Exclusive: Details of 10.6 million MGM hotel guests posted on a hacking forum

MGM Resorts said security incident took place last summer and notified impacted guests last year.

The personal details of more than 10.6 million users who stayed at MGM Resorts hotels have been published on a hacking forum this week.

Besides details for regular tourists and travelers, included in the leaked files are also personal and contact details for celebrities, tech CEOs, reporters, government officials, and employees at some of the world's largest tech companies.

ZDNet verified the authenticity of the data today, together with a security researcher from Under the Breach, a soon-to-be-launched data breach monitoring service.

A spokesperson for MGM Resorts confirmed the incident via email.

👉🏼 Read more:
https://www.zdnet.com/article/exclusive-details-of-10-6-million-of-mgm-hotel-guests-posted-on-a-hacking-forum/

#MGM #breach #hack #forum
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@FLOSSb0xIN

National Counterintelligence Strategy of the United States of America 2020-2022

"Hacktivists, activists, and whistle-blowers pose serious threats"

The new intelligence report "National Counterintelligence Strategy 2020-2022" has it all and sees threats everywhere

Last week, the National Counterintelligence and Security Center (NCSC), which reports to the Office of the Director of National Intelligence (ODNI), published the National Counterintelligence Strategy 2020-2022, which sets out a new approach to counterintelligence to combat threats that have emerged after 2016, when the last report was published.

What is new is that the activities of the American and enemy intelligence services are no longer focused solely on politics and the military, but ultimately the entire civilian structure of a country has become a target. The following are named as targets: the critical infrastructure, main US supply chains, the US economy, American democratic institutions and cyber and technical operations. The NCSC therefore works not only with all the authorities, but also with the private sector, universities and foreign partners.

👉🏼 PDF:
https://www.dni.gov/files/NCSC/documents/features/20200205-National_CI_Strategy_2020_2022.pdf

#hacktivists #activists #whistleblowers #counterintelligence #USA #pdf
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@FLOSSb0xIN

From Secret Manoeuvres to Undercover Research

Eveline Lubbers will talk about what is now the undercover police scandal in the UK, wondering how the situation is in Germany, whether this does happen at the same scale here. In 2010 activists exposed an undercover officer who had lived amongst them as an activist for seven years.

The exposure of Mark Kennedy was the start of many more stories coming out. As we know now, secret police units infiltrated political and activist groups for more than 40 years, since 1968 demonstrations against the American war in Vietnam? What does the spying involve, what is the impact?

In Germany over the past year, several spies have been exposed as well, in Hamburg and Heidelberg. Only a few stories compared to the UK. Is more research needed? How to find out, and where to start? Eveline will explain how she got into exposing spies, first in the Netherlands, and now in the UK. How she found out it’s not just police and intelligence services spying on activist, but also corporate spies.

Former police officers move on to start their own consultancy, or to work at the security department of large corporations, such as energy companies or airports. Being at the receiving end of climate campaigns, such companies work closely with the police to be prepared to what is coming. Detailing her work supporting activists in dealing with suspicions, we can discuss how hackers could be of help. Which leads to the question of how online surveillance relates to infiltration and spying…

📺 https://media.ccc.de/v/dg57_From_Secret_Manoeuvres_to_Undercover_Research

#dg57 #ccc #video #podcast
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@FLOSSb0xIN

FBI 2019 Internet Crime Report

A new FBI report on Internet crime highlights the most devastating cybercrime with reported losses exceeding $3.5 billion in 2019.

The FBI based its report on 467,000 complaints by the public to the FBI’s Internet Crime Complaint Center (IC3) in 2019.

SIM swapping is an emerging high-profile crime, the FBI cited in the report. In a SIM swap, a wireless carrier is tricked into switching the SIM linked to the subscriber to the criminal’s SIM. In one case based in San Francisco, the arrest of a SIM swapping group leader led to the seizure of over $18 million, five vehicles, a $900,000 home, and hundreds of thousands of dollars in jewelry, the FBI said in March 2019.

💡 PDF:
https://pdf.ic3.gov/2019_IC3Report.pdf

👉🏼 Read more:
https://www.foxnews.com/tech/5-internet-crimes-you-need-to-pay-attention-to

#FBI #report #pdf #internet #crime
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@FLOSSb0xIN

The Age of Surveillance Capitalism - The Fight for a Human Future at the New Frontier of Power

The challenges to humanity posed by the digital future, the first detailed examination of the unprecedented form of power called "surveillance capitalism," and the quest by powerful corporations to predict and control our behavior.

