Iranian Spies Accidentally Leaked Videos of Themselves Hacking (wired.com) 41
An anonymous reader quotes a report from Wired: Researchers at IBM's X-Force security team revealed today that they've obtained roughly five hours of video footage that appears to have been recorded directly from the screens of hackers working for a group IBM calls ITG18, and which other security firms refer to as APT35 or Charming Kitten. It's one of the most active state-sponsored espionage teams linked to the government of Iran. The leaked videos were found among 40 gigabytes of data that the hackers had apparently stolen from victim accounts, including U.S. and Greek military personnel. Other clues in the data suggest that the hackers targeted U.S. State Department staff and an unnamed Iranian-American philanthropist.
The IBM researchers say they found the videos exposed due to a misconfiguration of security settings on a virtual private cloud server they'd observed in previous APT35 activity. The files were all uploaded to the exposed server over a few days in May, just as IBM was monitoring the machine. The videos appear to be training demonstrations the Iran-backed hackers made to show junior team members how to handle hacked accounts. They show the hackers accessing compromised Gmail and Yahoo Mail accounts to download their contents, as well as exfiltrating other Google-hosted data from victims. This sort of data exfiltration and management of hacked accounts is hardly sophisticated hacking. It's more the kind of labor-intensive but relatively simple work that's necessary in a large-scale phishing operation. But the videos nonetheless represent a rare artifact, showing a first-hand view of state-sponsored cyberspying that's almost never seen outside of an intelligence agency.
The IBM researchers say they found the videos exposed due to a misconfiguration of security settings on a virtual private cloud server they'd observed in previous APT35 activity. The files were all uploaded to the exposed server over a few days in May, just as IBM was monitoring the machine. The videos appear to be training demonstrations the Iran-backed hackers made to show junior team members how to handle hacked accounts. They show the hackers accessing compromised Gmail and Yahoo Mail accounts to download their contents, as well as exfiltrating other Google-hosted data from victims. This sort of data exfiltration and management of hacked accounts is hardly sophisticated hacking. It's more the kind of labor-intensive but relatively simple work that's necessary in a large-scale phishing operation. But the videos nonetheless represent a rare artifact, showing a first-hand view of state-sponsored cyberspying that's almost never seen outside of an intelligence agency.
Sounds like an invitation to a drone strike (Score:2)
It shouldn't be that hard to track them down, and "stop" their activities.
Re: (Score:2)
that sounds like war and if you hit non combat peo (Score:2)
that sounds like war and if you hit non combat people? Say an school with kids or an hospital?
Some states may have the hackers in / under an school building as cover / to have the think of the children people stop an attack
Re: (Score:2)
that sounds like war and if you hit non combat people? Say an school with kids or an hospital?
Or a wedding? That's just business as usual for the US military. The use of drone strikes expanded greatly under Obama. We know because he set a rule telling us about how many drone strikes were used. Trump has expanded them even more. We know because his numbers were way higher than Obama's (pretty much the only ones that were, mind you) and then he rescinded that rule so he didn't have to tell us how many drone strikes he was using. The government always tells us that we shouldn't need privacy unless we h
Re: (Score:2)
Hold up.. So, your evidence that Trump has stepped up drone strikes is that he receded the rules about reporting them?
Yea, Trump stepped up his prosecution of the caliphate known as ISIS/ISIL, and yea he suspended the reporting news, but your theory that such attacks continue is not borne out by the rest of the evidence.
With the possible exception of the Soleimani strike in Iraq, I'm not seeing very many news reports about unexplained or unclaimed drone strikes. You'd think that if a couple of weddings ha
Re: (Score:2)
The use of drone strikes expanded greatly under Obama. We know because he set a rule telling us about how many drone strikes were used. Trump has expanded them even more. We know because his numbers were way higher than Obama's (pretty much the only ones that were, mind you) and then he rescinded that rule
So, your evidence that Trump has stepped up drone strikes is that he receded the rules about reporting them?
You're not a strong reader, are you?
Yea, Trump stepped up his prosecution of the caliphate known as ISIS/ISIL, and yea he suspended the reporting news, but your theory that such attacks continue is not borne out by the rest of the evidence.
What evidence? Trump changed the rules so that he didn't have to report his numbers.
With the possible exception of the Soleimani strike in Iraq, I'm not seeing very many news reports about unexplained or unclaimed drone strikes.
Absence of evidence is not evidence of absence. All that means is that he hasn't been hitting mediapathic targets.
Re: (Score:2)
You are a bit dense too..
There are independent ways of reporting on drone strikes that Trump doesn't control. IF such independent reporting is not reporting drone strikes like they used to, doesn't that at least lower the probability that the drone strikes are not happening?
I didn't just say "no reporting = not happening" here. I said, no INDEPENDANT reporting + no need and the president's voiced policy means there is a good chance the drone strikes have dropped in frequency.
Re: (Score:2)
You seem to have trouble with reading comprehension but here you go:
https://chicago.suntimes.com/n... [suntimes.com]
"According to a 2018 report in The Daily Beast, Obama launched 186 drone strikes in Yemen, Somalia and Pakistan during his first two years in office. In Trumpâ(TM)s first two years, he launched 238.
