Search Results for “Daily Beast”


July 29, 2019
Emily Flitter and Karen Weise / New York Times

Emily Flitter and Karen Weise / New York Times  
Firewall Misconfiguration by Capital One Allowed Hacker to Steal Millions of Credit Applications, Social Security and Bank Account Numbers Affecting More Than 100 Million People in North America

In one of the largest cases of bank data theft ever, software engineer Paige Thompson hacked into a server holding customer information for Capital One, exploiting a firewall misconfiguration in the bank’s network to steal millions of credit card applications, federal prosecutors say. Thompson, who used the online handle “erratic” was the organizer of a group on Meetup, a social network, called Seattle Warez Kiddies, described as a gathering for “anybody with an appreciation for distributed systems, programming, hacking, cracking.” The F.B.I. noticed her activity on Meetup and used it to trace her other online activities, eventually linking her to posts describing the data theft on Twitter and the Slack messaging service. Thompson stole 140,000 U.S. Social Security numbers and 77,000 bank account numbers, along with one million Canadian social insurance numbers affecting more than 100 million people in the United States and Canada. A“firewall misconfiguration” by the bank had allowed Ms. Thompson to communicate with the server where Capital One was storing its information and, eventually, gain access to customer files, an FBI agent investigating the case said in court documents. Ms. Thompson worked as a systems engineer at Amazon from 2015 to 2016.

Related: CNN, Reuters, Associated Press, Axios, CNBC, NBC News, Politico, Capital One, The Register, Bloomberg, Washington Post, TechCrunch, TechCrunch, Wired, Justice.gov, Ars Technica, CNET, Wall Street Journal, The Verge, The Hill, Venture Beat, Law360, Reuters, Daily Mail,DataBreachToday.com, BGR, USATODAY, Business Insider, The Daily Swig, Newsweek, Financial Times, CRN, CRN, UPI.comDataBreaches.net, SecurityWeek, MobileSyrup.com, BetaNews, The Verge, GBHackers On Security, SlashGear » security, E-Commerce Times, CNN.com, PCMag.com, The VergeEvening Standard, EngadgetMarketWatch.com – Software Industry News, TechSpot, Digital Trends, Neowin, Fast Company, Mother Jones, New York Daily News, New on MIT Technology Review, FOX News, The Hacker News, Help Net Security, CBSNews.com, Fortune, Technology News | Boston.com, SecurityWeek, The Huffington Post, Cyberscoop, IT World Canada, ARN, The Guardian, Digital Trends, The Next Web, Android Central , GeekWire, SC Magazine, Techerati, SlashdotABC News: U.S., Graham Cluley, Japan Times,Security Affairs, Cyber Kendra, PYMNTS.com, Heavy.com, Computer Business Review, TechNadu, Silicon Republic, Infosecurity Magazine, The State of Security, DataBreaches.netGadgets Now, Courthouse News Service, BBC News – WorldBleepingComputer.comITV News, RT USA, AOL, New York Post, EJ Insight, Mercury News, TODAYonline, CBC , Deutsche Welle, Gizmodo, News : NPR, POLITICO, Gizmodo, Daily BeastGeekWire

Tweets:@zackwhittaker @briankrebs @cnbcnow @gregotto @yoda @RepKatiePorter @zackwhittaker @Wired @BleepingComputer @kimzetter @dnvolz @BleepingComputer @McGrewSecurity @weldpond @h0tdish @hacks4pancakes @RayRedacted @catcalvinla @malwarejake @somanyshrimp @TorresLuzardo