In this masterwork of original thinking and research, Shoshana Zuboff provides startling insights into the phenomenon that she has named surveillance capitalism. The stakes could not be higher: a global architecture of behavior modification threatens human nature in the twenty-first century just as industrial capitalism disfigured the natural world in the twentieth.

👉🏼 PDF Reference Material:
https://news.1rj.ru/str/BlackBox_Archiv/808

📻 The Age of #Surveillance #Capitalism #podcast

📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@FLOSSb0xIN

The Age of Surveillance Capitalism - The Fight for a Human Future at the New Frontier of Power

PDF with Reference Material

👉🏼 Podcast:
https://news.1rj.ru/str/BlackBox_Archiv/807

#Surveillance #Capitalism #pdf
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@FLOSSb0xIN

Edward Snowden - Permanent Record

In 2013, twenty-nine-year-old Edward Snowden shocked the world when he broke with the American intelligence establishment and revealed that the United States government was secretly pursuing the means to collect every single phone call, text message, and email. The result would be an unprecedented system of mass surveillance with the ability to pry into the private lives of every person on earth. Six years later, Snowden reveals for the very first time how he helped to build this system and why he was moved to expose it.

📻 #PermanentRecord #Snowden #podcast

📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@FLOSSb0xIN

The Crypto AG Scandal And The Question Of Swiss Neutrality

On the 11 February 2020, the Washington Post published an extensive article revealing the #CryptoAG Scandal. The article damningly exposes the way in which the #Swiss #encryption company Crypto AG was co-opted by the #CIA for decades. The #spy #agency coerced the company’s founder into working for them in the 1950s, and later bought out Crypto AG in a secret partnership with the German spy agency the #BND. Throughout this time, faulty encryption machines were sold to governments around the world to improve American #espionage capabilities. This “audacious” project lasted well into the 21st century, presumably until the company’s liquidation in 2018. According to the Washington Post article, “CIA and BND documents indicate that Swiss officials must have known for decades about Crypto’s ties to the U.S. and German spy services, but intervened only after learning that news organizations were about to expose the arrangement.” It is this revelation which has led various news agencies (including the BBC) to declare that Swiss neutrality has been “shattered”.

The Swiss have long cultivated a policy of neutrality. This concept is ubiquitous in popular culture, from the end of The Sound of Music, to the English phrase “being Switzerland” which is synonymous with neutrality. What impact, (if any), will the implications of Swiss partiality toward the U.S. in the scandal have upon their aura of neutrality?

👉🏼 Read more:
https://theowp.org/the-crypto-ag-scandal-and-the-question-of-swiss-neutrality/

📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@FLOSSb0xIN

Chinese hacking: 5 major cases of Beijing-linked cyber intrusion

👉🏼 https://video.foxnews.com/v/6135425508001#sp=show-clips

#china #hacking #beijing #video
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@FLOSSb0xIN

NotPetya

This is the story of NotPetya. Which seems to be the first time we’ve seen what a cyber war looks like. In the summer of 2017 Ukraine suffered a serious and catastrophic cyber attack on their whole country. Hear how it went down, what got hit, and who was responsible.

📻 https://darknetdiaries.com/episode/54/

#darknetdiaries #NotPetya #podcast
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@FLOSSb0xIN

TikTok star meticulously lays out grains of rice to depict Jeff Bezos' obscene wealth

Jeff Bezos is rich as hell, but if you have trouble understanding just how obscenely wealthy the Amazon founder is, we suggest you visit TikTok.

Entrepreneur and TikTok star Humphrey Yang, a 32-year-old eCommerce consultant and freelancer from Silicon Valley, recently created a striking visual representation of Jeff Bezos' net worth using grains of rice.

📺 https://mashable.com/article/tiktok-rice-billionaire-jeff-bezos-net-worth-humphrey-yang-/?europe=true

#Bezos #TikTok #Yang #video
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@FLOSSb0xIN

Hackers are targeting other hackers by infecting their tools with malware

A newly discovered malware campaign suggests that hackers have themselves become the targets of other hackers, who are infecting and repackaging popular hacking tools with malware.

