Tag Archives: Hacker

How To Turn On Two-Step Verification In Telegram!

How To Turn On Two-Step Verification In Telegram!

Find out WHY you should turn on two-step verification in Telegram, and HOW to do that!

 

Why You Should Turn On Two-Step Verification In Telegram?

Two-Step Verification is a feature that protects your Telegram account from being hijacked by hackers and scammers.

It blocks illegal takeover of Telegram accounts, by requiring a secret password that only you know. And it lets you recover your account via email.

This prevents hackers or scammers from taking over your Telegram account, even if you accidentally share with them the login code.

Read more : Beware Of Telegram Screenshot Hack + Scam!

 

How To Turn On Two-Step Verification In Telegram!

In this guide, I will share with you how to turn on two-step verification in Telegram.

Step 1 : Open Telegram.

Step 2 : Go to Options > Settings > Privacy and Security.

Step 3 : Tap on the Two-Step Verification option.

Step 4 : In the Two-Step Verification screen, tap on the Set Password option.

Step 5 : Key in your preferred password, which can be any combination of capital or small letters and numbers.

Step 6 : You will need to key the same password again, to confirm it.

Step 7 : Next, you can create a hint to remind you of your password. This is optional, and you can skip it if you prefer.

But if you key one in, the hint will be displayed whenever you are asked to key in the password in the future.

Step 8 : After that, you will have the option of adding a Recovery Email address, just in case your account is hijacked.

This is optional as well, but I highly recommend you add a recovery email, which is simply the email address you use.

Step 9 : If you entered a Recovery Email address, Telegram will now send you an email with a 6-digit code to verify that email address.

Step 10 : Look for the Telegram verification code email, and key in the 6-digit verification code.

That’s it! You’re done! From now on, you will be required to key in the password whenever you log into a new device.

This will prevent hackers / scammers from taking over your account, even if you accidentally give them the Login code you receive by SMS.

 

Please Support My Work!

Support my work through a bank transfer /  PayPal / credit card!

Name : Adrian Wong
Bank Transfer : CIMB 7064555917 (Swift Code : CIBBMYKL)
Credit Card / Paypal : https://paypal.me/techarp

Dr. Adrian Wong has been writing about tech and science since 1997, even publishing a book with Prentice Hall called Breaking Through The BIOS Barrier (ISBN 978-0131455368) while in medical school.

He continues to devote countless hours every day writing about tech, medicine and science, in his pursuit of facts in a post-truth world.

 

Recommended Reading

Go Back To > Cybersecurity | Software | Tech ARP

 

Support Tech ARP!

Please support us by visiting our sponsors, participating in the Tech ARP Forums, or donating to our fund. Thank you!

Beware Of Telegram Screenshot Hack + Scam!

Watch out for the Telegram screenshot hack and scam! Find out how the Telegram screenshot hack and scam works, and what you can do!

 

Telegram Screenshot Hack : New Twist To Old Trick

My friend just got hit by the Telegram screenshot hack, and the hacker is now trying to scam everyone on his contact list!

The Telegram screenshot hack is a new twist to an old trick, and here is how they do it…

Step 1 : Identify A Suitable Target

After obtaining a legitimate Telegram account through phishing or other means, the hacker reads through the messages to identify a suitable target – usually a close friend whom you often chat with, and trust.

For the purpose of our example, the hacker stole your friend’s Telegram account and has identified you as a suitable target.

Step 2 : Attempt To Login From Another Device

The hacker installs Telegram in another device and attempts to log into your account. He only needs the your phone number to do that.

The login attempt triggers Telegram to send a Login code to the your registered devices to authenticate the login. Usually, that’s the Telegram app in your smartphone.

Step 3 : Ask For A Screenshot Of Telegram

Traditionally, this is when the hacker will use your friend’s Telegram account to message you and ask for that Login code. However, asking for the Login code may trigger suspicion, so hackers have now come up with a new twist.

Instead of asking you for the Login code, the hacker will use your friend’s Telegram account to ask you to take a screenshot of your Telegram app and send it to him.

What harm is there? After all, many of us take screenshots and share them with family, friends and even on social media!

The problem is – the screenshot will accidentally reveal your Telegram Login code! Take a look at the actual screenshot my friend sent – it clearly shows the Telegram Login code!

Step 4 : Terminate All Other Sessions

The hacker will immediately use the Login code to log into your Telegram account on his device.

Then he will terminate all other sessions from that Telegram account, which means you get logged out from your Telegram app on your own smartphone!

Step 5 : Change Password

To prevent you from logging back in, and terminating his Telegram session, he will change the password.

Step 6 : Scam Your Friends

Now that the hacker gained control of your Telegram account and locked you out of it, he is free to scam your friends.

In this case, my friend’s contacts all started getting pleas to borrow money for some kind of emergency. The hacker will, of course, promise to pay you back quickly.

Your unsuspecting friends may not realise that this is not you that they are talking to, and may end up sending the hacker money.

In this case though, my friend managed to quickly alert us via WhatsApp that his Telegram account was hacked, so we didn’t tall for the scam.

One of his friends toyed with the scammer, and obtained the bank details. That is obviously not my friend’s name or account number!

 

Telegram Screenshot Hack : How To Prevent It?

Now that you know how the Telegram screenshot hack works, you can pretty much figure out how to prevent it.

Here is my quick summary for those who didn’t go through the whole process above :

  1. Do NOT send anyone your Telegram Login code. Not even anyone claiming to be working for Telegram.
  2. Do NOT send anyone a screenshot of your Telegram app. Even if it’s not a scam, it reveals portions of your chats!
  3. Turn on Two-Step Verification in Telegram. This lets you recover your account, even if you accidentally let someone take over your account.

Read more : How To Turn On Two-Step Verification In Telegram!

 

Telegram Screenshot Hack : How To Recover Your Account?

If you failed to turn on two-step verification, there is still a way to recover your Telegram account after it is stolen by a hacker.

For these steps to work though, you need to have access to your phone number. You must also do this quickly, as the hacker will be alerted to your attempt.

Step 1 : Open Telegram.

Step 2 : Log into your Telegram account using your phone number.

Step 3 : You will be asked if you have the correct number. Click Yes.

Step 4 : Telegram will send a 5-digit code to all your devices with Telegram installed. You won’t receive it since the hacker has already terminated all other sessions.

Step 5 : Click on the option just above the keypad – “Send the code as an SMS“.

Step 6 : You will now receive an SMS with the 5-digit code. Key it in, and you will now have access to your Telegram account.

Step 7 : Go to Options > Settings > Privacy and Security.

Step 8 : Scroll down and tap on Devices.

Step 9 : Tap on the option – Terminate All Other Session – to boot out the hacker.

Bonus Step : Turn on Two-Step Verification to prevent this from happening again!

 

Please Support My Work!

Support my work through a bank transfer /  PayPal / credit card!

Name : Adrian Wong
Bank Transfer : CIMB 7064555917 (Swift Code : CIBBMYKL)
Credit Card / Paypal : https://paypal.me/techarp

Dr. Adrian Wong has been writing about tech and science since 1997, even publishing a book with Prentice Hall called Breaking Through The BIOS Barrier (ISBN 978-0131455368) while in medical school.

He continues to devote countless hours every day writing about tech, medicine and science, in his pursuit of facts in a post-truth world.

 

Recommended Reading

Go Back To > Cybersecurity | Software | Tech ARP

 

Support Tech ARP!

Please support us by visiting our sponsors, participating in the Tech ARP Forums, or donating to our fund. Thank you!

Can Greeting Photos + Videos Hack Your Phone?!

Can hackers use greeting photos and videos to hack your phone, and steal your data?

Take a look at the viral claim, and find out what the FACTS really are!

 

Claim : Greeting Photos + Videos Can Hack Your Phone!

People keep sharing this warning about greeting photos and videos, which claims that they can hack your phone and steal your data.

It’s a long message, so just skip to the next section for the facts!

Hello Family and friends,

Starting tomorrow, Please do not send network pictures. Look at the following article to understand. I’m going to stop too.

Please delete all photos and videos of Good morning, Evening and other greetings and religious messages as soon as possible. Read the following article carefully and you will understand why.

Read all! Please send this message urgently to as many friends as possible to prevent illegal intrusion.

 

Truth : Greeting Photos + Videos Cannot Be Hack Your Phone!

Many of us get spammed with Good Morning, Good Afternoon, Good Evening photos and videos every day from family and friends.

While they often clog up Facebook, Telegram and WhatsApp groups, they really cannot hack your phone. Here are the reasons why Good Morning messages are very irritating, but harmless…

Fact #1 : Shanghai China International News Does Not Exist

The news organisation that was claimed to be the source of this warning – Shanghai China International News –  does not exist!

Fact #2 : Greeting Photos + Videos Not Created By Hackers

Hackers (from China or anywhere else) have better things to do than to create these greeting photos and videos.

They are mostly created by websites and social media influencers for people to share and attract new followers.

Fact #3 : No Fraud Involving Greeting Photos / Videos

There has been no known fraud involving Good Morning or Good Night messages, videos or pictures.

Certainly, half a million victims of such a scam would have made front page news. Yet there is not a single report on even one case…. because it never happened.

Fact #4 : Image-Based Malware Is Possible, But…

Digital steganography is a method by which secret messages and other data can be hidden in digital files, like a photo or a video, or even a music file.

It is also possible to embed malicious code within a Good Morning photo, but it won’t be a full-fledged malware that can execute by itself.

At most, it can be used to hide the malware payload from antivirus scanners, which is pretty clever to be honest…

Fact #5 : Image-Based Malware Requires User Action

In January 2019, cybercriminals created an online advertisement with a script that appears innocuous and would pass any malware check.

However, the image itself has an “almost white” rectangle that is recognised by the script, triggering it to redirect the user to the cybercriminals’ website.

Once there, the victim is tricked into installing a Trojan disguised as an Adobe Flash Player update.

Such a clever way to bypass malware checks, but even so, this image-based malware requires user action.

You cannot get infected by the Trojan if you practice good “Internet hygiene” by not downloading or installing anything from unknown websites.

Fact #6 : Malicious Code Executes Immediately

If you accidentally download and trigger malware, it will execute immediately. It won’t wait, as the hoax message claims.

Deleting Good Morning or Good Night photos or videos will free up storage space in your phone, but it won’t prevent any malware from executing.

There is really no reason for malware to wait before it infects your devices. Waiting will only increase the risk of detection.

Whether the malware serves to take over your device, steal your information or encrypt it for ransom, it pays to do it at the first opportunity.

Now that you know the facts, please SHARE this article with your family and friends!

 

Please Support My Work!

Support my work through a bank transfer /  PayPal / credit card!

Name : Adrian Wong
Bank Transfer : CIMB 7064555917 (Swift Code : CIBBMYKL)
Credit Card / Paypal : https://paypal.me/techarp

Dr. Adrian Wong has been writing about tech and science since 1997, even publishing a book with Prentice Hall called Breaking Through The BIOS Barrier (ISBN 978-0131455368) while in medical school.

He continues to devote countless hours every day writing about tech, medicine and science, in his pursuit of facts in a post-truth world.

 

Recommended Reading

Go Back To > Cybersecurity | Fact CheckTech ARP

 

Support Tech ARP!

Please support us by visiting our sponsors, participating in the Tech ARP Forums, or donating to our fund. Thank you!

Will Scanning RFID Bar Codes Hack Your Phone?!

Will scanning an RFID bar code cause your phone to be hacked?!

Take a look at the viral claim, and find out what the facts really are!

 

Claim : Scanning RFID Bar Codes Will Hack Your Phone!

This warning about an RFID bar code scam has gone viral on WhatsApp, and social media.

It claims that scammers are sending people RFID stickers, and asking them to scan the bar code.

Allegedly, scanning the RFID bar code will cause your phone to be hacked by these scammers!

They send the RFID to you. When you scan the bar code they hack your hp
It’s a scam

他们将 RFID 发送给您。 当您扫描条形码时,他们会入侵您
这是一个骗局

Mereka menghantar RFID kepada anda. Apabila anda mengimbas kod bar mereka menggodam anda
Ia satu penipuan ☠️👻💩😱😰

 

Truth : Scanning RFID Bar Codes Will NOT Hack Your Phone!

This is yet another example of FAKE NEWS circulating on WhatsApp and social media, and here are the reasons why…

Fact #1 : There Is No RFID Bar Code Scanning Scam

First of all – let me just say that there is no such thing as an RFID bar code scanning scam. No one can hack your phone just because you scan an RFID bar code.

The bar code is nothing more than a series of numbers, which you can readily see printed under the bar code. These numbers cannot possibly hack your phone / smartphone.

Fact #2 : RFID Bar Code Is Used To Register Sticker

The bar code visible in the clear window of the TNG RFID self-fitment kit is merely the serial number for the RFID sticker (also known as an RFID tag).

This serial number is used to register the RFID sticker, by scanning scan the bar code using the TNG eWallet mobile app.

All it does is link the RFID sticker to your TNG eWallet account, so that all toll charges are automatically deducted from that account.

Read more : TNG RFID Self-Fitment Guide : How To Do It Yourself

Fact #3 : There Are Easier + Cheaper Ways To Hack Your Phone

Truth be told – there are far easier and cheaper ways to hack your phone, than send you a free RFID sticker and ask you to scan the bar code.

These scammers will have to put in considerable expense and technical expertise into hacking the TNG eWallet app, and inserting their malware that the fake RFID number would trigger.

But why bother? If they can hack the TNG eWallet, they don’t even need to send you any fake RFID bar code to scan!

Making fake RFID stickers (tags) that look like genuine TNG RFID self-fitment kits costs money. Sending these fake kits also put them at risk, because deliveries can be traced.

There are many other ways to compromise your smartphone. There is simply no reason why scammers to waste time and money on such a convoluted scheme.

Please help us FIGHT FAKE NEWS by sharing this fact check article out, and please SUPPORT our work!

 

Please Support My Work!

Support my work through a bank transfer /  PayPal / credit card!

Name : Adrian Wong
Bank Transfer : CIMB 7064555917 (Swift Code : CIBBMYKL)
Credit Card / Paypal : https://paypal.me/techarp

Dr. Adrian Wong has been writing about tech and science since 1997, even publishing a book with Prentice Hall called Breaking Through The BIOS Barrier (ISBN 978-0131455368) while in medical school.

He continues to devote countless hours every day writing about tech, medicine and science, in his pursuit of facts in a post-truth world.

 

Recommended Reading

Go Back To > Fact Check | Cybersecurity | Tech ARP

 

Support Tech ARP!

Please support us by visiting our sponsors, participating in the Tech ARP Forums, or donating to our fund. Thank you!

Canada Internet Outage Due To Software Update, Not China!

The country-wide mobile and Internet outage in Canada was due to a software update, not hacking by China!

Take a look at the viral claim, and find out what the facts really are!

 

Claim : China Responsible For Mobile + Internet Outage In Canada!

Within hours of news breaking that Canada suffered a massive Internet outage, Vancouver Times posted a story claiming that the Royal Canadian Mounted Police (RCMP) identified China as the responsible party.

Vancouver Times also claimed that the RCMP will issue arrest warrants for the hackers responsible, who are connected to the People’s Liberation Army (PLA).

Chinese state hackers are responsible for a massive internet outage that paralyzed large parts of Canada, according to the RCMP. The federal police agency is in the process of issuing arrest warrants for several people they believe are connected to the People’s Liberation Army.

The RCMP will be holding a press conference in the next few days to announce the arrest warrants, according to sources. Canadian intelligence agencies are reportedly receiving guidance from the CIA and the FBI.