CNN: A hacker gained access to 100 million Capital One credit card applications and accounts
Reuters: Capital One reveals 100M affected by data breach, hacker arrested
Associated Press: Capital One says hacker gained access to personal information of more than 100 million people
Axios: 100 million credit card applications stolen from Capital One
CNBC: Capital One data breach exposes tens of thousands of Social Security numbers, linked bank accounts
NBC News: Over 100 million credit card applicants at risk in Capital One breach, Seattle woman arrested
Politico: Capital One reveals historic data breach after FBI arrests Seattle suspect
Capital One: Capital One Announces Data Security Incident
The Register: Capital One gets Capital Done: Hacker swipes personal info on 106 million US, Canadian credit card applicants
Bloomberg: Capital One Says Breach Hit 100 Million Individuals in U.S.
Washington Post: Capital One says data breach affected 100 million credit card applications
TechCrunch: Capital One’s breach was inevitable, because we did nothing after Equifax
TechCrunch: Capital One hacked, over 100 million customers affected
Wired: THE ALLEGED CAPITAL ONE HACKER DIDN’T COVER HER TRACKS
Justice.gov: Seattle Tech Worker Arrested for Data Theft Involving Large Financial Services Company
Ars Technica: Feds: former cloud worker hacks into Capital One and takes data for 106 million people
CNET: Capital One data breach involves 100 million credit card applications
Wall Street Journal: Capital One Reports Data Breach Affecting 100 Million Customers, Applicants
The Verge: Massive Capital One breach exposes personal info of 100 million Americans
The Hill: Woman arrested, accused of hacking 100 million Capital One records
Venture Beat : Capital One announces hack affecting 106 million U.S. and Canadian customers
Law360: Capital One Says Breach Impacted 106M As Suspect Arrested – Law360
Daily Mail : Ex-tech worker arrested for Capital One hack after stealing data from 100 million customers
DataBreachToday.com: Woman Arrested in Massive Capital One Data Breach
BGR: Hacker steals data for more than 100 million Capital One users, then brags about it and gets arrested
USATODAY: Massive data breach hits Capital One affecting more than 100 million customers
Business Insider: Capital One data breach, affecting tens of millions
The Daily Swig: Millions affected by Capital One data breach
Newsweek: Capital One Data Breach: How to Know, and What You Should Do, If Your Account Has Been Compromised
Financial Times: Capital One reports massive data breach
CRN: Capital One Breach Exposed Data From 106M Credit Card Applicants, Users
UPI.com: Capital One data breach affects 100M credit card applicants
DataBreaches.net: Capital One says data breach affected 100 million credit card applications
SecurityWeek: CapitalOne Discloses Massive Data Breach: 106 Million Impacted
MobileSyrup.com: Capital One data breach could have affected six million Canadian bank accounts
BetaNews: Personal details of 106 million Americans and Canadians stolen in huge Capital One data breach
The Verge: Massive Capital One breach exposes personal info of 100 million Americans
GBHackers On Security: Capital One Hacked – Over 100 Million Credit Card Application Data Exposed
SlashGear » security: Capital One hack affects over 100 million people in the US and Canada
E-Commerce Times: Equifax Data Breach Settlement No Wrist Slap
CNN.com: Worried about the Capital One hack? Here’s what to do
PCMag.com: Capital One Suffers Data Breach Affecting 100 Million Customers
Evening Standard: Capital One data breach 2019: What to do if you have been affected
Engadget: Capital One data breach affected 100 million in the US
MarketWatch.com – Software Industry News: Everything you need to know about the massive Capital One hack, but were afraid to ask
TechSpot: Capital One hack exposed 100 million US customers’ personal details
Digital Trends: New Capital One data breach affects 100 million people. Here’s the very latest
Neowin: Over 100 million accounts compromised after Capital One data breach
Fast Company: Capital One data breach: what was stolen and how to find out if you are affected
Mother Jones: What’s In Your Wallet?
New York Daily News: Capital One hit with data breach affecting some 100 million U.S. customers
New on MIT Technology Review: A hacker stole the personal data of 100 million Capital One customers
FOX News: Capital One data breach exposes info of 106M customers, applicants; suspect arrested
The Hacker News: Capital One Data Breach Affects 106 Million Customers; Hacker Arrested
Help Net Security: Capital One breach: Info on 106 million customers compromised, hacker arrested
CBSNews.com: Capital One data breach hits more than 100 million people
CNBC: Capital One data breach exposes tens of thousands of Social Security numbers, linked bank accounts
Fortune: Hacker May Have Stole Info About Millions of Capital One Customers, U.S. Says
Technology News | Boston.com: Capital One target of massive data breach
SecurityWeek: Capital One Target of Massive Data Breach
The Huffington Post: Credit Card Company Reveals 100 Million People May Be Affected By Hack
Cyberscoop: Capital One announces massive data breach; lone suspect arrested in Seattle
IT World Canada: Six million Canadians impacted by Capital One data breach
ARN: Capital One: hacker gained access to personal information of over 100 million Americans
The Guardian: Capital One: hacker stole data of over 100m Americans
Ars Technica: Hacker ID’d as former Amazon employee steals data of 106 million people from Capital One
Axios: 100 million credit card applications were stolen from Capital One
The Next Web: Capital One data breach compromises 106 million customers’ personal data
Android Central : Capital One breach exposes personal details of over 100 million customers
SC Magazine: Capital One hacker who stole personal info on 100M arrested | SC Media
AP Breaking News: Capital One target of massive data breach
Techerati: Capital One breach affecting 106 million customers caused by misconfigured cloud storage
Slashdot: Capital One Says Hacker Breached Accounts of 100 Million People; Ex-Amazon Employee Arrested
ABC News: U.S.: Capital One target of massive data breach
Graham Cluley: Woman arrested after Capital One hack spills personal info on 106 million credit card applicants
Japan Times: Hacker accesses over 100 million Capital One credit applications in massive data breach
Zero Hedge: Capital One Admits Massive Data Breach: 100 Million Americans Affected, Seattle Woman Arrested
Security Affairs: Capital One data breach: hacker accessed details of 106M customers before its arrest
Cyber Kendra: Capital One Suffered Data Breach 106 Million People Affected
PYMNTS.com: Cap One Hack Hits 100M Credit Card Applications
Heavy.com: Paige Adele Thompson: 5 Fast Facts You Need to Know
Computer Business Review: Capital One Hacker was Ex-AWS Employee
TechNadu: Capital One Reports a Major Data Breach Affecting 106 Million Individuals in the USA & Canada
Infosecurity Magazine: Capital One Breached by Cloud Insider in Major Attack
Tech Insider: Amazon’s cloud was at the heart of the big Capital One hack, even though it doesn’t seem to be at fault (AMZN, COF)
The State of Security: Woman arrested after Capital One hack spills personal info on 106 million credit card applicants
DataBreaches.net: Capital One says data breach affected 100 million credit card applications
Gadgets Now: Capital One hacked, says information of 100 million-plus users leaked
Reuters: Capital One says information of over 100 million individuals in U.S., Canada hacked
BBC News – World: Capital One data breach: Arrest after details of 100m US individuals stolen
TIME: Capital One Information Hacked in Massive Data Breach
NDTV Gadgets360.com: Capital One Bank Targeted in Massive Data Breach
BleepingComputer.com: Capital One Data Breach Affects 106 Million People, Suspect Arrested
ITV News: 100 million applications targeted in Capital One bank data breach
RT USA: 100mn+ people’s data exposed in Capital One bank hack, thousands of SSNs & accounts leaked
AOL: Capital One: information of over 100 mln individuals in U.S., Canada hacked
New York Post: Capital One reveals 100M affected by data breach, hacker arrested
EJ Insight: Capital One data breach affects millions in US, Canada
Mercury News: Capital One: Hacker got info on 100M in the US, 6M in Canada
CBC : Hacker obtained personal information of 6 million people in Canada
Deutsche Welle: Capital One data theft: US arrests ‘erratic’ hacker
Gizmodo: Hacker Claims to Be in Possession of Personal Info on Up to 20,000 LAPD Applicants
The Register: Capital One gets Capital Done: Hacker swipes personal info on 106 million US, Canadian credit card applicants
POLITICO: Capital One reveals historic data breach after FBI arrests Seattle suspect
Daily Beast: Tens of Millions of Credit Card Applications Stolen in Capital One Breach
GeekWire: Seattle engineer arrested for Capital One hack that affected 100M people

