Category Archives: Hacking

British judge rules dissident can sue Saudi Arabia for Pegasus hacking

Posted on by

Ghanem Almasarir’s victory opens way for other hacking victims in UK to bring cases against foreign governments

A British judge has ruled that a case against the kingdom of Saudi Arabia brought by a dissident satirist who was targeted with spyware can proceed, a decision that has been hailed as precedent-setting and one that could allow other hacking victims in Britain to sue foreign governments who order such attacks.

The case against Saudi Arabia was brought by Ghanem Almasarir, a prominent satirist granted asylum in the UK, who is a frequent critic of the Saudi royal family.

Continue reading...

Apple security flaw ‘actively exploited’ by hackers to fully control devices

Posted on by

The vulnerability has affected various models of the iPhone, iPad and Mac, with experts advising updating products to secure them

Apple disclosed serious security vulnerabilities for iPhones, iPads and Macs that could potentially allow attackers to take complete control of these devices on Wednesday.

The company said it is “aware of a report that this issue may have been actively exploited”.

Continue reading...

Spyware is huge threat to global human rights and democracy, expert warns

Posted on by

Cybersecurity expert Ron Deibert to testify to Canadian MPs about troubling spread of invasive surveillance tools

The mercenary spyware industry represents “one of the greatest contemporary threats to civil society, human rights and democracy”, a leading cybersecurity expert warns, as countries grapple with the unregulated spread of powerful and invasive surveillance tools.

Ron Deibert, a political science professor at the university of Toronto and head of Citizen Lab, will testify in front of a Canadian parliamentary committee on Tuesday afternoon about the growing threat he and others believe the technology poses to citizens and democracies.

Continue reading...

US sanctions Tornado Cash over fears of aiding North Korean hackers

Posted on by

US treasury says popular cryptocurrency service reportedly laundered more than $7bn worth of virtual currency

The United States on Monday imposed sanctions on Tornado Cash, a popular cryptocurrency service that allows users to mask their transactions, accusing it of helping hackers, including from North Korea, to launder proceeds from their cybercrimes.

A senior treasury department official said Tornado Cash, one of the largest virtual currency “mixers” identified as problematic by the treasury, has reportedly laundered more than $7bn worth of virtual currency since it was created in 2019.

Continue reading...

Brisbane teenager built spyware used by domestic violence perpetrators across world, police allege

Posted on by

Jacob Wayne John Keen, 24, is alleged to have created hacking tool when 15 years old and sold it to more than 14,500 people

Police allege that a teenager living in the suburbs of Brisbane created and sold a sophisticated hacking tool used by domestic violence perpetrators and child sex offenders to spy on tens of thousands of people across the globe – and then used the proceeds to buy takeaway food.

Jacob Wayne John Keen, now 24, was 15 years old and living in his mother’s rental when he allegedly created a sophisticated spyware tool known as a remote access trojan (RAT) that allowed users to remotely take control of their victims’ computers.

Sign up to receive an email with the top stories from Guardian Australia every morning

Continue reading...

Nephew of jailed Hotel Rwanda dissident hacked by NSO spyware

Posted on by

Latest findings suggest Rwandan government has deployed surveillance campaign against relatives of Paul Rusesabagina

The mobile phone of a Belgian citizen who is the nephew of Paul Rusesabagina, a jailed critic of the Rwandan government made famous by his portrayal in Hotel Rwanda, was hacked nearly a dozen times in 2020 using Israeli-made surveillance technology, according to forensic experts at The Citizen Lab.

The findings follow earlier revelations by the Guardian and other media partners in the Pegasus Project, an investigation of Israel’s NSO Group, that Rusesabagina’s daughter, a dual American-Belgian national named Carine Kanimba, was under near-constant surveillance by a client of NSO Group from January to mid-2021, when the hacking attack was discovered by researchers at Amnesty International’s security lab.

Continue reading...

FBI and MI5 leaders give unprecedented joint warning on Chinese spying

Posted on by

Christopher Wray joins Ken McCallum in London, calling Beijing the ‘biggest long-term threat to economic security’

The head of the FBI and the leader of Britain’s domestic intelligence agency have delivered an unprecedented joint address raising fresh alarm about the Chinese government, warning business leaders that Beijing is determined to steal their technology for competitive gain.

