CategoriesHackingNews

Hacking School Computers to Change Grades

Hackers recently targeted a Virginia high school in order to change the grades of multiple students. The hackers were able to obtain access to teacher accounts when they sent out a phishing link. The phishing link was included inside an email that pretended to be from the “Oaktown High School’s Honor Council” dedicated to “honor and integrity”. The link then directed the user to a malware site, which downloaded key logger software onto the computer.

A key logger records strokes on the user’s keyboard, including passwords and other sensitive data. That information is captured by the hacker, giving them the ability to access the user’s accounts.

Hacked School System

The Virginia high school hackers used their access to make several changes in the school system:

After the emails began circulating, there were multiple cases of grade changes being requested, as well as students’ passwords being changed and emails being sent through remote log-ins, according to the search warrant. The court document does not say whether the hackers were successful in changing any grades, and Fairfax County Public Schools officials declined to say. –The Washington Post

Hacking Grades Could Result in Heavy Charges

Law Enforcement haven’t found the high school hackers, but if they do, charges could be steep.

There was a recent case of a University of Georgia student who hacked into his professor’s computer in order to alter his grades. He was charged with over 70 counts of computer forgery and computer trespassing.

According to the Washington Post, these types of grade-changing hacks are increasing. There are also services for hire to help students change their grades through hacking, as well as YouTube tutorials.

Photo credit: Katy Levinson

CategoriesNewsSocial Media

Instagram wants to Fix the Mental Health Problems They’ve Caused

Social media is known to have a negative impact on mental heath. Spending too much time on social networks leads to depression, anxiety and addiction problems. Instagram is often criticized for causing negative body issues, especially in young teens. A 2017 survey found that the image sharing platform gave teens feelings associated with “high levels of anxiety, depression, bullying and FOMO, or the “fear of missing out.” –Time

Instagram Hires a “Wellbeing Team”

As a response to the reports that Instagram was affecting the mental health of young people, the company introduced a “wellbeing team.”

A senior Instagram executive said that the mental health of the users is a top priority. Part of the goal set for the team is to combat bullying, harassment, spam and abuse. Other than that, it’s pretty unclear how they will help users who are struggling with body image issues.

How do you fight “Fake”?

Often, Instagram photos are polished to make people look more attractive and food look more delicious. This creates a sense of inadequacy for the people viewing the pictures. The truth is, most of these images don’t depict real life – they are filtered embellishments. In fact, that’s what Instagram is mostly based on, filters. What you’re seeing isn’t real. Will the “wellbeing team” give disclaimers when photos are edited? It’s doubtful they would betray their content creators in that way, or else they wouldn’t have anyone left to post on the platform.

Furthermore:

“this problem stems from a larger, systemic cultural issue — where depression and other mental health issues remain under-addressed, and in which how you look, and how well you fit into cultural expectations of “success,” are given more credence than actual happiness.” –Futurism

Maybe Instagram intends to provide psychiatric counseling to its users who feel inadequate. Perhaps they could also prevent your girlfriend from continuously ‘hearting’ that guy’s selfies who she told you not to worry about.

Until then, I’ll stick to following only meme accounts.

Photo Credit: Md saad andalib

CategoriesHackingNewsSocial Media

YouTube Staffer Live Tweets Shooting, then gets his Account Hacked

A YouTube staffer was live-tweeting about the active shooting when it happened at the YouTube headquarters earlier today. Shortly after, his Twitter account was briefly hacked.

Earlier today, a woman open fired at the YouTube headquarters and tragically shot 3 people before taking her own life. Vadim Lavrusik, a product manager at YouTube, was live tweeting the incident as it was happening.

Not an hour later, Lavrusik’s account was breached by hackers.

At about 2:10 p.m., after Lavrusik tweeted that he was safe and evacuated, a new tweet came up from the account, writing, “PLEASE HELP ME FIND MY FRIEND I LOST HIM IN THE SHOOTING,” with a Flipboard URL linking to a photo of KEEMSTAR, a YouTube personality.

Three minutes after that tweet, another post came in saying, “my name is so gay honestly.” -CNET

Twtter’s @Jack was alerted to the issue and promptly restored his account.

Three people have been reported to be injured in the shooting, they have been taken to the hospital.

CategoriesData BreachesNewsSecurity

Panera Bread Ignored Data Breach Warning, Said it was a “Scam”

Panera Bread has suffered a major data breach, affecting potentially 7 million customers. The data is said to include names, email addresses, and credit card information. What’s worse – the data could have been crawled and indexed with simple automated tools.

This wasn’t news to those at the top at Panera Bread. Last summer, a security researcher told Panera Bread that their website was exposing this sensitive data. When Panera was made aware of the flaw, they dismissed it as a scam or sales pitch. After months of the flaw continuing to be exposed and unpatched, the security researcher decided to go public with evidence of the vulnerability.

