Search Results for “Joseph Cox”

May 12, 2020
Joseph Cox / Motherboard

Joseph Cox / Motherboard  
Israeli Spyware Vendor NSO Group Is Pitching Its Mobile Hacking Technology to Local Police Forces in the U.S.

Israeli spyware vendor NSO Group, which has earned a notorious reputation for selling its mobile phone surveillance technologies to oppressive regimes around the globe, has been pitching its products to U.S. local police forces. A brochure by Westbridge Technologies, which calls itself “the North American branch of NSO Group,” tells local law enforcement that they can turn their targets’ phones “into an intelligence gold mine” by using a spyware product called Phantom. A former NSO employee says that Phantom is the same as Pegasus, the most intrusive spyware that NSO Group sells to despotic governments, including Saudi Arabia.

Related: Slashdot

Tweets:@josephfcox @josephfcox @josephfcox @josephfcox @josephfcox @josephfcox @josephfcox @josephfcox

Slashdot: NSO Group Pitched Phone Hacking Tech To American Police

@josephfcox: Scoop: NSO Group, best known for selling iPhone hacking tech used to spy on associates of murdered journalist Jamal Khashoggi, also pitched their products to local American police. One law enforcement official called the tool "awesome."
@josephfcox: Obtained brochure for NSO product called PHANTOM. Can remotely infect devices with 0-click, get messages, location, etc Source says PHANTOM is a rebranded PEGASUS, NSO's infamous hacking product. Local police would have the same capability as Saudi intel
@josephfcox: Federal authorities, intelligence agencies having 0-click phone hacking technology is one thing. Local police having it, is another, but that's exactly who NSO was trying to sell to
@josephfcox: Here are some of the capabilities of the phone hacking technology pitched to local American cops are "Unlimited access to the target's mobile devices."
@josephfcox: After talking to Westbridge, the U.S. arm of NSO Group, an official from the San Diego Police Department said the phone hacking tech "sounds awesome"
@josephfcox: Price is the reason San Diego police give for not buying NSO Group's phone hacking tech, saying they don't have funds for such a large scale project
@josephfcox: In the brochure sent to local cops, Westbridge/NSO says its malware is modular, can be tweaked depending on client's regulations. Other companies in the industry do this: maybe your warrant allows text but not Skype interception, etc
@josephfcox: Updated with comment from San Diego Police Department, which spoke to NSO Group's U.S. arm about phone hacking technology. Says would require a warrant to use such tech

May 5, 2020
Joseph Cox / Motherboard

Joseph Cox / Motherboard  
Hacker Bribed Roblox Worker and Gained Access to Personal Data on Over 100 Million Active Monthly Users

A hacker said he bribed a Roblox worker to gain access to the back end customer support panel of the popular online video game, giving them access to personal information on over 100 million active monthly users and other privileges such as granting virtual in-game currency. The hacker was able to see users’ email addresses, as well as change passwords, remove two-factor authentication from their accounts, ban users, and more, according to the hacker and screenshots of the internal system. The hacker shared screenshots with Motherboard that included the personal information of some of the more high-profile users, including YouTuber Linkmon99, purportedly the “richest” Roblox player in the world. The hacker claims they hacked Roblox to prove a point. Robox said it immediately took action to address the issue and individually notified the minimal amount of customers who were impacted.

Related: Security News | Tech Times, Engadget, Boing Boing

Tweets:@waypoint @josephfcox @josephfcox @josephfcox @josephfcox @josephfcox

Security News | Tech Times: Roblox Hacked by Bribed Insider
Engadget: ‘Roblox’ insider sold user data access to a hacker
Boing Boing: ‘Roblox’ hacker got 100 million user accounts for popular online game, reports VICE

