Freedom Hosting II (FHII), estimated to be home of one-fifth of the dark web, was subject to an attack resulting in defacements and loss of availability to hosted content.
Those claiming responsibility for the attack assert that FHII was a knowing party to gigabytes of child pxxnography and other untoward content.
The hackers, in a show of bravado, detailed how the attack was carried out and released dumps of database contents, private keys, and system files on the BitTorrent network.
Users should consistently monitor their credit card for fraud. Luckily, credit card companies have become relatively vigilant in spotting fraud and alerting their customers, but there are some good tips here.
Since the public release of the Mirai Botnet source code, countless offshoots of the malware have been seen out in the wild. Windows-based variants of Mirai have been observed over the last few weeks, and while the Linux-only variations have been quite prolific, the addition of a Windows component make this malware that much more attractive to attackers. The attack surface is greatly expanded with the expanded platform-support.
Observed samples can scan, fingerprint, and discover vulnerable hosts based on the port and interrogation behavior. When the Windows-based trojan finds a vulnerable Linux-based target, the Linux version of the Mirai code is downloaded and executed on those hosts. Essentially, Mirai is becoming multi-platform and no longer just Linux-based. Beyond that, the trojan is able to target and attack additional applications such as MySQL and MSSQL. Some observed binaries can function as both the server and client role (in the context of the malware) depending on parameters passed during execution.
In simple terms, the Mirai 'server' is used to corral bots (via telnet, for example) and track their resources, as well as listen for and issuance of attack commands to broad targets. The 'client' is the running bot listening for attack instructions or maintenance commands.
As always, users should take the following steps to protect themselves:
Cellebrite gained notoriety when they assisted the U.S. Government to unlock a suspect’s iPhone in the high profile case of the San Bernardino terrorist attack. This past January, it was reported that Cellebrite suffered a breach, with approximately 900GB worth of sensitive data extracted by the attacker. The attacker has come forward and released a cache of the tools exfiltrated from Cellebrite’s network.
According to Cellebrite, there was no sensitive source code present in the leaked data. The hacker managed to decrypt the tools from UFED images, and included a fully functional python script with the tools to facilitate execution.
With the public release of these cracking tools, we recommend consumers be vigilant when it comes to physical device security: