Project Veritas, a right-wing organization that uses hidden cameras and stings to expose alleged plots and wrongdoing by liberals, said that it lost $165,000 after being fooled by hackers posing as attorneys.
“They actually impersonated the actual name of our lawyer, changing a few letters in the email address, replying in real-time to an email chain with our actual attorneys,” O’Keefe said.
“It appears the fraudsters were watching, waiting for an invoice to be sent to us and then pounced, impersonating them, replying to a real email as the lawyer’s name the moment the invoice came.”
O’Keefe has previously been suspended from Twitter for operating fake accounts.
Insider has contacted Project Veritas for further details.
The group has close links with allies of Donald Trump. The New York Times in May reported that it had been involved in secret sting and surveillance operations against the former president’s perceived enemies.
WhatsApp CEO Will Cathcart said senior government officials of US allies, including some in national-security roles, were targets of Pegasus phone malware in 2019.
Cathcart’s statements, which were featured in an interview by The Guardian on Sunday, followed reports last week from the Pegasus Project, a consortium that included The Guardian, The Washington Post, and Amnesty International.
The reports said an Israeli company sold access to military-grade spyware, which was used to hack the phones of journalists, activists, and government officials.
NSO Group, the company behind the Pegasus software, denied the phone numbers leaked to the consortium were Pegasus targets.
WhatsApp sued NSO Group in October 2019, saying about 1,400 mobile devices running the app were targeted by the company’s surveillance software.
According to the complaint, NSO Group had gained access to WhatsApp’s servers to target “attorneys, journalists, human rights activists, political dissidents, diplomats, and other senior foreign government officials.” The lawsuit is ongoing.
“The reporting matches what we saw in the attack we defeated two years ago, it is very consistent with what we were loud about then,” Cathcart told The Guardian.
There were more than 50,000 phone numbers on a leaked list of potential Pegasus targets, although it was unclear how many had actually been targeted, Forbidden Stories said. The list included numbers for French president Emmanuel Macron, Pakistani prime minister Imran Khan, and South African president Cyril Ramaphosa, Amnesty International said.
NSO Group said the consortium’s reports were inaccurate, denying the numbers on the list were targets or potential targets of Pegasus. It said it would no longer reply to media questions about the software.
“The numbers in the list are not related to NSO group,” the company said in a statement on Wednesday under the headline Enough is Enough. “Any claim that a name in the list is necessarily related to a Pegasus target or Pegasus potential target is erroneous and false.”
The Pegasus software was designed to “covertly collect information about your target’s relationships, location, phone calls, plans and activities – whenever and wherever they are,” according to a product description included as an exhibit in WhatsApp’s 2019 lawsuit.
The software tracked GPS locations, monitored voice and VoIP calls, and collected other information, the description said. It also “[l]eaves no trace on the device.”
The software was reportedly sold to governments.
“There is no such thing as an encryption backdoor for just the good guys,” Cathcart said on Twitter last week. “A backdoor would be abused. And a backdoor would be a gift to hackers, criminals, spyware companies, and hostile governments, with dangerous consequences for safety and security.”
Military-grade spyware technology software created by an Israeli company that sells it to governments for the purpose of countering terrorism and criminal activity was used to target the smartphones of 37 journalists, activists, and business executives, the Washington Post reported Sunday.
The investigation was conducted by the Post and 16 other media partners, according to the report.
Among those who were the subject of attempted smartphone hacking, which used software called Pegasus, include journalists working at CNN, the Associated Press, the New York Times. the Wall Street Journal, Bloomberg, and Voice of America in the US. Targets also included journalists working for Le Monde in France, the Financial Times in London, and Al Jazeera in Qatar, according to the Post report.
Two women connected to the Saudi journalist Jamal Khashoggi, who was murdered in October 2018 in a Saudi consulate in Istanbul, were also on the list, according to the report.
The 37 numbers appeared on a list of 50,000 phone numbers originating mostly from countries with a history of conducting surveillance on their own citizens and those who have a relationship with the Israeli cyber-surveillance firm NSO Group, which created and sells the Pegasus software, according to the Post.
The list was shared with media outlets by the Paris-based non-profit Forbidden Stories and by Amnesty International, according to the report.
The list does not identify who placed the numbers on it. More than 15,000 of the phone numbers on the list were from Mexico while another sizable chunk of numbers came from the Middle Eastern countries, including the United Arab Emirates, Qatar, Saudi Arabia, Bahrain, and Yemen, according to the Post.