On Friday a widespread network outage from Rogers left many Canadians without mobile and internet service. The outages caused significant problems for police, courthouses, passport offices and other facilities.

The outage also disrupted services across retailers, courthouses, airlines, train networks, credit card processors and police forces, pushing many to delay business transactions. Many people were seen at Starbucks, trying to use their internet service.

The mainstream media and big tech want to hide the truth. Beat them at their own game by sharing this article!

Read more : FBI + MI5 Issue Joint Warning On Chinese Spying!

 

Truth : Canada Internet Outage Due To Software Update, Not China!

This is yet another example of FAKE NEWS created by Vancouver Times to generate page views and money from gullible people.

Fact #1 : Vancouver Times Is A Fake News Website

Vancouver Times is a “content aggregator” (copy and paste) website that is known for creating fake news to generate more page views and money.

To look legitimate, they copy and paste news from legitimate news organisations. To drive traffic, they create fake news, sometimes masked as “satire”.

To give themselves a veneer of deniability, they label themselves as a “satire website” in their About Us section.

Vancouver Times is the most trusted source for satire on the West Coast. We write satirical stories about issues that affect conservatives.

Here are some of their fake news that we debunked :

Fact #2 : Outage Only Affected Rogers Communications

On Friday, July 8, 2022, Canada was hit by a massive mobile and Internet outage that hit businesses, banks, and even police emergency lines.

However, it only affected Rogers Communications, and did not affect rivals like BCE, Telus and Shaw Communications.

The outage was extensive because Rogers is Canada’s leading telecommunications provider, with about 11.3 million wireless subscribers, and 2.25 million retail Internet subscribers.

Read more : Shanghai Police Data On 1 Billion Chinese Citizens Leaked!

Fact #3 : RCMP Did Not Blame China For Mobile + Internet Outage

The Royal Canadian Mounted Police did not blame China for Rogers Communications’ mobile and Internet outage.

This was made up by Vancouver Times to trigger right-wing conspiracy theorists, to go viral and draw more page views.

Fact #4 : Rogers Did Not Blame China For Mobile + Internet Outage

Rogers Communications themselves did not blame China for their mobile and Internet outage.

Fact #5 : Canada Confirmed Outage Was Not A Cyberattack

While the reason behind the outage was still unknown, a spokesperson for Canadian Public Safety Minister Marco Mendicino confirmed to CTV News that “the outage was not due to a cyberattack“.

Fact #6 : Rogers Confirmed Outage Due To Maintenance Update

On 11 July 2022, Rogers CEO Tony Staffieri apologised for the country-wide outage of its services.

He also said that the failure was due to “a maintenance update in our core network“. The maintenance work “caused some of our routers to malfunction early Friday morning“.

Fact #7 : Prior Rogers Outage Also Due To Software Update

This wasn’t the first time Rogers Communications’ network failed so drastically.

Just 15 months earlier – Rogers and its subsidiary, Fido, experienced a nationwide cellular service outage in April 2021.

That outage was ultimately traced to “a recent Ericsson software update” that “affected a piece of equipment in the central part” of their network, leading to “intermittent congestion impacting many customers across Canada“.

Fact #8 : It Would Have Been Considered An Act Of War

China attacking Canada’s mobile and Internet network would have been considered an act of war, if it was proven.

The Canadian government would at least have issued a strong statement, if not cut diplomatic ties with China and/or enact sanctions against the Chinese government.

Fact #9 : No One Else Reported This Story

China attacking Canada’s mobile and Internet infrastructure would have been major international news, reported across the globe.

Yet not only did no mainstream media cover this incredible story, it hasn’t even been reported in the usual conspiracy theory websites!

That’s because it was a fake story created by one publication – Vancouver Times, in their attempt to go viral again for more page views and ad money.

Fact #10 : There Is No Such Thing As A Publication Ban

Vancouver Times likes to use the “media blackout” claim, to explain why you can’t find any reputable media outlet reporting on China attacking Canada’s mobile and Internet infrastructure.

That’s utter and complete bullshit. No one – not a judge, not even the Canadian government – can control the worldwide media, or prevent anyone from writing about such an incredible story.

You can also be sure that even if the mainstream media in the Canada refused to run the story, it would have been reported by foreign media outlets, websites and blogs.

Yet, not a single foreign media outlet or online website published their account of this incredible story? That’s because IT NEVER HAPPENED…

Read more : Did Ghislaine Maxwell Just Commit Suicide In Prison?!

Fact #11 : Mainstream Media + Big Tech Would Have Loved The Hype

Vancouver Times is gaslighting you about how mainstream media and Big Tech want to hide the “truth” about China attacking Canada’s infrastructure.

They would all loved such shocking news, because it would have driven tons of traffic and engagement to their websites / platforms.

In fact, that was precisely why Vancouver Times created the fake story – to drive traffic, for the ad money.

Everything that Vancouver Times publishes should be regarded as FAKE NEWS, until proven otherwise.

Please help us fight fake news websites like Vancouver Times – SHARE this fact check out, and SUPPORT our work!

 

Please Support My Work!

Support my work through a bank transfer /  PayPal / credit card!

Name : Adrian Wong
Bank Transfer : CIMB 7064555917 (Swift Code : CIBBMYKL)
Credit Card / Paypal : https://paypal.me/techarp

Dr. Adrian Wong has been writing about tech and science since 1997, even publishing a book with Prentice Hall called Breaking Through The BIOS Barrier (ISBN 978-0131455368) while in medical school.

He continues to devote countless hours every day writing about tech, medicine and science, in his pursuit of facts in a post-truth world.

 

Recommended Reading

Go Back To > Fact CheckCybersecurity | Tech ARP

 

Support Tech ARP!

Please support us by visiting our sponsors, participating in the Tech ARP Forums, or donating to our fund. Thank you!

FBI + MI5 Issue Joint Warning On Chinese Spying!

The FBI and MI5 just issued a joint warning about economic spying and hacking operations by the Chinese government!

Here is what you need to know…

 

FBI + MI5 Issue Joint Warning On Chinese Spying!

On July 7, 2022, FBI Director Christopher Wray joined MI5 Director General Ken McCallum at the MI5 London headquarters to issue a joint warning about Chinese spying and cyberattacks.

Ken McCallum said that MI5 was running seven times as many investigations into China, as it had just four years ago. He also said that MI5 planned to double that to tackle the widespread attempts.

Christopher Wray, on the other hand, stressed that the FBI had substantially increased its investigations into China, and is currently managing about 2,000 problems, and opening about two counterintelligence cases every day.

The Chinese government is set on stealing your technology – whatever it is that makes your industry tick – and using it to undercut your business and dominate your market.

Maintaining a technological edge may do more to increase a company’s value than would partnering with a Chinese company to sell into that huge Chinese market, only to find the Chinese government and your partner stealing and copying your innovation.

Both McCallum and Wray alleged that the Chinese government is engaged in a “coordinated campaign” to “cheat and steal [technology] on a massive scale“.

They also stressed that China’s hacking programme dwarfs that of any other major country, and that it has a global network of intelligence operatives.

 

FBI + MI5 : China Also Preparing To Shield From Sanctions

Even more worrying is the fact that China is working to shield its economy from any future sanctions, obviously learning from how the West punished Russia for invading Ukraine.

This suggests that China is at least preparing for the possibility, if not the eventuality, of insulating its economy from potential sanctions, should it attack Taiwan.

Wray said that China is “trying to cushion themselves from harm if they do anything to draw the ire of the international community”, and that the Chinese government is pressuring Western businesses not to criticise Beijing or its policies.

He declined to say whether an invasion of Taiwan has become more likely due to these measures, but warn that Western investments in China could be similarly impacted by such a conflict.

Just as in Russia, Western investments built over years could become hostage, capital stranded. Supply chains and relationships disrupted.

Wray also shared that the Chinese government had directly interfered in a New York congressional election, because they did not want a candidate who was a critic and a former Tiananmen Square protestor to be elected.

China has for far too long counted on being everybody’s second-highest priority. They are not flying under the radar anymore.

Both Wray and McCallum said that the intention of the joint address was to “send the clearest signal” to the Chinese Communist Party (CCP), because if China decides to invade Taiwan, it would cause “one of the most horrific business disruptions the world has ever seen“.

Read more : US Mil Contractor Admits Selling Aviation Secrets To China!

 

FBI + MI5 : Examples Of Chinese Spying

McCallum shared some specific cases of Chinese spying activities that MI5 detected and thwarted.

Covert Theft

Late last year Chinese intelligence officer Shu Yenjoon was convicted in a US court on charges of economic espionage and theft of trade secrets from the US aviation sector.

Shu was active in Europe too: he’d been part of a prolific Ministry of State Security network targeting the aerospace sector.

MI5 worked with those being targeted in the UK to mitigate the risks until the FBI action could solve the problem for both of us.

Tech Transfer

Clandestine espionage methodology isn’t always necessary. Take the tale of Smith’s Harlow, a UK-based precision engineering firm. In 2017 Smith’s Harlow entered into a deal with a Chinese firm, Futures Aerospace. The first of three agreed technology transfers saw Futures pay £3m for quality control procedures and training courses.

You know how this ends: after further sharing of valuable IP, Futures abandoned the deal. Smith’s Harlow went into administration in 2020. As their Chairman put it: “They’ve taken what they wanted and now they’ve got it, they didn’t need the shell of Smith’s”.

Information Advantage

The CCP doesn’t just use intelligence officers posing as diplomats in the classic fashion. Privileged information is gathered on multiple channels, in what is sometimes referred to as the ‘thousand grains of sand’ strategy.

In Germany a retired political scientist and his wife who together ran a foreign policy think tank passed information to the Chinese intelligence services for almost ten years.

In Estonia a NATO maritime scientist was convicted for passing information to his Chinese handlers, who claimed to be working for a think tank.

Cultivating New Contacts

The deceptive use of professional networking sites is well known. Seemingly flattering approaches turn into something more insidious – and damaging.

In one example a British aviation expert received an approach online, ostensibly went through a recruitment process, and was offered an attractive employment opportunity. He travelled twice to China where he was wined and dined. He was then asked – and paid – for detailed technical information on military aircraft. The ‘company’ was actually run by Chinese intelligence officers.

Read more : China Should Worry About Russia Invading Ukraine!

 

Chinese Response To FBI + MI5 Spying Allegations

Chinese government officials naturally rejected spying allegations by the FBI and MI5.

A spokesman for the Chinese embassy in Washington, Liu Pengyu, called the accusations groundless and said that China “firmly opposes and combats all forms of cyber-attacks“, and would “never encourage, support or condone cyber-attacks“.

His statement also said that the Taiwan issue was “purely China’s internal affair” and that there was “no room for compromise or concession“. It also said that China “will strive for the prospect of peaceful reunification with utmost sincerity and efforts“, but noted that China would “reserve the option of taking all necessary measures in response to the interference of foreign forces“.

Chinese foreign ministry spokesperson Zhao Lijian did not address the claims directly, but accused the United States of being the real danger instead.

The relevant US politician has been playing up the so-called China threat to smear and attack China. Facts have fully proven that the US is the biggest threat to world peace, stability and development.

We urge this US official to have the right perspective, see China’s developments in an objective and reasonable manner and stop spreading lies and stop making irresponsible remarks.

 

Please Support My Work!

Support my work through a bank transfer /  PayPal / credit card!

Name : Adrian Wong
Bank Transfer : CIMB 7064555917 (Swift Code : CIBBMYKL)
Credit Card / Paypal : https://paypal.me/techarp

Dr. Adrian Wong has been writing about tech and science since 1997, even publishing a book with Prentice Hall called Breaking Through The BIOS Barrier (ISBN 978-0131455368) while in medical school.

He continues to devote countless hours every day writing about tech, medicine and science, in his pursuit of facts in a post-truth world.

 

Recommended Reading

Go Back To > Cybersecurity | EnterpriseTech ARP

 

Support Tech ARP!

Please support us by visiting our sponsors, participating in the Tech ARP Forums, or donating to our fund. Thank you!

Shanghai Police Data On 1 Billion Chinese Citizens Leaked!

A hacker is selling data on a billion Chinese citizens, that he stole from the Shanghai national police database!

Find out what’s going on, and what this data breach entails!

 

Shanghai Police Data On 1 Billion Chinese Citizens Leaked!

A hacker who called himself “ChinaDan” posted in the Breach Forums that he hacked into the Shanghai National Police (SHGA) database and stole more than 23 terabytes of data.

He is offering to sell data on 1 billion Chinese citizens, including their name, address, birthplace, national ID number and mobile numbers, for 10 bitcoins – which is currently worth about US$204,285 / €200,227.

In 2022, the Shanghai National Police (SHGA) database was leaked. This database contains many TB of data and information on billions of Chinese citizen.

Databases contain information on 1 billion Chinese national residents and several billion case records, including: name, address, birthplace, national ID number, mobile number, all crime/case details.

He also posted a sample of 750,000 data entries from the three main indexes of the database, for potential buyers to evaluate.

 

Shanghai Police Database Left Unsecured For 14 Months!

ChinaDan claimed that the SHGA database was left unsecured on an Alibaba Cloud server. This was confirmed by several cybersecurity experts who had earlier stumbled upon the same database.

Even worse, the database was apparently left unsecured for at least 14 months! Vinny Troia – the founder of dark web intelligence first, Shadowbyte, said that he first discovered the SHGA database “around January” 2021.

Troia even downloaded one of the main indexes of the SHGA database, which contained information on nearly 970 million Chinese citizens (at that time).

And best of all – they made the data available to anybody who registers for an account!

The site that I found it on is public, anybody (could) access it, all you have to do is register for an account. Since it was opened in April 2021, any number of people could have downloaded the data.

Either they forgot about it, or they intentionally left it open because it’s easier for them to access. I don’t know why they would. It sounds very careless.

Read more : Did Hackers Release Pfizer + Moderna Vaccine Death Data?!

 

This Was Second Hack Of Shanghai National Police Database!

Bob Diachenko – a Ukrainian cybersecurity researcher – discovered the database independently in April, and noticed that the databased was attacked in mid-June by a hacker who copied the data, destroyed the copy on the server and left a ransom note demanding 10 bitcoins for its recovery.

By July 1, the ransom note disappeared, but only 7 gigabytes of data was available on the server, instead of the earlier 23 TB.

It is unknown if this data ransom “hack” was performed by ChinaDan, or a different hacker.

Diachenko said that the unsecured and exposed database continued to be used after that, until it was shut down over the weekend, after news of the data leak broke.

Maybe there was some junior developer who noticed it and tried to remove the notes before senior management noticed them.

This is shocking because it suggests that the database administrators were already aware of a prior breach, but did nothing to secure the database, or shore up cybersecurity measures.

Read more : Was Facebook Taken Down By 13 Year-Old Chinese Hacker?

 

Most Of China Affected By Shanghai Police Data Leak!

The Shanghai National Police data leak is currently the largest leak of public information ever.

It does not just cover people who live in, or have been in Shanghai. The database actually has information on over 70% of its 1.4 billion population in almost all counties in China.

The data contained information about almost all the counties in China, and I have even discovered data related to a remote county in Tibet, where there are only a few thousand residents.
– Yi Fu-Xian, a senior scientist at the University of Wisconsin-Madison

This massive data leak acutely demonstrates the risk of government collection of data. China notably collects a tremendous amount of data on its citizens, including digital and biological data through facial recognition, iris scanners, social media tracking and phone trackers.

