How Was Yahoo Hacked.. ? Who Were The Hackers Hired By Russian Spies..?

US authorities on Wednesday (15 March) brought forward charges against two Kremlin intelligence (FSB) officials and two criminal hackers for launching a massive cyberattack on Yahoo in 2014, which compromised around 500 million user accounts.
The US government's indictments reveal how Russian spies allegedly recruited criminal hackers in a conspiracy to hack the tech giant.
The FBI said that the two criminal hackers, Alexsey Belan, a Russian who is currently on the agency's most-wanted list and Karim Baratov, a Kazakh residing in Canada, who was arrested on Tuesday (14 March) were hired by two FSB agents Dmitry Dokuchaev, 33, and Igor Sushchin, 43 to carry out the cyberattack.

How was Yahoo hacked?

According to the FBI, Belan, who went by "Magg" had breached Yahoo's system by early 2014 and made his way to the firm's internal control center for email accounts, which allowed him to make administration level changes, including accessing and changing passwords. This helped the FSB zero in on which accounts to go after. Belan copied and exported a backup of Yahoo's user database between November and December 2014.
This database was later used for credential forging and cookie minting, which allowed the suspects to access the contents of nearly 6,500 accounts without even having to provide usernames and passwords. The Kremlin intelligence officials' targets included Russian journalists and government officials as well as senior officials of foreign governments and corporations.
Baratov was allegedly recruited to use the data hacked by Belan to carry out phishing attacks, designed at gaining even more information. The hacker was paid was hired to access 80 specific email accounts, including 50 Google accounts.

Unmasking the Yahoo hackers.

According to the US government's indictment, Belan appeared to have played a major role in the attack, while Baratov was likely the least involved in the incident. Compared to Belan, Baratov's technical skills were also likely less sophisticated, given that he was not all that careful about hiding his cybercriminal activities.

According to a security journalist Brian Krebs, it took about "10 minutes of searching online to trace back" numerous email hacking services run by Baratov back to him specifically. The hacker was active on social media and blatantly displayed his wealth. In one of his posts on Instagram, he describes himself as "well off in high school to be able to afford driving a BMW 7 series and pay off a mortgage on my first house".
Commenting on Baratov's easily traceable activities, Krebs wrote, "Security professionals are fond of saying that any system is only as secure as its weakest link. It would not be at all surprising if Baratov was the weakest link in this conspiracy chain."
Meanwhile, Belan had already garnered the interest of US authorities, making it to the FBI's cyber most wanted list in 2013 after being charged with hacking and stealing credit card data from various corporations. Belan successfully fled to Russia, after being arrested in Europe in June 2013, thereby escaping being extradited to the US.
"During the conspiracy, the FSB officers facilitated Belan's other criminal activities, by providing him with sensitive FSB law enforcement and intelligence information that would have helped him avoid detection by U.S. and other law enforcement agencies outside Russia, including information regarding FSB investigations of computer hacking and FSB techniques for identifying criminal hackers," the Justice Department charged in its statement about the indictments.
"Additionally, while working with his FSB conspirators to compromise Yahoo's network and its users, Belan used his access to steal financial information such as gift card and credit card numbers from webmail accounts; to gain access to more than 30 million accounts whose contacts were then stolen to facilitate a spam campaign; and to earn commissions from fraudulently redirecting a subset of Yahoo's search engine traffic," the US government added.
 
Have all the suspects been arrested?

All 4 indicted by the US face 47 criminal charges. While Belan remains at large in Russia, Baratov was presented before a Canadian court on Wednesday, where he reportedly claimed that he intends to apply for bail, but that he needs to find legal counsel, Bloomberg reported.
Of the two Russian spies, Sushchin is also at large while Dokuchaev was arrested by Russian authorities, who suspect that he passed over information to US intelligence agencies. He currently faces treason charges and may be jailed for as long as 20 years, if found guilty.
The FSB is yet to comment on the matter. Putin's spokesperson Dmitry Peskov claimed that Russia wants to cooperate with the US over the cyber threats.
The FBI's San Francisco Division's special agent in charge Jack Bennett said the he is confident US authorities will apprehend the three suspects, despite America not having an extradition treaty with Russia.
"These guys will travel one day somewhere. There are countries that have extradition treaties with the United States and we will take advantage of that," he said. "The world is a small place."..

