Search Results for “Lorenzo Franceschi-Bicchierai”


October 10, 2019
Lorenzo Franceschi-Bicchierai / Motherboard

Lorenzo Franceschi-Bicchierai / Motherboard  
State-Sponsored Spies Targeted Two Morrocan Human Rights Activists With NSO Group’s Pegasus Spyware, Evidence of Man-in-the-Middle Attack Found on One Target’s Phone

Hackers likely working for a government targeted two Moroccan human rights activists with malware made by the controversial Israeli surveillance vendor NSO Group, according to a new report by Amnesty International. The Amnesty researchers describe a series of attacks against Maati Monjib, a historian and journalist, and Abdessadak El Bouchattaoui, a lawyer who represented a group of protesters in Morocco. The two men received a series of text messages containing links that pointed to infrastructure previously attributed to NSO Group by Amnesty as well as the digital rights organization Citizen Lab. The links, if clicked, silently installed NSO’s Pegasus spyware on the targets’ phone. Monjib told Motherboard that in the last few years, “physical surveillance and then electronic surveillance have transformed my life to a hellish one.” The Amnesty researchers also found evidence of a “man-in-the-middle,” or network injection attack that allowed the attackers to intercept web traffic to redirect visits to legitimate websites to malicious ones, infecting the targets with malware. The researchers were able to find evidence of a man-in-the-middle attack by inspecting Monjib’s browsing history, although they were not confident the attack was a result of NSO Group’s technology.

Related: Latin American Herald Tribune, Security Affairs, Reuters: World News, Amnesty International

Tweets:@Bing_Chris @zahrasalmanasif @lorenzofb @josephfcox


July 23, 2019
Lorenzo Franceschi-Bicchierai / Motherboard

Lorenzo Franceschi-Bicchierai / Motherboard  
Vigilante Hacker Phineas Fisher Denies He Works for Russian Government, U.S. Intel Source and Italian Government Say He’s a Hacktivist

The vigilante hacker known as Phineas Fisher, who four years ago broke into the servers of notorious cybersecurity company Hacking Team and put all of its data online, says he’s not a Russian state hacker, as cybersecurity journalist Joseph Menn reports in his book “Cult of the Dead Cow.” A source close to the US intelligence community told Motherboard that the US government is actually convinced Phineas Fisher is indeed a hacktivist. In addition, Italian government investigators that looked into the Hacking Team breach have reached a similar conclusion, writing in a court document obtained by Motherboard that the “motive behind the commission of the crime was certainly of political and ideological nature.”

September 25, 2019
Lorenzo Franceschi-Bicchierai / Motherboard

Lorenzo Franceschi-Bicchierai / Motherboard  
In Call With Ukrainian President, Trump Made a Confusing Reference to Cybersecurity Company CrowdStrike

In the full notes of the call between Donald Trump and Ukraine’s President Volodymyr Zelensky that is now the focus of an impeachment inquiry, Trump made a confusing reference to cybersecurity giant CrowdStrike that even the company itself doesn’t understand. “I got nothing,” Adam Meyers, the vice president of intelligence at CrowdStrike, told Motherboard. Trump told Zelenksy he’d like him to look into “the server,” and referenced CrowdStrike, the cybersecurity firm that investigated the hack on the Democratic National Committee in 2016. Trump further made a confused reference to Ukraine having the DNC server at the center of the 2016 presidential election controversy perhaps an allusion to Trump’s mistaken belief that CrowdStrike is a Ukrainian company. (It is headquartered in Sunnyvale, California.)

Related: Cyberscoop

Tweets:@RidT @kevincollier @josephmenn @alexstamos @josephfcox @dellcam @campuscodi @alfredwkng @thepacketrat

Cyberscoop: Why did President Trump mention CrowdStrike to the Ukrainian president?

