Technology: We asked a hacker to try and steal a CNN tech reporter's data. Here's what happened - High-Tech - A Russian hacker targeted by 8 counts in the United States - PressFrom - US
  •   
  •   
  •   

Technology We asked a hacker to try and steal a CNN tech reporter's data. Here's what happened

16:06  18 october  2019
16:06  18 october  2019 Source:   cnn.com

Hackers make jailbreaking iPhones a thing again

Hackers make jailbreaking iPhones a thing again In the iPhone's early days, hackers would "jailbreak" the iPhone in order to install third-party apps that weren't available through the App Store. It's been a while since anyone seriously needed to jailbreak their iPhone, as there are plenty of apps and more customizable operating systems to choose from. But this weekend, hackers dusted off their jailbreaking skills when a vulnerability was discovered in iOS 12.4. Security researcher Pwn20wnd released the first free public jailbreak for a fully updated iPhone in years. According to Vice, iOS 12.4, the latest version, reintroduced a bug that was fixed in iOS 12.3.

Phishing attacks deliver malicious and links in email messages that are designed to steal account login credentials. To learn more about the sophisticated targeting methods used by many attackers, my CBS News colleague Graham Kates and I asked a team of professional hackers to target us with a

Here ' s a hilarious account of what happened —complete with some poorly censored nudity. Meet Melvin Guzman. He somehow ended up with a Mac stolen from Zoz, a rather crafty hacker who happens to love that computer "like his firstborn."

I share, therefore I am.

  We asked a hacker to try and steal a CNN tech reporter's data. Here's what happened © Provided by Cable News Network, Inc.

I am the kind of person who posts Instagram photos (filtered, of course) from my vacation. I am also the kind of person who tweets about buying an overly-expensive piece of furniture because I fell for a sleek online ad about how it would change my life.

I am basic.

Thing is, I thought my social media posts merely betrayed my desperate need for attention and likes. It turns out, though, that they're also a goldmine for hackers.

Using two of my posts -- an Instagram check-in at a hotel on the west coast of the United States and a tweet about a piece of furniture -- a hacker was quickly able to get my home address and my cell phone number.

U.S. jury indicts suspected Capital One hacker on wire fraud, data theft charges

U.S. jury indicts suspected Capital One hacker on wire fraud, data theft charges U.S. jury indicts suspected Capital One hacker on wire fraud, data theft charges

Deterring hackers is almost impossible when the rewards are so great and the risks are so low. How can governments stop hackers ? It' s not that the US hasn't tried to deter cyberattacks, rather that Foreign agents sneaking into computer systems to steal secrets is crazy enough; the idea of enemies

( CNN ) I can't remember exactly when my teenage fascination with computers collided with the federal government, but I will never In November, "The Guardians of Peace," a hacker group with suspected ties to North Korea, said that it had hacked Sony Pictures and released massive amounts of data .

How? Both the hotel and the furniture company handed my personal details to the hacker over the phone.

Logging into our social media and email accounts online can be an ordeal. We're often asked for a password, a second code that is texted to our phone, or sometimes the answers to anxiety-inducing personal questions like the name of our first girlfriend (who was definitely not imaginary at all, thank you very much).

But there are still basic and important vulnerabilities hiding in our daily lives. Data breaches and hacks get all our attention, but a hacker with a good phone persona and a few basic tools can trick customer support agents from major corporations into handing over a shocking amount of private information and more.

Twitter CEO Jack Dorsey was hacked Friday. Here's how to safeguard your Twitter account

Twitter CEO Jack Dorsey was hacked Friday. Here's how to safeguard your Twitter account The hack of Twitter CEO Jack Dorsey's account on Friday revealed a flaw in the social network's systems that could leave anyone vulnerable. And it raised a serious question as to how you can keep your account safe from the same thing. © ANUSHREE FADNAVIS/REUTERS Twitter CEO Jack Dorsey addresses students during a town hall at the Indian Institute of Technology (IIT) in New Delhi, India, November 12, 2018. REUTERS/Anushree Fadnavis Dorsey was likely a victim of SIM swapping, a practice in which a hacker will bribe or otherwise convince a mobile carrier employee to switch a phone number to the hacker's device.

Uber is trying to salvage its reputation following a number of high-profile controversies, including using software called Greyball to What happened . Uber CEO Dara Khosrowshahi said two hackers broke into the company in late 2016 and stole personal Paying hackers to return data is common practice.

In the world of cybersecurity, a hacker taking down a city' s electrical grid is a classic nightmare scenario. Indeed, it' s already happened in Ukraine. But while the idea of a hacker blackout seems scary So if someone launches an attack against business computers to try and steal credentials or

I let one of these hackers do this to me recently. And I'm here to tell you, it's disturbingly easy for them to do —even to someone like me who covers technology. It's a lesson for all of us: be careful to think about what you're sharing on social media and how that information can be used against you, and next time you're on the phone with your airline, hotel, or bank and they let you access your account, think about the questions they are asking you. If they're only asking for your birthday and email address to verify that you are who you say you are, ask if they can add some additional security to your account — maybe they could put a note on your account to require a special password or send you a verification code. Many companies don't have an option like this, unfortunately, but it's worth asking.

Here's what happened to me: In Las Vegas this August at DEF CON, one of the world's biggest hacking conferences, I met with Rachel Tobac.