The Trump administration has carried out 176 strikes in Yemen in just two years, compared with 154 there during all eight years of Obamaâ(TM)s tenure, according to a count by The Associated Press and the
Re: (Score:2)
That's why we have the R9X "flying Ginsu", more here:
https://www.militarytimes.com/... [militarytimes.com]
Re: (Score:2)
Re: (Score:2)
Someone does. Israel is strongly incentivized to start a conflict between Iran and the US before Trump leaves office. Isreal has a history of using cyber warfare tactics and deceit against Iran. See Stuxnet.
Somebody is currently using advanced cyber warfare tactics against Iran causing random buildings and ships to catch fire. Maybe the US, maybe Israel, maybe both.
Standard tactics have always been to blame your enemy for the things you are doing.
Re: (Score:2)
Are you seriously asking to murder hackers?
These aren't skriptkiddies hiding in their mom''s basement. They're most likely employees of the Iranian government (either military, IRGC, or Iranian intelligence agencies). If they are members of the Iranian military they are legitimate targets in military operations. If they are members of an intelligence organization then they would still technically be targets, but that's more of a grey area and can lead to retaliatory acts.
Re: (Score:2)
If they are members of the Iranian military they are legitimate targets in military operations.
No, they are not. There are international laws on these things, and the US has to obey them too.
Just as it's illegal for me to nip down to Fairford and kill the idiotic cunts that drive on the wrong side of the road, causing the death of cyclists before fleeing back to the US to avoid prosecution.
Re: (Score:2)
They can finally meet Allah.
Re: (Score:2)
You appear to have confused Iran with ISIS. There is no overlap, ISIS are an extreme hard line variant of sunni Islam. Iran's rulers are Shia. These two groups cooperate like the Vatican cooperates with Satanists.
Re: (Score:1)
Re: (Score:1)
Re: (Score:2)
Iran will respond in kind. Good luck with that.
Sure. Iran isn't entirely defenceless but look how long Iraq lasted without even the full weight of NATO arrayed against it.
Re: (Score:2)
This might work...once. After that, Iran would just put their least capable hackers in a building housing a school telling the hackers they are there to providing a vital job for the State, i.e., encouragement to the students for the Islamic Revolution. The Iranians will then leave "telltale" signs about where the hackers are located. One drone strike on it will result in children being bombed which will be shown in breathtaking color and slow motion by the cameras the Iranians installed to record the actio
Re: (Score:2)
So incredibly convenient (Score:1)
Re: (Score:2)
Nuking civilian populations went out of fashion in 1945. If the US did that again it would at a minimum trigger a cold war with every other nuclear power on the planet. At best everyone takes huge economic damage due to loss of trust and cooperation, at worst everyone dies.
IBM X-Force (Score:2)
Wade Wilson approves of your inclusive team naming.
Not exactly a brain trust (Score:3)
"The IBM researchers say they found the videos exposed due to a misconfiguration of security settings on a virtual private cloud server they'd observed in previous APT35 activity."
So, the hackers were using IBM's cloud service to record their hacking training video and because they didn't use the proper security settings in configuring the virtual server, they exposed their nefarious activities.
I'm thinking the threat level from Iranian hackers is going to remain relatively low.
Re: (Score:2)
Nowhere does it say anything about IBM's cloud service. In fact, it specifically says PRIVATE cloud (IBM's cloud services, like everyone else's, are PUBLIC cloud).
Re: (Score:2)
In fact, it specifically says PRIVATE cloud (IBM's cloud services, like everyone else's, are PUBLIC cloud).
It says "Virtual Private Cloud server", which generally means public cloud. AWS/Azure/GCP and other major cloud environments use VPC as a term essentially for what was once considered a VLAN or network segment. Thus, the term "private cloud" as you seem to understand it in the context of the very early days of the cloud -- single-tenant hosts etc -- is apples and oranges to the concept of a VPC.
Re: (Score:1)
What is the value in reporting this? (Score:2)
Re: (Score:2)
I would assume if they are revealing this info, the loophole had already been closed.
Re: (Score:2)
Perhaps this was so unlikely to happen again that the PR to make the hackers seem like fools is worth more than the secret?
Re: (Score:1)
It's IBM, not the NSA. They need to crow, or they're shown the door. Maybe Watson helped.
Videos? (Score:2)
Videos, or this is just a Trump government press release via IBM.
Release the video and Iran gets globally embarrassed and the US gets huge public support. Don't and it's Saddams WMD again.
Or poser groups of CIA agents, (Score:2)
planted there to give Trump an argument.
Wouldn't be the first time.
Though in fact we simply do not know, and our only choice is to trust the source. To me, the source is almost 100% completely untrustworthy. Especially with it being soo convenient.
That does NOT mean either hypothesis is true. Nor false.
It means the information is *useless*.
And I will not think either way, nor include it in my thinking. I will focus on the real world. Like offline, outside my door.
Microsoft Windows strikes again .. (Score:1)
obligatory (Score:2)
http://nelson-haha.api-meal.eu... [api-meal.eu]