At a glance.
- Stalkerware bug is no privacy feature.
- The criminal-2-criminal market for backdoors.
- Anonymous alumnus claims he doxed Freedom Convoy donors.
Stalkerware bug puts targets at even greater risk.
Powerful nation-state-backed surveillance software like NSO’s Pegasus spyware has received a lot of recent media coverage, but your average Joe is more likely to be impacted by less flashy but more pervasive consumer-grade stalkerware. Often marketed as child monitoring software, stalkerware can be secretly installed on a victim’s phone by anyone with physical access to the device, making it an easy target for malicious actors. After a months-long investigation, TechCrunch is releasing details about a line of stalkerware apps designed for Android phones (iPhones, which have tighter restrictions on app installation, are harder targets) that have one dangerous thing in common: the same security vulnerability. The bug allows the software to be easily abused by threat actors, but efforts to disclose the flaw have gone unheeded by Codero, the web company that hosts the nefarious operation’s back-end server infrastructure. Nine spyware apps were found to have the bug, all with unique branding but essentially the same code, features, and user interface.
Selling the keys to the digital castle.
Forbes explores the nefarious underworld of access brokers: hackers who find backdoors into business or government computers, then charge cybercriminals rates from $500 to $7,000 for entry. Once inside, the threat actors can unleash ransomware or other malicious software to take down the system, while the access brokers count their money without much worry of law enforcement tracing the crime back to them. “A lot of access brokers [...]don't want to take on the higher risk,” explains Adam Meyers, senior vice president of intelligence at CrowdStrike. “It’s probably a very comfortable lifestyle.” Typical targets include academic institutions, healthcare providers, and charitable organizations. An ad offering access to a server belonging to nonprofit Doctors Without Borders appeared in an underground forum in January, and a similar post offered the username and password for an account at the California medical facility John C. Fremont hospital for just $800.
Self-proclaimed “cyber-terrorist” brags about doxxing Freedom Convoy donors.
During a TikTok livestream last week, Canadian hacker Aubrey Cottle, aka Kirtaner, claimed responsibility for the recent data breach of crowdfunding site GiveSendGo. As TNC News explains, the high-profile hack made headlines for leaking the identities of over 92,000 donors to the recent “Freedom Convoy” in which truck drivers gathered at the Canada-US border to protest COVID-19 vaccine mandates. The hack also took GiveSendGo’s website offline, redirecting visitors to a new site with the clever URL GiveSendGone.wtf. On his TikTok channel, Cottle, who refers to himself as a “cyber-terrorist,” declared, “Yes, I doxxed the truckers! I did it! It was me! I hacked GiveSendGo, baby, and I’d do it again!” Vice adds that Cottle foreshadowed the hack in a video posted a week before it happened, stating, “It’d be a real shame if something were to happen to GiveSendGo.” Shortly after, his name and home address started making the rounds in Telegram groups linked to the protest, and he has become the target of death threats from Freedom Convoy supporters. One post in a Telegram group sharing Cottle’s details declared, “Hang them all! Communists!” and a comment on Cottle’s livestream threatened, “We gon make it look like an overdose.” Cottle, seemingly unshaken, told his viewers, “It was worth it. And if I die, it was even more worth it.” Cottle also claimed he was behind several other recent breaches including hacks of far-right social media platforms Parler and Gab.