from a file server and stored on a newly created file ” . “ The attack by Fancy Bear , also known as APT28 , was detected during a proactive investigation carried out by cyber incident response ( CIR ) firm Context Information Security , ” the IAAF said . Private security firms and U.S. officials have said Fancy Bear works primarily on behalf of the GRU , Russia ’ s military intelligence agency . Fancy Bear could not be immediately reached for comment . The group and other Russian hackers were behind the cyber attacks during the U.S. presidential election last year that were intended to discredit Democratic candidate Hillary Clinton and help Donald Trump , a Republican , win , according to U.S. intelligence agencies . It was not known if the information was stolenAttack.Databreachfrom the network , the IAAF said , but the incident was “ a strong indication of the attackers ’ interest and intent , and shows they had accessAttack.Databreachand means to obtainAttack.Databreachcontent from this file at will ” . The attack was uncovered after British company Context Information Security conducted a investigation of the IAAF ’ s systems at the request of the athletics body . Context Information Security said in a separate statement that it was a “ sophisticated intrusion ” and that “ the IAAF have understood the importance and impact of the attack and have provided us comprehensive assistance ” . Last year , Fancy Bear hackedAttack.Databreachinto the World Anti-Doping Agency ( WADA ) database and publishedAttack.Databreachthe confidential medical records of several dozen athletes . Those included cyclist Bradley Wiggins , the 2012 Tour de France winner and Britain ’ s most decorated Olympian with eight medals , who was revealed to have used TUEs before some races . Wiggins retired last year under something of a cloud after it was revealed he took corticosteroid triamcinolone for asthma , although he broke no anti-doping rules . The IAAF banned Russia ’ s athletics federation after a WADA commission report found evidence of state-sponsored doping . Almost all Russia ’ s athletes missed the track and field events at the Rio Olympics last year and are likely to also miss the world athletics championships in London in August
A group known as the Shadow Brokers publishedVulnerability-related.DiscoverVulnerabilityon Good Friday a set of confidential hacking tools used by the NSA to exploitVulnerability-related.DiscoverVulnerabilitysoftware vulnerabilities in Microsoft Windows software . According to Fortune , Microsoft announcedVulnerability-related.PatchVulnerabilityon the same day that it had patchedVulnerability-related.PatchVulnerabilitythe vulnerabilities related to the NSA leakAttack.Databreach. It was especially important that the company moved quickly since juvenile hackers — also known as script kiddies — were expected to be active over the holiday weekend while defenders were away . The threat was the latest and , according to security experts , the most damaging set of stolen documents publishedAttack.Databreachby the Shadow Brokers , which is believed to be tied to the Russian government . Experts sayVulnerability-related.DiscoverVulnerabilitythe leak , which was mostly lines of computer code , was made up of a variety of “ zero-day exploits ” that can infiltrate Windows machines and then be used for espionage , vandalism or document theft . The group also publishedAttack.Databreachanother set of documents that show that the NSA penetrated the SWIFT banking network in the Middle East . “ There appears to be at least several dozen exploits , including zero-day vulnerabilities , in this release . Some of the exploits even offer a potential ‘ God mode ’ on select Windows systems . A few of the products targeted include Lotus Notes , Lotus Domino , IIS , SMB , Windows XP , Windows 8 , Windows Server 2003 and Windows Server 2012 , ” said Cris Thomas , a strategist at Tenable Network Security . The Shadow Brokers have been threatening the U.S. government for some time but until last Friday had not released anything critical . There is speculation that this document dumpAttack.Databreachcould be retaliation by Russia ( if the hackers are indeed tied to the country ) in response to recent U.S. military actions .
