Frontline Soldier Hack
Tonje Mcknight
LulzSec, a hacker group, has claimed credit for cracking PBS's website and leaking its login credentials after an episode of its Frontline show--titled "WikiSecrets"--that put a critical spotlight on WikiLeaks and the suspected source of its troves of classified documents, Bradley Manning.
LulzSec, which has previously taken responsibility for hacking Sony BMG's Japanese website, has promised more attacks against Sony soon. "Phase 1 will begin within the next day," the LulzSec twitter feed read just before announcing the PBS hack, following up on its warning from Friday: "We're working on another Sony operation...it's the beginning of the end for Sony."
Russian soldiers have switched off their encrypted phone system after towers were destroyed and are using normal phones with local sim cards, according to Bellingcat, an open-source investigative journalism organisation.
An important point is that the researchers did not individually seek out these soldiers. Using very limited resources (about $60), the researchers used publicly available data and microtargeting tools (e.g., Facebook advertising) to induce the soldiers to come to them as self-nominating targets for exploitation.
Two government officials, speaking under the condition of anonymity, told the publication that soldiers had difficulty connecting to the satellite internet service when they entered cities that had only recently been freed from Russian troops.
Roman Sinicyn, a co-ordinator at a foundation that donates Starlink systems to the Ukrainian armed forces, told FT the issue could be caused by SpaceX representatives working to make sure Russian soldiers couldn't use the technology, as the liberation of some of the areas had not been made public yet at the time of the connectivity issues.
Ukraine first started using Starlink in February. Musk agreed to send Ukraine a shipment of Starlink satellite internet dishes just two days after Russia invaded Ukraine. It was the first of many shipments to the country that has helped Ukraine stay connected amid Russia's attacks and a hack on the satellite provider for its military.
The US intelligence community has concluded there is no doubt the Russians meddled in the 2016 US presidential election, leaking stolen e-mails and inflaming tensions on social media. While Congress and Special Counsel Robert Mueller investigate Russian interference, including whether the campaign of Donald Trump colluded with Russia, we focused on one vector of the attack on American democracy: the sweeping cyber assault on state voting systems that US intelligence tied to the Russian government. You're about to hear what happened from the frontline soldiers of a cyberwar that was fought largely out of public view. As we first reported in April, it took place on digital battlegrounds in states throughout the country.
Steve Sandvoss showed us the voter registration website where the hackers exploited a security flaw to get in. His IT team determined the attackers had been in their system unseen for three weeks. They only noticed when the hackers suddenly ramped up their attack and, in just a couple of hours, scooped up complete records of 3,500 voters, and bits of information on as many as a half million. His engineers upgraded the firewall and plugged the website holes. That stopped the data heist, but not the attack.
60 Minutes obtained this previously undisclosed Department of Homeland Security internal document that details the scope of the Russian cyberattack - a snapshot of what investigators were seeing on October 28th, less than two weeks before the presidential election. The document shows hackers tried to get into 20 state election systems and an election IT provider in Nebraska. Hackers successfully infiltrated Illinois, a county election database in Arizona, a Tennessee state website, and an IT vendor in Florida.
On October 7th, three months after the Illinois hack and one month before the election, the Obama administration decided it had enough evidence to call out the Russians. But there was no press conference, no pronouncement from the Oval Office, just this three-paragraph statement saying the Kremlin, "intended to interfere with the US election process."
Since our story first aired, Special Counsel Robert Mueller indicted Russian intelligence agents for hacking into state election systems in 2016. And just this month, the heads of DHS, the FBI, the NSA, and the director of national intelligence warned that Russia is still targeting US elections. They said our democracy is quote "in the crosshairs."
The number of Russian casualties remains unclear as a Russian tabloid claimed that more than 9,000 Russian soldiers had been killed in the fighting. Russian authorities pushed back on the report, saying it was published as the result of a hacking operation.
In the southern Ukrainian city of Kherson, Russian forces shelled a fire department on Friday morning before the ceasefire came into effect, the regional governor said. One rescue worker was killed and four others were injured, he said. Journalists also reported hearing both outgoing and incoming shelling around the frontline city of Bakhmut in eastern Ukraine.