@zackwhittaker: Wow. Capital One discloses massive data breach: 100M in US, 6M in Canada. One person in FBI custody. Credit files, applications, the lot. Hard to see this as anything other than Equifax 2.0. (link: http://press.capitalone.com/phoenix.zhtml?c=251626&p=irol-newsArticle&ID=2405043) press.capitalone.com/phoenix.zhtml?…
@briankrebs: Nice write up. Yes, this appears to be her resume. Worked at Amazon 2015-2016
@cnbcnow: BREAKING: Capital One says data breach has “affected approximately 100M individuals in the United States & approximately 6M in Canada” but “no credit card account numbers or log-in credentials were“ taken and “99% of Social Security numbers” weren’t stolen
@gregotto: According to the FBI, a firewall misconfiguration was partly responsible for allowing Thompson to access the Capital One cloud storage
@yoda: what kind of wordsmith fuckery is this???
@RepKatiePorter: One week *to the day* after Equifax announced its settlement terms. It’s clear corporations won’t clean up their acts on their own. We need to create an enforceable federal data privacy standard, so I’m drafting that bill.
@zackwhittaker: Incredible. Capital One's data breach site is titled "Facts."And yet it also pulls this bullshit by saying that no Social Security numbers were breached... except for all the Social Security numbers that were breached.Fuck you, Capital One.
@Wired: On Monday, the FBI and Capital One disclosed a data breach of 106 million credit card applications, one of the biggest breaches of a major financial institution ever.And now someone has been arrested in connection with the crime:
@BleepingComputer: The suspect allegedly posted about her accessing of Capital One's data on GitHub. A security researcher saw her post and contacted Capital One.
@kimzetter: This Capital One breach definitely has more going on to it than the headlines suggest. Perhaps not a coordinated vuln disclosure gone wrong ?but something is def weird about it - she used Tor to access the data but then publicly posted the data to an account with her name?
@dnvolz: The arrested suspect behind the hack, Paige Thompson, is a former employee of Amazon Web Services, according to people familiar with the matter. She is accused of breaching a misconfigured Capitol One firewall to access data stored in AWS. via @nicole_hong
@BleepingComputer: This breach was discovered by a security researcher who responsibly disclosed a vulnerability to Capital One. After investigating the vulnerability, Capital One discovered that an unauthorized user accessed their systems and data between March 22 and 23, 2019.
@McGrewSecurity: Located the Capital One hacker's twitter (also thanks to those that backchanneled on the topic). Clearly they were/are in a bad state mentally/emotionally. I've deleted the earlier tweets about her. I hope they find some peace.
@weldpond: The FBI said the suspect, Paige A. Thompson, was apprehended after she “made statements on social media for evidencing the fact that she has information of Capital One, and that she recognizes that she has acted illegally,”
@h0tdish: Insider/ex employee threats and those who willingly commit crimes, creating, selling malware or stealing info via exploit/breach ARE NOT hero's & anyone who frames it that way has to explain why they're not currently launching a legal $ raiser for her but did for other criminals.
@hacks4pancakes: I feel a great disturbance in the Force, like dozens of Capital One cybersecurity analysts who were screaming futilely for into the wind for years were suddenly silenced.
@RayRedacted: I have removed all of my OSINT posts about the Capital One hacker, because it is clear that she is suffering from mental illness.Mental illness does not discriminate. It can affect anyone. I truly hope she gets the help she needs.
@catcalvinla: At this point, I’m getting like two breach notices a day. Who DOESN’T have my info?
@malwarejake: Takeaways from #CapitalOne: 1. Having a disclosure program may have saved them. I'm FAR less likely to report to an org that lacks a disclosure policy. (link: http://press.capitalone.com/phoenix.zhtml?c=251626&p=irol-newsArticle&ID=2405043) press.capitalone.com/phoenix.zhtml?…
@somanyshrimp: Losing your personal information in a massive data breach is just a thing that happens now, like 110 degree days and regular mass shootings
@TorresLuzardo: I'm trying to come up with an analogy but there's really no topping this.No SSNs were stolen except 140,000 of them.


August 5, 2019
Julia Carrie Wong / The Guardian

Julia Carrie Wong / The Guardian  
Cloudflare Terminates Far-Right, Violence-Oriented 8chan Following Walmart Massacre in El Paso, CEO Calls Site ‘Lawless’

Internet security and cloud service provider Cloudflare announced it is terminating as a client far-right, violence and hate-oriented forum 8chan, which is used to distribute racist and white nationalist manifestos prior to mass shootings, including this weekend’s deadly shooting in El Paso. Cloudflare’s decision could doom 8chan’s chances of survival given that it has been protecting the forum from distributed denial of service (DDoS) attacks, and the site is a likely target for internet vigilantes. Although shortly after the El Paso shooting Cloudflare CEO Matthew Prince said his company had a “moral obligation” to keep servicing 8chan, he ultimately reversed course,  saying in a blog post “they have proven themselves to be lawless and that lawlessness has caused multiple tragic deaths.”