A group known as the Shadow Brokers publishedVulnerability-related.DiscoverVulnerabilityon Good Friday a set of confidential hacking tools used by the NSA to exploitVulnerability-related.DiscoverVulnerabilitysoftware vulnerabilities in Microsoft Windows software . According to Fortune , Microsoft announcedVulnerability-related.PatchVulnerabilityon the same day that it had patchedVulnerability-related.PatchVulnerabilitythe vulnerabilities related to the NSA leakAttack.Databreach. It was especially important that the company moved quickly since juvenile hackers — also known as script kiddies — were expected to be active over the holiday weekend while defenders were away . The threat was the latest and , according to security experts , the most damaging set of stolen documents publishedAttack.Databreachby the Shadow Brokers , which is believed to be tied to the Russian government . Experts sayVulnerability-related.DiscoverVulnerabilitythe leak , which was mostly lines of computer code , was made up of a variety of “ zero-day exploits ” that can infiltrate Windows machines and then be used for espionage , vandalism or document theft . The group also publishedAttack.Databreachanother set of documents that show that the NSA penetrated the SWIFT banking network in the Middle East . “ There appears to be at least several dozen exploits , including zero-day vulnerabilities , in this release . Some of the exploits even offer a potential ‘ God mode ’ on select Windows systems . A few of the products targeted include Lotus Notes , Lotus Domino , IIS , SMB , Windows XP , Windows 8 , Windows Server 2003 and Windows Server 2012 , ” said Cris Thomas , a strategist at Tenable Network Security . The Shadow Brokers have been threatening the U.S. government for some time but until last Friday had not released anything critical . There is speculation that this document dumpAttack.Databreachcould be retaliation by Russia ( if the hackers are indeed tied to the country ) in response to recent U.S. military actions .
The mysterious group that claims to have stolen digital weapons once used by the National Security Agency publishedAttack.Databreacha trove of active Microsoft Windows software exploits on Thursday . The code dumpAttack.Databreach, accompanied by a farewell message written in broken English by the enigmatic group the Shadow Brokers , confirms claims implicit in an earlier post Sunday . While the prior message showed filenames , directories and screenshots — implying the existence of these capabilities — along with an associated price tag , today ’ s download provides functional code . Of the 61 files provided in total in the newly released set , only one had ever been catalogued by anti-virus databases , based on a VirusTotal scan conducted earlier Thursday morning . The files contain user mode and kernel mode modules . Notably , the one tool effectively recognized by the virus scanner avoided detection from Malwarebytes , Panda , Comodo and Fortinet products , said Rendition Infosec founder Jake Williams . In their supposed final message , the ShadowBrokers say they are “ making [ an ] exit ” and “ going dark ” — although an associated bitcoin wallet will remain open for new bids . The group claims it will come out of hiding to provide the remaining stolen hacking tools only upon receiving 10,000 bitcoin , or $ 8.13 million worth of the anonymous currency . Cybersecurity experts tell CyberScoop the exploits are outdated because they are designed to work against old versions of Microsoft operating systems . “ This dump contains Windows Implants and not Unix tools , reinforcing the insider theory . And the outdated Windows target of those implants reinforce the opinion that Shadow Brokers only has old dirt , ” said Matt Suiche , founder of United Arab Emirates-based cybersecurity startup Comae Technologies . “ There is no reason to have all the tools of every platforms etc . The exploits can be understood as highly advanced hacking tools that were likely developed and deployed by a sophisticated adversary , like an intelligence service , explained Michael Zeberlein , director of intelligence analysis with Area 1 Security . “ They ’ re basically enterprise class IT infrastructure and systems management functions applied in an offensive fashion . They would help you get very granular control of computers and servers running in an enterprise environment , an entire organization , ” Zeberlein told CyberScoop . “ Really , these tools provide incredible capability ” . “ There ’ s no doubt that this is Equation Group ’ s stuff based on old reporting , ” said Zeberlein . A meticulous analysis associated with Sunday ’ s blog post suggests that the leaked information likely cameAttack.Databreachfrom an insider , rather than a hacker with accessAttack.Databreachto a compromised attack server , based on file configurations , CyberScoop first reported . “ Attackers and defenders around the globe will be reverse engineering these to repurpose [ attacks ] and