@RidT: There's a lot going on in this paragraph from the Trump-Zelensky transcript, p. 3 https://whitehouse.gov/wp-content/uploads/2019/09/Unclassified09.2019.pdfThe president appears to be referring to a number of different conspiracy theories here—none of this appears to have any basis in reality. Two questions therefore:
@kevincollier: I've retyped Trump's CrowdStrike reference so it's a little easier to read. I've seen some moderately compelling explanations for what Trump's getting at, but if you have a solid one or any direct info I'd love to hear about it.
@josephmenn: Thoughts and prayers for @Crowdstrike PR.
@alexstamos: You can’t buy exposure like this, it’s amazing.
@josephfcox: "I got nothing." — Adam Meyers, vice president of intelligence at CrowdStrike, today.
@dellcam: Trump continues to believe (incorrectly) that @CrowdStrike is owned by a Ukrainian billionaire. This prob stems from flimsy ties drawn by @DailyCaller from Dmitri Alperovitch (CrowdStrike cofounder) to Victor Pinchuk (Ukrainian billionare). This from 2017:
@campuscodi: So, all of a sudden, a bunch of Twitter bots and neo-nazi accounts are experts in this "crowdstrike" thing
@alfredwkng: CrowdStrike's statement: “With regards to our investigation of the DNC hack in 2016, we provided all forensic evidence and analysis to the FBI. As we’ve stated before, we stand by our findings and conclusions that have been fully supported by the US Intelligence community”
@thepacketrat: Apparently @Crowdstrike is Ukrainian and interfered in the 2016 election.


September 14, 2019
Lorenzo Franceschi-Bicchierai / Motherboard

Lorenzo Franceschi-Bicchierai / Motherboard  
T-Mobile Offers an Unpublicized Feature Called NOPORT That Offers Greater Protection Against SIM Swapping Attacks

T-Mobile has a feature NOPORT that gives its customers more protection from hackers trying to steal their phone number but doesn’t advertise it publicly and won’t even talk about it. NOPORT makes it harder for a hacker to hijack phone numbers with a SIM swapping attack by requiring customers to physically come to a store and present a photo ID in order to request their number to be ported out to a different carrier or a new SIM card. NOPORT is not documented on any T-Mobile websites with the carrier preferring to push its Port Validation process that requires creating a special PIN for making changes to their accounts.

Related: Reddit-hacking, Slashdot, TechNadu

Tweets:@dguido @lorenzofb @lorenzofb


September 6, 2019
Lorenzo Franceschi-Bicchierai / Motherboard

Lorenzo Franceschi-Bicchierai / Motherboard  
[Updated] Apple Issues Statement on Google’s Discovery of iOS Vulnerabilities That Led to Attacks on Uighur Community, Says The Attacks Lasted for Shorter Period of Time and Were Less Widespread Than Google Researchers Suggest

Apple released a rare and defensive statement to comment on the attacks on iPhone users revealed by Google last week. Google revealed five chains of iOS vulnerabilities discovered by its security teams and described the attacks as “indiscriminate,” and potentially hitting “thousands” of people. Apple disputes minor details that Google released about the attacks saying the attacks lasted for a shorter amount of time and that they were less widespread than Google reported. Apple said that the attacks affected fewer than a dozen websites that focus on content related to the Chinese Muslim minority Uighur community. The target of the attacks had not been revealed by Google but journalists subsequently discovered they were targeted at the Uighur community. In the statement, Apple said that “Google’s post, issued six months after iOS patches were released, creates the false impression of ‘mass exploitation’ to ‘monitor the private activities of entire populations in real time,’ stoking fear among all iPhone users that their devices had been compromised. This was never the case.” In response to Apple’s statement, Google issued its own statement saying “we stand by our in-depth research.”