Related: WA Today, Mashable, Sydney Morning Herald, Joseph Cox – VICE, Reuters, Daily Beast, Slashdot, PCMag.com, TechCrunch, VICE News, CloudFlare, The Verge, Gizmodo

Tweets:@juliacarriew @ruskin147 @donie @donie @tarah @tarah @tarah @nkulw @donie @donie @d_hawk @slpng_giants @iblametom @riskybusiness @donie @infinitechan @kevinroose @josephfcox @tarah @aprilaser @beccalew @tarah @travis_view @eastdakota @KELLYWEILL @asankin @cwarzel

WA Today : 8Chan: the website that hosts terrorist propaganda and is linked to mass shootings
Mashable: Why the hell is 8chan still online?
Sydney Morning Herald: 8chan cut loose by security firm for ‘hate-filled’ content
Joseph Cox – VICE: Cloudflare Boots 8chan as a Customer
Reuters: Cloudflare terminates 8chan as customer on ‘hate-filled’ content: CEO
Daily Beast: 8chan Loses Cloudflare Protection After El Paso Shooting
Slashdot: Cloudflare Terminates 8chan
PCMag.com: After Shootings, Cloudflare Pulls Plug on 8chan
TechCrunch: Cloudflare will stop service to 8chan, which CEO Matthew Prince describes as a “cesspool of hate”
VICE News: Cloudflare Says It Won’t Ban 8chan, a Hotbed for Terrorist Manifestos
The Verge: Cloudflare to revoke 8chan’s service, opening the fringe website up for DDoS attacks
CloudFlare: Terminating Service for 8Chan
Gizmodo: The Dirty Business of Hosting Hate Online

@juliacarriew: Here’s my story on 8chan’s links to El Paso, Poway and Christchurch, including an interview with @Cloudflare CEO @eastdakota about why he considers keeping the site in Cloudflare’s network a “moral obligation”
@ruskin147: bellingcat on 8chan and El Paso: . “Until law enforcement, and the media, treat these shooters as part of a terrorist movement no less organized, or deadly, than ISIS or Al Qaeda, the violence will continue. “
@donie: APRIL: 73 minutes before the deadly shooting at Congregation Chabad synagogue in Poway, California, someone identifying himself as the supect in that attack posted a link to a hate-speech-filled manifesto hyperlinked on 8chan.
@donie: MARCH: Before the mass shooting in Christchurchan an account believed to belong to the gunman posted a link to white nationalist manifesto on 8chan. Post included a link to the gunman's Facebook page, where he said he would later broadcast the attack live.
@tarah: The moral of this commentary: Prince couldn’t just say “8chan is disgusting and we don’t want to work with them.”He had to frame this as a larger moral standard...because there *isn’t* actually a regulatory framework by which he must abide.
@tarah: CloudFlare terminates 8chan as a customer, citing “Rule of Law”—not US law, but philosophical concept. As a corporate infosec exec, I’ve dealt w multiple competing regulatory environments. I’m concerned that the word “jurisdiction” doesn’t appear here.(link: https://blog.cloudflare.com/terminating-service-for-8chan/) blog.cloudflare.com/terminating-se…
@tarah: CloudFlare flatly says that 8chan “may not have violated the letter of the law”—the letter of the law is what we work with, here. Not the spirit.Companies do what’s in their interest and in the interest of shareholders, and avoiding civil torts is precisely that.
@nkulw: I’ve always found Cloudflare to have the most interesting and least corporate-speak statements on internet hate. Their 8chan statement is really worth reading. (link: https://blog.cloudflare.com/terminating-service-for-8chan/) blog.cloudflare.com/terminating-se…
@donie: Would 8chan even come to the table? And if it did, wouldn’t someone set up another place where this stuff will be shared?
@donie: If the manifesto in 8chan is indeed from the El Paso suspect, it’ll be at least the third atrocity this year where a suspect has posted to 8chan in advance of an attack
@d_hawk: “Once again, a terrorist used 8chan to spread his message as he knew people would save it and spread it... The board is a receptive audience for domestic terrorists.”
@slpng_giants: Fucking WOW.@eastdakota , CEO of @Cloudflare , says that continuing to do business with 8Chan, where three white supremacist shooters have posted their screeds and were cheered on by other users is a “moral responsibility”.What a statement.
@iblametom: Why action on 8chan from @cloudflare is very unlikely (link: https://www.forbes.com/sites/thomasbrewster/2019/03/15/after-the-new-zealand-terror-attack-should-8chan-be-wiped-from-the-web/) forbes.com/sites/thomasbr…
@riskybusiness: White supremacist terrorists are able to reliably organise and disseminate this shit widely thanks to @Cloudflare and its investors, led most recently by @Fidelity .This is getting worse, it’s spreading, and I worry about my (not white) family. Fuck you very much, @Cloudflare !
@donie: And here’s why 8chan isn’t going anywhere.
@infinitechan: Some of you might’ve read the @Cloudflare news already. They're dropping 8chan. (link: https://blog.cloudflare.com/terminating-service-for-8chan/) blog.cloudflare.com/terminating-se… There might be some downtime in the next 24-48 hours while we find a solution (that includes our email so timely compliance with law enforcement requests may be affected).
@kevinroose: Cloudflare debated what to do about 8chan all day. Here is (part of) @eastdakota 's rationale for banning the site, in the end. (link: https://www.nytimes.com/2019/08/04/technology/8chan-shooting-manifesto.html) nytimes.com/2019/08/04/tec…
@josephfcox: The lack of coherence at Cloudflare’s top levels is pretty stark. Talk to general counsel, say they won’t ban unless illegal, concerned about operating at scale. CEO eventually decides to pull plug on 8chan himself after debating all day.
@tarah: See, CloudFlare *absolutely* has the right to terminate any customer they wish. They’re a private company and I strongly agree with Prince that they can choose their customers.However, I find it more likely that CloudFlare terminated 8chan for *liability*, not lawlessness.
@aprilaser: The El Paso shooter followed the playbook of posting his manifesto on 8chan before opening fire. I wrote about how 8chan came to be so deeply intertwined with the project of forming a white ethnostate
@beccalew: Cloudflare's statement about kicking off 8chan is.....very strange. it seems designed purely to eschew responsibility if 8chan takes a big hit. The Daily Stormer is decidedly NOT thriving, they are hanging on by a thread (and that's a good thing!).
@tarah: Nowhere in the PCI/SOC2/ISO# checklists does the box “don’t service violent hatemongers” exist.I salute CloudFlare for terminating 8chan. However, the legal framework for violence prevention that Prince is speaking around does not actually exist in corporate America.
@travis_view: 8chan's admin says that the site will be moving to "another service."The most likely candidate for the other service is @EpikDotCom , which serves at the registar for Gab.
@eastdakota: We just sent notice we are terminating service for 8chan. There comes a time when enough is enough. But this isn't the end. We need to have a broader conversation about addressing the root causes of hate online.
@KELLYWEILL: NEW: The racist lie behind the El Paso terrorist attack, via @kellyweill
@asankin: Cloudflare may have kicked 8chan off its service, but I found that it still takes money for DDoS protection from 56 other hate groups
@cwarzel: the speed with which tech cos change after a bad PR cycle seems like solid proof that none of this is abt principles but abt trying to keep from making hard choices as long as possible. earlier today they argued that keeping 8chan within its network is a “moral obligation”


