Home / Tag Archives: hacker

Tag Archives: hacker

US Air Force drone documents found for sale on the dark web for $200

You never quite know what you’ll find on the dark web. In June, a threat intelligence team known as Insikt Group at security research firm Recorded Future discovered the sale of sensitive U.S. military information in the course of monitoring criminal activity on dark web marketplaces. Insikt explains that an English-speaking hacker purported to have documentation on the MQ-9 Reaper unmanned aerial vehicle. Remarkably, the hacker appears to have been selling the goods for “$150 or $200.” According to Insikt Group, the documents were not classified but also contained sensitive materials, including “the M1 Abrams maintenance manual, a tank platoon training course, a crew survival course, and documentation on improvised explosive device (IED) mitigation tactics.” Insikt notes that the other set of documents appears to have been stolen from a U.S. Army official or from the Pentagon, but the source was not confirmed. The hacker appeared to have joined the forum explicitly for the sale of these documents and acknowledged one other incident of military documents obtained from an unaware officer. In the course of its investigation, Insikt Group determined that the hacker obtained the documents by accessing a Netgear router with misconfigured FTP login credentials. When the team corresponded with the hacker to confirm the source of hacked drone documents, the attacker disclosed that he also had access to footage from a MQ-1 Predator drone. Here’s how he did it: Utilizing Shodan’s popular search engine, the actors scanned large segments of the internet for high-profile misconfigured routers that use a standard port 21 to hijack all valuable documents from compromised machines. Utilizing the above-mentioned method, the hacker first infiltrated the computer of a captain at 432d Aircraft Maintenance Squadron Reaper AMU OIC, stationed at the Creech AFB in Nevada, and stole a cache of sensitive documents, including Reaper maintenance course books and the list of airmen assigned to Reaper AMU. While such course books are not classified materials on their own, in unfriendly hands, they could provide an adversary the ability to assess technical capabilities and weaknesses in one of the most technologically advanced aircrafts.

Read More »

Overflow error shuts down token trading

A recently discovered programming error can make some crypto tokens susceptible to hackers . The exploit allows a hacker to pass an unusually high value to the exchange and get a ridiculous number of tokens in exchange, a problem that has caused the Okex exchange shut down all token trading including one called BeautyChain (BEC) . What’s really interesting is how the hack worked. As you can see above a line in the smart contract creates another value – amount – by multiplying cnt and _value . The hackers made a transfer and set the value to eight vigintillion – an eight with 63 zeroes. When this value is passed, the code overflows allowing the hacker to gain a massive number of tokens. Thanks to the smart contract’s “code-is-law” principal, each of these transfers are technically legitimate. “There is no traditional well-known security response mechanism in place to remedy these vulnerable contracts!” wrote one researcher on Medium . “With that, we further run our system to scan and analyze other contracts. Our results show that more than a dozen of ERC20 contracts are also vulnerable to batchOverflow.” In response Okex shut down all ERC-20 tokens but there are other exchanges and tokens susceptible to the hack. “To protect public interest, we have decided to suspend the deposits of all ERC-20 tokens until the bug is fixed.

Read More »

New ‘Silicon Valley’ VR experience lets you rip a bong in the hacker hostel

HBO’s Silicon Valley is returning to the air with Season 5 debuting on Sunday. To prep fans, HBO is teasing a virtual reality experience where users will be able to explore Erlich Bachman’s hacker hostel and interact with a ton of easter eggs from the show. You can rip a bong, open up some Fage yogurt, play the piano and pretty much just trash the place. The experience seems to fit in a surprising number of references from the show and generally appears to be a lot more high quality than most of these marketing gags generally are. Like, some studio definitely put a ton of work into this. Additionally, it appears that there’s new content recorded from actors in the show that pops up in it, so you’ll assuredly be able to hear the voice of Jian Yang complaining or conspiring. The experience is going to be available for download on HTC’s Viveport store when the show premieres so you’ll have to wait a couple days for it, but if you already own a VR headset you should be used to needing  a lot of patience.

Read More »