create defenses , ” Williams said . “ This data , it ’ s a big deal … because it includes information related to client and server components , which will basically help [ intelligence analysts ] trace old breaches back to the Equation Group , ” a former U.S. intelligence official told CyberScoop on the condition of anonymity . The Shadow Brokers first emergedVulnerability-related.DiscoverVulnerabilityon social media in August by similarly dumping operational code for a cohort of old firewall exploits that targeted vulnerabilities in Cisco , Fortinet and Juniper Networks products . Because the source code for these firewall exploits was provided in a public forum , random hackers began using the tools themselves . “ While we can not surmise the attacker ’ s [ Shadow Brokers ] identity or motivation nor where or how this pilfered trove came to be , we can state that several hundred tools from the leakAttack.Databreachshare a strong connection with our previous findings from the Equation Group , ” Kaspersky Lab researchers , many of whom originally helped identify Equation Group ’ s existence in 2015 , wrote in a company blog post in August . The Equation Group is believed to have ties to the NSA
This is part of an ongoing Motherboard series on the proliferation of phone cracking technology , the people behind it , and who is buying it . Motherboard has obtained 900 GB of data related to Cellebrite , one of the most popular companies in the mobile phone hacking industry . The cache includes customer information , databases , and a vast amount of technical data regarding Cellebrite 's products . The breachAttack.Databreachis the latest chapter in a growing trend of hackers taking matters into their own hands , and stealingAttack.Databreachinformation from companies that specialize in surveillance or hacking technologies . Cellebrite is an Israeli company whose main product , a typically laptop-sized device called the Universal Forensic Extraction Device ( UFED ) , can rip dataAttack.Databreachfrom thousands of different models of mobile phones . That data can include SMS messages , emails , call logs , and much more , as long as the UFED user is in physical possession of the phone . Cellebrite is popular with US federal and state law enforcement , and , according to the hacked data , possibly also with authoritarian regimes such as Russia , the United Arab Emirates , and Turkey . The cache includes alleged usernames and passwords for logging into Cellebrite databases connected to the company 's my.cellebrite domain . This section of the site is used by customers to , among other things , access new software versions . In the majority of cases , this was not possible because the email address was already in use . A customer included in the data confirmed some of their details . The dump also contains what appears to be evidence files from seized mobile phones , and logs from Cellebrite devices . According to the hacker , and judging by timestamps on some of the files , some of the data may have been pulledAttack.Databreachfrom Cellebrite servers last year . `` Cellebrite recently experienced unauthorized access to an external web server , '' the company said in a statement on Thursday after Motherboard informed it of the breach . `` The company is conducting an investigation to determine the extent of the breach . The impacted server included a legacy database backup of my.Cellebrite , the company 's end user license management system . The company had previously migrated to a new user accounts system . Presently , it is known that the information accessed includes basic contact information of users registered for alerts or notifications on Cellebrite products and hashed passwords for users who have not yet migrated to the new system , '' the statement continues . Cellebrite advised customers to change their passwords as a precaution , and added that it is working with relevant authorities to assist in their investigation . Access to Cellebrite 's systems has been traded among a select few in IRC chat rooms , according to the hacker . `` To be honest , had it not been for the recent stance taken by Western governments no one would have known but us , '' the hacker told Motherboard . The hacker expressed disdain for recent changes in surveillance legislation . In 2014 a hacker calling themselves `` PhineasFisher '' publicly released 40GB of data from surveillance company Gamma International . Gamma makes intrusion software that can remotely switch on a target 's webcam , siphon offAttack.Databreachtheir emails , and much more . The following year , PhineasFisher targeted Italian company Hacking Team , and publishedAttack.Databreacha trove of emails and other internal documents from the company . Although the terms of this Cellebrite breachAttack.Databreachare somewhat different—the hacker has not dumpedAttack.Databreachthe files online for anyone to download—similarities seem to remain , especially in the hacker 's vigilante motivation .
