Hey there, want to break into computers like an Iranian hacker crew? IBM finds 40GB of videos that include how-tos
Plus: BitTorrent CEO puts a $1m bounty on Twitter hackers
In Brief Here's something you don't see everyday. The crew at IBM X-Force has uncovered a massive cache of files, including about five hours of training videos intended for a select crew of hackers in Iran known as ITG18.
Big Blue said the videos range from two minutes to two hours and mainly cover techniques for compromising popular webmail services. They also include videos of hackers combing through data in a compromised email accounts from Google, AOL Hotmail, and Yahoo!, including those of member of the United States Navy, as well as an officer in the Hellenic naval forces.
It's not all success, the videos also show failed phishing attempts too. But learning from failure is a key part of IT training too.
"Rarely are there opportunities to understand how the operator behaves behind the keyboard, and even rarer still are there recordings the operator self-produced showing their operations," said researchers Allison Wikoff and Richard Emerson.
BitTorrent boss posts $1m hacker bounty
One of the victims of the massive Twitter hack is offering big bucks to anyone who can identify his assailants.
Justin Sun, CEO of BitTorrent and founder of the Tron Foundation, has put out the call for a $1m bounty on information about the people responsible for the massive hack and cryptocurrency grab that was believed to have netted around $120,000 in scammed cryptocoins obtained via hijacked celebrity and corporate accounts.
TRON Founder & CEO of @BitTorrent, Justin Sun is putting out a Bounty for the hackers in the amount of $1 million.— BitTorrent Inc. (@BitTorrent) July 15, 2020
He will personally pay those who successfully track down, and provide evidence for bringing to justice, the hackers/people behind this hack affecting our community.
Surely this can only end well.
Orange suffers ransomware attack
French telecoms giant Orange has confirmed that its enterprise services arm was the victim of a ransomware infection in which information of around 20 of its customers was stolen and leaked.
The Orange Business Services outfit was said to have fallen victim to the Nefilim ransomware crew, who posted an archive of the pilfered data onto its leaks site. The stolen data is believed to have been lifted from customers who were using Orange's virtualization service.
"This attack seems to have allowed hackers to access the data of around 20 PRO / SME customers hosted on the platform," Orange said. "Affected customers have already been informed by Orange teams and Orange continues to monitor and investigate this breach."
Feds drop the hammer on hacker money mule
The FBI is talking up a 71-month prison sentence handed out to a man who did the dirty work of hackers.
Donald Conkright, 63, of Florida was given the nearly six-year term after he was found to have knowingly served as the money mule for a $2m business email compromise heist. Conkright took money stolen from a Texas school district into his bank account then moved it out of the country via wire transfer, pocketing a portion for himself.
It is said that Conkright became a mule out of love: he started moving the criminals' cash at the request of a person he met through an online dating site.
"Conkright was a willing participant, and he acknowledged that he was engaging in money laundering,” said special agent Matthew Wilkins. “Although he knew the transactions were benefiting criminals, he made money from it and did not stop.”
CISA posts advisory on Windows bug
CISA director Christopher Krebs issued an emergency directive to all Homeland Security agencies saying they had 24 hours to patch CVE-2020-1350, a remote code execution bug in Windows Server triggered by malformed DNS packets. Amazingly, the bug was present on Server for 17 years before finally being rooted out, but it's highly wormable and considered a major threat to network safety.
"Though we are not aware of active exploitation, it is only a matter of time for an exploit to be created for this vulnerability," said Krebs. ®