The Electronic Frontier Foundation and mobile security company Lookout released a report today detailing a major hacking campaign — dubbed Dark Caracal — that’s believed to have originated from Lebanon’s General Directorate of General Security (GDGS), one of the country’s intelligence agencies. The companies found information gathered from thousands of victims from over 20 countries through espionage efforts extending back to 2012. Targets included military personnel, journalists, activists, financial institutions and manufacturing companies and some of the stolen data included documents, call records, texts, contact information and photos. Michael Flossman, a Lookout security researcher, told the Associated Press , “It was everything. Literally everything.” The hackers used malicious apps that resembled legitimate communication platforms like Signal and WhatsApp to steal the trove of data, loading up the fake versions with malware that allowed them to tap into users’ conversations. “One of the interesting things about this ongoing attack is that it doesn’t require a sophisticated or expensive exploit, ” EFF Staff Technologist Cooper Quintin said in a statement . “Instead, all Dark Caracal needed was application permissions that users themselves granted when they downloaded the apps, not realizing that they contained malware.” However, the hackers’ storage of the stolen info also wasn’t terribly sophisticated, as it was all left exposed online on an unprotected server. “It’s almost like thieves robbed the bank and forgot to lock the door where they stashed the money, ” Mike Murray, Lookout’s head of intelligence, told the AP . The EFF and Lookout were able to link the data to a WiFi network coinciding with the location of Lebanon’s GDGS. “Based on the available evidence, it is likely that the GDGS is associated with or directly supporting the actors behind Dark Caracal, ” noted the report. EFF Director of Cybersecurity Eva Galperin said that pinpointing the campaign to such a precise location was remarkable, telling the AP , “We were able to take advantage of extraordinarily poor operational security.” Via: Associated Press Source: Lookout
Visit link:
Lebanese hackers stole a ton of data then left it on an open server
New details have emerged about exactly how Hillary Clinton secured the homebrew private email servers she used as Secretary of State. The punchline? Clinton didn’t encrypt her emails or use a certificate for her first three months running the State Department. Read more… 
The SEC just revealed that the vast majority of brokerages and financial advisers have been hit with cyberattacks . The agency’s report also reveals : “One adviser reported a loss in excess of $75, 000 related to a fraudulent email, for which the client was made whole.” LOL what? Read more… 
U.S. Central Command’s Twitter and YouTube accounts just lit up in a bad way. It looks like somebody who’s claiming to be ISIS managed to gain access to the account and is currently tweeting images of documents, allegedly internal CENTCOM documents. The first tweet links to a Pastebin post with links to downloads of “confidential data.” Read more… 
