Category Archives: Hacking

Obama reportedly ordered implants to be deployed in key Russian networks

Enlarge (credit: Wikimedia Commons/Maria Joner)

In his final days as the 44th president of the United States, Barack Obama authorized a covert hacking operation to implant attack code in sensitive Russian networks. The revelation came in an 8,000-word article The Washington Post published Friday that recounted a secret struggle to punish the Kremlin for tampering with the 2016 election.

According to Friday's article, the move came some four months after a top-secret Central Intelligence Agency report detailed Russian President Vladimir Putin's direct involvement in a hacking campaign aimed at disrupting or discrediting the presidential race. Friday's report also said that intelligence captured Putin's specific objective that the operation defeat or at least damage Democratic candidate Hillary Clinton and help her Republican rival Donald Trump. The Washington Post said its reports were based on accounts provided by more than three dozen current and former US officials in senior positions in government, most of whom spoke on the condition of anonymity.

In the months that followed the August CIA report, 17 intelligence agencies confirmed with high confidence the Russian interference. After months of discussions with various advisors, Obama enacted a series of responses, including shutting down two Russian compounds, sanctioning nine Russian entities and individuals, and expelling 35 Russian diplomats from the US. All of those measures have been known for months. The Post, citing unnamed US officials, said Obama also authorized a covert hacking program that involved the National Security Agency, the CIA, and the US Cyber Command. According to Friday's report:

Read 1 remaining paragraphs | Comments

Niantic to punish Pokémon Go cheaters with mark of shame

Enlarge / Good grief. (credit: PopUpTee.com)

It has been just a month since Pokémon Go players began noticing that Niantic had started "shadowbanning" accounts that use third-party trackers and bot software, limiting them so they only see common Pokémon. Now, the company is going further to ensure ill-gotten beasts are publicly identified as such and don't negatively impact the multiplayer experience.

In a post from its verified Reddit account, Niantic Support gave an update regarding "Pokémon caught using third-party services that circumvent normal gameplay":

With the announcement of Raid Battles and the new battle features, we are staying true on our commitment to ensuring that Pokémon Go continues to be a fun and fair experience for all Trainers. Starting today, Pokémon caught using third-party services that circumvent normal gameplay will appear marked with a slash in the inventory and may not behave as expected. We are humbled by the excitement for all the new features we announced yesterday. This is one small part of our continued commitment to maintaining the integrity of our community and delivering an amazing Pokémon Go experience.

What Niantic means by Pokémon "not behav[ing] as expected" is unclear, but the wording suggests these beasts may not be effective in the game's recently announced raid battle and expanded gym features. That coming overhaul will allow six unique Pokémon to be assigned to each individual gym, and it will let players team up for cooperative raids against ultra-powerful Pokémon. We're guessing Pokémon marked with a slash won't be able to fight for those coveted gym slots, at the very least.

Read 2 remaining paragraphs | Comments

GTA Online publisher goes after paid cheating services

You'll never take my cheating tools alive, copper!

Just days after shutting down popular Grand Theft Auto V modding tool OpenIV, publisher Take-Two Interactive has forced three major GTA Online hacking tools to go offline.

Lexicon, Force Hax, and Menyoo were all subscription-based paid hacking tools that let GTA Online players spawn infinite piles of cash, teleport other players to arbitrary locations, become invulnerable, or walk through walls while playing with other people. Over the weekend, though, the websites for all three programs were replaced with a simple message:

After discussions with Take-Two Interactive, effective immediately we are ceasing all maintenance, development and distribution of [our] cheat menu services. We will be donating our proceeds to a charity designated by Take-Two. We apologize for any and all problems [our program] has caused to the Grand Theft Auto Online community.

GTA Online has faced major problems with cheaters since the mode launched on Windows in 2015. Almost immediately, players began complaining that the game's online infrastructure, which uses a simple P2P mesh rather than centralized servers, makes it very difficult to cut off hacking tools on a technical level.

Read 4 remaining paragraphs | Comments

Georgia’s voting system is uniquely vulnerable to election-tampering hackers

(credit: Verified Voting)

To understand why many computer scientists and voting rights advocates don't trust the security of many US election systems, consider the experience of Georgia-based researcher Logan Lamb. Last August, after the FBI reported hackers were probing voter registration systems in more than a dozen states, Lamb decided to assess the security of voting systems in his state.