The Department of Justice announced Monday that it had recovered a majority of the ransom paid by Colonial Pipeline to hackers who shut down its operations last month and caused massive fuel shortages and price hikes.
The DOJ said that it had recovered $2.3 million worth of bitcoin out of the $4.4 million ransom that Colonial had paid to Darkside, the group behind the hack.
How did the government pull it off?
The FBI had what was effectively the password to a bitcoin wallet that Darkside had sent the ransom money to, allowing the FBI to simply seize the funds, according to the DOJ.
‘Following the money’
Despite cybercriminals’ increasingly sophisticated use of technology to commit crimes, the DOJ said it used a time-tested approach to recover Colonial’s ransom payment.
“Following the money remains one of the most basic, yet powerful tools we have,” Deputy Attorney General Lisa Monaco said in the DOJ’s press release.
Colonial told the FBI that Darkside had instructed it to send 75 bitcoin, worth about $4.3 million at the time, according to an affadavit from an FBI special agent involved in the investigation.
The FBI agent then used a blockchain explorer – software that lets users search a blockchain, like bitcoin, to determine the amount and destination of transactions – to figure out that Darkside had tried to launder the money through various bitcoin addresses (similar to bank accounts), according to the affadavit.
Eventually, through the blockchain explorer, the FBI agent was able to track 63.7 bitcoin to a single address that had received an influx of payments on May 27.
Fortunately for the FBI, according to the agent’s affadavit, the agency had the private key (effectively the password) for that very address.
Bitcoin addresses rely on a two-key encryption system to keep transactions secure: one public and one private. The public key is shared openly so anybody can send money to that address. But once the sender has encrypted their payment with the recipient’s public key, only the recipient’s private key can decrypt and gain access to that money.
That’s why private keys are meant to be closely held secrets, stored in a secure place. As of January, $140 billion in bitcoin – around 20% of existing bitcoin – were held in wallets where people had forgotten or lost their private keys.
In Darkside’s case, the FBI managed to gain access to its public key, and after getting a seizure warrant from a federal court, the agency used the key to access Darkside’s address and swipe 63.7 bitcoin, or around $2.3 million.
The FBI didn’t say how it had managed to obtain the key, but said it sent a warning to other potential ransomware hackers.
“Ransom payments are the fuel that propels the digital extortion engine, and today’s announcement demonstrates that the United States will use all available tools to make these attacks more costly and less profitable for criminal enterprises,” Monaco said in the release.
Hello! This story is from today’s edition of Morning Brew, an awesome daily email read by 2.9 million next-generation leaders like you. Sign up here to get it!
Over the weekend, hackers hit the only piece of American infrastructure more critical than the Colonial Pipeline: the burger supply.
JBS, the world’s largest meat processor, had to shut down North American and Australian operations Monday following a coordinated ransomware attack. The company told the White House that it believes a criminal organization based in Russia is behind the hack.
In the US, which accounts for half of JBS revenues, nearly 20% of beef production was impacted by temporary plant shutdowns.
It does appear to be temporary, though. JBS said that the “vast majority” of its facilities would be operational today due to progress it made in resolving the attack.
If operations had remain paused for days or weeks, the hiccup could’ve turned into a real headache for JBS customers like supermarkets and fast-food chains that require a continuous supply of meat.
Extra bad timing
While wholesale meat prices remained mostly stable yesterday, extended disruption from the cyberattack threatened to send meat prices-already on the rise-soaring even higher.
Compared to 2020, April’s pork and beef prices were up 4.8% and 3.3%, respectively, due to labor shortages, restaurant reopenings, rising grain and transportation costs, and high demand for meat exports. And Memorial Day weekend just kicked off the summer grilling season, which means even more demand for meat in the US.
Zoom out: As a greater proportion of corporate operations are tied to IT systems, hackers are presented with more opportunities to prey on links in critical supply chains. The JBS incident comes just weeks after hackers forced the shutdown of the Colonial Pipeline and disrupted gas supplies up the East Coast.
This story is from today’s edition of Morning Brew, a daily email publication. Sign up here to get it!
iPhone hacks aren’t incredibly common, but they can still occur if you aren’t careful.
From malware and trickster apps downloaded from the App Store to targeted attacks on a specific device, your information can be stolen in myriad ways.
Here we’ll break down the common types of hacks, how to tell if you’ve been hacked, and what to do about it.
How an iPhone can be hacked
Hacking occurs when someone else gains access to private information on your device or controls it without your consent. It’s a broad term, and lies on a gradient of bad to very serious. Some hackers want to make a quick buck selling advertising. Others want to hurt you.