Related: Apple, The Verge, Bloomberg, Reuters, Slashdot, Quartz, Buzzfeed, Gizmodo, CNET, The Next Web, New York Magazine, FOX News, Daring Fireball, Yahoo! News, FirstpostTODAYonline, TechCrunch, iClarified, TechnoBuffalo, iMore, MacDailyNews, Tech Insider, MacRumors, Technology Review, The Hill: Cybersecurity, Channel News Asia, The Hacker News, Engadget, iPhone Hacks, SlashGear » security

Tweets:@lmatsakis @josephfcox @josephfcox @zeynep @zackwhittaker @lorenzofb @markgurman @jeffstone500 @thehackernews @BleepinComputer @JohnPaczkowski @ericgeller @ericgeller @RMac18 @alexstamos @alexstamos @alexstamos @alexstamos @alexstamos @alexstamos @gizmodo @LorenzoFB @ShiraOvide @tqbf @suka_hiroaki @mattblaze @howelloneill @josephmenn @josephfcox @SwiftonSecurity

Apple: A message about iOS security 
The Verge: Apple accuses Google of ‘stoking fear’ over iPhone security issues
Bloomberg: Apple Disputes Google Description of a Widespread iPhone Attack
Reuters: Apple says Uighurs targeted in iPhone attack but disputes Google’s findings
Slashdot:Apple Disputes Google’s Claims of a Devastating iPhone Hack
Quartz: Apple implies iPhones were hacked to spy on China’s Uyghur Muslims
Buzzfeed: Apple Has Confirmed Uighurs Were Targeted In Wide-Ranging Phone Hacking Scheme
Gizmodo: Apple Can Feel Its Reputation for Bulletproof Security Slipping Through Its Fingers
CNET: Apple pushes back against Google on iOS hack targeting Muslims
The Next Web: Apple claps back at Google for spreading FUD in iOS exploit report
New York Magazine: Apple Downplays Enormous iOS Security Hole That Google Found
FOX News: Apple disputes Google’s iPhone hack claim, says report ‘creates false impression’
Daring Fireball: Apple Pushes Back on iOS Security in Wake of Google’s Report
Yahoo! News: UPDATE 2-Apple says Uighurs targeted in iPhone attack but disputes Google findings
Firstpost: Apple says Uighurs targeted in iPhone attack but disputes Google findings
TODAYonline: Apple says Uighurs targeted in iPhone attack but disputes Google findings
TechCrunch: Apple doesn’t want Google ‘stoking fear’ about serious iOS security exploits
iClarified: Apple Issues Statement on iOS Exploits Found in the Wild
TechnoBuffalo: Apple responds adamantly to concerns about iOS security vulnerabilities
iMore: Apple responds vehemently to concerns about iOS security vulnerabilities
MacDailyNews: CNET reviews Apple Card: Most useful for users who love Apple Pay
Tech Insider: Apple just put Google on blast for trying to stoke ‘fear among all iPhone users that their devices had been compromised’ (AAPL, GOOG)
MacRumors: Apple Disputes Some Details of Google’s Project Zero Report on iOS Security Vulnerabilities [Updated]
Technology Review:Apple says China’s Uighur Muslims were targeted in the recent iPhone hacking campaign
The Hill: Cybersecurity: Apple says iPhone attack was targeted at Chinese Muslim minority group
Channel News Asia: Apple says Uighurs targeted in iPhone attack but disputes Google’s findings
The Hacker News: Google Uncovers How Just Visiting Some Sites Were Secretly Hacking iPhones For Years
Engadget: Apple tries to clear up Google’s claims about iOS vulnerabilities
iPhone Hacks: Apple Disputes Google Project Zero Findings, Issues Statement Highlighting iOS Security
SlashGear » security: Apple just accused Google of iPhone security fake news [Update]

