UNM4SK3D: CIA, HBO, and FireEye

August 4, 2017 | Views: 3794

Begin Learning Cyber Security for FREE Now!

FREE REGISTRATIONAlready a Member Login Here

#wikileaks 

Just when you thought there wouldn’t be any more leaks, Wikileaks dripped again. The latest leak, which sounds like something out of a Hollywood movie, is a tool that disables security cameras and disrupts recordings to prevent its agents from being seen. 

No, this isn’t the latest James Bond film and despite the code-name ‘Dumbo,’ it’s not a Disney production either. This leaked CIA tool “involves a USB thumb drive equipped with a Windows hacking tool that can identify installed webcams and microphones, either connected locally, wired or wirelessly via Bluetooth or Wi-Fi.” It allows agents to hijack and manipulate microphones to achieve ultimate stealth. With Dumbo, agents can disable network adapters, suspend camera recording devices, and selectively corrupt or delete recordings. According to the users guide posted by Wikileaks, the latest version was from June 2015 and was developed in response to a need from the Physical Access Group (PAG), a special branch of the CIA’s Center for Cyber Intelligence (CCI) whose job is to gain physical access to computers and exploit this access.

In order for Dumbo to work successfully, the tool requires system level privileges to run, while the USB drive must stay plugged into the system throughout the operation and maintain control of targeted surveillance devices. Additionally, Dumbo developers pointed out that home security products such as Kaspersky antivirus can block some of the tool’s functions, and advised agents to disable any protections before installation. Despite the success or unsuccess of this tool, the privacy debate continues. To date, Wikileaks has released 19 ‘leaks,’ the one prior, ‘Imperial,’ “which revealed details of at least 3 CIA-developed hacking tools and implants designed to target computers running Apple Mac OS X and different flavors of Linux operating systems.” When will the leaks stop? No one knows.

By deleting or manipulating recordings the operator is aided in creating fake or destroying actual evidence of the intrusion operation. -Wikileaks

Want to weigh in on the privacy debate? Read ‘Visibility is the New Stealth’ and comment on the post to share your thoughts.

#hacked

Apparently, hackers don’t fear the wrath of the Mother of Dragons or the Lannister family. For Game of Thrones fans, news of the latest HBO hack in which rumors of unreleased episodes and scripts of the show may seem great for viewers is certainly bad for the network. 

According to Entertainment Weekly, unknown hackers claim to have obtained 1.5 terabytes of data from the entertainment giant and informed several reporters about the hack via an anonymous email sent on Sunday, 7/30. This data includes information on the current season of Game of Thrones, as well as upcoming episodes of ‘Ballers’ and ‘Room 104.’ You may recall a past HBO hack in 2015 when the first four episodes of GOT Season 5 appeared on the Internet before the season’s premiere. A statement by the Time Warner-owned TV group confirmed a ‘cyber incident’ which caused  “the compromise of proprietary information.” HBO has since been working with law enforcement and outside security firms to determine the culprits and prevent further leaks.

While HBO did not disclose exactly what was stolen, the anonymous email sent to reporters read: “Hi to all mankind. The greatest leak of cyber space era is happening. What’s its name? Oh, I forget to tell. It’s HBO and Game of Thrones……!!!!!! You are lucky to be the first pioneers to witness and download the leak. Enjoy it & spread the words. Whoever spreads well, we will have an interview with him. HBO is falling” It appears more than just Winter is coming, as the hackers promised that more leaks are ‘coming soon.’ Fans may be keeping their fingers crossed, but HBO will be keeping their guard up.

The problem before us is unfortunately all too familiar in the world we now find ourselves a part of. As has been the case with any challenge we have ever faced, I have absolutely no doubt that we will navigate our way through this successfully. -statement from HBO CEO Richard Plepler

Want to perform some hacking of your own? Check out ‘How to Use Wifite to Hack Wireless Network.’ 

#leaktheanalyst

Dubbed operation #LeakTheAnalyst, a recent hack of Adi Peretz, a ‎Senior Threat Intelligence Analyst at Mandiant, a Virginia-based cybersecurity firm owned by FireEye, has left sensitive information exposed on the Internet. This is just the latest example of the dangers of insider threats, ironically, however, that this one involves a ‘Senior Threat Intel Analyst.’

It appears the unknown hacker(s) were able to compromise the company’s systems, claiming they have had access to Mandiant’s internal networks since 2016. They were able to prove their access to Peretz’s account by posting nearly 32 megabytes of Peretz’s data on Pastebin, alluding to further attacks in the near future. According to a list from The Hacker News, sensitive data they exposed include:

  • Peretz’s Microsoft account login details
  • Peretz’s Contacts
  • Screenshots of the Windows Find My Device Geolocator, linked to Peretz’s Surface Pro laptop.
  • Client correspondence
  • Presentations
  • Contents of his email inbox
  • Several internal Mandiant and FireEye documents
  • Threat intelligence profiles for the Israeli Defence Force (IDF)

A confirmed method and motives of the attack are still unknown, but it seems as though they hackers were able to compromise Peretz’s social media accounts, including his LinkedIn, which they defaced. FireEye has since released a statement, saying “We are aware of reports that a Mandiant employee’s social media accounts were compromised. We immediately began investigating this situation and took steps to limit further exposure. Our investigation continues, but thus far, we have found no evidence FireEye or Mandiant systems were compromised.”

It was fun to be inside a giant company named “Mandiant” we enjoyed watching how they try to protect their clients and how their dumb analysts are trying to reverse engineer malware and stuff. This leak was just a glimpse of how deep we breached into Mandiant, we might publish more critical data in the future. -Pastebin post from hackers

Could this hack have been avoided? Read ‘Insider Threat Best Practices for 2017’ and weigh in.

#securitysavings

Virtual Labs from Practice Labs are pre-configured hardware layouts with accompanying lab guides for fast, convenient access that make studying for an exam or learning new technologies an engaging experience. Develop your comprehensive IT skills in a safe, working environment without the need to invest in your own hardware and software.

  • Practical Training on the Latest Industry Technology
  • Real Equipment, No Simulations
  • 6 Month Unified Access Available on Any Device
  • No Hardware or Licensing Costs

Use code LABLEARN for 25% off your Practice Labs virtual lab purchase. Code valid until 8/31 at 11:59 PM ET. Simply apply at checkout to redeem.

#factbyte

Senators Mark Warner, Steve Daines, Cory Gardner, and Ron Wyden introduced the ‘Internet of Things Cybersecurity Improvement Act of 2017.’ “Under the terms of the bill, vendors who supply the U.S. government with IoT devices would have to ensure that their devices are patchable, do not include hard-coded passwords that can’t be changed, and are free of known security vulnerabilities, among other basic requirements.” 

olivia2

Olivia Lynch (@Cybrary_Olivia) is the Marketing Manager at Cybrary. Like many of you, she is just getting her toes wet in the infosec field and is working to make cyber security news more interesting. A firm believer that the pen is mightier than the sword, Olivia considers corny puns and an honest voice essential to any worthwhile blog.

Share with Friends
FacebookTwitterLinkedInEmail
Use Cybytes and
Tip the Author!
Join
Share with Friends
FacebookTwitterLinkedInEmail
Ready to share your knowledge and expertise?
Comment on This

You must be logged in to post a comment.

Our Revolution

We believe Cyber Security training should be free, for everyone, FOREVER. Everyone, everywhere, deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is a free community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

Support Cybrary

Donate Here to Get This Month's Donor Badge

 

We recommend always using caution when following any link

Are you sure you want to continue?

Continue
Cancel