CategoriesHackingNews

Hacking School Computers to Change Grades

Hackers recently targeted a Virginia high school in order to change the grades of multiple students. The hackers were able to obtain access to teacher accounts when they sent out a phishing link. The phishing link was included inside an email that pretended to be from the “Oaktown High School’s Honor Council” dedicated to “honor and integrity”. The link then directed the user to a malware site, which downloaded key logger software onto the computer.

A key logger records strokes on the user’s keyboard, including passwords and other sensitive data. That information is captured by the hacker, giving them the ability to access the user’s accounts.

Hacked School System

The Virginia high school hackers used their access to make several changes in the school system:

After the emails began circulating, there were multiple cases of grade changes being requested, as well as students’ passwords being changed and emails being sent through remote log-ins, according to the search warrant. The court document does not say whether the hackers were successful in changing any grades, and Fairfax County Public Schools officials declined to say. –The Washington Post

Hacking Grades Could Result in Heavy Charges

Law Enforcement haven’t found the high school hackers, but if they do, charges could be steep.

There was a recent case of a University of Georgia student who hacked into his professor’s computer in order to alter his grades. He was charged with over 70 counts of computer forgery and computer trespassing.

According to the Washington Post, these types of grade-changing hacks are increasing. There are also services for hire to help students change their grades through hacking, as well as YouTube tutorials.

Photo credit: Katy Levinson

CategoriesData BreachesNewsSecurity

Panera Bread Ignored Data Breach Warning, Said it was a “Scam”

Panera Bread has suffered a major data breach, affecting potentially 7 million customers. The data is said to include names, email addresses, and credit card information. What’s worse – the data could have been crawled and indexed with simple automated tools.

This wasn’t news to those at the top at Panera Bread. Last summer, a security researcher told Panera Bread that their website was exposing this sensitive data. When Panera was made aware of the flaw, they dismissed it as a scam or sales pitch. After months of the flaw continuing to be exposed and unpatched, the security researcher decided to go public with evidence of the vulnerability.

“I am not exaggerating when I say you have a massive sensitive data exposure issue,” he said, “and I’d simply like you to be made aware of it so you can quickly resolve it.” -researcher Dylan Houlihan (in response to Panera Bread maintaining that he was giving a sales pitch).

Panera Bread is now downplaying the security of the breach, telling Fox News they have secured the breach and only ten thousand records were exposed. Krebs on Security is not buying it, especially considering Panera’s commercial division which serves countless catering companies which may run on the same software.

As of this writing, Panera has not made any statement on their website (it was recently taken down) nor on Twitter about the breach.

Photo Credit: Mike Mozart

CategoriesHackingNewsSocial Media

Hackers Find Exploit and Reactivate LizardSquad’s Twitter Account

On September 2, hackers calling themselves “Spain Squad” used an exploit to take control of several previously suspended Twitter accounts. Among these accounts were usernames like @Hitler, @botnet, @LizardSquad and @1337. Twitter re-suspended all of the breached accounts shortly after the hack, but it is unclear whether or not they are still vulnerable to this exploit.

One of the hackers aligned with Spain Squad tweets about reactivated accounts.
One of the hackers aligned with Spain Squad tweets about reactivated accounts.

“It could be a vulnerability in Twitter’s software, a compromised staff account, or some other explanation. It’s also unclear whether the exploit is still active, or was patched concurrently with the banning of the hijacked accounts.” (Business Insider)

A spokesperson for the hacking group has stated they can do even more than recover old accounts with the exploit they found:

“The new exploit allows Spain Squad to change to suspend active accounts, change a user’s Twitter handle and even take control of active accounts. So far, the group has only demonstrated the ability to recover officially suspended accounts — though all of those have already been re-suspended by the social media company.” (Engadget)

Twitter actively suspends accounts that violate their Terms of Service (TOS). Sometimes these suspensions can be temporary and the user is able to restore their account after acknowledging broken rules and promising not to violate TOS again. Often, the user must delete offending tweets before the account will be restored. Alternatively, a Twitter account can become permanently suspended, which means the account is never to be restored under any circumstances. Restoring access to accounts that were thought to be never again accessible could prove to be profitable for hackers selling screen names that may be valuable. However Spain Squad claims to be non-malicious. Whatever their intent, they were definitely doing some of it for the lulz when they took control of the LizardSquad account:

socialhax hackers poodlecorp lizardsquad skids hack exploit twitter suspended accounts

CategoriesHackingSecurity

Are The Shadow Brokers Like Snowden? Theory Suggests Insider Hack

By now, most of our readers have heard of the Shadow Brokers, the hacker group who obtained a large trove of data from the National Security Agency (NSA) and leaked information about the NSA’s cyber tools. The cyber tools were apparently stolen from the Equation Group, a cyber attack operation who experts believe are part of the NSA.

