Displaying items by tag: CIA

There is a new bit of malware targeting iOS users via iMessage from what appears to be a new APT (Advanced Persistent Threat) group. The campaign appears to have been in play since some time in 2019. The malware, according to researchers, leverages iMessage to send the targeted user an attachment that then runs with Root Privileges on the device. The result is a complete takeover of the device in question.

It seems that WikiLeaks has managed to get itself back online despite the continued pounding form a DDoS (Distributed Denial of Service) attack that reached bandwidth gobbling heights of 10Gb/s. The group claiming responsibility has taken to calling themselves AntiLeaks. They claim that they are attacking the site because WikiLeaks founder and own Julian Assange is avoiding justice by hiding in the Ecuadorian Embassy in the UK and has nothing to do with the release of Stratfor documents detailing a new monitoring technology developed by former CIA employees under the corporate name Abraxis.

As someone that has followed the online “hacking” community since its infancy (war dialing anyone) I can say with a fair amount of confidence that the guys what kicked it all off (Like Steve Wozniak) would be proud of where some of the movement has gone. In the early 80’s War Dialing was something of a fun sport, you dialed a range of numbers until a computer answered and then you tried to talk to it. A lot of the activity was aimed at “corrupt businesses and government agencies” right alongside the people looking to just do it because it was something new and exciting.

There is an old saying; “ I cannot give you what I do not have and I cannot tell you what I do not know”. It is with this philosophy in mind that a new Internet Service Provider is seeking to hit the market. The man behind this new company also happens to be one of the only ISP owners to ever fight and win against an FBI request for subscriber information; Nicholas Merrill.

Anonymous had a rather big weekend starting off with taking down the CIA’s public website cia.gov. This was done through an interesting trick that appeared to be a combination of a DDoS and some DNS tinkering. On the day of the outage the CIA’s website resolved to 192.81.129.107 which when looked up showed as an address belonging to an IP pool in the UK. Once the attack was completed the site resolved to 192.81.129.130 which is undeniably part of the same range, but now shows as a US IP range.  Looking at the evidence this could possibly be a new form of attack from the collective. Unfortunately we just do not have enough information on the subject to be sure and the CIA is not releasing any new information.

It looks like Anonymous has succeeded in taking down the website of the CIA. After announcing a tweet at #YourAnonNews stating that the CIA site was about to go down at around 4:14pm the collective appears to have made good on its threat and announced that the site was officially down at 4:45PM.

It looks like this might be a DNS redirect as the IP that CIA.gov resolves to appear to be from the UK and will not resolve on any reverse lookups... More to follow.