Experts said there are a few main types of iPhone hacks:
Suspicious websites or links
Just like on your computer, your iPhone can be hacked by clicking on a suspicious website or link. If a website looks or feels “off” check the logos, the spelling, or the URL.
Try to avoid connecting to a password-free public Wi-Fi network, which opens the possibility of a hacker accessing unencrypted traffic on your device or redirecting you to a fraudulent site to access login credentials.
Messages from numbers you don’t recognize are also suspect.
Fortunately, modern smartphones are good at resisting malware and ransomware.
Suspicious apps on the App Store
Apple devices exist in a much more closed and monitored digital ecosystem when compared to Android devices.
The company has a vetting process for apps on its store, but it’s not bulletproof.
Ning Zhang, who leads the Computer Security and Privacy Laboratory at Washington University in Saint Louis, said to watch out for apps that ask for more information than they’ll need to function.
For example, if you’ve downloaded a wallpaper or flashlight app and it’s asking for your location or contact list, camera, or microphone, that’s a red flag. Likely, the developers are tricking you into giving out this information so it can be sold.
“I’d be a little bit skeptical about it and consider if I really want that wallpaper app,” he said. “Being vigilant, even with official apps, is helpful. If we are able to do that, I think for the average person, you should be fairly safe.”
Intimate partner hacks
Abusive partners can grab your phone and download spyware (or stalkerware) when you’re not looking. This malicious software can be used to track your location, or make private information like texts, your call history, and emails accessible to them.
All they need is your password and physical access to your phone. Experts we spoke to said that this is unfortunately common. This abuse can be psychologically traumatizing and devastating to someone’s personal and public life. If you notice apps that you don’t remember downloading, this could be a sign – although many times the spyware app is invisible on the home screen.
Sadly, this problem isn’t easy to fix. Victims can risk their safety by deleting the apps or checking for malware if and when abusers notice these actions.
The average person probably won’t be singled out and remotely targeted by hackers because it’s expensive, sometimes costing millions for hacks of newer phones, said Matthew Green, an associate professor at the Johns Hopkins Internet Security Institute.
Journalists and activists are most at risk for this kind of hack.
One form of a targetted hack works like this: Hackers exploit unknown flaws in the iOS programming that even its developers don’t yet know about. With this knowledge, hackers can install malware to get data from targetted sources.
“This is a very sophisticated set of hacks and oftentimes you won’t even know this happened to you,” Green said. “If it’s someone who is really sophisticated, they’ll send you an invisible text message and then your phone is going to be compromised for awhile.”
The bugs are known as “zero-day” exploits, corresponding with the fact that Apple will find out about a possible security issue in their software on the same day it’ll work to patch it. The minute the world knows, it’s only a matter of time before the hack is obsolete. That’s why these pricey hacks are often kept under wraps by the people, or governments, who purchase them, Green said.
Ways to protect yourself from an iPhone hack
iPhones can absolutely be hacked, but they’re safer than most Android phones.
Some budget Android smartphones may never receive an update, whereas Apple supports older iPhone models with software updates for years, maintaining their security. That’s why it’s important to update your iPhone.
Apps on the App Store are also vetted for malware (though there are questionable apps that go unnoticed).
However, if you’re considering “jailbreaking” your iPhone – removing the software restrictions imposed on iOS – you’re opening yourself up to potential vulnerabilities in the software because you’ve eliminated some of Apple’s existing security measures. It is possible to download incompatible spyware or malware apps on a jailbroken phone, and this is also how remote takeovers can occur with iPhones. A jailbroken phone should be avoided as it can dangerously allow malicious apps to go undetected.
If you backup your phone in iCloud, make sure to have a strong password. If someone gets ahold of your password, they don’t even need to hack your phone because they can download a backup from the cloud.
Vyas Sekar, a professor of electrical and computer engineering at Carnegie Mellon University, said staying safe is all about “good digital hygiene.”
“Install apps from trustworthy sources and unless you know what you’re doing, you probably don’t want to jailbreak your phone,” Sekar said. “Be careful. Don’t click on attachments you don’t want to open and keep your phone up to date.”
How to tell if your iPhone has been hacked
You can’t always tell if your iPhone has been hacked, Sekar said. But you may notice a few things.
Your phone is unusually hot, or frequently dying.
Your phone is sluggish when trying to load websites.
The battery is draining even when you’re not touching your phone.
These symptoms indicate the phone is running all the time, even when you’re not using it. Sometimes, the best indicators come from the outside, such as when friends say they’re getting odd messages from you. However, the most sophisticated hacks can be somewhat invisible.