(Watch a quick overview about the NSA hack – “NSA Reportedly Hacked By Group Called The Shadow Brokers”):

Initially, evidence suggested that the Shadow Brokers were Russian, but a new theory is emerging that whoever is leaking this data might be “a second Edward Snowden… albeit one with different motives” (Fortune). James Bamfield, a journalist who is well known for his publications about United States intelligence agencies, believes that Russia would not want to publish these hacks if they obtained them, because companies would quickly patch their vulnerabilities and the information would soon be worthless to anyone trying to sell the data. He also brings up that the bad English used by the hackers seems to be phony. Furthermore, he suggests that the hacker(s) could be linked to the NSA’s Tailored Access Operations (TAO) which is a unit of the surveillance agency that gathers intelligence related to cyber-warfare. He states:

“Rather than the NSA hacking tools being snatched as a result of a sophisticated cyber operation by Russia or some other nation, it seems more likely that an employee stole them. Experts who have analyzed the files suspect that they date to October 2013, five months after Edward Snowden left his contractor position with the NSA and fled to Hong Kong carrying flash drives containing hundreds of thousands of pages of NSA documents.

So, if Snowden could not have stolen the hacking tools, there are indications that after he departed in May 2013, someone else did, possibly someone assigned to the agency’s highly sensitive Tailored Access Operations” (Reuters).

As of now, the “second Snowden” theory is just that – a theory. Most experts still say Russia is behind the hacks. Nevertheless, as Bamford puts it in his commentary – the “NSA may prove to be one of Washington’s greatest liabilities rather than assets.”

CategoriesHackingNews

Did Another Hacker Steal NSA Exploits from the Shadow Brokers?

A Twitter user who goes by @1×0123 claims to have stolen the data that The Shadow Brokers hacked from the NSA.

nsa hacker

Gizmodo reached out to the hacker and were unable to verify their claims. However, back in April, NSA whistleblower Edward Snowden, gave them praise for reporting a vulnerability which may lend some credibility.

The hacker says they just need “some money to pay bills and stuff” and offered to share 50% of it with Gizmodo if they wanted to make an offer.

CategoriesBitcoinHackingNews

A Seized Silk Road Wallet is Moving Bitcoin to the NSA Hackers

Last week, a group called the “Shadow Brokers” claimed to have hacked the NSA – stealing their code, exploits and spy tools. They leaked bits of information on GitHub and claimed the information was stolen from the Equation Group, a group who most believe is a computer surveillance wing of the NSA. The Shadow Brokers says they will auction off the data to the highest bidder. Leaks from Edward Snowden have demonstrated that this hack is legit. (The Register) Security experts believe that the hacker group is Russian.

Now it appears that there are some Bitcoin moving from a seized Silk Road wallet to the Shadow Broker’s auction. This leads some experts to believe that “the US government is potentially bidding to prevent stolen NSA exploits and tools from ending up in the wrong hands”. It could also mean that the government might be making an attempt to trace where the Bitcoins are going. Additionally, it must be noted that the co-founder of a major Bitcoin investigation company says that payments are also going in the other direction. This could simply indicate that spam is being sent in very small payments to famous addresses. (ZDNet)

So far, the Shadow Brokers have collected around $1000 in Bitcoin payments – a far cry from the 1 million Bitcoins they have demanded (which would be worth just over a half a billion $USD at the time of this writing). The U.S. government seized several thousand Bitcoin when shutting down Silk Road, so this may be their source of funds when dealing with the Shadow Broker hackers.

Learn more about the Shadow Brokers hack of the NSA here:

CategoriesInternetPrivacySecurity

New Security Measures from Gmail (VIDEO)

Have you noticed some of the changes lately in your Gmail inbox? You may have received an email from a friend or colleague and saw that it had an unlocked red padlock next to it like this:

gmail not encrypted did not encrypt this message

When you hover over the padlock, it says something like: “Some recipients use services that don’t support encryption” or “[(x) service provider] did not encrypt this message”. Gmail put this visual element in place to let users know that the sender’s email service does not support TLS encryption (video explaining TLS encryption following this article). Gmail users took notice of this change and in less than 2 months of implementation, “the amount of inbound mail sent over an encrypted connection increased by 25%” –Nicolas Lidzborski Gmail Security Blog

Another change you may have noticed is that the person you receive an email from has a question mark next to their name rather than the standard Google Plus avatar. A message is displayed that says: “Gmail couldn’t verify that this message was sent by [sender]…” This is a new way for Gmail to help you flag spam or determine if emails are spoofed.

gmail couldn't verify spammer

You will often see this warning when the message has been forwarded or has been sent by a third party site, as reflected by the email headers – or if the email service provider did not sign or verify the messages.

These new features are part of Google’s protections that are designed to help keep their users safe. Since 2012, Google has also warned its users if state-sponsored attackers may be targeting them. Even though this is a rare warning to receive, it is important for people like journalists and activists to know if they’re being targeted.

state sponsored attackers gmail

Now Google has made a new announcement. If they have reason to believe government-backed attackers may be trying to steal your password, they will give you a full page warning upon sign in like this:

new warning google government state sponsored attackers

Google maintains: “The security of our users and their data is paramount.” Do you believe these changes will in fact make Gmail’s users safer?


(Google now lets Gmail users know if senders are not using TLS encryption. Learn about TLS by watching the above video)