“I am not exaggerating when I say you have a massive sensitive data exposure issue,” he said, “and I’d simply like you to be made aware of it so you can quickly resolve it.” -researcher Dylan Houlihan (in response to Panera Bread maintaining that he was giving a sales pitch).

Panera Bread is now downplaying the security of the breach, telling Fox News they have secured the breach and only ten thousand records were exposed. Krebs on Security is not buying it, especially considering Panera’s commercial division which serves countless catering companies which may run on the same software.

As of this writing, Panera has not made any statement on their website (it was recently taken down) nor on Twitter about the breach.

Photo Credit: Mike Mozart

CategoriesNewsPrivacySmart PhonesTechnology

What is Alphonso? Game Apps Use Smartphone Mics to Track Users

Gaming apps are widely used on many smart phones as a way to pass the time. Seemingly innocuous, mini games like bowling and pool can be addictive and fun for a variety of users. If you’re not paying close attention, however – you may be giving these apps more permissions than you bargained for.

A company called Alphonso is a service that provides software to app developers known as Automated Content Recognition or “ACR”. This ACR software, once installed, collects data about TV-viewing habits for advertisers by using the smartphone’s microphone. Yes, Alphonso actually listens to the sounds coming from your tv in order to target more relevant ads to you later.

Gaming app developers are using Alphonso in their apps in order to share data with advertisers. They are able to “listen in” in this way because the user gave permission to the app to use the microphone.

From Alphonso’s Privacy Policy for app Developers:

With your permission provided at the time of downloading the app, the ACR software receives short duration audio samples from the microphone on your device. Access to the microphone is allowed only with your consent, and the audio samples do not leave your device but are instead hashed into digital “audio signatures.” The audio signatures are compared to commercial content that is playing on your television, including content from set-top-boxes, media players, gaming consoles, broadcast, or another video source (e.g., TV shows, streaming programs, advertisements, etc.). If a match is found, Alphonso may use that information to deliver more relevant ads to your mobile device. The ACR software matches only against known, commercial audio content and does not recognize or understand human conversations or other sounds.

A big concern is that kids are being “tricked” into downloading these privacy-invading apps because they don’t always understand what they are agreeing to. There are some apps using Alphonso that are directed specifically toward kids. (Engadget)

According to Engadget, Alphonso says that its software doesn’t record human speech and they are in full compliance with the law. Others say that just because it is legal, doesn’t make it any less creepy and maybe is even unethical.

Over 250 games are currently using the Alphonso software.

For those interested, Alphonso does provide a “Mobile Opt-Out Guide” (found here) that will help explain how you can use your mobile device controls to revoke your consent for them to access your microphone.

Photo credit: Esther Vargas – “Smartphones”

CategoriesHackingNews

Rhino Horn Auction Page is Hacked

A webpage for a Rhino horn auction in South Africa looks like it has been hacked.

https://www.theguardian.com/environment/2017/jun/26/rhino-breeder-auction-horns-south-africa-rhinoceros

A breeder planned an auction of rhino horns in South Africa. This is what the Guardian tells us about the auction:

A rhino breeder in South Africa is planning an online auction of rhino horns to capitalise on a court ruling that opened the way to domestic trade despite an international ban imposed to curb poaching.

The sale of rhino horns by breeder John Hume, to be held in August, will be used to “further fund the breeding and protection of rhinos”, according to an auction website.

Hume has more than 1,500 rhinos on his ranch and spends over $170,000 a month on security for the animals, in addition to veterinary costs, salaries and other expenses, the auction website said.

“Each rhino’s horn is safely and regularly trimmed by a veterinarian and capture team to prevent poachers from harming them,” it said, adding that Hume has a stockpile of more than six tonnes of rhino horns.

As of right now it appears that rhinohornauction.com is hacked. The site now reads: “Oops, your website has been seized! Everything on your website and server have been erased! Your lack of common compassion for animals is outrageous and has been dealt with properly. We have downloaded all your credentials and removed your files. Next time, do not run a website that auctions off animals, or we will auction off your data.”

Guess they were not running web hosting security from SiteGround 😉 Looks like the site is back up and running, but for how long?

The twitter account NFAgov is providing some information about the hack.

*Update 8/12/2017, 2pm EST:  it looks like the Rhino Horn website is back up and in tact. However, the NFAgov twitter account promises, “they won’t be shortly”

CategoriesInternetNewsPiracy

ExtraTorrent Says Goodbye

Farewell, ExtraTorrent

ExtraTorrent is probably gone for good. Our friends at Torrentfreak gave us the bad news this morning that one of the more popular torrenting sites, ExtraTorrent, has decieded to shut down permanently.

We already recently lost KickassTorrents and Torrentz.eu. Isohunt also shut down a couple of years ago “indefinitely” after years of court battles over copyright issues with the MPAA.

Demonoid has been on and off for years as well.

Many of our readers are wondering what will be left?

