Home Source code Criminals claim to have stolen NATO missile blueprints • The Register

Criminals claim to have stolen NATO missile blueprints • The Register

0

In short NATO officials are investigating after criminals put up for sale on dark forums data they say is “classified” information stolen from European missile maker MBDA.

MBDA denied any sensitive material was compromised and said it refused to pay the gang a ransom, saying the data for sale was obtained from an “external hard drive” rather than its systems.

According the bbcwho saw samples of the files and allegedly spoke to the criminals, 80 GB of data – which he was unable to verify – is offered for 15 Bitcoins, or approximately $297,000, and the extortionists claim to have made the minus one sale.

The data would include designs for the common Land Ceptor modular anti-aircraft missile, which the BBC says was used in the Ukraine conflict. The criminals described the data set as “design documentation, drawings, presentations, video and photo materials, contractual agreements and correspondence with other companies”, and also claimed that it contained personal information about employees of the companies. defense companies.

The Italian division of MBDA, meanwhile, claims to have filed a complaint with the police for attempting to blackmail the company and claims not only that there was no real network penetration, but that the data was neither classified nor sensitive.

The BBC nevertheless claimed that the sample it had seen included documents labeled “NATO SECRET”, “NATO CONFIDENTIAL” and “NATO RESTRICTED”.

A former NATO official said that although NATO tends to overclassify documents, a secret-level classification is not applied lightly. If the labels are indeed correct and recent, they said, “This is really the kind of information that NATO doesn’t want released to the public.

The criminal sellers would not verify whether the data for sale online came from multiple sources or just MBDA, but it is understood that the NATO investigation is centered on one of MBDA’s suppliers, which could mean that any blame could ultimately lie with a third party.

TikTok’s Android app vulnerable to one-click takeover

Microsoft security researchers would like TikTok users to know that if they accidentally click on a malicious link that fails to take control of their account, please send their gratitude to Redmond.

It turns out that a specially crafted link sent to the Android versions of the TikTok app, both the Chinese version and the international flavor, could give an attacker full control over the victim’s account as soon as he has click on it.

Microsoft Security Researchers said they first found the bug in the Android version of TikTok in February, which the social media company quickly patched due to its high severity. According to Microsoft, there is no evidence that the exploit was used in the wild.

At the heart of the flaw is a method used to circumvent TikTok’s deep link verification process by forcing code to load an arbitrary URL into WebView, the Android component that allows URLs to be opened inside apps.

From there, the malicious URL can access JavaScript bridges that allow WebView to talk to TikTok, giving the attacker the ability to access and modify a victim’s profile, post private videos, send messages and download publications.

Exploiting JavaScript bridges isn’t new – it’s been a method used to compromise Android apps since at least 2012 when he was demonstrated at Black Hat. In this case, researchers demonstrated how they could run malware inside an Android app after it was scanned by Google Play for malicious code.

Google made changes to Play Store policies in July 2021 that further restricted the misuse of interpretive languages ​​like JavaScript, Python, and Lua by Android apps, but it’s unclear to what extent these policies might have stopped abuse as Microsoft discovered in TikTok.

“From a programming perspective, using JavaScript interfaces poses significant risks…we recommend that the developer community be aware of the risks and take extra precautions to secure WebView,” Microsoft said.

Teen solves government encryption puzzle in an hour

A commemorative crypto puzzle struck on an Australian coin has been cracked, and it took the winner – an unnamed 14-year-old from Tasmania – just over an hour to complete a job that was supposed to take much longer. time.

The Australian Signals Directorate (ASD), which handles foreign intelligence as well as cyber warfare and security tasks in the same way as the American NSA or the British GCHQ, has had a special 50 cent coin minted in a limited series of 50,000 to mark the agency. 75th anniversary.

Security-conscious government agencies often use encryption puzzles, making another a fitting commemoration. ASD chief executive Rachel Noble said the coin featured four different layers of encryption that were increasingly difficult, with clues also located on the coin.

“There’s a challenge out there to see who can correctly break all the layers, and would you believe it, yesterday the coin was tossed at 8:45 a.m.; we’ve got our web form up and running…and believe it or no, a 14-year-old boy in Tasmania, was the first person in just over an hour to pass all four diapers,” the Australian Broadcasting Corporation said. reported Noble as they say.

“So we hope to meet him soon… to recruit him,” Noble said.

Noble did not share what the hidden message on the coin is, saying only that it contained uplifting messages, which she encouraged others to come out and resolve. Noble said the first layers of the puzzle could be solved with pencil and paper, but she cautioned that the final layer might require a computer.

To those who were dismayed at having lost a chance to solve the puzzle, Noble revealed that the game was not quite finished yet: she said there was a fifth level of encryption hidden on the piece that no one had cracked yet, but an intelligence agency whose code was just cracked could say anything to save a little face.

2.5 million student loan records exposed to hacking

Edfinancial Student Loan Servicers and Oklahoma Student Loan Authority (OSLA) contact more than 2.5 million borrowers to notify them that a breach may have exposed their names, addresses, emails, phone numbers, and social security numbers.

Edfinancial and OSLA are not directly responsible for the breach, which was suffered by Nebraska-based Nelnet Servicing, which provides technical services to the two student loan companies. Nelnet also handles loans, but said none of its borrowers were affected by the breach.

Sample letters and a statement from Nelnet filed with the State of Maine indicate that between June and July 22, 2022, an unauthorized party gained access to the records in question. Nelnet said that after noticing the breach, it blocked the activity, patched the vulnerability that led to the breach, initiated an investigation and notified relevant departments.

The US Department of Education has also been notified and law enforcement is investigating, Nelnet said.

As has been the case with previous large-scale breaches, Nelnet said it was offering free credit monitoring services to affected borrowers through Experian, which itself has been deemed vulnerable to account duplication for criminals. , who used them to misappropriate the identity of Experian customers.

Nelnet customers who had their data stolen wasted no time launch a class action against the company, which was filed Tuesday in a Nebraska district court.

The lawsuit asks that Nelnet be forced to comply with higher security standards, as well as seeking an unspecified amount of damages awarded to the class, which includes students from across the country.

Samsung says US customer data was stolen

Samsung has admitted to being the victim of a cyberattack that resulted in the theft of data from some of its US customers in late July.

According to the Korean technology company, an unauthorized third party stole the data, which Samsung said in early August contained personal customer information.

Although no social security numbers were stolen, Samsung admits that customer names, contact and demographic information, date of birth and product registration information may have been taken, the specific stolen information vary from customer to customer. samsung said.

The Galaxy maker said it had taken steps to secure the affected systems and was coordinating with law enforcement, but Samsung’s statement made no mention of how many customers may have been affected.

There’s nothing Samsung customers should do immediately to protect themselves, the multinational said, though it advises kit owners to be wary of unsolicited communications asking for personal information or pressing a link. , not to click on links or download suspicious attachments. emails and review their Samsung accounts for suspicious activity.

While customer data theft may be new to Samsung, breaches of its perimeter resulting in large-scale corporate information theft are not, as the tech company saw 190GB of its internal files, including Samsung Knox source code and the company’s bootloader, released online earlier this year.

The data was stolen by the Lapsus$ online extortion gang, believed to be based in Brazil, who had previously hacked and released files from Nvidia, game publishing company Ubisoft and other high-profile targets .

About the previous breach, Samsung said The register that he replied by “implementing[ing] measures to prevent further incidents of this type”, and that it would continue to serve its customers “without interruption”. ®