, Uber said the responsible hacker posted pornographic material on an internal information page with the message “fuck you bastards.”

Earlier this month, the hacking spree prompted a major review by U.S. authorities, which warned of a rising threat from teenage hackers.

Categories: Security