In a speech at MI5’s London headquarters intended as a show of western solidarity, Christopher Wray, the FBI director, stood alongside the MI5 director general, Ken McCallum. Wray reaffirmed longstanding concerns about economic espionage and hacking operations by China, as well as the Chinese government’s efforts to stifle dissent abroad.

Continue reading...

Hacker claims to have obtained data on 1 billion Chinese citizens

Posted on by

Personal information allegedly taken from Shanghai police database would be one of biggest data breaches in history

A hacker has claimed to have stolen the personal information of 1 billion Chinese citizens from a Shanghai police database, in what would amount to one of the biggest data breaches in history if found to be true.

The anonymous hacker, identified only as “ChinaDan”, posted on hacker forum Breach Forums last week offering to sell the more than 23 terabytes (TB) of data for 10 bitcoin, equivalent to about $200,000 (£165,000).

Continue reading...

British army confirms breach of its Twitter and YouTube accounts

Posted on by

Investigation under way after pictures of Elon Musk uploaded to video channel and posts about NFTs seen on Twitter

The British army has confirmed a breach of its Twitter and YouTube accounts and an investigation is under way after both official sites appeared to have been hacked.

The army’s YouTube channel features videos on cryptocurrency and images of billionaire businessman Elon Musk. The official Twitter account has retweeted a number of posts appearing to relate to non-fungible tokens (NFTs). These are crypto assets – such as an image, video or text – of which people can be certified as owners.

Continue reading...

US defence contractor in talks to take over NSO Group’s hacking technology

Posted on by

Deal – which would require approval from US and Israel – would give L3Harris control over controversial Pegasus tool

The US defence contractor L3Harris is in talks to take over NSO Group’s surveillance technology, in a possible deal that would give an American company control over one of the world’s most sophisticated and controversial hacking tools.

Multiple sources confirmed that discussions were centred on a sale of the Israeli company’s core technology – or code – as well as a possible transfer of NSO personnel to L3Harris. But any agreement still faces significant hurdles, including requiring the blessing of the US and Israeli governments, which have not yet given the green light to a deal.

Continue reading...

Don’t accidentally hire a North Korean hacker, FBI warns

Posted on by

Employing remote IT workers who are secretly working for Kim Jong-un’s regime poses risks and may breach sanctions, say US agencies

US officials have warned businesses against inadvertently hiring IT staff from North Korea, saying that rogue freelancers were taking advantage of remote work opportunities to hide their true identities and earn money for Pyongyang.

An advisory issued by the state and treasury departments and the FBI said the effort was intended to circumvent US and UN sanctions, and bring in money for North Korea’s nuclear weapons and ballistic missile programs. The officials said companies who hired and paid such workers may be exposing themselves to legal consequences for sanctions violations.

Continue reading...

Catalans demand answers after Spanish spy chief confirms phone hacking

Posted on by

Paz Estaban told committee spyware was used on 18 Catalan activists with judicial approval, sources say

The Catalan government is calling for answers “from the highest level” after the head of Spain’s National Intelligence Centre (CNI) reportedly confirmed that 18 members of the regional independence movement were spied on with judicial approval.

The apparent admission – to a congressional committee – came two weeks after cybersecurity experts said at least 63 people connected with the Catalan independence movement had been targeted or infected with Pegasus spyware, and three days after the Spanish government said the phones of the prime minister and the defence minister had been targeted with Pegasus.

Continue reading...

Over 200 Spanish mobile numbers ‘possible targets of Pegasus spyware’

Posted on by

Data leak reveals scale of potential surveillance by NSO Group client believed to be Morocco

More than 200 Spanish mobile numbers were selected as possible targets for surveillance by an NSO Group client believed to be Morocco, according to the data leak at the heart of the Pegasus project.

Details of the scale of the apparent targeting came as Spain’s highest criminal court opened an investigation into how the mobile phones of the prime minister, Pedro Sánchez, and the defence minister, Margarita Robles, came to be infected with Pegasus spyware last year.

Continue reading...