Cybereason’s Amit Serper found that the attackers in this years-long campaign are taking existing hacking tools — some of which are designed to exfiltrate data from a database through to cracks and product key generators that unlock full versions of trial software — and injecting a powerful remote-access trojan. When the tools are opened, the hackers gain full access to the target’s computer.

Serper said the attackers are “baiting” other hackers by posting the repackaged tools on hacking forums.

But it’s not just a case of hackers targeting other hackers, Serper told TechCrunch. These maliciously repackaged tools are not only opening a backdoor to the hacker’s systems, but also any system that the hacker has already breached.

“If hackers are targeting you or your business and they are using these trojanized tools it means that whoever is hacking the hackers will have access to your assets as well,” Serper said.

👉🏼 Read more:
https://techcrunch.com/2020/03/09/hacking-the-hackers/

#hacker #hacking #tools #malware
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@FLOSSb0xIN

Law Enforcement Guide To Satanic Cults (1994)

A dated documentary into the oft-overlooked risk of Satanic cults and demonic activity for police and law enforcement officers.

#documentary #video #police #guide #90s
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@FLOSSb0xIN

☣️ CoronaVirus-Outbreak-App ☣️

The main purpose of this application was to help people have all the stats about CoronaVirus at a glance, on their android smartphones.

This application has all the premium features activated, including an ad-free experience, so you can fully enjoy it.

❗️Please Note:
Although the app is linked to GitHub, it is not FOSS.

https://github.com/TheWCKD/CoronaVirus-Outbreak-App/blob/master/README.md

👉🏼 Download from MEGA.NZ (v1.1.1)
👉🏼 Download from GOOGLE DRIVE (v1.1.1)

#Corona #app
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@FLOSSb0xIN

⚠️ PSA: To all German users, starting from tomorrow (2020-03-22), Telekom and Telefonica providers will hand over your phone's movement data to the government and other authorities. This is happening behind our backs using the COVID-19 situation as a cover-up! Telekom has already transferred 5GB of movement data to a Government institute (RKI) on Tuesday.

Click on the following link to start the opt-out process if you're a customer of Telekom:
🔗 https://www.optout-service.telekom-dienste.de/public/anmeldung.jsp

Telekom claims to anonymize mobile data, which is then passed on to the Telekom subsidiary Motionlogic GmbH in aggregate form. They are also grabbing data related to the age group (by 10 year increments), gender and the first 4 digits of your postcode. After inputting your details, you will receive a 4-digit code via SMS.

Click on the following link to start the opt-out process if you're a customer of Telefonica:
🔗 https://www.telefonica.de/dap/selbst-entscheiden

Telefonica is also claiming the same as Telekom, as in they anonymize the data and will only use it for analysis afterwards. The procedure is the same as above, you enter your details and receive a one-time password via SMS.

If you're a Vodafone user, you probably need to go into the app 📱 and disable everything. They have about 20 telemetry functions. Web login doesn't work with Vodafone prepaid SIMs, unless you manually request a password for it from their customer service.

Make sure to opt-out NOW before this goes into effect tomorrow!

--- Austria ---
Same phenomenon is also happening right now in Austria. The government currently receives - "anonymously" - the movement data of its customers from the domestic mobile operator A1. A1 claims its approach is GDPR-compliant. A1 also emphasized that the data could not be used to draw any conclusions about the individual cell phone user and that each cell phone is assigned a number that is automatically generated randomly for tracking. All these numbers are freshly assigned every 24 hours.

--- Italy ---
Italy, the European country hit worst by COVID-19 until now, has also requested aggregated data from the providers to track the movement of people, in order to try and contain the spread of the virus. The vice president of the region of Lombardy said more than 40% of people have moved further than 200-300 metres from their houses, based on data provided by the telecom providers.

--- Other countries ---
Following the grave situation of COVID-19, other countries are also expected to take the same steps related to the aggregation of customer movement data.

⛔️ While public health might be more important than movement tracking in the current situation, this can set dangerous precedent and open the way for these institutions to normalize similar behaviour and process these data points in the future for malicious purposes.

🤔 What do you as a citizen think? Do you trust these institutions to be benevolent with the data/power they possess?