Read More

Now Land Based Drones Will Deliver Pizza In US

Flying drones are complicated business. Land-based drones will do for now. And pedestrians on America’s footpaths will have to contend with these self-driving, wheeled robots delivering hot pizza, groceries or mail very soon.

Thanks to London-based Starship Technologies, these quiet delivery robots are moving out of lab tests and onto actual streets in three US states -- in District of Columbia, parts of California, and Virginia, according to an ArsTechnica  report. Other US states and countries around the world are currently finalizing rules and regulation to get more of these delivery robot fleets commercialized and available for businesses to deploy on footpaths.

Starship Technologies' delivery robots aren’t meant for the road; they’re designed for 'walking' on the footpath at a normal pedestrian’s pace. These autonomous delivery robots have navigation assistance cameras and GPS-guided delivery routes to help them deliver items up to 23 kg within a 2-mile radius.

          

While these robots are navigating footpaths or sidewalks, they can alert passersby of their presence, taking every precaution to slow down and stop at connecting paths before they finally arrive at their intended destination. The customer gets a message and a secure link to unlock and access the robot’s storage compartment to retrieve the goods you ordered -- could be a piping hot pizza, too, as the robots are designed to keep food hot or cold in transit.

 All of this is cool, who wouldn’t want their food and shopping bag delivered by a self-driving robot, eh? But what happens when these robots are kidnapped en-route or their storage compartment is broken into? So many unanswered question..

Read More

Indian Hacker Discovers A Critical Bug In The Uber App, Which Will Give You Free Rides For Life!

An IT worker from India found out a genius way to get free Uber rides for life.

Anand Prakash, a product security engineer, detected a bug in the Uber app. He also runs a blog on web application security and said it was “easy” to exploit the bug to overwrite the app and get free Uber rides around the world.

 

“I was testing Uber application for security loopholes,” he explained. “This is how I was able to figure it out. It was easy to do."

“Attackers could have misused this by taking unlimited free rides from their Uber account.”

In order to check the bug, he alerted Uber and with their permission took several taxi rides to check if he was right. He was!

He took numerous trips in India and US without paying a single penny.

The loophole was related to the method of payment where he used an invalid method to get free Uber rides for himself.

Bad news for those planning to exploit the bug though, Uber has already patched it.

Prakash will be rewarded handsomely for bringing to issue to Uber’s attention via their bug bounty programme.

Read More

Phone has embedded Diamond and 360-degree Camera view.

Meet the current apple of ProTruly’s eye, Darling. A smartphone so unlike anything you’ve seen, it combines a strip of real diamonds and a full-fledged 360-degree camera within its shell. Hailing from China, Darling may very well be the first smartphone in the world to have a built-in 360-degree camera, and that makes it quite unique.
                The Darling packs in two identical 13MP cameras on its front and back to allow users to take 360-degree photos and videos from the smartphone and share them through YouTube and Facebook -- sites that support 360-degree viewable media. The Darling Extreme comes in an ostentatious gold coloured shell, leather accents with a strip of four diamonds running across on the front. Yes, real diamonds!

  

The Darling Android smartphones sport a 5.5-inch 1080p Full HD display, runs on a MediaTek SoC (no Qualcomm?!), 4GB of RAM, and 64GB of internal storage. It comes with 3,560 mAh battery, which is respectable, nothing great for the price. There’s a USB Type-C port for charging and also a fingerprint sensor on the back for security on the Darling smartphone.

As for its price, China Daily quotes a price of US $1,300 for the diamond-studded model, while the slightly cheaper version goes for as low as US $500, according to Mashable. At just over Rs 86,000, the glitzier Darling smartphone costs slightly lesser than the highest-end iPhone 7 Plus which sells for Rs 92,000 in India. What do you think, is it worth buying the Darling?.

 

 

Read More

Five Books That Every Entrepreneur Must Read

 The best books you’ll read are typically recommended by people you like or admire. Which is why we’re partnering up with bookshelf.tips to do a monthly roundup of short book recommendations from the apex of the tech world. Bookshelf.tips asked entrepreneurs, CEOs, and other visionaries share stories about books that changed their life or the way they do business – in less than 50 words, because we know you’re busy people (but hopefully not too busy to read these books).

HOW TO WIN FRIENDS AND INFLUENCE.

Yunha Kim, founder and CEO of Simple Habit, a 5 minute meditation app:
“Even though this is my favorite book, on daily basis, I fail to follow Dale Carnegie’s advice and I feel bad about it. But every time I pick up this book, it opens my eyes on understanding human nature better.”. 