August 31, 2019
Brian Barrett / Wired

Brian Barrett / Wired  
Anonymous Hacker Compromised Twitter CEO Jack Dorsey’s Account Through SIM Swapping and Tweeted String of Racist Messages, Bomb Threats

An anonymous hacker took over Twitter CEO Jack Dorsey’s account for 20 minutes and used it to send out a string of racist messages and bomb threats. A group that calls itself the “Chuckle Gang,” which has broken into other high-profile Twitter accounts before, apparently broke into the @jack account at 3:45 pm and sent out dozens of tweets and retweets. Other who have been attacked by these hackers blamed so-called SIM swap attacks, with a particular focus on AT&T and Twitter confirmed that Dorsey’s breach was a SIM swap as well. It’s unclear, however, how Dorsey was able to regain access to his account so quickly if the attack was a result of a SIM swap.

Related: Deutsche Welle, Digital Trends, The Hill: CybersecurityAvira Blog, Firstpost, Sydney Morning Herald, Reuters, The Next Web, Tech Insider, Stars and Stripes, PCMag.com, ZDNet, ABC News: U.S., CBC, TribLIVE, Financial Times, Washington Post, SlashGear » security, Stuff.co.nz – Stuff, CNET News, ZDNet, New York Times, CBC, The A.V. Club, BuzzFeed – Tech, Sky News, Mashable, TORONTO STAR, Dark Reading: Attacks/Breaches, USA Today, Social Media Today , Vox, OneZero – Medium, FOX News, The Verge, VentureBeat, Gizmodo, Evening Standard, Daring FireballWindows Central , TechCrunch, Daily Dot, Tech Insider, CBSNews.com, Digital Trends, Heavy.com, Quartz, Neowin, Daily Beast, The Verge, Slashdot, CNET News, CNN.com, Android Central , San Francisco Chronicle, SFist, Axios, Vox, MobileSyrup.com, The Inquisitr News, CCN, AP Breaking News, iAfrikan, TIME, iMore, Memeburn, The Guardian, Android Central , RT USA, Boing BoingAndroid Authority, The Register, CNN.com, San Francisco Chronicle, Quartz, Cybersecurity Insiders, SC Magazine, THE INQUIRER, DataBreachToday.com, THE INQUIRER, iTnews – Security, PCMag.com, Haaretz.com