Once such data is leaked, it is forever exposed, putting people at risk of scams, identity theft, or even extortion.

 

China Censors Coverage Of Shanghai Police Data Leak

The Chinese government and the Shanghai Police have both refused to comment on the massive data leak.

Instead, they started blocking related words on Weibo, like “Shanghai data leak”, “data leak”, “Shanghai national security database breach”, “1 billion citizens’ record leak”.

Censors have also scrubbed news on this data breach from WeChat, with one popular WeChat user telling his 27,000 followers that he had been summoned to be questioned by the police.

China’s major English-language media like CGTN, Global Times, Xinhua, etc. have also not published any story on the Shanghai police data leak, despite public interest and its wide-ranging consequences for China.

Read more : Chinese Media Accidentally Leaks Ukraine Censorship Order!

 

Please Support My Work!

Support my work through a bank transfer /  PayPal / credit card!

Name : Adrian Wong
Bank Transfer : CIMB 7064555917 (Swift Code : CIBBMYKL)
Credit Card / Paypal : https://paypal.me/techarp

Dr. Adrian Wong has been writing about tech and science since 1997, even publishing a book with Prentice Hall called Breaking Through The BIOS Barrier (ISBN 978-0131455368) while in medical school.

He continues to devote countless hours every day writing about tech, medicine and science, in his pursuit of facts in a post-truth world.

 

Recommended Reading

Go Back To > Cybersecurity | EnterpriseTech ARP

 

Support Tech ARP!

Please support us by visiting our sponsors, participating in the Tech ARP Forums, or donating to our fund. Thank you!

Did Hackers Release Pfizer + Moderna Vaccine Death Data?!

Did hackers just crack the Pfizer and Moderna servers, and publicly released the hidden vaccine death data that they stole?!

Take a look at the viral claim, and find out what the facts really are!

 

Claim : Hackers Stole, Released Pfizer + Moderna Vaccine Death Data!

People are sharing links to articles that claim that hackers just stole and released vaccine death data from Pfizer and Moderna servers!

Here is an example, which is rather long, so feel free to skip to the next section for the facts!

GOOD NEWS!!!! Hackers broke into all the pharmaceutical companies and stold all the medial data on vaccines thank God!!!! The Great Awaking has lifted off!!! Forward this link everywhere!!!!

**Displays number of deaths and disabilities associated with each batch/lot number = indication of relative toxicity of one batch/lot compared to another
**No one currently knows the reason why some batches/lots are associated with excessive deaths, disabilities and adverse reactions (up to 50 x). Until we do know, it is best to be cautious
**[“Batch-code” = “Lot Number” = the number they write on your vaccination card.]

 

Truth : Hackers Did Not Steal / Release Pfizer + Moderna Vaccine Death Data!

This is yet another example of FAKE NEWS created and promoted by disinformation websites like Before It’s News, How Bad Is My BatchBest News Here, and here are the reasons why…

Fact #1 : Pfizer + Moderna Servers Were Not Hacked

Those websites falsely claimed that hackers broke into Pfizer and Moderna servers, and stole their (hidden) vaccine death data.

There is no evidence the Pfizer and Moderna servers were ever hacked, or had any data stolen.

Fact #2 : All Data Are Publicly Available

Despite claiming at the start that the data provided in the website was stolen from Pfizer and Moderna servers, the article ends with a statement that all of the data was really sourced from VAERS.

Data Source
• All data is sourced from VAERS, a public database of over 700,000 adverse reaction reports for Moderna, Pfizer and Janssen Covid 19 vaccines in the USA. 
Our intention is to present the VAERS data in an accessible and unadulterated form, that can be easily verified using the links below

In other words – they falsely claimed that the data was provided by hackers who broke into Pfizer and Moderna servers. The data were all from VAERS, which is publicly available.

Fact #3 : VAERS Data Cannot Be Used As Evidence

Like the British Yellow Card system, VAERS is an open reporting system that lets ANYONE from ANYWHERE file a report, without verification.

VAERS reports are not only easily faked, they are easily abused, which why the CDC explicitly warned that :

  • Reports may include incomplete, inaccurate, coincidental and unverified information.
  • The number of reports alone cannot be interpreted or used to reach conclusions about the existence, severity, frequency, or rates of problems associated with vaccines.

But anti-vaccination activists and disinformation websites LOVE to use VAERS, because they can easily manipulate the reports to create a fake narrative.

Read more : Here’s How Antivaxxers Create Fake News Using VAERS!

Fact #4 : Pfizer + Moderna Released Their Data In 2020

Both Pfizer and Moderna submitted data from their COVID-19 vaccine clinical trials to health authorities across the world, like the US FDA and EMA in Europe in November 2020.

The release of clinical trial data, which would include post-vaccination adverse events, is necessary for any health authority to approve their vaccines.

The US FDA released the briefing documents Pfizer and Moderna submitted to the Vaccines and Related Biological Products Advisory Committee (VRBPAC) in December 2020 :

Fact #5 : FDA Started Releasing Pfizer Documents In 2021

On 27 August 2021, a group that called themselves Public Health and Medical Professionals for Transparency (PHMPT) filed a Freedom of Information Act (FOIA) request with the US FDA to gain access to all of their documents related to the Pfizer COVID-19 vaccine.

The US FDA started releasing the Pfizer documents on 17 November 2021. They were then ordered by US District Judge Mark Pittman to speed up the release of those documents on 6 January 2022.

As of 2 May 2022, the US FDA had already released 238 documents related to the Pfizer COVID-19 vaccine, containing thousands of pages.

Read more : Did Pfizer Try To Hide 158K Vax Adverse Events For 75 Years?

Fact #6 : Before It’s News Is Known Fake News Website

Before It’s News is known for creating and spreading fake news – not just misinformation, but also disinformation about everything from MH17 conspiracy theories to anti-vaccination claims.

Everything posted by Before It’s News must be considered FAKE NEWS, until proven otherwise.

Please help us FIGHT FAKE NEWS by sharing this fact check article out!

 

Please Support My Work!

Support my work through a bank transfer /  PayPal / credit card!

Name : Adrian Wong
Bank Transfer : CIMB 7064555917 (Swift Code : CIBBMYKL)
Credit Card / Paypal : https://paypal.me/techarp

Dr. Adrian Wong has been writing about tech and science since 1997, even publishing a book with Prentice Hall called Breaking Through The BIOS Barrier (ISBN 978-0131455368) while in medical school.

He continues to devote countless hours every day writing about tech, medicine and science, in his pursuit of facts in a post-truth world.

 

Recommended Reading

Go Back To > Science | Fact CheckTech ARP

 

Support Tech ARP!

Please support us by visiting our sponsors, participating in the Tech ARP Forums, or donating to our fund. Thank you!

Anonymous Cyberwar Against Russia : 28 February 2022

Here are the latest cyberattacks by the hacktivist group, Anonymous, in their cyberwar against Russia!

 

Anonymous Launches Cyberwar Against Russia!

On 22 February 2022, Anonymous lobbed a warning shot at both Russia and China, hacking an official Chinese website and a Russian Modbus device.

After the Russian invasion started on 24 February, Anonymous announced that they would also begin “gearing up for action” :

#Anonymous has always been against war, and against colonialism. We’ve seen how unfettered power decimates the weak, only having its own self interests in mind. We stand with the people, not the governments of the world.
Anonymous condemns the attacks on the Ukrainian people.

There are many #Anonymous accounts gearing up for action against the imperialist state of Russia, and we will be retweeting their endeavors.

The next day, Anonymous announced that they have started attacking the Russian government.

#Anonymous is currently involved in operations against the Russian Federation. Our operations are targeting the Russian government. There is an inevitability that the private sector will most likely be affected too. While this account cannot claim to speak for the whole (con)

Read more : Anonymous fires Warning Shot at China, Russia over Ukraine!

 

Anonymous Cyberwar Successes Against Russia!

Here is the latest list of cyberattacks that Anonymous successfully conducted in their cyberwar against Russian.

25 February 2022

26 February 2022

  • Anonymous took down several Russian government websites, including the Kremlin, State Duma, and Ministry of Defense.
  • Anonymous “retrieved” and leaked 200 GB of emails from Tetraedr – a Belarusian arms manufacturer, including blueprints of the SAMs (Surface-to-Air Missiles) they manufacture.

27 February 2022

  • Anonymous took down the Chechen Republic government website : chechnya.gov.ru
    Note : This came after multiple reports of Chechen soldiers being deployed to Ukraine.
  • Anonymous shut down gas supply provided by Tvingo Telecom in Russia. Tvingo Telecom is owned by Rostelecom, a Russian state owned telecommunications company.

28 February 2022

  • Anonymous took down several official Belarus government websites :
    – Belarus Ministry of Communications and Information : mpt.gov.by
    – Belarus State Authority for Military Industry : vpk.gov.by
    – Belarus Military : mil.by
  • Anonymous took down several more Russian state and state-linked websites :
    – Pension Fund of the Russian Federation : pfr.gov.ru
    – Russian Public Services portal : gosuslugi.ru
    – Kremlin website (again) : Kremlin.ru
    – Russian Federal Customs Service : customs.gov.ru
    – Russian government website : government.ru
    – Moscow city + mayor website : mos.ru
    – Tass news agency website : Tass.ru
  • The hacking group GNG – an Anonymous affiliate – hacked and leaked a Sberbank database
  • Anonymous Network Battalion 65′ (nB65) hacked and released 40,000 files from the Russian Nuclear Safety Institute.

I will keep updating this article, as and when Anonymous announces their successes against Russia.

 

Please Support My Work!

Support my work through a bank transfer /  PayPal / credit card!

Name : Adrian Wong
Bank Transfer : CIMB 7064555917 (Swift Code : CIBBMYKL)
Credit Card / Paypal : https://paypal.me/techarp

Dr. Adrian Wong has been writing about tech and science since 1997, even publishing a book with Prentice Hall called Breaking Through The BIOS Barrier (ISBN 978-0131455368) while in medical school.

He continues to devote countless hours every day writing about tech, medicine and science, in his pursuit of facts in a post-truth world.

 

Recommended Reading

Go Back To > Cybersecurity | Tech ARP

 

Support Tech ARP!

Please support us by visiting our sponsors, participating in the Tech ARP Forums, or donating to our fund. Thank you!

Anonymous fires Warning Shot at China, Russia over Ukraine!

The hacktivist group, Anonymous, just fired a warning shot at both China and Russia over the invasion of Ukraine!

 

Anonymous fires Warning Shot at China, Russia over Ukraine!

The hacktivist group, Anonymous, just hacked a Chinese state website, and a logic controller in Russia, as a warning shot to both countries over the invasion of Ukraine.

On Tuesday, 22 February 2022, Anonymous hacked the Chinese Culture website (www.chineseculture.com.cn), replacing its content with a page showing its logo, and the Guy Fawkes mask.

The hacked Chinese Culture website was taken offline, but you can still see the hacked page through the Wayback Machine.

The hacked page includes the YouTube video – It Might Break Your Pinky Heart – the famous music video by Malaysian singer-songwriter, Namewee, that mocks the Chinese government.

Read more : Anonymous Launches Cyberwar Against Russia!

After a video about an old MIT experimental antiviral approach called DRACO (Double-stranded RNA Activated Caspase Oligomerizer), and a reference to Operation Samatha Smith, the hacked page warned Russia over its invasion of Ukraine, with a warning shot in the form of “a small hack”.

However sadly because Putin has burned the bridge and reneged the Minsk deal by prematurely recognising separatist territories as independent, instead of waiting until the conclusion of UN interim administration period and if they vote overwhelmingly for independence per that plan, Anonymous decides to make good some of its threats by conducting a small hack on a Modbus device which we intend as a warning shot.

The above Modbus device isn”t located in countries friendly to the US and Taiwan, nor in neutral countries that want nothing with these. Instead, it is in places like China or somewhere like it.

You can make stupid threats like a spoiled child, but remember that Anonymous never have restrictions that says that only homo sapiens can be part of it.

Sony learnt the hard way in 2011 that a part of Anonymous can finish what a totally different part had started!

The Modbus device was later confirmed to be a Schneider Electric Modicon M251 logic controller located in Russia.

 

Anonymous Will Formally Attack Russia Over Ukraine Invasion!

According to Taiwan News, which reached out to Anonymous, their representative said that they were previously “playing nice and not give them an excuse to start a war“, but now that missiles had been fired on Ukraine, “we are taking off the gloves altogether.

That representative also said, “Anonymous will formally attack Russian websites or devices later” in retaliation for Russia’s invasion of Ukraine.

The Anonymous threat on the Chinese Culture website ended with its signature quote in English, Russian and Chinese :

We are Anonymous
We are legion
We do not forgive
We do not forget
Expect us!
Мы анонимы
Мы легион
Мы не прощаем
мы не забываем
Ждите нас!
我们是匿名者
我们是军团
我们不原谅
我们不会忘记
期待我们

Anonymous did not explicitly say why they are targeting China over Russia’s invasion of Ukraine, but it seems obvious that they believe that China is partly responsible for Russia’s military action.

Perhaps they felt that indirect support by the Chinese, as well as their propaganda effort, gave Russia some leeway and economic support in attacking Ukraine.

Read more : Chinese Media Accidentally Leaks Ukraine Censorship Order!

 

Please Support My Work!

Support my work through a bank transfer /  PayPal / credit card!

Name : Adrian Wong
Bank Transfer : CIMB 7064555917 (Swift Code : CIBBMYKL)
Credit Card / Paypal : https://paypal.me/techarp

Dr. Adrian Wong has been writing about tech and science since 1997, even publishing a book with Prentice Hall called Breaking Through The BIOS Barrier (ISBN 978-0131455368) while in medical school.

He continues to devote countless hours every day writing about tech, medicine and science, in his pursuit of facts in a post-truth world.

 

Recommended Reading

Go Back To > Cybersecurity | Tech ARP

 

Support Tech ARP!

Please support us by visiting our sponsors, participating in the Tech ARP Forums, or donating to our fund. Thank you!

Can SIM Swap Attack Empty Bank Accounts Without Warning?

Can a SIM swap attack clear out your bank accounts without warning?

Take a look at the viral warning, and find out what the facts really are!

 

Claim : SIM Swap Attack Can Empty Bank Accounts Without Warning!

This message has gone viral on social media and WhatsApp, warning about a new high tech fraud called SIM Swap Fraud that can empty bank accounts without warning.

The message includes a link to a Straits Times report about a young couple who lost $120,000 in a fake text message scam targeting OCBC Bank customers.

Your BANK Account could be Emptied without an Alert!

Dear All, Please let’s be very careful.. There is a new HIGH TECH FRAUD in town called the SIM SWAP FRAUD, and hundreds of persons are already VICTIMS.

 

Truth : SIM Swap Attack Are Real, But Don’t Work Like That

The truth is – SIM swap attacks are real and very dangerous, but they do not work like the viral message claims.

Here is what you need to know about the viral message, and SIM swap attacks.

Fact #1 : SIM Swap Attacks Are Not New

SIM swap attacks are really not that new. They have been around at least since 2015.

Fact #2 : Viral Message Is Partly Fake

The viral message is correct about the risk of SIM swap attacks, but pretty much wrong about everything else.

In fact, the method by which the SIM swap attack works is completely made up. So the viral message is really FAKE NEWS.

Fact #3 : Straits Times Article Was Not About SIM Swap

The fake news creator added a link to a Straits Time article, to mislead you.

That’s because the article isn’t about a SIM swap attack, but a phishing attack, where the victim received an SMS  with a link that took him to a fake website that “looked exactly like the OCBC login page“.