Are you such a video game fanatic that you simply can ’ t wait to get your paws on sneak previews of upcoming hit titles ? If so , your fervour may be fuelling the criminal activities of an unnamed group of who have targeted a developer of highly popular video games . Best known for developing The Witcher series of role-playing video games , CD Projekt Red took to Twitter to announce that it had been approached by extortionists who claimed to have stolenAttack.Databreachfiles from the company , including “ documents connected to early designs for the upcoming game , Cyberpunk 2077. ” CD Projekt Red says it will not pay the ransom being demandedAttack.Ransomby the thieves , who are threatening to release the stolen files to the general public : “ We will not be giving in to the demandsAttack.Ransomof the individual or individuals that have contacted us , which might eventually lead to the files being published online . The appropriate legal authorities will be informed about the situation. ” “ The documents are old and largely unrepresentative of the current vision for the game . Still , if you ’ re looking forward to playing Cyberpunk 2077 , it would be best for you to avoid any information not coming directly from CD PROJEKT RED. ” I applaud CD Projekt Red ’ s refusal to pay a ransomAttack.Ransom. PayingAttack.Ransomextortionists always runs the risk of encouraging blackmailers to strike again , putting not just your own company but others at further risk . No release date has yet been announced by the Polish game studio for Cyberpunk 2077 , which has been in development for years and is keenly anticipated by the game maker ’ s fans . For CD Projekt RED , the danger is not just whether assets belonging to the game leakingAttack.Databreachinto the public domain mess up its marketing strategy . There is also the risk that the gaming community will be unimpressed with any sneak previews of early versions of the game stolenAttack.Databreachby the hackers , and puncture the hype machine . Recent months have seen a rise in attacksAttack.Ransomwhere hackers have threatened to release a company ’ s intellectual property onto the net unless a ransom is paidAttack.Ransom. A month ago , for instance , The Dark Overlord hacking group attempted to blackmail moneyAttack.Ransomout of Netflix , before deciding to leak as-yet unaired episodes of hit TV show “ Orange is the New Black. ” The same hacking group has previously publishedAttack.Databreach180,000 medical records – including insurance and social security numbers , dates of birth , and payment information – after healthcare firms refused to give in to their demandsAttack.Ransom. Most recently , a chain of cosmetic surgeries in Lithuania warned that hackers were threatening to release the personal details of clients , including photographs . Readers with longer memories may recall that in September 2003 , a German hacker leakedAttack.Databreachthe source code of the game Half-Life 2 onto the internet , much to the delight of internet users who had become fed up with waiting for the long-awaited video game . It doesn ’ t matter that it ’ s not credit card data or passwords that are being stolenAttack.Databreach– theft is theftAttack.Databreach. Just because it ’ s a video game ’ s plans and designs that are being held for ransomAttack.Ransomby the hackers doesn ’ t make any difference . The threat is real – and could have a commercial impact on the game ’ s producer . CD Projekt Red should be applauded for being so transparent about what has happened , as it ’ s easy to imagine many firms would rather sweep bad news like this under the carpet . What we need now is for game fanatics to exercise some patience and self-control , and resist the urge to hunt out a game before the manufacturer is ready to release it officially themselves .
As of June 2016 , more than 150 million active users interact with one another daily via Snapchat . Others are drawn by the service 's more recent features . Those include Snapcash , a method introduced for users to send mobile payments to their friends . Given the app 's popularity , it 's no wonder online criminals have set their sights on hacking users ' Snapchat accounts . For instance , back in late 2013 , a group of hackers publishedAttack.Databreacha database containing the usernames and phone numbers of approximately 4.6 million Snapchat users . Nefarious individuals could have used that information to profile targets across multiple web accounts . We also ca n't forget about the security incidentAttack.Phishingthat occurred back in February 2016 . In that attackAttack.Phishing, someone posed asAttack.Phishingthe company 's CEO and convinced a Snapchat employee to send over payroll information . The successful phish ultimately compromisedAttack.Databreachdozens of employees ' identities . To be fair , a mega breach on the scale of what affected LinkedIn , Tumblr , and Yahoo has yet to strike the messaging app . But that 's not to say criminals are n't trying to find a way into people 's accounts . Hackers clearly have Snapchat in their sights , which is why users need to learn how to spot the warning signs of a hack and how they can recover their accounts if someone compromises them .