Deutsche Welle: Twitter CEO Jack Dorsey’s account sent racist tweets after hack
Digital Trends: Twitter CEO Jack Dorsey’s account was hacked and used to tweet racist messages
The Hill: Cybersecurity: Hillicon Valley: Twitter CEO Jack Dorsey’s account hacked | Google found iPhone security bug | YouTube reportedly to pay up to $200M to settle child privacy investigation | DNC expected to nix Iowa virtual caucus plans
Firstpost: Twitter CEO’s hacked account sends racist tweets before being secured
Sydney Morning Herald: Twitter CEO Jack Dorsey’s account hacked, racist tweets sent
Reuters: Twitter CEO’s hacked account sends racist tweets before being secured
Channel News Asia: Twitter CEO’s hacked account sends racist tweets before being secured
The Next Web: Twitter CEO Jack Dorsey’s account has been hacked
Tech Insider: Twitter CEO Jack Dorsey’s Twitter account was hacked to send out racist tweets with the n-word and phrases like ‘Hitler is innocent’ (TWTR)
Stars and Stripes: Twitter CEO Dorsey’s account sent racist tweets after hack
PCMag.com: Twitter CEO’s Account Hacked, Defaced With Racist Posts
ZDNet: Jack Dorsey’s Twitter account got hacked
ABC News: U.S.: Twitter CEO Dorsey’s account sent racist tweets after hack
CBC: Twitter says CEO’s account sent out racist, vulgar tweets after it was hacked
TribLIVE: Twitter CEO Jack Dorsey hacked; account sent racist tweets
Financial Times: Jack Dorsey’s Twitter account hacked
Washington Post: Twitter co-founder Jack Dorsey’s account hacked
SlashGear » security: Twitter CEO’s @Jack account hacked [Update]
Stuff.co.nz – Stuff: Twitter CEO Jack Dorsey’s account sends racist tweets after hack
CNET News: Jack Dorsey’s Twitter account hacked – CNET
New York Times: Twitter C.E.O. Jack Dorsey’s Account Hacked
The A.V. Club: Someone hacked Jack Dorsey’s Twitter account to say even dumber stuff than usual
BuzzFeed – Tech: Jack Dorsey, The CEO Of Twitter, Was Hacked On Twitter
Sky News: Twitter founder’s account hacked as racist tweets posted
Mashable: Jack Dorsey’s Twitter account hacked to spread pro-Hitler message
TORONTO STAR: Twitter founder Jack Dorsey’s account hacked
Dark Reading: Attacks/Breaches: @jack Got Hacked — Twitter CEO’s Tweets Hijacked
USA Today: Twitter says it is investigating how CEO Jack Dorsey's account was compromised
Social Media Today : Hackers Gain Access to the Twitter Account of Platform CEO Jack Dorsey, Tweet Offensive Content
Vox: Jack Dorsey’s hack encapsulates Twitter’s struggle with problematic content
OneZero – Medium: Three Takeaways From the Hack of Jack Dorsey’s Twitter Account
FOX News: Twitter CEO Jack Dorsey’s own account was hacked, used to post vulgar messages
The Verge: Twitter CEO Jack Dorsey’s account has been hacked
VentureBeat: Twitter is investigating CEO Jack Dorsey’s account being hacked
Gizmodo: Jack Dorsey’s Twitter Account Was Hacked
Evening Standard: Twitter CEO Jack Dorsey's own Twitter account hijacked with series of racist tweets
Daring Fireball: Jack Dorsey’s Twitter Account Was Compromised
Windows Central : Jack Dorsey, Twitter’s CEO, had his account hacked
TechCrunch: A hacker has compromised Jack Dorsey’s Twitter account
Daily Dot: Twitter CEO’s account hacked, retweets pro-Nazi propaganda
Tech Insider: How to delete your Fitbit account and erase your personal data
CBSNews.com: Hackers tweet racial slurs from Twitter CEO Jack Dorsey’s account
Digital Trends: Twitter CEO Jack Dorsey’s account was hacked and used to tweet racist messages
Heavy.com: Jack Dorsey’s Twitter Account Hacked by ‘Chuckling Squad’
Quartz: Jack Dorsey’s Twitter account got hacked—here’s what we know
Neowin: Twitter CEO, Jack Dorsey, gets account taken over by hackers
Tech Insider: It took Twitter longer to secure Jack Dorsey’s account from hackers than it would for a nuclear missile to travel around the world — and that should terrify you
Daily Beast: Twitter CEO Jack Dorsey’s Account Gets Hacked, Posts Racist Messages
The Verge: Twitter CEO Jack Dorsey’s account has been hacked
CNN.com: Jack Dorsey’s Twitter account was hacked — and he’s the CEO of Twitter
Android Central : How to change your Twitter password and activate two-factor authentication
San Francisco Chronicle: Twitter CEO Dorsey’s account sent racist tweets after hack
SFist: Hackers Seize Jack Dorsey’s Twitter, Make Bomb Threats, Praise Hitler
Axios: Twitter CEO Jack Dorsey’s account hacked
Vox: Jack Dorsey’s hack encapsulates Twitter’s struggle with problematic content
MobileSyrup.com: Twitter CEO Jack Dorsey has been hacked
The Inquisitr News: Twitter CEO Jack Dorsey’s Account Was Hacked
CCN: Jack Dorsey Twitter Hack a Sick Way to Protest Hate Speech
AP Breaking News: Twitter CEO Dorsey’s account sent racist tweets after hack
iAfrikan: Jack Dorsey’s Twitter account hacked
TIME: Twitter CEO Jack Dorsey’s Twitter Account Has Been Hacked
iMore: Worried about getting your Twitter account hacked? Set up 2FA to protect it
Memeburn: Jack Dorsey’s Twitter account has been hacked, yet again
The Guardian: Jack Dorsey: Twitter CEO’s account hacked in embarrassing security lapse
Android Central : Jack Dorsey, Twitter’s CEO, had his account hacked
RT USA: Twitter CEO Jack Dorsey’s account ‘compromised,’ posted racial slurs
Boing Boing: How did Twitter CEO Jack Dorsey’s account get hacked?
Android Authority: Regularly changing your Twitter password is important, as Twitter CEO found out
Tech Insider: What we know about how Twitter CEO Jack Dorsey’s account was hacked, and the group called ‘Chuckling Squad’ who is claiming responsibility
The Register: JACK OF ALL TIRADES: Twitter boss loses account to cunning foul-mouthed pranksters
CNN.com: Jack Dorsey’s Twitter account was hacked — and he’s the CEO of Twitter
San Francisco Chronicle: Twitter CEO Dorsey’s account sent racist tweets after hack
Quartz: Hong Kong’s fast-learning, dexterous protesters are stumped by Twitter
Cybersecurity Insiders: Twitter Mobile Security flaw allows hackers to post Racist comments
SC Magazine: Twitter CEO’s account hacked in SIM-swapping scheme | SC Media
THE INQUIRER: Twitter CEO Jack Dorsey gets his Twitter account hacked
DataBreachToday.com: Hey Jack, How Was Your Account Hacked?
iTnews – Security: Twitter CEO’s hacked account sends racist tweets before being secured
PCMag.com: Twitter CEO’s Account Hacked, Defaced With Racist Posts
Haaretz.com: Twitter CEO Jack Dorsey’s account sends out pro-Nazi tweets after being hacked


August 2, 2019
Jack Stubbs / Reuters

Jack Stubbs / Reuters  
Facebook Takes Down More Than 350 Accounts and Pages With 1.4 Million Followers in Propaganda Operation Tied to Saudi Government

In its ongoing efforts to combat “coordinated inauthentic behavior,” Facebook said it had suspended more than 350 accounts and pages with about 1.4 million followers connected to the government of Saudi Arabia, the company. The accounts and pages promoted state propaganda and attacked regional rivals, primarily targeting countries in the Middle East and North Africa, including Qatar, the UAE, Egypt Palestine, the first such network tied to the Saudi government on Facebook. The operation created accounts to look like local news operations and spent $100,000 on Facebook advertising. The Saudi government denies any involvement in the operation.