As of now, The Pirate Bay (thepiratebay.org) still functions, but they have had a rocky ride the last few years – many of the main players have faced raids, prison time and are still tied up in courts. TPB seems to live up to its slogan, however, “The galaxy’s most resilient BitTorrent site“.

ExtraTorrent Closes on Wednesday

The beloved torrent site left us with this message on their home page: “ExtraTorrent has shut down permanently ExtraTorrent with all mirrors goes offline.. We permanently erase all data. Stay away from fake ExtraTorrent websites and clones. Thx to all ET supporters and torrent community. ET was a place to be…. May 17, 2017″

No one knows yet if the contributers to ExtraTorrent are under legal pressure, but it would follow the trend in relation to pirate sites in recent years.

The internet reacts to the loss:

🙁

What’s left to do?

Dumped!

Interesting Theory

We’re all struggling bro

Techworm_in has some alternative suggestions:

An update from Torrentfreak:

Update: We were informed by SaM that ExtraTorrent’s release group ETRG is gone now. “Ettv and Ethd could remain operational if they get enough donations to sustain the expenses and if they people handling it ready to keep going,” we were told. (Read more…)

Like our Facebook page to get updates as they come in.

More news stories like this here.

CategoriesNewsSecurity

Wannacry Ransomware Attack – Updates From Top Sources

WannaCry? Ransomware Spreads Globally…

A ransomware attack began last week in Europe, targeting thousands of computers running Windows. Ransomware is malicious software that makes it impossible for the user to access their computer files unless they pay a ransom. Ransomware attackers frequently ask to be paid in bitcoin. Often times, even after the ransom is paid, the user still does not regain access to their files. The name of the worm that targets the Windows OS is called Wannacry (or WannaCrypt, WanaCrypt0r 2.0, Wanna Decryptor)

Here are some updates about the Wannacry ransomware attack from some top tech sources as well as clever comments from the internet:

NSA says ransomware was like “fishing with dynamite”

Quick guide on how it all works:

More leaks coming….

Leave Wannacry Hero Alone!

“A stealthy cryptocurrency-mining malware that was also using Windows SMB vulnerability at least two weeks before the outbreak of WannaCry ransomware attacks.”

IBM Suggestions to protect yourself from ransomware

Microsoft be like

“The Wannacry Starter Pack”

VXShare claims to have access to Wannacry samples

Some Linux users are gloating

See more news stories like this.

Photo Credit: christiaancolen

CategoriesNewsSocial Media

2600 Magazine Offers $10K for Access to Donald Trump’s Tax Return

The Twitter account that represents 2600 Magazine – The Hacker Quarterly says they will offer $10K for first access to Donald Trump’s tax return. They also say that identities will be protected and provide a PGP key.

Twitter users responded with several funny comments:

There have been many recent attacks on the Democratic National Committee including the Guccifer 2.0/Wikileaks release of DNC emails and more recently a possible hack of some of the party member’s phones. Some say that hackers have been focusing too much on exposing the DNC and not enough on the RNC. Perhaps this is the opportunity they have been waiting for.

2600 has also extended the offer to Trump himself:

CategoriesHackingNewsSocial Media

Hackers Find Exploit and Reactivate LizardSquad’s Twitter Account

On September 2, hackers calling themselves “Spain Squad” used an exploit to take control of several previously suspended Twitter accounts. Among these accounts were usernames like @Hitler, @botnet, @LizardSquad and @1337. Twitter re-suspended all of the breached accounts shortly after the hack, but it is unclear whether or not they are still vulnerable to this exploit.

One of the hackers aligned with Spain Squad tweets about reactivated accounts.
One of the hackers aligned with Spain Squad tweets about reactivated accounts.

“It could be a vulnerability in Twitter’s software, a compromised staff account, or some other explanation. It’s also unclear whether the exploit is still active, or was patched concurrently with the banning of the hijacked accounts.” (Business Insider)

A spokesperson for the hacking group has stated they can do even more than recover old accounts with the exploit they found:

“The new exploit allows Spain Squad to change to suspend active accounts, change a user’s Twitter handle and even take control of active accounts. So far, the group has only demonstrated the ability to recover officially suspended accounts — though all of those have already been re-suspended by the social media company.” (Engadget)

Twitter actively suspends accounts that violate their Terms of Service (TOS). Sometimes these suspensions can be temporary and the user is able to restore their account after acknowledging broken rules and promising not to violate TOS again. Often, the user must delete offending tweets before the account will be restored. Alternatively, a Twitter account can become permanently suspended, which means the account is never to be restored under any circumstances. Restoring access to accounts that were thought to be never again accessible could prove to be profitable for hackers selling screen names that may be valuable. However Spain Squad claims to be non-malicious. Whatever their intent, they were definitely doing some of it for the lulz when they took control of the LizardSquad account:

socialhax hackers poodlecorp lizardsquad skids hack exploit twitter suspended accounts