The victim then keyed in his bank login details, thus handing over control of his bank account to the scammers. He also ignored automated messages warning him that his “account was being setup on another phone“.

It had nothing to do with a SIM swap attack. It was an SMS-based phishing attack.

Fact #4 : SIM Swap Attack Generally Does Not Require Any Action

In most SIM swap attacks, scammers use your personal information, either purchased from other criminals or obtained through earlier phishing attacks or social engineering, to request for a SIM card replacement.

All that does not require any action on your part. In most cases, you only realise you’ve been hit when you lose access to your mobile number.

Fact #5 : SIM Swap Attack May Require Action In Some Cases

The Press 1 claim in the viral message is partially correct, but it only happens in a particular circumstance.

In India, scammers have tricked people by offering a free network upgrade, or to help improve signal quality on their phones :

  1. The scammer will call the victim, claiming to be from their mobile service provider.
  2. The scammer will try to get the victim to reveal his/her 20-digit SIM card number.
  3. The scammer will use the 20-digit SIM number to initiate a SIM swap with the mobile service provider.
  4. The mobile service provider will automatically send an SMS to confirm the swap.
  5. Once the victim confirms the swap, his/her SIM card will stop working.
  6. The scammer now has access to the victim’s mobile number.

Fact #6 : SIM Swap Attack Does Not Hack Your Phone

The SIM swap attack does not involve any hacking of your phone.

You only lose access to your mobile number. Your phone is not hacked.

Fact #7 : SIM Swap Attack Does Not Empty Bank Accounts

Once the scammers successfully gain control of your mobile number, they can use it to intercept one-time passwords (OTP) like TAC numbers.

This allows them to change passwords to your bank accounts, social media accounts, etc. which is why SIM swap attacks are so dangerous and damaging.

However, it does not mean your bank accounts are immediately emptied. For one thing – the scammers need to know your bank login.

That’s why SIM swap victims often have had their bank logins and passwords stolen earlier though phishing attacks. The scammers only need their mobile numbers to receive OTP / TAC numbers to authenticate the transfers.

Fact #8 : SIM Swap Attack Can Be Used To Cheat Friends Too!

Stealing money from your bank account requires extra work, so scammers who do not have your bank login details will resort to cheating your friends.

With access to your phone number, they can easily gain access to your social media accounts (Facebook, Twitter, Instagram) as well as instant messaging apps (WhatsApp, Telegram).

Once they have control, they can send messages to your friends, pretending to be you. Naturally, they will concoct some story to ask your friends for money.

The idea is to use your (now) stolen accounts to convince your friends that you genuinely need their help. The money that they transfer goes directly to the scammers, or their mules (people who rent their bank accounts to scammers).

Now that you know the facts behind the SIM swap attack or scam, please SHARE this article with your family and friends!

 

Please Support My Work!

Support my work through a bank transfer /  PayPal / credit card!

Name : Adrian Wong
Bank Transfer : CIMB 7064555917 (Swift Code : CIBBMYKL)
Credit Card / Paypal : https://paypal.me/techarp

Dr. Adrian Wong has been writing about tech and science since 1997, even publishing a book with Prentice Hall called Breaking Through The BIOS Barrier (ISBN 978-0131455368) while in medical school.

He continues to devote countless hours every day writing about tech, medicine and science, in his pursuit of facts in a post-truth world.

 

Recommended Reading

Go Back To > Cybersecurity | MobileTech ARP

 

Support Tech ARP!

Please support us by visiting our sponsors, participating in the Tech ARP Forums, or donating to our fund. Thank you!

Can Hackers Use Good Morning Greetings To Hack You?

Can hackers use Good Morning videos, pictures and messages to hack your devices, and steal your data?

Find out what is happening, and what the FACTS really are!

 

Claim : Hackers Are Using Good Morning Messages To Hack You!

This post about Chinese hackers using Good Morning videos, pictures and messages to hack your devices, keeps going viral on social media and WhatsApp.

It’s a long message, so just skip to the next section for the facts!

Dear friends, please delete all welcome photos and videos in Good Morning format and the like. Read below the article to the end, which will be clear why I ask about it. From now on I will only send personally prepared greetings.

Read it all !!! Send this message urgently to as many friends as you can to stop the invasion.

Olga Nikolaevna Lawyer: Caution:

ATTENTION

For those who like to send Good Morning pictures! Good day! Good evening!

Do not send these “good” messages.

Today, Shanghai China International News sent SOS to all subscribers (this is the third reminder) that experts recommend: please do not send good morning, good night, pictures and videos,.

 

Truth : Good Morning Greetings Not Being Used To Hack You!

Many of us get spammed with Good Morning or Good Night messages every day from family and friends.

While they often clog up Facebook, Telegram and WhatsApp groups, they really do NOT allow hackers to hack your devices.

Here are the reasons why Good Morning messages are very irritating, but harmless…

Fact #1 : Shanghai China International News Does Not Exist

The news organisation that was claimed to be the source of this warning – Shanghai China International News –  does not exist!

Fact #2 : Good Morning Greetings Not Created By Hackers

Hackers (from China or anywhere else) have better things to do than to create these Good Morning pictures and videos.

They are mostly created by websites and social media influencers for people to share and attract new followers.

Fact #3 : No Fraud Involving Good Morning Messages

There has been no known fraud involving Good Morning or even Good Night messages, videos or pictures.

Certainly, half a million victims of such a scam would have made front page news. Yet there is not a single report on even one case…. because it never happened.

Fact #4 : Image-Based Malware Is Possible, But…

Digital steganography is a method by which secret messages and other data can be hidden in digital files, like a photo or a video, or even a music file.

It is also possible to embed malicious code within a Good Morning photo, but it won’t be a full-fledged malware that can execute by itself.

At most, it can be used to hide the malware payload from antivirus scanners, which is pretty clever to be honest…

Fact #5 : Image-Based Malware Requires User Action

In January 2019, cybercriminals created an online advertisement with a script that appears innocuous and would pass any malware check.

However, the image itself has an “almost white” rectangle that is recognised by the script, triggering it to redirect the user to the cybercriminals’ website.

Once there, the victim is tricked into installing a Trojan disguised as an Adobe Flash Player update.

Such a clever way to bypass malware checks, but even so, this image-based malware requires user action.

You cannot get infected by the Trojan if you practice good “Internet hygiene” by not downloading or installing anything from unknown websites.

Fact #6 : Malicious Code Executes Immediately

If you accidentally download and trigger malware, it will execute immediately. It won’t wait, as the hoax message claims.

Deleting Good Morning or Good Night photos or videos will free up storage space in your phone, but it won’t prevent any malware from executing.

There is really no reason for malware to wait before it infects your devices. Waiting will only increase the risk of detection.

Whether the malware serves to take over your device, steal your information or encrypt it for ransom, it pays to do it at the first opportunity.

Now that you know the facts, please SHARE this article with your family and friends!

 

Please Support My Work!

Support my work through a bank transfer /  PayPal / credit card!

Name : Adrian Wong
Bank Transfer : CIMB 7064555917 (Swift Code : CIBBMYKL)
Credit Card / Paypal : https://paypal.me/techarp

Dr. Adrian Wong has been writing about tech and science since 1997, even publishing a book with Prentice Hall called Breaking Through The BIOS Barrier (ISBN 978-0131455368) while in medical school.

He continues to devote countless hours every day writing about tech, medicine and science, in his pursuit of facts in a post-truth world.

 

Recommended Reading

Go Back To > Cybersecurity | SoftwareTech ARP

 

Support Tech ARP!

Please support us by visiting our sponsors, participating in the Tech ARP Forums, or donating to our fund. Thank you!

MySJ Trace : Should You Enable Or Disable?

Should you enable the new MySJ Trace feature in MySejahtera, or should you disable it?

Let’s take a look at people’s deepest fears about MySJ Trace, and find out what the facts really are!

 

MySJ Trace : Should You Enable Or Disable?

MySejahtera just introduced a new MySJ Trace feature, which uses Bluetooth technology to track your close contacts.

The proximity data it collects allows Malaysia Ministry of Health (KKM) to accurately determine if you are a close contact of a COVID-19 positive person.

KKM has been strongly urging people to turn it on, but many people are offering conflicting advice on whether to enable or disable it.

Let’s take at what people are saying, and find out what the facts really are!

 

Should You Enable MySJ Trace?

There are several good reasons to enable MySJ in MySejahtera :

  1. MySJ Trace allows for more accurate contact tracing. If you test positive for COVID-19, the data it collects lets KKM accurately identify your close contacts, and inform them.
  2. MySJ Trace automatically tracks your close contacts. All you have to do is turn it on, and forget about it.
  3. MySJ Trace removes the need to manually check out from locations, which was tedious and easy to forget.
  4. Those who use MySJ Trace will avoid being wrongly identified as casual or close contacts, due to the inaccuracy of using check-in and check-out times.

MySJ Trace gets more accurate and more useful, when more people use it. So KKM is strongly encouraging everyone to use it.

Plus, when enough people start using it, we will all enjoy an additional benefit :

  1. When enough people use MySJ Trace, we will no longer need to check-in at every location!

Read more : What You Need To Know About The New MySJ Trace Feature!
Read more : MySJ Trace : Answers To Your Frequently Asked Questions!

 

Should You Disable MySJ Trace?

Let’s take a look at some of the reasons why people are disabling MySJ Trace, and see what the facts really are!

Claim #1 : Government Uses MySJ Trace To Track Our Movements
Verdict : False

People are falsely claiming that the Malaysian government will use MySJ Trace to track our movements.

The truth is MySJ Trace does not record or collect geolocation data, so it cannot possibly track your movements.

MySJ Trace also does not transmit data, unless we consent. In fact, we are only asked to transmit MySJ Trace data if we test positive for COVID-19.

Claim #2 : MySJ Trace Not Useful Because No One Is Using It
Verdict : False

Some people are discouraging people from using MySJ Trace because “not many people are using it yet“.

Switching to MySJ Trace immediately helps you by removing the need to check-out of locations. Isn’t that useful?

For healthcare professionals who need to quickly and accurately trace close contacts of infected individuals, MySJ Trace works better when more people use it, but that doesn’t mean it’s completely useless when few people use it.

Claim #3 : Old Check-In, Check-Out System Is More Accurate
Verdict : False

Some people claim that the old method of checking in and out of locations is more accurate than MySJ Trace.

That may be true in the early days, when very few people are using it, but that is no longe true once many of your close contacts are using it.

MySJ Trace not only automatically determines who comes into close contact with you, it also logs how long they are in close contact, and their proximity (distance) to you.

The manual check-in and check-out system is unable to determine time of contact, and distance of contact; and can easily lead to false positives – people wrongly identified as casual or close contacts.

Claim #4 : MySJ Trace Uses A Lot Of Battery Life
Verdict : False

This is a real concern for many people as MySJ Trace requires Bluetooth to be turned on all the time. However, it uses Bluetooth Low Energy technology, which uses very little power.

I had earlier tested MySJ Trace on an old Samsung Galaxy S10 smartphone, and did not notice any noticeable drain on its battery life.

For people who have strong concerns over this aspect, it is possible to temporarily turn off MySJ Trace while you are at home, and only turn it on when you go out.

Claim #5 : Bluetooth Increases Risk Of Hacking
Verdict : Misleading

It is possible for criminals to hack your smartphone using Bluetooth, and it is good cybersecurity practice to turn off wireless connections that you are not using.

However, it is far more difficult to hack you through your Bluetooth connection, than your Wi-Fi connection.

After all, Bluetooth only has a range of 10 metres! The hacker will have to remain in close proximity to hack you.

Claim #6 : Hackers Can Grab Our Personal Information
Verdict : False

Some people are claiming that hackers can hack into MySJ Trace and use it to trawl for personal information of people nearby.

That’s nonsense, because MySJ Trace will only record the following information :

  • Unique User ID (UUID) that is created by the MySejahtera app.
  • Operating system version (Android or iOS)
  • Time of contact
  • Received Signal Strength Indicator (RSSI)

There is no personal information that would be useful to hackers, even if they grab these information.

The UUID, for example, is useless as an identification number without access to the KKM database of MySejahtera users and their personal information.

Claim #7 : MySJ Trace Continuously Uses Internet Data
Verdict : False

Some people are falsely claiming that MySJ Trace continuously uses Internet data, which is extremely limited for some users.

That’s not true. MySJ Trace does not require Internet connectivity, except :

  • when you first download and install MySejahtera,
  • whenever you update MySejahtera
  • when you consent to upload your MySJ Trace data to KKM

Since those are all optional, you can do it when you have access to a Wi-Fi network. You can use MySJ Trace without mobile Internet.

I hope that clarifies the reasons why you should enable or disable MySJ Trace. If you have any other questions, please feel free to ask us.

Meanwhile, I hope you can share this article with your family and friends, and encourage them to turn on MySJ Trace.

 

Please Support My Work!

Support my work through a bank transfer /  PayPal / credit card!

Name : Adrian Wong
Bank Transfer : CIMB 7064555917 (Swift Code : CIBBMYKL)
Credit Card / Paypal : https://paypal.me/techarp

Dr. Adrian Wong has been writing about tech and science since 1997, even publishing a book with Prentice Hall called Breaking Through The BIOS Barrier (ISBN 978-0131455368) while in medical school.

He continues to devote countless hours every day writing about tech, medicine and science, in his pursuit of facts in a post-truth world.

 

Recommended Reading

Go Back To > Mobile | SoftwareTech ARP

 

Support Tech ARP!

Please support us by visiting our sponsors, participating in the Tech ARP Forums, or donating to our fund. Thank you!

Was Facebook Taken Down By 13 Year-Old Chinese Hacker?

Was Facebook taken down by a 13 year-old Chinese hacker?

Take a look at the viral claim, and find out what the FACTS really are!

 

Claim : Facebook Was Taken Down By 13 Year-Old Chinese Hacker!

On 4 October 2021, Facebook and ALL of its messaging and social media platforms went down for about six hours, including Messenger, WhatsApp and Instagram!

Several websites, as well as people on Twitter and Facebook started claiming that Facebook was taken down by a 13 year-old Chinese hacker called Sun Jisu / Sun Ji Su / Sun Jiso / Sun Ji Soo.

There are quite a number of these claims, so just SKIP to the next section for the facts!

International media claimed that “China” was behind the suspension of social media services in the world.

According to Reuters, a Chinese hacker named “Sun Jisu” is responsible for stopping the services of “Facebook”, “WhatsApp” and Instagram, and added that the Chinese hackers are only 13 years old.

The Chinese hacker “Sun Ji Su” has topped the famous search engines and Twitter platforms during the past minutes, after disabling WhatsApp, Instagram and Facebook today 2021 in all countries of the world, amid questions among activists about the details of this information.

 

Truth : Facebook Was Not Taken Down By 13 Year-Old Chinese Hacker!

The story of a 13 year-old Chinese hacker taking down Facebook is just fake news created by fake news / clickbait websites to go viral and get money through ads.

Here are the reasons why…

Fact #1 : International Media Did Not Blame China

On one blamed China for the bizarre 6-hour downtime of Facebook, WhatsApp, Instagram and Messenger.

The international media referred to cybersecurity specialists who pointed at DNS failure as the most likely cause, not a state actor like China.

Clickbait / fake news websites intentionally added that false claim to “trigger” Chinese netizens and Sinophiles to share their fake news.

Read more : US Refused WHO Investigation Of Fort Detrick For COVID-19?