Related: SecurityWeek, CNN.com, The Hill: Cybersecurity, Tech Insider, Ad Week, Facebook Newsroom, Mashable, iTnews – Security, EJ Insight, Reuters, Ad Week, Digital Trends, The Hill, Cyberscoop, Daily Beast, Al Jazeera


October 8, 2019
Dustin Volz and Byron Tau / Wall Street Journal

Dustin Volz and Byron Tau / Wall Street Journal  
FISA Court Found FBI’s Efforts to Conduct Warrantless Database Searches on Americans Violated the Law and the Constitution

In a rare rebuke to U.S. spying programs, a secret surveillance court, the Foreign Intelligence Surveillance (FISA) Court, last year found that the FBI’s efforts to search for data about Americans violated the law authorizing the program, as well as the Constitution’s Fourth Amendment protections against unreasonable searches. The ruling was just made public by the intelligence community after the government lost an appeal of the judgment earlier this year before another secret court. The latest decision found that there were improper searches of raw intelligence databases by the bureau in 2017 and 2018 that was part of a warrantless Internet surveillance program. One fundamental problem was the breadth of the searches, which sometimes involved queries related to thousands or tens of thousands of pieces of data, such as emails or telephone numbers. The court found the FBI strayed from its mandate to search only for evidence of a crime or for foreign intelligence information. In one case, the FBI conducted searches to vet its personnel and cooperating sources.

Related: Zero Hedge, PogoWasRight.org, Engadget, Lawfare, Daily Beast

Tweets:@attackerman @trevortimm @snowden @dnvolz @ronwyden

Zero Hedge: FBI Use Of Foreign-Surveillance Tool Violated Privacy Rights: FISA Court
PogoWasRight.org: FBI’s Use of Foreign-Surveillance Tool Violated Americans’ Privacy Rights, Court Found
Engadget: FISA court: FBI use of NSA’s electronic surveillance data was illegal
Lawfare : Office of the Director of National Intelligence Releases Section 702 Documents and OpinionsDaily Beast: Secret Court: FBI Warrantless Searches Were Illegal

@attackerman: NEW: It was kept secret for a year, but the FBI’s backdoor searches of NSA dragnets for Americans’ info were the subject of a big court fight the government lost. On one day in 2017 alone, FBI warrantlessly searched 6800 times using Social Security #s.
@trevortimm: Wow. The FISA Court secretly ruled last year that the FBI made *tens of thousands* of unconstitutional searches into Americans' private data, as part of its surveillance program that supposedly targets people overseas.
@snowden: Wow: The @FBI is running a warrantless internet surveillance program so flagrantly unconstitutional that even the secret, rubber-stamp "court" that approved 99.967% (!) of surveillance requests over 33 years (!!) felt they couldn't turn a blind eye. https://wsj.com/articles/fbis-
@dnvolz: BREAKING NEWS: The FBI's use of a controversial foreign surveillance tool violated Americans' constitutional privacy rights, FISA Court finds, dealing a rare rebuke to U.S. spying activities.
@ronwyden: Last year, when Congress reauthorized Section 702 of FISA, it accepted the FBI’s outright refusal to account for all its warrantless backdoor searches of Americans.


September 3, 2019
Dell Cameron / Gizmodo

Dell Cameron / Gizmodo  
Imprisoned Hacktivist Jeremy Hammond Called to Testify Before Grand Jury in Virginia Raising Questions About Whether U.S. Is Expanding Scope of Charges Against Julian Assange

Imprisoned hacktivist Jeremy Hammond, a former WikiLeaks source and once the FBI’s most-wanted cybercriminal, has been called to testify before a federal grand jury in the Eastern District of Virginia. The Jeremy Hammond Support Committee doesn’t know the nature or scope of the grand jury’s investigation but believes it is the same grand jury that Chelsea Manning is currently being incarcerated for refusing to testify before, raising new questions about whether the U.S. government is expanding the scope of the government’s criminal case against WikiLeaks and Julian Assange. It’s unclear how Hammond connects to the government’s probe of Assange, but WikiLeaks had provided Hammond and his AntiSec hacking crew with access to a custom search engine tool in early 2012 in an effort to aid the hackers in searching a batch of more than 5 million emails of Austin, TX-based global intelligence firm, Stratfor. Hammond pleaded guilty in 2013 to hacking Stratfor, which counted at the time a string of powerful clients including the Departments of Homeland Security and Defense, employees of the National Security Agency, countless police agency heads, and, among other notable figures, former Secretary of State Henry Kissinger.

Related: SparrowMedia, CNN, Washington Post, Daily Beast

Tweets:@dellcam @dellcam @dellcam @dellcam @dellcam @kevincollier @kevincollier @NatashaBertrand @FreedomofPress @rachelweinerwp @woodruffbets

SparrowMedia: Imprisoned Activist Jeremy Hammond Called Against His Will to Testify Before Federal Grand Jury in the EDVA
CNN: Incarcerated Anonymous hacker called before grand jury, sparking WikiLeaks questions
Washington Post: Hacker linked to WikiLeaks says he’s been brought to Virginia for testimony
Daily Beast: DOJ Wants To Question Wikileaks Associate Jeremy Hammond, His Supporters Claim