There’s no definite way to check for every type of hack. Experts told us that one reliable way to investigate is to download a mobile security app called iVerify, which scans your phone’s operating system for suspicious behavior and can also detect if your phone has been jailbroken.
What to do when your iPhone has been hacked
If you know your phone has been hacked, you have a few options depending on what happened.
For minor problems, like an app stealing your information, delete the app and update your software.
Finding an expert for inspection may be the best solution. Green from Johns Hopkins said your phone can’t always be cured.
“I hate to say this, but if you really, really need to be safe, get a new phone,” Green said. “If somebody actually gets on your phone, and it’s a really high barrier for iPhones, they can install stuff like keyloggers, which means every key press, every letter you type in is being sent to somebody. Until you’re sure that’s gone, you can’t be sure you have any privacy.”
If you can’t get a new phone right away, a hacked iPhone is likely not safe to use, so you’re best to leave it turned off.
Hackers may have obtained sensitive tax information on employees at Atlantic Media, the company said Wednesday.
Saying it became aware of a breach last month, the publisher – whose affiliated companies include The Atlantic and National Journal – announced an internal investigation had found “no evidence that any subscribers’, customers’, or clients’ financial or sensitive information was involved.”
Current and former employees were not so lucky. They were informed this week that “unauthorized actors” had gained access to a server with their tax forms, “which contain names and Social Security numbers.”
There is no evidence that the information has been exploited or publicly disclosed, the company said.
The statement did not identify any suspects. A company spokesperson, Anna Bross, told Insider that the statement reflects the “most complete information that we are making available.”
Small business-owner Andi Rosenberg lost tens of thousands of dollars last year when her Shopify account was hacked.
Starting on November 23, 2020, payments from her Shopify sales began being deposited in an unknown bank account without Rosenberg’s knowledge. On her Shopify account, Rosenberg could see the daily sales being paid out. But, her bank account, which she only checks once a month, wasn’t getting any of the payouts.
On December 29, a Shopify support specialist emailed her about “detected suspicious login activity,” and she needed to confirm her bank account and identity. That’s when Rosenberg checked her own bank account and saw she was missing thousands of dollars from her Shopify sales.
She was sick to her stomach, and has been since.
She confirmed her identity and her bank account with Shopify over the course of several days via emails, which were viewed by Insider. The company eventually gave her the payouts from December 30 to January 14, which had been frozen by Shopify until she could confirm her identity and account. The payouts added up to $22,816, based on payment confirmations provided to Insider.
But she was still missing $55,656 in payouts made to the hacker’s bank account for the pay period from November 23 to December 29. She said when the Shopify account was apparently first hacked in November, she never received a notification that her bank information was changed.
“I’m a small business; you could put me out of business,” she said she told customer service on the phone. “It’s just sickening.”
Rosenberg, owner of clothing and jewelry line Hipchik, has sold her products through department stores for years. In 2018, she opened a Shopify account and loved it.
As store sales dwindled, Shopify helped her get through the pandemic, and she had her best year yet online, selling nearly $1 million of merchandise.
Since the missing payments, she says she’s spoken to Shopify’s customer service and the legal team and even reached out to company executives on LinkedIn. In an email seen by Insider, a customer service representative said the legal team could not give Rosenberg advice. The representative added that, “At this point I recommend that you proceed with private legal counsel in order to work towards recovering missing funds, and moving in a productive direction with this investigation.”
She has been in talks with outside lawyers to see if they can help get her payments back, but she’s worried about the legal fees on top of the losses she already incurred.
Insider asked if Shopify knows how frequently sellers’ accounts are hacked, what security measures are in place, and how sellers can get their money back if it’s stolen. “At Shopify, we take the privacy and security of our merchants very seriously,” a spokesperson said. “We go to great lengths to help merchants manage their accounts more securely by providing guidelines and recommendations. We recommend that all merchants enable two-factor authentication to provide a more secure login process and to help prevent unauthorized access to a merchant’s admin.”
The company did not comment on Rosenberg’s case, or answer questions as to why it took several weeks to notice suspicious logins on her account and why the company has not reimbursed her for her lost payments.
Shopify, based in Ottowa, Canada, is an e-commerce company that’s known for helping small business owners attract customers online. Fakespot analyzed Shopify, which went public in 2015, and found that about a fifth of sellers deserved a “caution” or “warning” sign for activities like selling fraudulent products or not delivering items. Shopify told Insider that it has closed thousands of stores, and it regularly implements new measures to address fraud or other violations.