Fact #2 : Reuters  + NYT Did Not Report On Any Chinese Hacker

Reuters did not report that a 13 year-old Chinese hacker called Sun Jisu was responsible for the bringing down Facebook, WhatsApp, Instagram and Messenger.

Neither did the New York Times write about a 13 year old hacker attacking Facebook.

These are complete lies that are easily verified with a quick check on the Reuters and New York Times websites.

Fact #3 : 13 Year-Old Sun Jisu / Sun Jiso Does Not Exist

There is no 13 year-old Chinese hacker called Sun Jisu / Sun Ji Su / Sun Ji So / Sun Ji Soo. He does NOT exist.

In addition, that is a Korean name, not Chinese – a mistake that a non-Asian person would make.

Fact #4 : That Was An Old Picture Of Wang Zhengyang

The fake news websites used a picture of Chinese hacking prodigy, Wang Zhengyang, speaking at the 2014 Chinese Internet Security Conference.

Wang Zhengyang was 13 year-old at that time, and would be 20 years old this year – 2021. Here are two more pictures of him speaking at that event.

Wang Zhengyang at 2014 Chinese Internet Security Conference

Fact #5 : Facebook Services Were Brought Down By Configuration Changes

Facebook services were not brought down by a hacker, but configuration changes their own engineering team initiated internally.

Facebook’s Vice-President of Infrastructure, Santosh Janardhan, confirmed that “configuration changes” on their “backbone routers” caused the 6-hour long failure.

Our engineering teams have learned that configuration changes on the backbone routers that coordinate network traffic between our data centers caused issues that interrupted this communication. This disruption to network traffic had a cascading effect on the way our data centers communicate, bringing our services to a halt.

Read more : Why Facebook, Messenger, WhatsApp, Instagram Went Down!

Fact #6 : Access Problems Were Caused By Same Servers

Facebook run their internal systems through the same servers, so they became inaccessible when those servers were taken offline.

This included security systems that controlled the fob door locks, with a New York Times reporter tweeting that Facebook staff were unable to gain access to an unspecified office using their keycards.

However, many Facebook staff are working from home due to COVID-19 precautions, so this was only a big problem for engineers trying to gain access to the Facebook data centre in Santa Clara, California.

At no time was this security issue caused by a hacker. It was due to the same servers that went offline.

Read more : Why Facebook, Messenger, WhatsApp, Instagram Went Down!

Now that you know the truth, please SHARE this fact check with your family and friends!

Also, please STOP SHARING fake stories created by fake news / clickbait websites!

 

Please Support My Work!

Support my work through a bank transfer /  PayPal / credit card!

Name : Adrian Wong
Bank Transfer : CIMB 7064555917 (Swift Code : CIBBMYKL)
Credit Card / Paypal : https://paypal.me/techarp

Dr. Adrian Wong has been writing about tech and science since 1997, even publishing a book with Prentice Hall called Breaking Through The BIOS Barrier (ISBN 978-0131455368) while in medical school.

He continues to devote countless hours every day writing about tech, medicine and science, in his pursuit of facts in a post-truth world.

 

Recommended Reading

Go Back To > Fact Check | Business | Tech ARP

 

Support Tech ARP!

Please support us by visiting our sponsors, participating in the Tech ARP Forums, or donating to our fund. Thank you!

Did 13 Yr Sun Jisu Hack Facebook, WhatsApp, Instagram?

Did the 13 year-old Chinese hacker, Sun Jisu, hack Facebook, WhatsApp and Instagram, causing them to fail for more than 6 hours?

Take a look at the new viral claim, and find out what the FACTS really are!

 

Claim : 13 Year-Old Sun Jisu Hacked Facebook, WhatsApp, Instagram!

On 4 October 2021, Facebook and ALL of its messaging and social media platforms went down for about six hours, including Messenger, WhatsApp and Instagram!

Some websites and people on Twitter and Facebook started claiming that the failure was due to a 13 year-old Chinese hacker called Sun Jisu / Sun Ji Su / Sun Jiso / Sun Ji Soo.

There are quite a number of these claims, so just SKIP to the next section for the facts!

International media claimed that “China” was behind the suspension of social media services in the world.

According to Reuters, a Chinese hacker named “Sun Jisu” is responsible for stopping the services of “Facebook”, “WhatsApp” and Instagram, and added that the Chinese hackers are only 13 years old.

The Chinese hacker “Sun Ji Su” has topped the famous search engines and Twitter platforms during the past minutes, after disabling WhatsApp, Instagram and Facebook today 2021 in all countries of the world, amid questions among activists about the details of this information.

 

Truth : Sun Jisu Doesn’t Exist, Did Not Hack Facebook, WhatsApp, Instagram!

The truth is – this is just fake news created by fake news / clickbait websites to go viral and get money through ads.

Here are the reasons why…

Fact #1 : International Media Did Not Blame China

No mainstream media blamed China for the bizarre 6-hour downtime of Facebook, WhatsApp, Instagram and Messenger.

Practically all of them referred to cybersecurity specialists who pointed at DNS failure as the most likely cause, not a state actor like China.

Clickbait / fake news websites intentionally added that false claim to “trigger” Chinese netizens and Sinophiles to share their fake news.

Read more : US Refused WHO Investigation Of Fort Detrick For COVID-19?

Fact #2 : Reuters  + NYT Did Not Report On Any Chinese Hacker

Reuters did not report that a 13 year-old Chinese hacker called Sun Jisu was responsible for the bringing down Facebook, WhatsApp, Instagram and Messenger.

Neither did the New York Times write about a 13 year old hacker attacking Facebook.

These are complete lies that are easily verified with a quick check on the Reuters and New York Times websites.

Fact #3 : 13 Year-Old Sun Jisu / Sun Ji Soo Does Not Exist

There is no 13 year-old Chinese hacker called Sun Jisu / Sun Ji Su / Sun Ji So / Sun Ji Soo. He does NOT exist.

In addition, Sun Jisu / Sun Ji Soo is a Korean name, not Chinese. This is a mistake that a non-Asian person would make.

Fact #4 : That Was An Old Picture Of Wang Zhengyang

The fake news websites used a picture of Chinese hacking prodigy, Wang Zhengyang, speaking at the 2014 Chinese Internet Security Conference.

Wang Zhengyang was 13 year-old at that time, and would be 20 years old this year – 2021. Here are two more pictures of him speaking at that event.

Wang Zhengyang at 2014 Chinese Internet Security Conference

Fact #5 : Facebook Services Were Brought Down By Configuration Changes

Facebook services were not brought down by a hacker, but configuration changes their own engineering team initiated internally.

Facebook’s Vice-President of Infrastructure, Santosh Janardhan, confirmed that “configuration changes” on their “backbone routers” caused the 6-hour long failure.

Our engineering teams have learned that configuration changes on the backbone routers that coordinate network traffic between our data centers caused issues that interrupted this communication. This disruption to network traffic had a cascading effect on the way our data centers communicate, bringing our services to a halt.

He also asserted that it was a faulty configuration change, and no user data was compromised.

Our services are now back online and we’re actively working to fully return them to regular operations. We want to make clear at this time we believe the root cause of this outage was a faulty configuration change. We also have no evidence that user data was compromised as a result of this downtime.

Read more : Why Facebook, Messenger, WhatsApp, Instagram Went Down!

Fact #6 : Access Problems Were Caused By Same Servers

Facebook run their internal systems through the same servers, so they became inaccessible when those servers were taken offline.

This included security systems that controlled the fob door locks, with a New York Times reporter tweeting that Facebook staff were unable to gain access to an unspecified office using their keycards.

However, many Facebook staff are working from home due to COVID-19 precautions, so this was only a big problem for engineers trying to gain access to the Facebook data centre in Santa Clara, California.

At no time was this security issue caused by a hacker. It was due to the same servers that went offline.

Read more : Why Facebook, Messenger, WhatsApp, Instagram Went Down!

Now that you know the truth, please SHARE this fact check with your family and friends!

Also, please STOP SHARING fake stories created by fake news / clickbait websites!

 

Please Support My Work!

Support my work through a bank transfer /  PayPal / credit card!

Name : Adrian Wong
Bank Transfer : CIMB 7064555917 (Swift Code : CIBBMYKL)
Credit Card / Paypal : https://paypal.me/techarp

Dr. Adrian Wong has been writing about tech and science since 1997, even publishing a book with Prentice Hall called Breaking Through The BIOS Barrier (ISBN 978-0131455368) while in medical school.

He continues to devote countless hours every day writing about tech, medicine and science, in his pursuit of facts in a post-truth world.

 

Recommended Reading

Go Back To > Fact Check | Software | Tech ARP

 

Support Tech ARP!

Please support us by visiting our sponsors, participating in the Tech ARP Forums, or donating to our fund. Thank you!

CD PROJEKT RED Hack : Source Codes + Docs Stolen!

CD PROJEKT RED just had their source codes and internal documents stolen in a MAJOR HACK, and they may all end up being leaked!

 

CD PROJEKT RED Hack : Source Codes Stolen, Servers Encrypted!

On 9 February 2021, CD PROJEKT RED announced that their data – including source codes and internal documents – were stolen in a hack, and could possibly be leaked.

Their servers were also encrypted in a secondary ransomware attack by the same hackers, but they had backups of the encrypted data.

CD PROJEKT RED publicly ruled out negotiating with the hackers, or giving in to their demands.

This would likely mean that their source codes and internal documents will eventually be released publicly by the hackers.

The only silver lining – CD PROJEKT RED noted that they do not have any evidence that the personal data of their employees were accessed or stolen.

 

CD PROJEKT RED Hack : The Hackers’ Threats

According to the ransom note left on their servers, the hackers stole :

  • FULL source codes for Cyberpunk 2077, Witcher 3, GWENT and the unreleased version of Witcher 3.
  • ALL of their internal documents on accounting, administration, legal, HR, investor relations and more

They also encrypted all of their CD PROJEKT RED’s servers, but acknowledged that they would most likely recover the data from their backups.

The hackers are giving the CD PROJEKT RED team 48 hours to contact them to negotiate.

If there is no agreement, they threaten to sell or leak the source codes, and release their internal documents to the media.

They claim that the internal documents will make CD PROJEKT RED look bad, causing their stock prices to fall and their investors will lose trust in them.

 

CD PROJEKT RED : Official Statement On Hack

This is the official statement by CD PROJEKT RED on the hack :

Yesterday we discovered that we have become a victim of a targeted cyber attack, due to which some of our internal systems have been compromised.

An unidentified actor gained unauthorized access to our internal network, collected certain data belonging to CD PROJEKT capital group, and left a ransom note the content of which we release to the public. Although some devices in our network have been encrypted, our backups remain intact. We have already secured our IT infrastructure and begun restoring the data.

We will not give in to the demands nor negotiate with the factor, being aware that this may eventually lead to the release of the compromised data. We are taking necessary steps to mitigate the consequences of such a release, in particular by approaching any parties that may be affected due to the breach.

We are still investigating the incident, however at this t time we can confirm that – to the best of our knowledge – the compromised systems did not contain any personal data of our players or users of our services.

We have already approached the relevant authorities, including law enforcement and the President of the Personal Data Protection Office, as well as IT forensic specialists, and we will closely cooperate with them in order to fully investigate the incident.

 

Recommended Reading

Go Back To > Cybersecurity | Games | SoftwareHome

 

Support Tech ARP!

If you like our work, you can help support us by visiting our sponsors, participating in the Tech ARP Forums, or even donating to our fund. Any help you can render is greatly appreciated!


Ministry of Education Website Uses Plain Text CAPTCHA!

It is unbelievable, but the Malaysia Ministry of Education’s website uses plain text CAPTCHA that can be copied and pasted!

Take a look at this incredulous security lapse, and find out why it could put your data at risk!

 

Ministry of Education Website Uses Plain Text CAPTCHA!

The recent threat by Anonymous Malaysia to attack government websites over their lack of security appears to be well-justified.

Qusyaire Ezwan spotted an incredulous security lapse in the official Malaysia Ministry of Education website – plain text CAPTCHA!

On top of that, the code can actually be copied and pasted!

 

Ministry of Education Plain Text CAPTCHA : A Serious Cybersecurity Risk!

The CAPTCHA (Completely Automated Public Turing test to tell Computers and Humans Apart) test is something most of us are familiar with.

It is a test that helps to identify real humans, and weed out bots, before they are allowed to access a service. This prevents bot fraud and hacking attempts.

In the Ministry of Education website, the plain text CAPTCHA was used to “secure” the retrieval of forgotten passwords for their Student Management Module.

A real CAPTCHA uses distorted images to prevent a bot from “reading” the numbers or letters, thereby ensuring that only a real human being would be able to key in the correct code.

As this screenshot shows, the CAPTCHA used in the Ministry of Education website just uses random sequences of letters and numbers in PLAIN TEXT!

This means a bot can easily copy and paste the plain text code, and bypass the CAPTCHA test.

Frankly, this doesn’t even qualify as a CAPTCHA test, because it cannot differentiate between humans and bots.

Now, the password is still sent to the registered email accounts, not to the hackers or bots. So your data is not in immediate danger.

However, this is still a SERIOUS cybersecurity risk, because a hacker can pair this design flaw with compromised email accounts.

It would allow their bots to easily and quickly make password retrieval requests for compromised email accounts, and then retrieve your Ministry of Education password.

Having access to the Student Management Module would give hackers access to a ton of information on children and their parents :

  • child : name, date of birth, telephone number, home address
  • school : location, class name, teacher’s name,
  • parent : name, occupation, workplace address, contact number, declared salary

On top of that, many people reuse their passwords, so hackers will use the password retrieved from the Ministry of Education website on other websites and online services you may use.

If you use the same password for your banking account, for example, that would expose your banking account to the hacker.

That is why CAPTCHA is important. It doesn’t prevent hacking attempts, but it greatly slows it down by blocking bots from making mass requests.

The use of plain text CAPTCHA in an official government website is a fiasco. A basic cybersecurity checklist would have prevented software vendors from using plain text CAPTCHA in government websites.

The Malaysian government needs to take the security of official websites seriously. This is a disgrace.

 

Recommended Reading

Go Back To > Cybersecurity | SoftwareHome

 

Support Tech ARP!

If you like our work, you can help support us by visiting our sponsors, participating in the Tech ARP Forums, or even donating to our fund. Any help you can render is greatly appreciated!

How Hackers Attack Healthcare During COVID-19 Pandemic!

Even during the COVID-19 pandemic, hackers have been attacking the healthcare system already buckling under pressure.

Take a look at the first part of a newly-released documentary on how hackers are attacking the healthcare system, and what it means for us and the world!

 

How Hackers Attack Healthcare During COVID-19 Pandemic!

Cybercriminals and state-sponsored hackers do not care that almost a million people have died from COVID-19. In fact, they see the pandemic as an opportunity.

Over the last few months, the creators of this documentary spoke to hospitals, law enforcement agencies, health organisations and research centres across the world, to understand how they are coping with increased cyberattacks and malware.

This particular feature was directed by Didi Mae Hand, and produced by Max Peltz.

 

Hackers Increased Attacks On Healthcare During COVID-19 Pandemic

The documentary reveals a shocking surge in cyberattacks on healthcare systems during the COVID-19 pandemic. The World Health Organisation (WHO), for example, reported a 5X increase in cyberattacks on its systems since March 2020.

State-sponsored hackers are mainly looking for biodata, including research on COVID-19 vaccines. Meanwhile, cybercriminals are capitalising on the fact that hospitals may be more willing than usual to pay a ransom.