@waypoint: The hacker got access to over 100 million active Roblox monthly users and the ability to grant virtual in-game currency.
@josephfcox: One of the most high profile users in Roblox confirmed their account information was exposed. I showed them an email address the hacker found; they said this was their private, dedicated email address only for using this game
@josephfcox: This is some of the stuff the Roblox hacker could have done, and did some of to at least a few accounts. If you can't hack a site/service/application, the customer support reps may help you out for a little bit of cash
@josephfcox: Not only does this show how much of a threat insiders at companies can be, but also how accessing data of children can be pretty straight forward. Roblox has a huge community of children using it; also used for kids parties during COVID-19
@josephfcox: The hacker sent messages between them and the insider. According to LinkedIn, this person worked for a contractor that works for Roblox. Targeting customer support reps is fruitful for hackers; lots of data access, potentially fewer controls in place
@josephfcox: Here's a screenshot the hacker shared showing Roblox's back end customer support portal. Look up private email addresses, grant players in-game currency. Hacker says they reset passwords and stole items to sell

May 20, 2020
Joseph Cox / Motherboard

Joseph Cox / Motherboard  
Spyware Firm NSO Group Created a Web Domain That Masqueraded as a Facebook Security Team Site to Spread Its Powerful Pegasus Malware

Notorious Israeli spyware firm NSO Group created a web domain that looked as if it belonged to Facebook’s security team to entice targets to click on links that would install the company’s powerful Pegasus cell phone hacking technology, according to data analyzed by Motherboard. Although it’s not uncommon for nation-state hackers to impersonate Facebook, Facebook is currently suing NSO Group for leveraging a vulnerability in Facebook-owned WhatsApp to let NSO clients remotely hack phones. Motherboard also discovered that a server used by NSO’s system to deliver malware was owned by Amazon and is more evidence that NSO has used U.S. infrastructure.

Related: Slashdot

Tweets:@josephfcox @lorenzofb @dangoodin001 @josephfcox @josephfcox @josephfcox

Slashdot : NSO Group Impersonated Facebook To Help Clients Hack Targets

@josephfcox: New: former NSO Group employee leaked me an IP address used to launch Pegasus malware against targets. I looked up pDNS records and found a related domain was impersonating Facebook security's team. Also found more NSO infrastructure in the United States
@lorenzofb: NSO Group impersonated Facebook in an attempt to help clients hack targets. .@josephfcox found a web domain that looked like a Facebook site and was used for phishing targets to instal NSO's spyware.
@dangoodin001: When I get subscribed to a list without permission I respond to the sender (& any other email addresses I can find for the company) and demand I be removed. Sometimes I get a reply that says I can just use the unsubscribe link. No, I can't and here's why:
@josephfcox: Many NSO clients have abused the tech, and publishing those domains can be important to find other abuses. In this case, we don't know if they were used in legitimate law enforcement or intelligence operations, so are not publishing domains themselves
@josephfcox: Facebook said took control of this domain to stop people abusing it in the future. Also has relevance for Facebook's recent legal action against domain registrars: Facebook used those that allowed fake Facebook domains (same registrar as the Pegasus link)
@josephfcox: The IP address was used to launch Pegasus' 1-click variant. The linked domains were a mix of things designed to be innocuous ('unsubscribe me please' style links), and then those impersonating Facebook or FedEx package tracking links

April 29, 2020
Joseph Cox / Motherboard

Joseph Cox / Motherboard  
NSO Employee Abused Access to Company’s Powerful Pegasus Hacking Technology to Target a Love Interest

An employee of controversial surveillance vendor NSO Group abused access to the company’s powerful Pegasus hacking technology to target a love interest, Motherboard found out from multiple sources. Pegasus can track the target’s location, read their texts, emails, social media messages, siphon their photos and videos, and turn on the device’s camera and microphone. While on location in the UAE in 2016, the NSO employee broke into an intelligence agency client’s office and was detained by authorities. While in the office, the employee used the Pegasus system to target a woman he knew personally. The employee was subsequently fired.  After this incident, NSO introduced a “more rigorous screening of customer-facing people,” one former employee said.