Twitter shuts down ability to tweet via text message

Twitter shuts down ability to tweet via text message Twitter is temporarily suspending the ability to tweet via text messages, days after CEO Jack Dorsey's account was hacked due to an apparent vulnerability tied to this feature. © Shutterstock"We're taking this step because of vulnerabilities that need to be addressed by mobile carriers," Twitter said in one of a series of tweets about the decision on Wednesday. require(["medianetNativeAdOnArticle"], function (medianetNativeAdOnArticle) { medianetNativeAdOnArticle.

Advertisement. Personal Tech . Yahoo Says It Was Hacked . Yahoo has said that hackers in 2013 stole data of over one billion users. Here are some answers to frequently asked questions about how you can protect yourself. The Yahoo attack happened three years ago but was disclosed only this week.

The story originated with CNN , which was quick to point to “ hackers thought to be working for Russian intelligence” when reporting on what the NYT CNN even cited an unnamed source, stating that the FBI is already investigating the incident. The NYT said that the cyberattack did in fact happen , but the

Tobac is a celebrity among the DEF CON crowd. For three years in a row she has been among the winners in a competition in which hackers attack a company live in front of an audience of hundreds in Vegas — and do that hacking entirely over the phone.

Tobac and her competitors in the contest call up major corporations, often claiming to work in the companies' IT department. Tobac is not a coder, but she has been doing improv since she was 10 years old. By tapping into those skills — and using some other forms of deception, like an app that can change her voice to make her sound like a man — she convinces the person on the other end of the line to hand over private information.

This type of hacking is called social engineering.

But Tobac is one of the good hackers — the kind typically known as a "white hat." (The bad ones are called "black hats.")

She works with companies to run what are called penetration tests to discover and show them where and how they may be vulnerable to social engineering hacking.

I asked Tobac to hack me.

Without having my password, and without hacking into my email account, she was able to get my home address, my phone number and steal my hard-earned hotel points. In perhaps the cruelest act of all, she was even able to change my seat on my five-hour flight out of Vegas, moving me from a spacious exit aisle to a middle seat at the back by the restrooms.

Words with Friends hack reportedly exposes data of more than 200M players

  Words with Friends hack reportedly exposes data of more than 200M players How do you spell "data breach?"A hacker that goes by the name Gnosticplayers said they stole data from over 218 million Words with Friends player accounts, according to a report from Hacker News on Sunday. The hacker accessed a database that included data from Android and iOS players who installed the game before Sept. 2, according to the report.

Here ' s how the Apple Watch' s heart monitor works. How new tech is keeping Singapore' s taps from Hong Kong ( CNN Business) Samsung' s latest bendable screen technology has been stolen and sold to Most stock quote data provided by BATS. Market indices are shown in real time, except for the

Hackers are getting smarter. Here are the tactics they employ, and how you can keep your online information secure. Phishing scams are a pretty popular way for hackers to try and get your personal information, and, if successful, the hacker doesn't have to do When that does happen , it pays to be prepared and not have to change all your passwords Tech deals, prizes and latest news .

She did all this by using some information she found about me online, like which airlines I fly with and what hotels I stay at — because I tweet about them.

Then, using that information, she called up some of my favorite companies, using software to make it appear as if she were calling from my phone and a voice changer so that she could sound like a man if she needed to. It sounds complicated, but it's worryingly easy to do.

To get my home address, she called up a furniture company I had tweeted about. Tobac claimed she was my wife and that she wanted to check that the company had my correct home address on file before she placed another order. She deliberately gave the wrong address and the person on the other end of the line corrected her with my full home address.

That simple.

She was also pretty easily able to convince a hotel I had checked into on Instagram to hand over my phone number.

Tobac isn't trying to embarrass these companies: she wants them to start using the type of authentication processes on the phone that they use online. She says some of the biggest airlines and hotel chains are leaving open a massive vulnerability — and failing their customers — by not doing so.

Rather than a telephone customer service representative asking for my date of birth to confirm my identity (a piece of information Tobac or another hacker could easily have), Tobac suggests companies should send a code to the phone number or email address they have on file for that customer and have them read back the code over the phone.

That's easier said than done, however. Often airlines get calls from customers who are in a travel emergency. Asking someone to take a few extra seconds to root out an email with a code in it might dissuade customers from flying with the airline in the future.

It is the ultimate consumer protection dilemma -- we all want to be secure, but we also want everything to be easy.

Tobac hopes she can start convincing corporations and consumers that making things a little more difficult is worth it.

In the meantime, I have stopped tweeting about everything I buy. I still check in at hotels though. Gotta get those likes.

a woman looking at the camera: Rachel Tobac is a white hat hacker who specializes in social engineering© Florencia Azambuja/Rachel Tobac Rachel Tobac is a white hat hacker who specializes in social engineering

How cybercriminals trick you into giving your information over the phone .
IBM's Chief People Hacker Stephanie "Snow" Carruthers describes how criminals use caller ID spoofing to get your private data. CNET and CBS News Senior Producer Dan Patterson and CBS Investigative Reporter Graham Kates spoke with Stephanie "Snow" Carruthers, chief people hacker for IBM's X-Force Red team, about how hackers steal your information over the phone. The following is an edited transcript of their interview.This is part two in a four-part series.

—   Share news in the SOC. Networks

Topical videos:

usr: 4
This is interesting!