For example, the Brno University Hospital, which was responsible for running a big share of COVID-19 testing in the Czech Republic, was held to ransom and forced to shut down its IT network at a critical time.

Fortunately, the surge in cyberattacks was met with an incredible response by the cybersecurity community. Some 3000 cybersecurity volunteers created the CV19 group to provide hospitals and healthcare institutions with free support to protect their systems.

 

Recommended Reading

Go Back To > Cybersecurity | Business | Home

 

Support Tech ARP!

If you like our work, you can help support us by visiting our sponsors, participating in the Tech ARP Forums, or even donating to our fund. Any help you can render is greatly appreciated!


AMD GPU Source Code Hack : What’s Going On?

In case you missed it, AMD suffered a massive cybersecurity breach, losing the source codes to their Navi 10, Navi 21 and Arden GPUs in a hack!

Here is a summary of how the hack went down, and what this could mean for AMD and their partners…

 

AMD GPU Source Code Hack : A Quick Summary

A hacker managed to get her hands on AMD source codes for current and future graphics products, and has apparently tried to blackmail AMD.

After that failed, she leaked some of the source codes on Github, and threatened to release everything if she does not find a buyer.

The hacker recently leaked some of the source codes on Github, which was quickly removed after AMD issued a DMCA notice.

She has treated to release all of the stolen source codes, if she does not find a buyer for them,.

 

AMD GPU Source Code Hack : The Timeline

November 2019

A hacker called Palesa hacked into an unprotected computer / server, where she found and downloaded AMD source codes, which were determined to be for :

  • the current Navi 10 GPU (based on RDNA)
  • the upcoming Navi 21 GPU (based on RDNA 2), as well as
  • the Arden SoC for the Microsoft Xbox Series X console.

The source code was unexpectedly achieved from an unprotected computer / server through some exploits.

I later found out about the files inside it. They weren’t even protected properly or even encrypted with anything which is just sad.

Palesa told TorrentFreak that she valued the source codes at $100 million, but did not reveal how she came to that mind-blowing valuation.

Credit : WCCFTech

December 2019

Palesa contacted AMD, allegedly to blackmail them into paying for the return of the source codes.

Mid-March 2020

Rumours started circulating that a hacker obtained the source codes for Navi 10, Navi 21 and Arden.

24 March 2020

AMD discovered that some of the source codes were uploaded to the new xxXsoullessXxx repository on Github, as the project called AMD-navi-GPU-HARDWARE-SOURCE.

They issued a DCMA notice, notifying Github that, “This repository contains intellectual property owned by and stolen from AMD.” and that “The original IP is held privately and was stolen from AMD.

Github took down that repository, as well as four other repositories that AMD later identified as forks :

25 March 2020

When contacted by TorrentFreak, Palesa said that she will leak all of the stolen source codes if she does not get a buyer for them :

If I get no buyer I will just leak everything.

AMD issued this statement on the theft of their graphics IP :

At AMD, data security and the protection of our intellectual property are a priority. In December 2019, we were contacted by someone who claimed to have test files related to a subset of our current and future graphics products, some of which were recently posted online, but have since been taken down.

While we are aware the perpetrator has additional files that have not been made public, we believe the stolen graphics IP is not core to the competitiveness or security of our graphics products. We are not aware of the perpetrator possessing any other AMD IP.

We are working closely with law enforcement officials and other experts as a part of an ongoing criminal investigation.

 

AMD GPU Source Code Hack : What Was Leaked So Far?

According to WCCFTech who spoke to people who have vast experience with Verilog, and viewed those source codes, this was what was leaked so far :

  • Partial Verilog files that are typically used in the construction of processors.
  • The Verilog files in question represent a single and isolated function(s) on the GPU – NOT the whole/actual GPU blueprint.
  • Based on the leaker’s screenshots, the files not yet leaked are more of the same and also nowhere close to being a complete “source code”.
  • These Verilog files are built on a proprietary schematic that is only compatible with AMD’s internal design language (in other words, these are going to be close to useless to a third party).

 

AMD GPU Source Code Hack : The Implications

From what those experts told WCCFTech, the leaked source codes :

  • cannot be used to design or reverse engineer any of the three GPUs.
  • cannot be used to easily determine product specifications
  • cannot be used to bypass security features on AMD GPUs, although they may reveal vulnerabilities that can be exploited
  • does not contain any “crown jewel” IP

That said, their opinions are based on what was leaked so far. It is possible that Palesa may have at lot more that she has not revealed.

But considering the fact that she took the step of leaking some source code, they are likely not useful or important enough to be worth the trouble, especially now that a criminal investigation is underway.

What this leak has likely achieved is put a target on Palesa’s back, cause some embarrassment to AMD, and force them to relook at their cybersecurity measures and protocols.

 

Recommended Reading

Go Back To > Cybersecurity | Computer | Software | Home

Support Tech ARP!

If you like our work, you can help support our work by visiting our sponsors, participating in the Tech ARP Forums, or even donating to our fund. Any help you can render is greatly appreciated!


Microsoft : Cybersecurity Trends + How To Stay Safe In 2020!

As part of Safer Internet Day (SID), Antony Cook from Microsoft shared the key cybersecurity trends in 2020, and how we can stay safe against those dangers.

Even if we are experienced techies, it is enlightening to find out what Microsoft believes are the cybersecurity threats that we should be looking out for in 2020.

 

Microsoft : Key Cybersecurity Trends In 2020!

Cybersecurity Trend #1 : Less Ransomware But More Attacks

Ransomware has declined in recent years, dropping more than 60% from its peak. But Microsoft sees a rise in other types of cyberattacks.

Attackers have learned that ransomware attracts too much attention from law enforcement, and organisations have gotten better at backing up their data.

So hackers are moving onto other activities like cryptocurrency malware and phishing, where they can more easily profit with less attention.

Cybersecurity Trend #2 : Mining Malware Will Be Big!

Attackers are often acting for financial benefit, so they will make big bets on cryptocurrency, especially in Bitcoin.

They will focus more on mining malware that lets them use your computer to mine cryptocurrency coins without being detected.

Coin mining software is easily available, and cybercriminals have put malware into many widely-shared and used software. They are also trying to inject these malware through websites illegally streaming copyrighted content like the latest movies.

Cybersecurity Trend #3 : Embedded Threats

Attackers are now more sophisticated, targeting legitimate and trusted software supply points to deliver malware. There have been many examples of this attack vector :

  • a routine update for a tax accounting application,
  • popular freeware tools which have backdoors forcibly installed,
  • a server management software package,
  • an internet browser extension or site plugin,
  • malicious images which active scripts when clicked,
  • peer-to-peer applications

In those cases, attackers were able to change the code of legitimate software that people trust and install without hesitation, allowing them to “hitch a ride”.

This attack vector is very dangerous and frustrating, because it takes advantage of the trust that consumers and IT departments already have for legitimate software.

Cybersecurity Trend #4 : Phishing Scams

Phishing continues to be one of the most effective ways to compromise systems, because it targets human decisions and judgment.

Microsoft noted that the percentage of inbound emails that were detected as phishing messages increased 250% throughout 2018, and they expect the final figures for 2019 to show the same trend.

 

Microsoft : How To Stay Safe In 2020!

Here is a summary of what Microsoft believes we should do to stay safe online against cybersecurity threats in 2020 :

Cybersecurity Tip #1 : Practice Good Security Hygiene

  1. Keep your operating system and software updated.
  2. Turn on email and browser protections.
  3. Apply the cybersecurity configurations that your hardware and software vendors recommend.
  4. Stay away from any unfamiliar software or websites.
  5. Use only legitimate software, and not just your key applications.

Cybersecurity Tip #2 : Implement More Access Controls

System administrators should implement more access controls, using Zero Trust or at least privilege models.

This will limit hackers that successfully break into your network from accessing more than a segment.

Cybersecurity Tip #3 : 3-2-1 Backup!

Make sure you create and keep backups, and the cloud is a great tool for this.

Microsoft recommends adhering to the 3-2-1 rule – keep three backups of your data on two different storage types, with at least one backup offsite.

Cybersecurity Tip #4 : Keep Vigilant!

Even if we implement strong cybersecurity measures, we must remain vigilant, and keep an eye out for suspicious activity.

Not just system administrators, but users as well. If you see anything suspicious – report it to your IT department immediately.

It can be anything from a sudden slowdown in your computer’s performance, to strange web pages and images appearing.

 

Recommended Reading

Go Back To > Computer SystemsHome

 

Support Tech ARP!

If you like our work, you can help support our work by visiting our sponsors, participating in the Tech ARP Forums, or even donating to our fund. Any help you can render is greatly appreciated!


Everything On The Meltdown + Spectre CPU Flaws! Rev. 3.0

The Meltdown and Spectre CPU flaws that the Google Project Zero team discovered are arguably the worst we have ever known. These vulnerabilities were built into BILLIONS of CPUs that we have been using for the last decade or so.

Not just Intel CPUs, but also CPUs made by AMD, Apple and ARM. Even those that power our smartphones and other smart devices!

Let’s take a look at what we know so far about Meltdown and Spectre, how they affect you, and what we can do about them.

This story is still developing. We will update the article as and when new details emerge. Be sure to check back and refresh the page for the latest information!

 

Article Update History

Click here for the Article Update History

2018-02-17 : Updated the table of CPUs vulnerable to Meltdown and Spectre. Updated four sections with new information.

2018-02-05 : Added a table of CPUs vulnerable to Meltdown and Spectre. Updated three sections with new information.

2018-01-25 : Revamped the entire article. Added a new section on the difference between Meltdown and Spectre, and a new section on InSpectre. Updated the list of vulnerable processors, mitigation efforts by Microsoft and Apple, as well as the Intel spontaneous reboot issues with their Spectre 2 patches.

2018-01-16 : Updated the list of vulnerable processors, and added a new section on Intel CPUs spontaneously rebooting after applying Meltdown and Spectre patches. Also added cautionary advice on holding off these updates.

2018-01-12 : Updated the article with the AMD confirmation that their processors are vulnerable to both Spectre exploits. Also added details on the Google Retpoline mitigation technique against Spectre attacks.

2018-01-11 : Added new sections on the performance impact of the Meltdown and Spectre mitigation patches, and reports of those patches bricking some AMD PCs. Also expanded the list of affected CPUs, and corrected information on the Intel-SA-00086 Detection Tool.

Between 2018-01-09 and 2018-01-10 : Numerous updates including details of patches and affected CPUs.

Originally posted @ 2018-01-09

 

The Meltdown + Spectre Vulnerabilities

  • The Project Zero team identified these vulnerabilities in 2017, reporting it to Intel, AMD and ARM on 1 June 2017.
  • These vulnerabilities take advantage of the Speculative Execution and Branch Prediction features of the modern processor, that have been used for many years to improve performance.
  • Speculative Execution lets the CPU predict and pre-execute the next instruction, allowing it to “instantly” deliver the results if it’s correct.
  • Branch Prediction helps the CPU predict future execution paths that should be speculatively-executed for better performance.
  • There are THREE (3) variants of the speculative execution CPU bug :
    • Variant 1 : Bounds Check Bypass (CVE-2017-5753)
    • Variant 2 : Branch Target Injection (CVE-2017-5715)
    • Variant 3 : Rogue Data Cache Load (CVE-2017-5754)
  • The Spectre attack (whitepaper) exploits variants 1 and 2.
  • The Meltdown attack (whitepaper) exploits variant 3.
  • There is a Variant 3a, which appears to affect only certain ARM processors.

 

What’s The Difference Between Meltdown & Spectre?

  • Spectre tricks the CPU branch predictor into mis-predicting the wrong path, thereby speculatively executing code that would not otherwise be executed.
  • Meltdown takes advantage of the out-of-order execution capability of modern processors, tricking them into executing malicious code that would normally not be allowed.
  • The Spectre name is based on both the root cause – speculative execution, and the fact that it is not easy to fix, and will haunt us for a long time like a spectre (ghost).
  • The Meltdown name was chosen because the vulnerability “basically melts security boundaries which are normally enforced by the hardware“.

 

How Bad Are Meltdown & Spectre?

  • The Spectre exploits let an attacker access and copy information from the memory space used by other applications.
  • The Meltdown exploit lets an attacker copy the entire physical memory of the computer.
  • Unless patched, the affected processors are vulnerable to malware and cyberattacks that exploits this CPU bug to steal critical information from running apps (like login and credit card information, emails, photos, documents, etc.)
  • While the Meltdown exploit can be “fixed”, it is likely that the Spectre exploit cannot be fixed, only mitigated, without a redesign of the processors. That means we will have to live with the risks of a Spectre attack for many more years to come.

 

How Many Processors Are Affected? Updated!

For the complete list of affected AMD, Apple, ARM and Intel processors, please see this separate article – The Complete List Of CPUs Vulnerable To Meltdown / Spectre

Company Spectre 1 Spectre 2 Meltdown
AMD 295 Server CPUs
42 Workstation CPUs
396 Desktop CPUs
208 Mobile CPUs
295 Server CPUs
42 Workstation CPUs
396 Desktop CPUs
208 Mobile CPUs
None
Apple 13 Mobile SoCs 13 Mobile SoCs 13 Mobile SoCs
ARM 10 Mobile CPUs
3 Server SoCs
10 Mobile CPUs
3 Server SoCs
4 Mobile CPUs
3 Server SoCs
IBM 10 POWER CPUs 10 POWER CPUs 10 POWER CPUs
Intel 732 Server / Workstation CPUs
443 Desktop CPUs
583 Mobile CPUs
51 Mobile SoCs
732 Server / Workstation CPUs
443 Desktop CPUs
583 Mobile CPUs
51 Mobile SoCs
732 Server / Workstation CPUs
443 Desktop CPUs
583 Mobile CPUs
51 Mobile SoCs

Total

2786 CPUs 2786 CPUs 1839 CPUs

For the complete list of affected AMD, Apple, ARM and Intel processors, please see this separate article – The Complete List Of CPUs Vulnerable To Meltdown / Spectre

 

Intel Detection Tool?

The Intel-SA-00086 Detection Tool does NOT detect the processor’s susceptibility to these vulnerabilities. It only checks for different vulnerabilities affecting the Intel Management Engine.

 

InSpectre

Our reader Arthur shared that the Gibson Research Corporation has an aptly-named utility called InSpectre.

It checks for Meltdown and Spectre hardware and software vulnerabilities in a Windows system. It will help you check if your system is getting patched properly against these vulnerabilities.

 

What Is Being Done??? Updated!

Note : The terms “mitigate” and “mitigation” mean the possibility of a successfully attacked are reduced, not eliminated.