@lmatsakis: It's really telling, I think, that Apple doesn't use the word "China" in this statement confirming that the iOS exploits Google discovered were used to spy on China's minority Muslim population
@josephfcox: Apple just posted a wild statement in response to Google Project Zero's findings on malicious websites pushing iOS exploits for years - confirms against Uighurs - disputes "years" deployment, says two months - pretty arrogant tone about device security https://vice.com/en_us/article/qvgv4p/apple-disputes-googles-claims-of-a-devastating-iphone-hack
@josephfcox: The whole statement is pretty dismissive of the targeting of the Uighur minority. Notice it doesn't actually say how many devices were infected either, just tries to suggest smaller impact than Google said https://vice.com/en_us/article/qvgv4p/apple-disputes-googles-claims-of-a-devastating-iphone-hack
@zeynep: This is a terrible statement.
@zackwhittaker: Apple has issued a rare statement about iOS security re: Google's iPhone exploits it posted last week, basically confirming my reporting about the attacks targeting Uyghur Muslims.
@lorenzofb: So, to recap.Google said the attacks on iPhones were widespread. Multiple reports say it was China hacking Uighurs.Apple confirms it was Uighurs, but doesn't say it was China.In 2009, Google wasn't scared to point finger at China. How the times change.
@markgurman: First Siri privacy issues, now Apple puts Google malware finding controversy behind it ahead of Tuesday. They’re blasting Google for posting about it 6 months after it was fixed.
@jeffstone500: Apple’s response to Google today says that massive iOS hacking operation lasted "only" months & that it was “focused,” creating the impression all this is overblown. Try telling the Uighur targets who probably have Chinese spies lurking on their phones forever.
@thehackernews: Apple says Google created the false impression of “mass exploitation” to “monitor the private activities of entire populations in real time,” stoking fear among all iPhone users that their devices had been compromised.Update added to the original story:
@BleepinComputer: Apple claims Google's Project Zero report is "stoking fear among all iPhone users that their devices had been compromised."
@JohnPaczkowski: kinda odd that google didn't mention Uighurs in that project zero post, too
@ericgeller: In a rare public statement, Apple confirms watering-hole websites used to infect Uighurs' iPhones but rejects Google's initial description (https://googleprojectzero.blogspot.com/2019/08/a-very-deep-dive-into-ios-exploit.html) including duration and scale. https://apple.com/newsroom/2019/09/a-message-about-ios-security/
@ericgeller: Google responds to Apple saying that Project Zero got some details wrong when it first revealed the iOS hacking campaign: "We stand by our in-depth research..."
@RMac18: Some updates:-An FBI official says the bureau has been aware of the exploit for some time and has been in contact with Apple.-Google has a statement pushing back on Apple and saying it stands by its research.
@alexstamos: Apple's response to the worst known iOS attack in history should be graded somewhere between "disappointing" and "disgusting".First off, disputing Google's correct use of "indiscriminate" when describing a watering hole attack smacks of "it's ok, it didn't hit white people."
@alexstamos: Even if we accept Apple's framing that exploiting Uyghurs isn't as big a deal as Google makes it out to be, they have no idea whether these exploits were used by the PRC in more targeted situations. Dismissing such a possibility out of hand is extremely risky.
@alexstamos: Second, the word "China" is conspicuously absent, once again demonstrating the value the PRC gets from their leverage over the world's most valuable public company.To be fair, Google's post also didn't mention China. Their employees likely leaked attribution on background.
@alexstamos: Third, the pivot to Apple's arrogant marketing is not only tone-deaf but really rings hollow to the security community when Google did all the heavy lifting here. I'm guessing we won't hear Tim talk about how they are going to do better on stage next week.
@alexstamos: This possibility that this incident might wake Apple up to their responsibilities the way Aurora impacted Google was discussed by @riskybusiness and I just a couple of days ago. I guess we have our answer.
@alexstamos: Dear Apple employees: I have worked for companies that took too long to publicly address their responsibilities. This is not a path you want to take. Apple does some incredible security work, but this kind of legal/comms driven response can undermine that work. Demand better.
@gizmodo: Apple can feel its reputation for bulletproof security slipping through its fingers
@LorenzoFB: Even former Apple security engineers think Apple's statement on this is bad.
@ShiraOvide: This is savage and good.Humility is a highly useful quality in people, and in companies.
@tqbf: Cosign all of this. Apple does astonishing technical work to secure the iOS platform, and this statement squanders the moral authority they earned.
@suka_hiroaki: Google: Hey, we found a bunch of full exploit chains for iOS, here is how to fix them. Apple: HOW DARE YOU!!!
@mattblaze: This thread from @alexstamos . I hope my friends at Apple read it very carefully. There's important, hard-earned wisdom here.
@howelloneill: There's a lot of worthwhile debate to be had over Apple's statement about this hacking campaign. One important thing it did do is confirm earlier reporting about Uighur targets. One thing it didn't do is use the word China. https://technologyreview.com/f/614277/apple-says-chinas-uighur-muslims-were-targeted-in-iphone-hacking-campaign/
@josephmenn: Unclear how Apple and Google taking Sharpies to one another is helping the Uighurs.
@josephfcox: i don't think anything has ever brought the infosec community together as much as this unanimous response to apple's statement
@SwiftonSecurity: Apple should have just taken the L and hardened their OS instead of posting this garbled statement.


