Using basic social engineering skills, hackers have managed to use the data on cell phone bills to get customer service reps to move service to a set up mobile phone, and then use that to get into CoinBase through 2 Factor Authentication. As such, one hacker stole 8,000 BitCoin from a user named Cody. Read the full article here.
A hacker by the name of "The Dark Overlord" broke into Netflix' servers and released the new season of "Orange is the New Black," after demanding payment not to. According to TDA, he also has shows from ABC, IFC, and other channels. Leo says that is a childish act that probably was perpetrated by an ambitious teenager and Netflix did the right thing by refusing to pay up.
A year ago, a hacking group called the Shadow Brokers claimed it had a treasure trove of NSA hacking tools that they would sell to the highest bidder. They asked for $7 million in Bitcoin, but didn't get any bids. They've now released the catalog of documents, which means it's a very busy day for security researchers. While these documents are old, they're still very interesting.
Mike is worried about the Turkish Crime Family's iCloud hack. If he changes his password, couldn't they just hack it again to get them? Leo says that Apple has said it hasn't been hacked, and even if it had been, the hackers would have to "rehack" the system to get them. If Mike has turned on two factor authentication, they can't use his password anyway.
It's annoying to use two-factor, but it's the best last line of defense to prevent his account from being compromised. Also, he can use his TouchID on a new MacBook Pro and his iOS devices to insure verification.
Most of the exploits and listening techniques reported by the information from Wikileaks Vault 7 indicate that the CIA can use to eavesdrop are mostly targeted tools, and not the blanket surveillance hacks that were originally reported.
Wikileaks has announced Vault 7, a massive collection of documents that show how the CIA uses malware and other hacking techniques to spy online. Some of the techniques includes using smartTVs as a spying device since they use cameras and microphones built into the TVs. Samsung warned of this in their terms of service for their TVs last year. But Leo says that the CIA doesn't really have a switch to turn on all TVs, and if they did, the data they'd receive would be so massive and 99.9% of it would be useless. It could be used for targeted eavesdropping, though.
Ryan wants to know how would he know if his computer had been hacked. Leo says that he can always scan his computer with antivirus software and with Microsoft's Malicious Software Removal Tool. In many cases, hackers are getting around that by moving their malware into routers and other "internet of things" devices. This is why updating the router's firmware is vital.
Pwn2Own is an annual competition held at CanSacWest in Canada. Prizes are awarded to the hackers who can most quickly hack various operating systems and programs. This year a million dollars in prizes will be awarded, meaning it attracts the best hackers in the world. The money awarded is directly related to the difficulty in hacking the target. The most money goes to anyone who can hack an Apache web server.
The Russian hacking story is now all over the news, especially after the joint agency report about the hacking. Many security experts aren't basing their assessment on that report, and it was most likely misdirection for public consumption having nothing to do with the actual information. In the report, they listed about a hundred IP addresses that they believe were used by Russian government hackers. The problem with those IP addresses is that a lot of them are TOR exit nodes, which could have been used by anyone.
Leo says that the alleged hacking by the Russians in our election was a "bush league" spear phishing attack that allowed hackers to gain access to emails from the Democrat National Committee. Leo says we need to know more about it. It seems to Leo that this attack was more like North Korea hacking Sony.