According to a detailed report published Tuesday in Politico, Lamb wrote a simple script that would pull documents off the website of Kennesaw State University’s Center for Election Systems, which under contract with Georgia, tests and programs voting machines for the entire state. By accident, Lamb's script uncovered a breach whose scope should concern both Republicans and Democrats alike. Reporter Kim Zetter writes:

Within the mother lode Lamb found on the center’s website was a database containing registration records for the state’s 6.7 million voters; multiple PDFs with instructions and passwords for election workers to sign in to a central server on Election Day; and software files for the state’s ExpressPoll pollbooks — electronic devices used by poll workers to verify that a voter is registered before allowing them to cast a ballot. There also appeared to be databases for the so-called GEMS servers. These Global Election Management Systems are used to prepare paper and electronic ballots, tabulate votes and produce summaries of vote totals.

The files were supposed to be behind a password-protected firewall, but the center had misconfigured its server so they were accessible to anyone, according to Lamb. “You could just go to the root of where they were hosting all the files and just download everything without logging in,” Lamb says.

And there was another problem: The site was also using a years-old version of Drupal — content management software — that had a critical software vulnerability long known to security researchers. “Drupageddon,” as researchers dubbed the vulnerability, got a lot of attention when it was first revealed in 2014. It would let attackers easily seize control of any site that used the software. A patch to fix the hole had been available for two years, but the center hadn’t bothered to update the software, even though it was widely known in the security community that hackers had created automated scripts to attack the vulnerability back in 2014.

Lamb was concerned that hackers might already have penetrated the center’s site, a scenario that wasn’t improbable given news reports of intruders probing voter registration systems and election websites; if they had breached the center’s network, they could potentially have planted malware on the server to infect the computers of county election workers who accessed it, thereby giving attackers a backdoor into election offices throughout the state; or they could possibly have altered software files the center distributed to Georgia counties prior to the presidential election, depending on where those files were kept.

Lamb privately reported the breach to University officials, the report notes. But he learned this March that the critical Drupal vulnerability had been fixed only on the HTTPS version of the site. What's more, the same mother lode of sensitive documents remained as well. The findings meant that the center was operating outside the scope of both the University and the Georgia Secretary of State for years.

Read 2 remaining paragraphs | Comments

Sneaky hackers use Intel management tools to bypass Windows firewall

Enlarge / Physical serial ports (the blue ones) are fortunately a relic of a lost era and are nowadays quite rare to find on PCs. But their virtual counterparts are alive and well, and they can be used for some exciting things. (credit: Ericf)

When you're a bad guy breaking into a network, the first problem you need to solve is, of course, getting into the remote system and running your malware on it. But once you're there, the next challenge is usually to make sure that your activity is as hard to detect as possible. Microsoft has detailed a neat technique used by a group in Southeast Asia that abuses legitimate management tools to evade firewalls and other endpoint-based network monitoring.

The group, which Microsoft has named PLATINUM, has developed a system for sending files—such as new payloads to run and new versions of their malware—to compromised machines. PLATINUM's technique leverages Intel's Active Management Technology (AMT) to do an end-run around the built-in Windows firewall. The AMT firmware runs at a low level, below the operating system, and it has access to not just the processor, but also the network interface.

The AMT needs this low-level access for some of the legitimate things it's used for. It can, for example, power cycle systems, and it can serve as an IP-based KVM (keyboard/video/mouse) solution, enabling a remote user to send mouse and keyboard input to a machine and see what's on its display. This, in turn, can be used for tasks such as remotely installing operating systems on bare machines. To do this, AMT not only needs to access the network interface, it also needs to simulate hardware, such as the mouse and keyboard, to provide input to the operating system.

Read 6 remaining paragraphs | Comments

Leaked NSA report names Russia in pre-election hacks, contradicting Putin’s claims of innocence

 Attribution is not an easy thing to do in the case of cyberattacks, especially if the actors have been careful. But the NSA seemed confident enough regarding certain pre-election hacks that it has directly named Russian intelligence as the perpetrators — an accusation rather at odds with President Putin’s claims that the country “never engaged” in that type of activity. Read More

Hackers jailbreak permanent mods onto Super Mario World save files

The practice of hacking standard Super Mario World cartridges on stock Super Nintendo hardware has come a long way in a short time. Three years ago, it required a robot entering thousands of button presses per second to insert arbitrary code on top of the game. By last year, streamer SethBling was proving that this kind of code insertion was possible for a human acting with pixel-perfect precision.

Now, SethBling and others in the SMW hacking community have taken things a step further, permanently writing a full hex editor and gameplay mods onto a stock Super Mario World cartridge using nothing but standard controller inputs.

SethBling's ten-minute video explaining the entire "jailbreaking" process is a must-watch for anyone interested in the particulars of perpetually altering a 25-year-old game without any special hardware. In short, the jailbreak builds on an exploit discovered by Cooper Harrsyn that lets players write data directly to the small, 256-byte save files that are permanently stored on the Super Mario World cartridge.

Read 4 remaining paragraphs | Comments