Spanish prime minister’s phone ‘targeted with Pegasus spyware’

Posted on by

Minister for presidency says ‘illicit’ targeting will be investigated by Spain’s highest criminal court

The Spanish government has said the mobile phones of the prime minister, Pedro Sánchez, and the defence minister, Margarita Robles, were both infected last year with the Pegasus spyware that its manufacturers claim is available only to state agencies.

In a hastily convened press conference on Monday morning, Félix Bolaños, the minister for the presidency, said Sánchez’s phone was targeted in May and June 2021, while Robles’s was targeted in June 2021. Data was extracted from both phones.

Continue reading...

Boris Johnson must pay attention to basic cybersecurity rules, says security adviser

Posted on by

Peter Ricketts’ warning comes as UAE accused of using Pegasus spyware to hack into mobile phone at Downing Street

Boris Johnson should “pay close attention” to basic rules of cybersecurity, a former national security adviser has said, after it emerged that the United Arab Emirates was accused of hacking into a mobile phone at Downing Street.

Peter Ricketts, who held the post between 2010 and 2012, said the cyber-attack demonstrated that “commercially made” Pegasus software from NSO Group allowed a “wide range of actors” to engage in sophisticated espionage.

Continue reading...

No 10 suspected of being target of NSO spyware attack, Boris Johnson ‘told’

Posted on by

No 10 subjected to UAE-linked spyware attack, says report, but Israeli firm suggests allegations are false

Boris Johnson has been told his Downing Street office has been targeted with “multiple” suspected infections using Pegasus, the sophisticated hacking software that can turn a phone into a remote listening device, it was claimed on Monday.

A report released by Citizen Lab at the University of Toronto said the United Arab Emirates was suspected of orchestrating spyware attacks on No 10 in 2020 and 2021.

Continue reading...

Catalan leaders targeted using NSO spyware, say cybersecurity experts

Posted on by

Victims said to include Pere Aragonès and Carles Puigdemont, but Israeli firm suggests claims are false

Dozens of pro-independence Catalan figures, including the president of the north-eastern Spanish region and three of his predecessors, have been targeted using NSO Group’s Pegasus spyware, according to a report from cybersecurity experts.

The research published on Monday by Citizen Lab, considered among the world’s leading experts in detecting digital attacks, said victims of the mobile phone targeting included Pere Aragonès, who has led Catalonia since last year, as well as the former regional presidents Quim Torra, Carles Puigdemont and Artur Mas.

Continue reading...

Victim’s iPhone hacked by Pegasus spyware weeks after Apple sued NSO

Posted on by

Quartet targeted by clients – thought to be Jordanian government agencies – of Israeli company even after Apple sued in November

New evidence has revealed that an Apple iPhone was successfully hacked by a government user of NSO Group’s Pegasus spyware in December, weeks after the technology giant sued the Israeli company in a US court and called for it to be banned from “harming individuals” using Apple products.

A report published on Tuesday by security researchers at Front Line Defenders (FLD) and Citizen Lab at the University of Toronto found that phones belonging to four Jordanian human rights defenders, lawyers and journalists were hacked by government clients of NSO – which appear to be Jordanian government agencies – from August 2019 to December 2021.

Continue reading...

US charges four Russian hackers over cyber-attacks on global energy sector

Posted on by

Quartet accused in two major hacking campaigns between 2012 and 2018, indictment unsealed by justice department reads

The US has unveiled criminal charges against four Russian government officials, saying they engaged in two major hacking campaigns between 2012 and 2018 that targeted the global energy sector and affected thousands of computers across 135 countries.

In one now-unsealed indictment from August 2021, the justice department said three alleged hackers from Russia’s Federal Security Service (FSB) carried out cyber-attacks on the computer networks of oil and gas firms, nuclear power plants, and utility and power transmission companies across the world between 2012 and 2017.

Continue reading...

Ukrainian government calls on hackers to help defend against Russia

Posted on by

Cybersecurity firm seeks volunteers to help nation’s military conduct espionage operations against Russian forces

The government of Ukraine is asking for volunteers from the country’s hacker underground to help protect critical infrastructure and conduct cyber spying missions against Russian troops, according two people involved in the project.

As Russian forces attacked cities across Ukraine, requests for volunteers began to appear on hacker forums on Thursday morning, as many residents fled the capital Kyiv.

Continue reading...