  • Intel has started issuing software and firmware updates for the processors introduced in the last 5 years. By the middle of January 2018, Intel expects to have issued updates for more than 90% of those CPUs. However, that does not address the other Intel processors sold between 2010 and 2012.
  • Microsoft and Linux have started to roll our the KPTI (Kernel Page Table Isolation) patch, also known as the KAISER (Kernel Address Isolation to have Side-channels Efficiently Removed) patch.
  • The KPTI or KAISER patch, however, will only protect against the Meltdown exploit. It has no effect on a Spectre attack.
  • Microsoft Edge and Internet Explorer 11 received the KB4056890 security update on 3 January 2018, to prevent a Meltdown attack.
  • Firefox 57 includes changes to mitigate against both attacks.
  • Google Chrome 64 will be released on 23 January 2018, with mitigations against Meltdown and Spectre attacks.
  • For Mac systems, Apple introduced mitigations against Spectre in macOS 10.13.2 (released on 8 January 2018), with more fixes coming in macOS 10.13.3.
  • For iOS devices, Apple introduced mitigations against Meltdown in iOS 11.2 and tvOS 11.2.
  • On 8 January 2018, Apple released iOS 11.2.2, which mitigates the risk of the two Spectre exploits in Safari and WebKit, for iPhone 5s, iPad Air, and iPod touch 6th generation or later.
  • ARM has made available the KPTI / KAISER kernel patches for Linux, while Google will provide them for Android.
  • Google patched Android against both exploits with the December 2017 and January 2018 patches.
  • Google shared details of their Return Rrampoline (Retpoline) binary modification technique that can be used to protect against Spectre attacks. It is a software construct that ensures that any associated speculative execution will “bounce” (as if on a trampoline) endlessly.
  • NVIDIA issued six driver and security updates for affected devices and software between 3-9 January 2018.
  • On 11 January 2018, AMD announced that the “majority of AMD systems” have received the mitigation patches against Spectre 1, albeit some older AMD systems got bricked by bad patches. They also announced that they will make “optional” microcode updates available for Ryzen and EPYC processors by the same week.
  • In the same 11 January 2018 disclosure, AMD also shared that Linux vendors have started to roll out OS patches for both Spectre exploits, and they’re working on the “return trampoline (Retpoline)” software mitigations as well.[adrotate group=”2″]
  • On 23 January 2018, Apple released Meltdown patches for macOS Sierra and OS X El Capitan, but not macOS High Sierra.
  • On 23 January 2018, Microsoft finally revealed their Spectre and Meltdown patch schedule.
  • On 24 January 2018, AMD revealed their 11 software mitigations for both Spectre exploits.
  • The 24 January 2018 AMD whitepaper also revealed that the AMD K10 and K8 processors are vulnerable as well, adding an additional 663 CPU models to the list of vulnerable processors.
  • On 2 February 2018, Microsoft released KB4078130 to disable the Spectre 2 patches that were causing many Intel systems to randomly and spontaneously reboot.
  • On 8 February 2018, an Intel microcode update schedule revealed that their Penryn-based processors are also vulnerable, adding an additional 314 CPU models to the list of vulnerable processors.
  • On 14 February 2018, Intel revealed an expanded Bug Bounty Program, offering up to $250,000 in bounty awards.

 

Some AMD PCs Got Bricked

In the rush to mitigate against Meltdown and Spectre, Microsoft released Windows 10 patches that bricked some AMD PCs. They blamed the incorrect / incomplete documentation provided by AMD.

You can read more about this issue @ These Windows 10 Updates Are Bricking AMD PCs!

 

Buggy Intel Spectre 2 Patches Updated!

Intel’s rush to patch Meltdown and Spectre resulted in buggy microcode patches, causing several generations of their CPUs to randomly and spontaneously reboot.

So far, over 800 Intel CPU models have been identified to be affected by these spontaneous reboot issues. If you have one of the affected CPUs, please hold off BIOS / firmware updates!

Intel has identified the cause as the Spectre 2 patches in their microcode updates for some of these processors. They’re still investigating the cause of the other affected CPU models.

Fortunately for Windows users, Microsoft issued the KB4078130 emergency update to stop the reboots while Intel worked to fix the issue.

You can read more about this issue @ The Intel Spectre Reboot Issue, and the Microsoft solution @ KB4078130 : Emergency Windows Update To Disable Intel Spectre Patches!

 

What Should You Do? Updated!

First and foremost – DO NOT PANIC. There is no known threat or attack using these exploits.

Although we listed a number of important patches below, the buggy updates are worse than the potential threat they try to fix. So we advise HOLDING OFF these patches, and wait for properly-tested versions a few weeks down the line.

  • If you are using Windows, make sure you install the latest Microsoft Spectre and Meltdown updates.
  • If you are using a Mac system, get the latest Apple Spectre and Meltdown patches.
  • If you are using an iOS device, get updated to iOS 11.2 or tvOS 11.2.
  • If you are using Firefox, update to the latest Firefox 57.
  • If you are using Google Chrome, make sure you watch out for Chrome 64, which will be released on 23 January.
  • Download and install the latest software firmware updates from your PC, laptop, motherboard brands. In particular, install the latest driver for the Intel Management Engine (Intel ME), the Intel Trusted Execution Engine (Intel TXE), and the Intel Server Platform Services (SPS)
  • If you are running an ARM processor on Linux, grab the kernel patches.
  • IBM POWER system users can download and install these firmware updates.
  • Users of affected NVIDIA systems can download and install these driver and firmware updates.
  • If you are using an Intel system, hold off updating your firmware, unless you have already verified that your CPU is not affected by the buggy Intel patches, or Intel has already issued corrected patches.

 

The Performance Impact Of The Mitigation Patches

Many benchmarks have been released, showing performance impacts of between 5% to 30%, depending on the type of benchmark and workload. Microsoft has called those benchmark results into question, stating that they did not cover both operating system and silicon microcode patches.

They released an initial report on their findings, which we have summarised in our article – Pre-2016 Intel CPUs Hit Worst By Meltdown + Spectre Fix.

 

Meltdown + Spectre Reading Suggestions

[adrotate group=”2″]

Go Back To > Articles | Home

 

Support Tech ARP!

If you like our work, you can help support our work by visiting our sponsors, participating in the Tech ARP Forums, or even donating to our fund. Any help you can render is greatly appreciated!

Kaspersky Lab Challenges DHS Ban Of Kaspersky Products

December 19, 2017 – Kaspersky Lab is challenging the DHS ban of the use of its products in federal agencies. In a statement issued today, Kaspersky Lab announced that it is seeking an appeal in federal court of U.S. Department of Homeland Security’s (DHS) decision on Binding Operational Directive 17-01 banning the use of the company’s products in federal agencies.  

 

Kaspersky Lab Challenges DHS Ban Of Kaspersky Products

Kaspersky Lab has filed an appeal under the Administrative Procedure Act to enforce its constitutional due process rights and challenge the DHS ban on the use of the company’s products and solutions by U.S. government agencies.

The company asserts that the DHS’s decision is unconstitutional and relied on subjective, non-technical public sources such as uncorroborated and often anonymously sourced media reports, related claims, and rumours.

Furthermore, Kaspersky Lab claims that the DHS failed to provide the company adequate due process to rebut the unsubstantiated allegations underlying the Directive and has not provided any evidence of wrongdoing.

Kaspersky Lab reached out to DHS in mid-July, offering to provide any information or assistance concerning the company, its operations, or its products. In mid-August, DHS confirmed receipt of the company’s letter, appreciating the offer to provide information and expressing interest in future communications with Kaspersky Lab regarding the matter.

However, the next communication from DHS to Kaspersky Lab was notification regarding the issuance of Binding Operational Directive 17-01 on September 13, 2017.

The DHS ban on the use of Kaspersky products in federal agencies damaged Kaspersky Lab’s reputation and its sales in the U.S. In filing this appeal, Kaspersky Lab hopes to protect its due process rights under the U.S. Constitution and federal law and repair the harm caused to its commercial operations, its U.S.-based employees, and its U.S.-based business partners.

“Because Kaspersky Lab has not been provided a fair opportunity in regards to the allegations and no technical evidence has been produced to validate DHS’s actions, it is in the company’s interests to defend itself in this matter. Regardless of the DHS decision, we will continue to do what really matters: make the world safer from cybercrime,” said Eugene Kaspersky, CEO of Kaspersky Lab.

 

The Kaspersky Global Transparency Initiative

On 23 October 2017, Kaspersky Lab launched its Global Transparency Initiative. This Initiative will include :

[adrotate group=”2″]
  • an independent review of the company’s source code, software updates and threat detection rules;
  • an independent review of internal processes to verify the integrity of the company’s solutions and processes;
  • three transparency centers by 2020, in Asia, Europe and the U.S.; and
  • increased bug bounty rewards up to $100k per discovered vulnerability in Kaspersky Lab products.

You can read more about this initiative in our article – How Kaspersky Lab Plans To Counter Alleged Ties To Russian Intelligence.

Go Back To > News | Home

 

Support Tech ARP!

If you like our work, you can help support our work by visiting our sponsors, participating in the Tech ARP Forums, or even donating to our fund. Any help you can render is greatly appreciated!

Kaspersky Lab Reveals Mokes Backdoor In NSA Leak

Kaspersky Lab just issued an update on their internal investigation into the alleged downloading of NSA hacking tools by Russian hackers, and their own team. Their update provides new insights into the hack, including their new findings on the Mokes backdoor used to gain access to the infected computer.

 

What’s Going On With Kaspersky Lab?

Kaspersky Lab can’t seem to get ahead of the bad publicity over the alleged downloading of NSA hacking tools from an NSA employee’s home computer. After the incident was first reported in the Wall Street Journal,  Kaspersky Lab launched an internal investigation.

They have also recently announced their Global Transparency Initiative to combat the perception that they are helping the Russian government attack Western interests.

Read : Eugene Kaspersky On The Cyberspace Survival Guide

 

Kaspersky Lab’s Initial Findings

Kaspersky Labs published these initial findings on 25 October :

  • On September 11, 2014, a Kaspersky Lab product installed on the computer of a U.S.-based user reported an infection of what appeared to be variants of malware used by the Equation APT group– a sophisticated cyber threat actor whose activity had already been under active investigation since March 2014.
  • Sometime after this, the user seems to have downloaded and installed pirated software on their machine, specifically a Microsoft Office ISO file and an illegal Microsoft Office 2013 activation tool (aka “keygen”).
  • To install the pirate copy of Office 2013, the user appears to have disabled the Kaspersky Lab product on their computer, because executing the illegal activator tool would not have been possible with the antivirus enabled.
  • The illegal activation tool contained within the Office ISO was infected with malware. The user was infected with this malware for an unspecified period while the Kaspersky Lab product was inactive. The malware consisted of a full-blown backdoor which could have allowed other third-parties to access the user’s machine.
  • When re-enabled, the Kaspersky Lab product detected the malware with the verdict Backdoor.Win32.Mokes.hvl and blocked this malware from calling out to a known command and control server. The first detection of the malicious setup program was on October 4, 2014.
  • In addition, the antivirus product also detected new and previously known variants of Equation APT malware.
  • One of the files detected by the product as new variants of Equation APT malware was a 7zip archive which was sent back, in accordance to the end-user and KSN license agreements, to the Kaspersky Virus Lab for further analysis.
  • Upon analysis, it was discovered that the archive contained a multitude of files, including known and unknown tools of Equation group, source code, as well as classified documents. The analyst reported the incident to the CEO. Following a request from the CEO, the archive itself, source code, and any apparently classified data were deleted within days from the company’s systems. However, files that are legitimate malware binaries currently remain in Kaspersky Lab storage. The archive was not shared with any third-parties.
  • The reason Kaspersky Lab deleted those files and will delete similar ones in the future is two-fold: first, it needs only malware binaries to improve protection and, secondly, it has concerns regarding the handling of potentially classified material.
  • Because of this incident, a new policy was created for all malware analysts: they are now required to delete any potentially classified material that has been accidentally collected during anti-malware research.
  • The investigation did not reveal any other similar incidents in 2015, 2016 or 2017.
  • To date, no other third-party intrusion aside from Duqu 2.0 has been detected in Kaspersky Lab’s networks.

 

The Mokes Backdoor & Other New Findings

Kaspersky Lab continued their investigation, issuing a new report that confirmed their initial findings above. It also provided additional insight into the analysis of the telemetry of suspicious activities registered on that NSA employee’s computer that was sent to their servers.

One of the major discoveries was the detection of the Mokes backdoor in that NSA employee’s computer. The Mokes backdoor is a malware that allows the hacker to remotely access the computer.

Curious Mokes backdoor background

It is publicly known that the Mokes backdoor (also known as “Smoke Bot” or “Smoke Loader”) appeared on Russian underground forums as it was made available for purchase in 2014. Kaspersky Lab research shows that, during the period of September to November 2014, the command and control servers of this malware were registered to presumably a Chinese entity going by the name “Zhou Lou”.

[adrotate group=”2″]

Moreover, deeper analysis of Kaspersky Lab telemetry showed that the Mokes backdoor may not have been the only malware infecting the PC in question at the time of the incident as other illegal activation tools and keygens were detected on the same machine.

More non-Equation malware

Over a period of two months, the product reported alarms on 121 items of non-Equation malware: backdoors, exploits, Trojans and AdWare. All of these alerts, combined with the limited amount of available telemetry, means that while Kaspersky Lab can confirm that their product spotted the threats, it is impossible to determine if they were executing during the period the product was disabled.

 

Kaspersky Lab’s Conclusions

Their current investigations conclude thus far that :

  • The Kaspersky Lab software performed as expected and notified our analysts of alerts on signatures written to detect Equation APT group malware that was already under investigation for six months. All of this in accordance with the description of the declared product functionality, scenarios, and legal documents which the user agreed to prior to the installation of the software.
  • What is believed to be potentially classified information was pulled back because it was contained within an archive that fired on an Equation-specific APT malware signature.
  • Beside malware, the archive also contained what appeared to be source code for Equation APT malware and four Word documents bearing classification markings. Kaspersky Lab doesn’t possess information on the content of the documents as they were deleted within days.
  • Kaspersky Lab cannot assess whether the data was “handled appropriately” (according to U.S. Government norms) since our analysts have not been trained on handling U.S. classified information, nor are they under any legal obligation to do so. The information was not shared with any third party.
  • Contrary to multiple media publications, no evidence has been found that Kaspersky Lab researchers have ever tried to issue “silent” signatures aimed at searching for documents with words like “top secret” and “classified” and other similar words.
  • The Mokes backdoor infection and potential infections of other non-Equation malware point to the possibility that user data could have been leaked to an unknown number of third-parties as a result of remote access to the computer.

Go Back To > Articles | Home

 

Support Tech ARP!

If you like our work, you can help support our work by visiting our sponsors, participating in the Tech ARP Forums, or even donating to our fund. Any help you can render is greatly appreciated!

How Kaspersky Lab Plans To Counter Alleged Ties To Russian Intelligence

Alleged Ties To Russian Intelligence

Kaspersky Lab can’t seem to get rid of the stigma of being a Russian company. Even after Eugene Kaspersky publicly declared that Russian President Vladimir Putin is not his friend, and offered to show his source codes to the US government, he can’t shake off the perception that he’s helping the Russian government attack Western interests.

It did not help that Israeli government hackers provided the US National Security Agency (NSA) with evidence that Russian hackers used Kaspersky Lab software to scan for American classified programs. They also found NSA hacking tools in the Kaspersky Lab network, the same tools that the NSA later confirmed were in Russian intelligence hands.

That was what led to the US General Services Administration directive to remove Kaspersky Lab from its list of approved vendors, and the US Senate to call for a government-wide ban.

There is no evidence that Kaspersky Lab itself was complicit in helping Russian intelligence scan for American classified programs, or obtain the NSA hacking tools. It is entirely possible that the Russian intelligence hackers merely exploited the same flaws in Kaspersky Lab software that the Israelis used to gain access to their network and software.

However, all these controversies have greatly undermined Kaspersky Lab’s credibility and sales worldwide.

 

The Kaspersky Lab Global Transparency Initiative

The Kaspersky Lab Global Transparency Initiative attempts to prove and assure their customers (and potential customers) that there are no backdoors in their software. Under this initiative, Kaspersky Lab will make their source codes, including software updates and threat detection rules, available for independent review and evaluation.