@dellcam: NEW: Jeremy Hammond, Anonymous hacker and one-time WikiLeaks source, has been called to testify before a federal grand jury, signaling the scope of DOJ’s criminal investigation into WL may be far wider than previously reported.
@dellcam: I included a refresher here on AntiSec’s exploits and on my own prior investigation into the Stratfor hack and how FBI’s claims about the attack to the @nytimes and elsewhere are misleading & do not align with the sealed evidence in its possession. https://gizmodo.com/jeremy-hammond-anonymous-hacker-and-wikileaks-source-1837830636
@dellcam: Things to remember: (a) FBI had intel that Stratfor had been hacked a full day before Hammond knew the company even existed; (b) WikiLeaks entered the scene after the hack was already public knowledge. https://gizmodo.com/jeremy-hammond-anonymous-hacker-and-wikileaks-source-1837830636
@dellcam: (c) In the post-Equifax world, Stratfor would be crucified. A leaked report I published in 2014 proved it enabled the attack. Root access to its servers required no password. It had no antivirus & no firewall.
@dellcam: Related: In Nov, Giz reported that WikiLeaks provided Hammond and potentially other Stratfor hackers w/ access to a search-engine tool to help them comb through the emails. (Perhaps a parallel here to Assange charge for allegedly trying to assist Manning)
@kevincollier: We don't currently have reporting why exactly Hammond's called. But as @dellcam reported last year, Hammond said in a private 2011 chat that Assange had offered him a tool to help w/hacked Stratfor emails. Echoes how the US charged him w/helping Manning:
@kevincollier: Anonymous hacktivist Jeremy Hammond, who's spent the past 7 years behind bars, called to testify before a grand jury. Believed to be related to Assange investigation and Chelsea Manning's similar grand jury call:
@NatashaBertrand: NEW: A potential development in the Assange case. Jeremy Hammond, who was convicted of computer fraud in 2013 for hacking the private intel firm Stratfor and releasing data to WikiLeaks, has been subpoenaed to testify before a grand jury in the Eastern District of Virginia.
@FreedomofPress: Ominous signs the Trump admin is expanding its case against WikiLeaks founder Julian Assange, who is already under an indictment that would have unprecedented consequences for press freedom.
@rachelweinerwp: Jeremy Hammond, serving 10-year sentence for Stratfor hack shared with Wikileaks, says he's been brought to Virginia for grand jury but won't testify
@woodruffbets: News: A grand jury in EDVA has called in Jeremy Hammond, who was involved in the Stratfor hack. His supporters say they believe it's to question him about Wikileaks.


September 14, 2019
Amanda Connolly, Mercedes Stephenson, Stewart Bell, Sam Cooper and Rachel Browne / Global News

Amanda Connolly, Mercedes Stephenson, Stewart Bell, Sam Cooper and Rachel Browne / Global News  
RCMP Arrest One of Their Own Senior Intelligence Officials for Espionage Dating Back to 2015, Amassed Terabytes of Sensitive Information and Now Stands Accused of Passing Information to Foreign Entity

In what could be one of the worst cases of espionage the country has ever experienced, Canada’s national police have arrested a senior intelligence official in the RCMP, Cameron Ortis, who now faces seven counts dating as far back as 2015, including breach of trust, communicating “special operational information,” and obtaining information in order to pass it to a “foreign entity.” The case was uncovered by U.S. authorities as part of a wider operation involving NATO allies and the Five Eyes countries of Canada, Australia, New Zealand, the U.S. and U.K. The charges did not specify which foreign entity or what type of information, but a source said he had amassed “terabytes of information,” including a list of undercover operatives. John MacFarlane, Public Prosecution Service of Canada official, said Ortis was accused of having “obtained, stored, processed sensitive information we believe with the intent to communicate it to people that he shouldn’t be communicating it to.”

Related: South China Morning Post, AP Top News, Reuters: World News, Daily Beast

Tweets:@MercedesGlobal @zackwhittaker @zackwhittaker @allanfriedman


October 7, 2019
Ronan Farrow / New Yorker

Ronan Farrow / New Yorker  
Ronan Farrow: Black Cube Installed Spyware on My Phone to Keep Track of My Location During Weinstein Investigation

In an excerpt from his new book “Catch and Kill,” Ronan Farrow outlines how Harvey Weinstein purportedly paid Israeli spies to hack his cellphone during his investigation into the sexual assault allegations against the now-disgraced movie mogul. Farrow reports that Weinstein hired notorious Israeli spy firm Black Cube to conduct surveillance on his accusers and reporters investigating Weinstein’s assaults. A private investigator hired by Black Cube, Russian-American agent Roman Khaykin, claims that one of Black Cube’s spies installed cell phone tracking malware on Farrow’s phone to keep track of his whereabouts. Black Cube contends that it was not aware of or authorize any cell phone tracking of Farrow.

Related: Variety, Daily Beast

Tweets:@razhael @HowellONeill @josephfcox


April 3, 2019
Kevin Poulsen / Daily Beast

Kevin Poulsen / Daily Beast  
Facebook Will Stop Demanding Outside Email Account Passwords for Some Users After Being Called Out

Following news that Facebook admitted storing hundreds of millions of its users’ own passwords insecurely, Facebook is demanding some users supply their passwords for their outside email account as the price of admission to the social network. Some users’ access to the social media network has been interrupted by a message demanding they provide the password for the email account they gave to Facebook when signing up. “To continue using Facebook, you’ll need to confirm your email,” the message demands. “Since you signed up with [email address], you can do that automatically …” After the Daily Beast contacted Facebook, the company said it will stop asking users for their email account passwords. The additional login step was noticed over the weekend by a cybersecurity watcher on Twitter called “e-sushi.”

October 24, 2017
Joseph Cox / Daily Beast

Joseph Cox / Daily Beast  
Dark Overlord Hacks Top London Plastic Surgery, Threatens to Reveal Patient’s Pictures

The hacker group known as the Dark Overlord has hacked into a high-profile London plastic surgeon’s office, London Bridge Plastic Surgery (LBPS), and stole files that include pictures of sensitive plastic surgery procedures. A representative of the Dark Overlord contacted the Daily Beast and claim the group has stolen terabytes of data including databases and names of patients and say the files contain information on members of the royal family. The representative used an email account belonging to LBPS and sent a cache of surgery photos to prove the hack’s legitimacy. The group has threatened to release the photos publicly. The Dark Overlord first became known in mid-2016 after hacking medical centers across the U.S. and then moved on to businesses and most recently public school systems in the U.S.