September 4, 2019
Lorenzo Franceschi-Bicchierai / Motherboard

Lorenzo Franceschi-Bicchierai / Motherboard  
XKCD Forum Breach Affects Around 560,000 Users, Account Details Including Hashed Passwords Stolen

Popular webcomic XKCD revealed that hackers stole around 560,000 usernames, email and IP addresses, as well as hashed passwords from its forum. XKCD was notified about the breach from Troy Hunt, who maintains the data breach notification website Have I Been Pwned, and subsequently took the forum offline. XKCD is a 14-year old popular webcomic by Randall Munroe, which focuses on tech, science, and internet culture. Hunt said that the stolen data was found by white hat security researcher Adam Davies.

August 26, 2019
Lorenzo Franceschi-Bicchierai / Motherboard

Lorenzo Franceschi-Bicchierai / Motherboard  
Apple Issues Emergency Fix For iPhone Jailbreak Bug That Was Reintroduced in iOS 12.4

Apple issued an emergency patch with the release of iOS 12.4.1 one month after it mistakenly made it easier for hackers to jailbreak up to date iPhones with the release of iOS 12.4. When it released iOS 12.4, Apple reintroduced a bug that had been previously patched. The old bug reintroduced by Apple could be used by malicious hackers to chain it with another exploit to hack iPhone users.

August 19, 2019
Lorenzo Franceschi-Bicchierai / Motherboard

Lorenzo Franceschi-Bicchierai / Motherboard  
Latest iOS Version Reintroduces Bug Found in Earlier Version, Researcher Releases Public Jailbreak for Up-to-Date iPhones

iOS 12.4, the latest version released in June, reintroduced a bug found by a Google hacker that was fixed in iOS 12.3, Jonathan Levin, a security researcher and trainer who specializes in iOS discovered. Pwn20wnd, a security researcher who develops iPhone jailbreaks, published a jailbreak for iOS 12.4.  Yet another security researcher who wishes to remain anonymous said that organizations that have the expertise to target iPhones can now use a bug in Safari, for example, to “ hack any up to date iPhone.” Finally, Ned Williamson, a security researcher at Google, confirmed that the old exploit that was once patched by Apple works on his iPhone XR.

Related: Wired, Gizmodo, Engadget, Tom’s Guide, 9to5Mac, Cult of Mac, The Mac Observer, pwn20wndstuff/Undecimus

Tweets:@yosy1692


August 11, 2019
Lorenzo Franceschi-Bicchierai and Joseph Cox / Motherboard

Lorenzo Franceschi-Bicchierai and Joseph Cox / Motherboard  
Black Hat Pulls Sponsored Conference Talk on New Encryption Technology Following Open Ridicule by Attendees

Attendees at the Black Hat security conference in Las Vegas openly ridiculed a sponsored talk at the event entitled “The 2019 Discovery of Quasi-Prime Numbers: What Does This Mean For Encryption?” given by a man named Robert Grant of a company called Crown Sterling.  Many of the conference attendees slammed the presentation as touting “bad math” and unproven and potentially harmful encryption technology described by using a collection of math and cryptography buzzwords such as “infinite wave conjugations,” and “quasi prime numbers.” The criticism was so strong that Black Hat removed the talk from its website. Crown Sterling denies the criticisms of its technology.

Related: Business Wire Technology News, Gizmodo

Tweets:@cnoanalysis @lorenzofb @veorq @Robert_E_Grant_