Their Global Transparency Initiative will kick off with these actions :

  1. Kaspersky Lab will offer their source codes for an independent review by Q1 2018, with similar independent reviews of their software updates and threat detection rules to follow.
  2. An independent assessment of the Kaspersky Lab development lifecycle processes, and its software and supply chain risk mitigation strategies, will begin by Q1 2018.
  3. Additional controls to govern Kaspersky Lab data processing practices, with verification by an independent party, will be developed by Q1 2018.
  4. Three Transparency Centers will be established in Asia, Europe and the US to address security issues with Kaspersky Lab partners, customers and government stakeholders. They will also serve as a facility for “trusted partners to access reviews on the company’s code, software updates and threat detection rules“. The first Transparency Center will open by 2018, with the rest by 2020.
  5. Kaspersky Lab will increase their bug bounty awards up to $100,000 for the most severe vulnerabilities found under their Coordinated Vulnerability Disclosure program by the end of 2017.

Kaspersky Lab will later announce the next phase of the Global Transparency Initiative, after engaging with their stakeholders and the cybersecurity community.

 

What This Does Not Address

[adrotate group=”2″]

The initial phase of the Kaspersky Lab Global Transparency Initiative will help verify, and assure their customers, that there are no backdoors in their software. However, it does not address a major concern for the US government – the fact that their data is routed through Russian Internet service providers that are subject to the Russian intelligence surveillance system called SORM (System of Operative-Investigative Measures).

Kaspersky Lab has said that customer data sent to their Russian servers are encrypted, and they do not decrypt it for the Russian government. But it would be impossible for them to prove it. Perhaps they will address this concern in the next phase of their Global Transparency Initiative.

Don’t forget to read our interview with Eugene Kaspersky on his alleged ties with Russian President Vladimir Putin and the Kremlin.

Go Back To > Articles | Home

 

Support Tech ARP!

If you like our work, you can help support our work by visiting our sponsors, participating in the Tech ARP Forums, or even donating to our fund. Any help you can render is greatly appreciated!

Trend Micro : How To Catch Hackers Through Subtle Mistakes

For all the benefits that it brings, new technology tends to open up a wealth of opportunities for malicious parties to compromise sensitive data. Even as businesses strive to protect themselves by employing advanced cyber security tools, hackers are keeping pace with developments of their own.

Many organizations focus on alerts of an attack, such as blaring notifications that something just isn’t right. However, a threat could easily be sleeping in their systems right now or attacks could be perpetrated right under their noses in the guise of normal transactions.

In fact, the quieter variety of cyber-attacks is particularly dangerous and underprepared for. Methods are becoming more sophisticated and harder to detect, but there are ways to catch hackers through their subtle mistakes.

How To Catch Hackers Through Subtle Mistakes

1. Look at the evidence

Hackers in movies and television shows have helped perpetuate the myth that cyber-attacks can only be detected when they are caught in the act. Data breach systems can detect when someone breaches and is inside your systems. This tool can help identify and mitigate attacks quickly, reducing potential risk and costs.

But sometimes hackers remain undetected, and that calls for some cyber forensics. While malicious parties can certainly cover their tracks, there is typically a breadcrumb trail left behind. In fact, Hexadite co-founder Barak Klinghofer told USA Today that cyber criminals always leave evidence behind. Organizations can analyze this information to identify how the attack was perpetrated and who did it.

InfoSec analysts take a deep look into attack vectors, the timing of the breach, what information was stolen and to whom the data might be useful. Evidence can create a substantial picture leading to the culprit and mitigating similar attacks in the future. No matter how subtle an attack may be when it happens, organizations still have an opportunity to rectify it afterward by utilizing advanced cyber forensic tools and plugging the gaps.

Cyber forensics can analyze evidence hackers leave behind.

2. Determine the number of actors

EyePyramid, an information-stealing malware, was active earlier this year, and attacks that utilized this malicious software resulted in the theft of 87GB of sensitive data. It also targeted more than 100 email domains and 18,000 email accounts in Italy, the U.S., Europe and Japan. Despite the extent of this attack, it was eventually attributed to a brother-sister team who were using the malware to profit from the stolen data. A Trend Micro report by Martin Roesler found that their identification was a result of operator error. Their habits, quirks and techniques were their ultimate downfall. Cyber security tools must be able to recognize trends within behavior, allowing breached organizations to track down an attack to the source.

“Hackers can make simple mistakes by revealing too much about themselves.”

3. Track social interactions

Hackers are no stranger to using forums and other means to sell their tools. However, even these individuals can make mistakes by simply posting too much online. In July 2014, when Limitless Logger was at its peak, cybercrinimals used it to disable security controls, record keystrokes and exfiltrate account passwords.

Trend Micro research started to dig into information about the original author by looking into them on Hackforums. From information within the posts, it was found that the culprit just completed the first semester in a university as well as contact details for Skype and PayPal accounts. Following the rabbit hole of these clues, public social network profiles were eventually found and Hackforum chat logs confirmed his true name. Hackers can make simple mistakes by revealing too much about themselves. A profile can be made from this data to narrow down the suspect pool and develop other leads to ultimately identify the culprit.

4. Watch for spelling errors

Hackers are human, and that means they make mistakes, especially when trying to phish for credentials. It’s common for employees to easily glance over spelling errors in URLs and messages automatically clicking links without second thought. But that’s not the way that spelling errors signal an attack.

[adrotate banner=”4″]

For example, in early 2016, Bangladesh Bank experienced this firsthand. Hackers breached the institution’s systems and stole payment transfer credentials. These authorizations were used to make nearly three dozen requests to move money from the bank to entities in the Philippines and Sri Lanka, Reuters reported. After the fifth request, a misspelling caught the eye of a routing bank, causing them to look into the transactions. While the error prevented a $1 billion heist, the hackers still managed to get away with $80 million for their efforts.

Organizations can be overwhelmed by the thought of cybercrime. However, there are a number of ways to spot a potential threat and stop it in its tracks. With capable cyber security tools, businesses can have peace of mind that their systems and data are secure.

 

Support Tech ARP!

If you like our work, you can help support our work by visiting our sponsors, participating in the Tech ARP Forums, or even donating to our fund. Any help you can render is greatly appreciated!

Mr. Robot Season 2 Exclusively On iflix

iflix just announced they acquired exclusive rights in Malaysia to the second season of the critically acclaimed, global phenomenon, Mr. Robot. Fast tracked from the U.S., new episodes will premiere every Thursday on iflix, within 24-hours of the initial U.S. broadcast.

In its first season, the drama series garnered numerous accolades and awards, including the Golden Globe for “Best TV Drama” and a Peabody Award. Mr. Robot follows Elliot Alderson (Golden Globe nominee Rami Malek), a young cyber-security engineer who becomes involved in the underground hacker group fsociety after being recruited by their mysterious leader (Golden Globe winner Christian Slater). Following the events of fsociety’s 5/9 hack on multi-national conglomerate Evil Corp, the second season explores the consequences of that attack as well as the illusion of control.

Mr. Robot Season 2 joins iflix’s growing library of first run exclusives including the show’s critically lauded first season, every season of award-winning crime drama Fargo, new breakout fantasy series The Magicians, Aquarius and many more.

To celebrate this, iflix Malaysia invited selected media for an exclusive advanced screening of the first episode of Mr. Robot Season 2. iflix Malaysia CEO, Azran Osman-Rani, even took time off his busy schedule to join us for popcorn and the screening.

iflix Group Chief Content Officer, James Bridges commented: “We are thrilled to bring this latest instalment of Mr. Robot, one of the world’s most exciting and compelling series, exclusively to our markets. The multi-award-winning first season was one of Malaysia’s most talked about shows of 2015. It is another example of our passion for seeking out and delivering the best content available to our subscribers across the region.”

Now available in Malaysia, Thailand, the Philippines and Indonesia, iflix will continue to roll out its world-class service to key additional emerging markets in the coming months. Offering consumers a vast library of top Hollywood, Asian regional, and local TV shows and movies including many first run exclusives and award winning programs, each subscription allows users to access the service on up to five devices, including phones, laptops, tablets, and television sets, for viewing wherever, whenever.

iflix subscribers can also download TV shows and movies from iflix’s extensive catalogue for offline viewing. The service is priced at only RM 10 per month in Malaysia for unlimited access with no ads!

[adrotate banner=”5″]

 

Support Tech ARP!

If you like our work, you can help support our work by visiting our sponsors, participate in the Tech ARP Forums, or even donate to our fund. Any help you can render is greatly appreciated!

Kaspersky Tips On Beating Hackers During Euro 2016

June 13, 2016 – On Friday, 10 June, thousands of companies across Europe and the rest of the world are likely to discover they have more remote workers than they did the day before, as the Euro 2016 football tournament gets underway. Fans trying to keep on top of work using mobile devices while surrounded by crowds of strangers, insecure public Wi-Fi networks and the distraction of a match will be immensely vulnerable to cyberthreats. Fortunately, there are a few simple steps that they and their employers can take to stay safe.

The Euro 2016 football tournament, hosted by France, brings together 24 teams for 51 matches. Millions of fans will be watching the games in stadiums, bars and at public screenings. Employers have been urged to let staff work more flexibly or from home so they can watch key national games, but some employees may take matters into their own hands, working from mobile devices while watching a game with fellow supporters. The IT security risks of such behaviour are immense. Neither employers nor employees may be fully aware of or prepared for just how vulnerable they are about to become.

To help everyone keep important business data safe, regardless of where they are, Kaspersky Lab has drawn up a short essential guide:

 

10 Things Remote-Working Fans Can Learn From The Players On The Pitch

1. Take responsibility for your own performance

A recent Kaspersky Lab study into ransomware found that less than 4% of adults in the US[i] would mind if work documents on their device were lost through cybercrime, while 77% would panic if they lost financial info. Indifference doesn’t lead to secure behaviour. If you are planning to work on the move, you need to feel responsible for the safety of the business information you handle.

2. Everyone is watching you

Logging into a device where anyone can look over your shoulder and make a note of your passwordor the work you’re doing – so-called ‘visual hacking’ – makes it easy for others to break into your device or steal information. Keep your data to yourself.

3. Keep your eye on the ball

Phishing and ransomware emails look increasingly convincing and can even appear to come from a colleague. If the message is unexpected, contact the sender directly, and never click on an attachment or a link in an email from someone you don’t know.

4. Don’t reveal your game plan

Don’t transmit anything unless you know it’s encrypted. With WhatsApp and Apple’s iMessage service now encrypting communications end-to-end as standard, email is rapidly becoming the most vulnerable form of business communications[ii]. Use the most secure channel you have access to.

5. Beware Man-in-the-Middle attacks

Using a free, public Wi-Fi network to stay in touch with work is extremely high-risk. An attacker can easily insert themselves into the network and spy on or intercept all your communications. They can do the same between an email and your business server[iii]. End-to-end encryption prevents this – so if you don’t have it, don’t email till you’re somewhere secure or use a VPN (virtual private network).

[adrotate banner=”5″]

6. Prepare for the worst

Employers unprepared for the sudden increase in remote working may not have the most appropriate security installed on work devices, let alone employees’ personal devices. If it’s too late to get this installed, then at the very least don’t leave home without the most up-to-date version of device software installed. Mobile devices are not immune to cyberattack: in 2015, Kaspersky Lab prevented nearly three million attempts to infect mobile devices[iv] with a Trojan.

7. The referee can make mistakes

Websites, network service providers, operating systems etc. do their best to provide protection or alerts: such as the new malware and phishing website warnings introduced by Bing[v]. However, the baddies are increasingly cunning and if there’s a point of weakness, they’ll find it. Confine your remote work to things that are not business critical or sensitive.

8. But don’t blame the referee for all mistakes

Sometimes things go wrong; devices get broken, lost or stolen, or affected by malware or ransomware. The best thing to do is to come clean and let your IT department know immediately so they can take appropriate steps, such as blocking or remote-wiping the device, or isolating the malware before the infection takes hold.

9. Don’t make victory easy for the other side

Cybercriminals generally prefer the path of least resistance. Solid security, security updates, a hard-to-crack password, the use of the latest software, a business VPN and encrypted communications all make it harder for an outsider to gain access to your device and business information.

10. But don’t expect to win without trying

Kaspersky Lab has found that only around half (53%) of consumers make use of the security features that come with their device[vi]. To stay ahead of the hackers, you need to get to grips with these security essentials. It’s about focus and commitment, supported by the right equipment. Just like football.

“Euro 2016 should be a celebration of football for fans the world over to enjoy. Sadly, occasions where people are more relaxed about device and data security can quickly become a happy hunting ground for hackers. Cybercriminals won’t hesitate to pounce on an under-protected football supporter trying to work remotely. A few basic precautions before, during and after the match will help employers and their workforce to stay safe – leaving them free to enjoy the glorious spectacle of sport,” said David Emm, Principal Security Researcher, Kaspersky Lab.

[adrotate banner=”5″]

 

Support Tech ARP!

If you like our work, you can help support our work by visiting our sponsors, participate in the Tech ARP Forums, or even donate to our fund. Any help you can render is greatly appreciated!

Clock Share Bug In iOS Allows Access To Data

While proving the SoFlo iPhone unlocking hoax, we stumbled upon a security bug in iOS 9.2.1. This security bug can be used to bypass the iOS device’s passcode or Touch ID. But it has to be done in a very specific way.

 

How To Exploit This Bug In iOS

Here is how you can exploit the bug in iOS 9.2.1 to gain access to every photo, video and contact stored in the iOS device, whether it is an iPhone, an iPad or an iPod touch.

  1. Log into the iOS device using the passcode / Touch ID.
  2. Open the Clock app and go to World Clock, and add a new Clock.
  3. Type a random word in the Search bar.
  4. Select the random word and tap to Share as a Message.

  1. Once the New Message screen opens, turn off the iOS device.
  2. Call Siri (without logging in using Touch ID / passcode) and ask for the time
  3. Click on the Clock after Siri tells you the time.
  4. Siri will not open up the World Clock, but will take you straight into New Message.
  5. Now add a random word to “To:” bar, and press Return.
  6. Double tap on the random word (now green in colour). It will bring you to the Info screen.
  7. Tap on Create New Contact.
  8. Tap on Add Photo. This will allow you to access the Photos app and EVERY photo and video in the iOS device.
  9. You can also tap on Add to Existing Contact to access the entire Contact List.
[adrotate banner=”5″]

 

Don’t Worry… Too Much

As you can tell by now, this security bug is very hard for a hacker to exploit. It requires prior access to the iOS device to “set up” the exploit.

The hacker will have to trick the owner into granting access to the iOS device. Then the hacker can follow the steps above up to no. 5. This will allow the hacker to exploit the bug (at a later time) to gain access to the iOS device’s photos, videos and contacts.

While this is a remote possibility, we nevertheless reported the security bug to Apple :

We then tested to see if the exploit would work on iOS 9.3 beta, and discovered something interesting.

It appears that Apple finally decided that it was superfluous to offer a Share option in the Clock app. How is that functionality useful to the user? It’s practically useless. So they removed the Share option completely.

In other words, even if you are logged into the iOS device, you can no longer go to the Clock app, key in a random word and Share it. The option is gone. As far as we can tell, it was gone as early as iOS 9.3 beta 5. We confirmed this in iOS 9.3 beta 6 as well (naturally).

So don’t worry too much. The coming iOS 9.3 update will fix this security bug in iOS 9.2.1 once and for all. In the meantime, just be careful who you lend your iOS device to!

 

Support Tech ARP!

If you like our work, you can help support our work by visiting our sponsors, participate in the Tech ARP Forums, or even donate to our fund. Any help you can render is greatly appreciated!