ℹ️ Sources:
https://orf.at/stories/3158211/
https://netzpolitik.org/2020/unverhofftes-datengeschenk/
https://www.borsaitaliana.it/borsa/notizie/radiocor/economia/dettaglio/coronavirus-fsala-lombardia-40-persone-esce-da-casa-non-va-bene-nRC_17032020_1836_602124871.html

🛡

Snowden warns: The surveillance states we’re creating now will outlast the coronavirus

Temporary security measures can soon become permanent

Governments around the world are using high-tech surveillance measures to combat the coronavirus outbreak. But are they worth it?

Edward Snowden doesn’t think so.

The former CIA contractor, whose leaks exposed the scale of spying programs in the US, warns that once this tech is taken out of the box, it will be hard to put it back.

“When we see emergency measures passed, particularly today, they tend to be sticky,” Snowden said in an interview with the Copenhagen International Documentary Film Festival.

"The emergency tends to be expanded. Then the authorities become comfortable with some new power. They start to like it."

Supporters of the draconian measures argue that normal rules are not enough during a pandemic and that the long-term risks can be addressed once the outbreak is contained. But a brief suspension of civil liberties can quickly be extended.

👉🏼 Read more:
https://thenextweb.com/neural/2020/03/25/snowden-warns-the-surveillance-states-were-creating-now-will-outlast-the-coronavirus/

#surveillance #coronavirus
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@FLOSSb0xIN

Zoom iOS App Sends Data to Facebook Even if You Don’t Have a Facebook Account

Zoom's privacy policy isn't explicit about the data transfer to Facebook at all.

As people work and socialize from home, video conferencing software Zoom has exploded in popularity. What the company and its privacy policy don't make clear is that the iOS version of the Zoom app is sending some analytics data to Facebook, even if Zoom users don't have a Facebook account, according to a Motherboard analysis of the app.

This sort of data transfer is not uncommon, especially for Facebook; plenty of apps use Facebook's software development kits (SDK) as a means to implement features into their apps more easily, which also has the effect of sending information to Facebook. But Zoom users may not be aware it is happening, nor understand that when they use one product, they may be providing data to another service altogether.

"That's shocking. There is nothing in the privacy policy that addresses that," Pat Walshe, an activist from Privacy Matters who has analyzed Zoom's privacy policy, said in a Twitter direct message.

Upon downloading and opening the app, Zoom connects to Facebook's Graph API, according to Motherboard's analysis of the app's network activity. The Graph API is the main way developers get data in or out of Facebook.

👉🏼 Read more:
https://www.vice.com/en_us/article/k7e599/zoom-ios-app-sends-data-to-facebook-even-if-you-dont-have-a-facebook-account

#zoom #iOS #privacy #Facebook #DeleteFacebook
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@FLOSSb0xIN

Corona crisis: EU evaluates contact blocks with mobile phone data

COVID-19 - Mobile phone location datas - Q&A

https://audiovisual.ec.europa.eu/en/video/I-187513

#coronavirus #privacy #eu
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@FLOSSb0xIN

42 million Iranian “Telegram” user IDs and phone numbers leaked online

42 million user IDs and phone numbers for a third-party version of Telegram were exposed online without a password. The accounts belong to users in Iran, where the official Telegram app is blocked.

42 million records from a third-party version of messaging app Telegram used in Iran was exposed on the web without any authentication required to access it. Comparitech worked with security researcher Bob Diachenko to uncover and report the exposure, which included usernames and phone numbers, among other data.

The data was posted by a group called “Hunting system” (translated from Farsi) on an Elasticsearch cluster that required no password nor any other authentication to access. It was removed after Diachenko reported the incident to the hosting provider on March 25.

Telegram says the data came from an unofficial “fork” of Telegram, a version of the app unaffiliated with the company. Telegram is an open-source app, allowing third parties to make their own versions of it. Because the official Telegram app is frequently blocked in Iran, many users flock to unofficial versions.

A Telegram spokesperson told Comparitech, “We can confirm that the data seems to have originated from third-party forks extracting user contacts. Unfortunately, despite our warnings, people in Iran are still using unverified apps. Telegram apps are open source, so it’s important to use our official apps that support verifiable builds.”

👉🏼 Read more:
https://www.comparitech.com/blog/information-security/iranian-telegram-accounts-leaked/

#leak #Iran #telegram
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@FLOSSb0xIN