Related: Slashdot

Tweets:@josephfcox @josephfcox @josephfcox @josephfcox

March 24, 2020
Joseph Cox / Motherboard

Joseph Cox / Motherboard  
Hackers Are Hijacking Twitter Accounts to Push Website Purportedly Selling Face Masks and Toilet Paper

Hackers have taken over a wave of Twitter accounts to aggressively advertise a website that claims to be selling face masks and toilet paper during the coronavirus pandemic. The accounts posted hundreds of tweets linking to the site over at least a few hours earlier today. One journalist for Motherboard, Todd Feathers, confirmed that his account was hijacked to spread the message. The hacker also sent direct messages to Feathers’ followers with a link to the website. The site claims to sell face masks, respirators, digital thermometers, and toilet roll. Twitter said it had acted against several accounts and URLs around this recent activity, and pointed to its policy banning malicious use of bots and inauthentic accounts.

April 30, 2020
CYBER / Motherboard

CYBER / Motherboard  
NSO Employee Abused Phone Hacking Tech to Target a Love Interest

A former employee of NSO Group—the surveillance firm out of Israel whose hacking technology was reportedly used on the phones of associates of murdered journalist Jamal Khashoggi—was caught using the company’s hacking tool to target a love interest. Motherboard reporter Joseph Cox is on this week’s CYBER to discuss the story.

March 9, 2020
Joseph Cox / Motherboard

Joseph Cox / Motherboard  
Artificial Intelligence Firm Banjo Used Shadow Company Pink Unicorn Labs to Create Social Media Data-Scraping Apps

Banjo, an artificial intelligence firm that works with police, used a shadow company named Pink Unicorn Labs to create an array of Android and iOS apps that looked innocuous but were explicitly designed to secretly scrape social media, according to three former employees. The goal of creating the shadow company was to dodge detection by social media companies. Three apps created by Pink Unicorn Labs, One Direction Fan App,” “EDM Fan App,” and “Formula Racing App,” were available for downloading and analysis on archive sites.  An analysis showed that they were initially compiled in 2015 and were on the Play Store until 2016 and contained code that mentioned signing into Facebook, Twitter, Instagram, Russian social media app VK, FourSquare, Google Plus, and Chinese social network Sina Weibo. Business records show Banjo CEO Damien Patton initially incorporated the company.

March 27, 2020
Joseph Cox / Motherboard

Joseph Cox / Motherboard  
Massively Popular Video Conferencing App Zoom is Sending Some Data Analytics From iOS Users to Facebook

The iOS version of the meteorically popular Zoom app is sending some analytics data to Facebook, even if Zoom users don’t have a Facebook account, and Zoom users may remain mostly unaware of this data transfer. Nothing in Zoom’s privacy policy mentions this data sharing. The Zoom app notifies Facebook when the user opens the app, details on the user’s device such as the model, the time zone and city they are connecting from, which phone carrier they are using, and a unique advertiser identifier created by the user’s device which companies can use to target a user with advertisements.

Related: Ride the Lightning, Reddit – cybersecurity, Reclaim The Net, SC Magazine, iMore, Techradar, WonderHowTo, Tech Insider, Mic, iPhone Hacks, Slashdot


April 3, 2020
Joseph Cox / Motherboard

Joseph Cox / Motherboard  
Facebook Wanted to Buy NSO Group’s Pegasus Spyware to Better Monitor Apple Users of the Company’s Former VPN Product, Court Documents

Facebook representatives approached controversial surveillance vendor NSO Group to try and buy its powerful Pegasus surveillance tool so that Facebook better monitor a subset of its users, according to a court filing from NSO in an ongoing lawsuit. Facebook is currently suing NSO Group for exploiting a vulnerability in WhatsApp to help governments spy on users. Two Facebook representatives approached NSO in October 2017 and asked to purchase the right to use specific capabilities of NSO’s Pegasus spyware, according to a declaration by NSO CEO Shalev Hulio. The documents in the lawsuit portray Facebook as seemingly interested in buying Pegasus as a way to more effectively monitor phones of users who had already installed Facebook’s then-VPN product Onavo Protect. Concerned that its own data gathering methods weren’t working well for Apple users, Facebook wanted to use purported capabilities of Pegasus to monitor users on Apple devices and were willing to pay for the ability to monitor Onavo Protect users. Facebook says that NSO is misrepresenting the discussions around Onavo in the lawsuit documents.

Related: Verdict, NS Tech, Cyberscoop, WCCFtech,  Slashdot

Tweets:@LorenzoFB @AASchapiro @josephfcox