Shopify sellers have also faced fraud from buyers, who order personalized products and then ask for refunds. In 2018, Shopify rolled out a prevention system to protect sellers from these fraudulent buyers, TechCrunch reported.
If you’re a seller and believe you have lost money on Shopify because of a stolen or hacked account, reach out to the reporter of this article, Natasha Dailey at firstname.lastname@example.org.
One of America’s largest beer makers, Molson Coors, had to halt production this week the company said.
“Molson Coors experienced a systems outage that was caused by a cybersecurity incident,” the company said in a statement. That systems outage has led to a variety of issues for the company, including “brewery operations, production, and shipments,” according to an SEC filing.
In short: Hackers forced the maker of Coors to stop making beer.
Molson Coors is America’s second-largest beer producer, behind only Budweiser maker Anheuser-Busch, according to the Brewer’s Association. The company brews its namesake brands Molson and Coors, as well as Miller, Blue Moon, Leinenkugel’s, Redd’s Hard Apple, and Topo Chico Hard Seltzer, among others.
It’s unclear how much of the company’s beer production has been halted by the breach, nor is it clear how this will impact the company’s expected production.
A Molson Coors representative did not respond to request for comment as of publishing.
The SEC filing said Molson Coors, “is working around the clock to get its systems back up as quickly as possible.”
No timetable is given on when the company expects to return to normal production. Molson Coors has “engaged leading forensic information technology firms and legal counsel,” the filing said, and it’s investigating the breach.
Got a tip? Contact Insider senior correspondent Ben Gilbert via email (email@example.com), or Twitter DM (@realbengilbert). We can keep sources anonymous. Use a non-work device to reach out. PR pitches by email only, please.
A hacking collective claims to have breached security company Verkada, giving them access to live and archived footage from 150,000 security cameras inside Verkada customers’ facilities as well as its own offices, Bloomberg reported Tuesday.
According to Vice News, around 24,000 unique organizations use Verkada’s software, including private residences, malls, restaurants, nonprofits, and airports, revealing the extensive use of facial recognition and surveillance software.
Hackers successfully accessed feeds from Verkada customers including Tesla, Cloudflare, Equinox, Florida hospital system Halifax Health, Wadley Regional Medical Center in Texas, Tempe St. Luke’s Hospital in Arizona, Madison County Jail in Alabama, and Sandy Hook Elementary School in Connecticut, the site of the 2021 mass shooting, according to Bloomberg.
In some cases, a built-in feature of of certain cameras would have allowed the hackers to use the cameras to launch separate hacks into Verkada customers’ corporate networks, Bloomberg reported. Other cameras use facial recognition technology to identify individuals, according to Verkada’s website, potentially exposing sensitive personal information of patients, students, and employees of its customers.
“We have disabled all internal administrator accounts to prevent any unauthorized access. Our internal security team and external security firm are investigating the scale and scope of this issue, and we have notified law enforcement,” a Verkada spokesperson told Insider.
A person familiar with the company’s response told Insider Verkada has enlisted an outside security company to help it investigate, and said Verkada has notified customers about the breach.
A Cloudflare spokesperson told Insider the company had been made aware Verkada cameras monitoring its facilities “may have been compromised” and that “the cameras were located in a handful of offices that have been officially closed for several months.”
“As soon as we became aware of the compromise, we disabled the cameras and disconnected them from office networks. To be clear, this incident does not impact Cloudflare products and we have no reason to believe that an incident involving office security cameras would impact customers,” they said.
The Verkada customers named above did not immediately respond to a request for comment. A spokesperson for Steward Health Care, which operates Wadley Regional Medical Center and Tempe St. Luke’s, declined to comment.
Tillie Kottmann, one of the hackers who claimed credit for the breach, told Bloomberg the group’s goal was to expose how widespread surveillance has become and how easily it can be hijacked, adding that their motives were “lots of curiosity, fighting for freedom of information and against intellectual property, a huge dose of anti-capitalism, a hint of anarchism – and it’s also just too much fun not to do it.”
Hackers were able to view extremely sensitive footage, according to Bloomberg, including hospital staffers tackling a patient and police officers questioning criminal suspects, as well as detailed financial information about Verkada itself.
Verkada was previously scrutinized for security lapses in October after a report surfaced accusing male employees of using the company’s cameras to take photos of female employees and share them in a private Slack channel. After initially disputing the report, Verkada eventually fired the male employees involved, following a separate investigation by Vice News.