 ➤ Buy on Amazon 

TECHNOPOLY     

Tristan Harris, ex-product philosopher at Google, now working on Time Well Spent:
“Technopoly is about how metrics and infatuation with the novelty of technology hide the deeper moral questions about what specific human values they are meant to impact or positively fulfill, and whether they do.”

➤ Buy on Amazon

FORGET ALL THE RULES EVER LEARNED BY GRAPHICS DESIGN.

Linden Tibbets, founder and CEO of IFTTT:
“Whether you are a graphic designer or CEO, if creativity is an important part of your work, this book is for you. Identifying and solving problems is about choosing the right rules to break and the right rules to follow!”
➤ Buy on Amazon

SHOGUN 

Linden Tibbets, founder and CEO of IFTTT:
“Whether you are a graphic designer or CEO, if creativity is an important part of your work, this book is for you. Identifying and solving problems is about choosing the right rules to break and the right rules to follow!”
➤ Buy on Amazon

HAROLD AND THE PURPLE CRAYON

Nate Weiner, founder and CEO of Pocket:
“This book is the basis for any pursuit and explains people do buy into ‘what’ you do, they choose based on ‘why’ you do it.”
➤ Buy on Amazon

--------------------------**************------------------------------------

Read More

Hacking Watsapp is Now Easy , Thanks to Network flaw.

Hackers are exploiting a well-publicized flaw in telecom services to spoof WhatsApp and Telegram identities and hack other people’s accounts. The hackers only need a number and with that, they can hack into any phone and WhatsApp or Telegram account with a minimum of effort.
The flaw rests in a signaling protocol called SS7 and hackers can exploit that to target and identify a phone number. They can then track that user, and gather all the data that is being sent to and from the device being targeted, reports Forbes.

While that’s bad enough, services like WhatsApp, Telegram and Signal were immune owing to their in-built encryption protocols. The actual bits of data being accessed by those apps was easy to access, but the information was encrypted and impossible to decode. Until now.
Hackers have now finds a way to exploit SS7 loopholes to spoof the other person’s number. WhatsApp and Telegram will attempt to verify a spoofed account, but because they’ll detect the same phone number, they’ll send the secret key that enables decryption of all data.
That’s it! A simple hack and any hacker will have access to your phone and all the information on it. At the moment, there’s nothing you can really do except hope that your telecom operators are smart enough to suitably upgrade their protocols and install sufficient firewalls.

Read More

An African Boy Invented A Sim Card Free Phone.

The invention of a secondary school student has gotten Namibia’s social media abuzz for the right reasons. Simon Petrus has created a mobile phone that works with radio frequencies, no sim card nor airtime credit required. Calls can be made to anyone, anywhere, without interruptions, as long as they are done in an area with radio frequency.
The invention, which took two years for him to complete, was put together using scraps of old television and mobile phones, and required over $2,000 funding from his unemployed parents who sacrificed a lot to ensure their son’s project was successful.

Other than the sim-less phone, Petrus’ invention is a whole unit comprising of a working radio, television, a light bulb, a fan, and a socket. According to reports, the phone is not Petrus’ first invention, just his latest. Last year, the young man won first place at a competition for young innovators in Namibia for creating a machine that doubles as a seed drier and a cooler.

Going by the looks of things, this young man is set to clinch another gold medal in the forthcoming competition, having already won first place at the regional level for his “free-to-call” phone last Friday. “When he won last year, some judges were of the opinion that there was an engineer at home who was helping him. But the only help he has is from us the teachers here at school. He came up with his own project,” Taimi Vatileni, Petrus’s science teacher told New Era.
      
Vatileni also described the young inventor as an average student “in general”, but one who led his peers in the sciences. Petrus aspires to become an electronics engineer after school.
Indeed Namibia is currently boasting a good number of young innovators and a variety of revolutionary projects. Last year, a Namibian student, Gerson Mangundu, developed the country’s own social network site – Namhook. Two years ago, Josua Nghaamwa built a satellite booster with scraps to enhance internet connectivity in the rural areas of Namibia where there are weak signals.
Also, at Abraham Iyambo Senior Secondary School, where Simon Petrus is a student, a young lady, Adreheid Hamutumwa made a bath soap with indigenous plant roots and animal fat. Her invention won third place at the regional level of the NamPower competition for innovators last Friday. She will be heading to the national competition alongside Petrus.

Read More