The dangers of using devices on the battlefield have possibly been thrust into the spotlight again, as Russia blames mobile phone use by its soldiers for a deadly Ukrainian missile strike in Makiivka which by some estimates killed hundreds of servicemen.
John Scott Railton, a senior researcher at the University of Toronto's Citizen Lab, said by accessing a phone's underlying operating system, an enemy could hack it to appear off when in fact it was on - making it a glowing beacon on the battlefield.
Not a single act of compassion towards the soldiers who died at the frontline in northern Cameroon; repeated absence from the funerals of the fallen soldiers; not a single word to soldiers still on the field; no trip to encourage the ground troops. These are among the many questions that President of the Republic, whose continued silence is food for thought, has to answer.
One can therefore easily understand the outrage that erupted when barely three days after the Yaounde ceremony, the website of the Presidency of the Republic published a photoshopped image of the president bowing before the coffins of the dead soldiers.
After thorough verification, the false news attributed to the official website of the Presidency of the Republic is the result of a grotesque photomontage by a hacker who broke into the site, and who was undoubtedly motivated by a desire to undermine and dishonor the Head of State, our defense and security forces, and the entire nation.
In a 2020 report Running in Circles, we identified a Salvadoran client of Circles, an NSO Group-affiliated company. The Circles system, which is an entirely separate product and uses different technology than Pegasus, allows its operator to track locations of phones around the world, and to intercept unencrypted SMS messages and phone calls in some cases. Unlike Pegasus, use of the Circles system does not involve hacking target devices, and instead involves attacks against the mobile phone signaling system. The forensic artifacts analyzed in this report have no relationship to Circles technology.
While there is no conclusive technical evidence that TOROGOZ represents the Salvadoran government, the strong country-specific focus of the infections suggests that this is very likely. Additionally, in the single case of hacking in this investigation in which we recovered the domain names of the Pegasus servers used, the TOROGOZ operator was implicated.
We conclude that at least 35 individuals from media organizations El Faro, GatoEncerrado, La Prensa Gráfica, Revista Digital Disruptiva, Diario El Mundo, El Diario de Hoy, and two independent journalists were hacked with Pegasus. We also identified hacking against civil society organizations in El Salvador, including Fundación DTJ, Cristosal, and another NGO.
The hacking of Salvadoran civil society organizations with Pegasus mercenary spyware reflects a familiar pattern observed time and again in authoritarian societies: the use of advanced technology to frustrate and interfere with this essential component of a democratic society. In this case, the hacking also fits within a broader trend of abusive targeting and attacks against civil society in El Salvador.
Accuvant represents an upside to cyberwar: a booming market. Corporations spent $60 billion worldwide on information-security services last year, according to a report by Gartner, a technology-research firm, and are expected to shell out a whopping $86 billion in 2016. To the consternation of businesses around the world, entrepreneurial hackers hunt for security flaws, then sell the technical info to governments from Russia to North Korea, as well as the National Security Agency here. Google and Microsoft are among those who pony up as well, hoping to improve their products. Technical details on a single vulnerability go for as much as $150,000.
Reality: Something like this happened for real in April, when hackers hijacked the Associated Press Twitter feed, posting the phony message "Breaking: Two Explosions in the White House and Barack Obama is injured." A group called the Syrian Electronic Army took credit for the hack, which caused a momentary $200 billion drop in the Dow.
Adventurer Todd Sampson is on a mission to investigate some of the most extraordinary people on the planet to see what we can all learn from their lives. To try to understand them, he will not only walk in their shoes, he hacks into their world using science as his guide. This is the story of human potential and how our mind and body can adapt to almost anything.
In this second series, Sampson faces extreme challenges with the Matsés of the Amazon, Iraqi frontline soldiers, sādhu holy men of India, the kung fu masters of China, the firefighters of Washington DC and the Kazakh Eagle Hunters of Mongolia. Each episode highlights a unique aspect of human physiology and psychology, including cold adaptation, chronic stress, spatial awareness, pain tolerance and heat duress.
eebf2c3492