NSA – To Finally Help Improve Security?

NSA Administration building

Releasing Free Tool for Reverse Engineering Malware

By: Cristal M Clark 

The NSA generally undermines security rather than do anything useful so as to help.

malware-crimeshop.jpeg

Now the NSA is taking a stand against malware in a pretty significant way it would seem, they are going to release a helpful tool for free in an effort to help, for a change.

On March 5th, the agency plans to release a free reverse engineering tool, GHIDRA. The software reportedly dissects binaries for Android, iOS, macOS and Windows, turning them into assembly code that can help analyze malware or pinpoint questionable activity in otherwise innocent-looking software.

GHIDRA entered the spotlight with the Vault 7 leak, so it’s not a secret nor is it really new, it is unusual however, for the NSA to release it.

Other similar tools to exist in fact however they are terribly expensive.

This does leave some to wonder what the NSA’s true motives are given it’s prior history and part in the Zero Days worldwide malware release.

Cristal M Clark

IOS users can find The Crime Shop on Apple News

@thecrimeshop on twitter

And https://gab.ai/thecrimeshop

 

Russia’s Infamous Election Hackers Are at it Again

vladirmir_putin_crimeshop

Russia Election Meddling

idiot-Donald-Trump-CrimeShop

 

Yesterday, Trump went on and on with accusations that are completely baseless against China, claiming that they are attempting to meddle in our latest round of elections.

fancy-bear-crimeshop

What’s really true however is that reports are beginning to surface implying that Russia’s GRU, better known as Fancy Bear (U.S. intelligence agencies have identified Fancy Bear as two units within Russia’s military intelligence directorate), has secretly developed and deployed new malware that seems to be impossible to eradicate, capable of surviving a complete wipe of a target computer’s hard drive, and will allow the hackers to return as many times as they would like.

The European security company ESET discovered the new malware and reported that It works by rewriting the code that is flashed into a computer’s UEFI chip that controls the boot and reboot process.

The code is designed to maintain access to a high-value target in the event the operating system gets reinstalled or the hard drive replaced, which under normal circumstances would eradicate the malware.

This not the first code to hide in the UEFI chip and Russia’s new malware works only on PCs with security weaknesses in the existing UEFI configuration.

Not in this case, the new malware does seem to prove that Fancy Bear is more robust, powerful and potentially dangerous than the world previously thought.

Cristal M Clark

IOS users can find The Crime Shop on Apple News

@thecrimeshop on twitter

And https://gab.ai/thecrimeshop

 

 

 

 

Law Enforcement Officer Purchases FlexiSpy –  Intercepts WhatsApp & Emails?

new-iphone-features-instagram-story-capture-and-push-command-flexispy-crimeshop

Malware that intercepts social media messages, emails & so much more

Well, if it’s not the bad guys it’s law enforcement these days using malware to intercept your private data, messages and the like.

Or at least that is what some suspect.

FDLE-CrimeShop.jpeg

Motherboard obtained data that seemed to indicate that a Florida law enforcement officer purchased FlexiSpy, a malware that is used to intercept private data such as messages sent through email, WhatsApp, social media communications…

FlexiSpy-malware-crimeshop

Jim Born, just so happens to be the former DEA Agent and Special Agent at the Florida Department of Law Enforcement (FDLE) who purchased the malware and, the now retired agent claims that he simply made the purchase to better understand it and not to actually use it on someone without a court order.

Of course.

According to Motherboard it is truly unclear as to why the former agent really made the purchase.

flexispy-catch-cheaters-crimeshop

FlexiSpy was originally marketed to those who wanted to or felt the need to spy on a spouse or lover whom they suspected of cheating, it’s changed a bit over the last year and now the marketing targets employees and children.

record-phone-calls-and-surroundings-flexispy-crimeshop

The spyware is available to purchase on the open market by the way, it is said that to deploy it, you would need physical access to one’s device.

Just remember, law enforcement could have a device stored as ‘evidence’ where they could if they could get into the device load the malware.

Not to mention, YouTube has a video or two on how to install the malware without having to actually have the victims device in hand.

Lovely.

WhatsApp-crimeshop.jpeg

What is truly frightening about this lovely little gem of malware is that, FlexiSpy has added features that make it a truly powerful way of spying on the ones you love, including the ability to siphon WhatsApp messages, remotely turn on the phone’s camera and microphone, rip files stored on the device, and of course the ability to hide itself from its victim.

As for FDLE, well they have absolutely no record of Agent Born ever making the purchase so he made the purchase as a private citizen which either makes his story a complete lie or makes him a jealous spouse, lover or nosy parent.

infant-social-security-numbers-for-sale-on-dark-web-crimeshop

I don’t know, when it comes to ones interpersonal relationships even those with our children, I personally feel that it’s never okay to install malware onto a loved ones device for the sole purpose of spying on that individual.

If you feel that your loved one is lying to you, cheating on you, or whatever, perhaps rather than invade the individual’s privacy by installing malware onto that individuals device, which is a tit for a tat sort of move, you should just ask them.

If you don’t find that you are getting the answer you want or suspect, then maybe you should assess the relationship you have with said individual and make a decision, one that would make you happy, because confirming suspicions, never makes someone happy, it simply and only vindicates what you already know deep down.

Cristal M Clark

IOS users can find The Crime Shop on Apple News

@thecrimeshop on twitter

And https://gab.ai/thecrimeshop

Ohio Hacker Charged with Child Pornography

 

fruitfluy-malware-crimeshop

 

MacOS Malware Used for Child Porn, Computer Fraud and Wiretapping

phillip-durachinsky-CrimeShop

28 year old Phillip Durachinsky has been accused of and charged with computer fraud, wiretapping and child pornography after authorities learned the man had hacked cameras and microphones to both spy on and recorded things that he should not have.

computerhacking_crimeshop

Aside from spying on both people and companies, Phillip was so brazen that he hacked into schools and a U.S. Department of Energy subsidiary and he even spied on a police department.

Where the story takes on a pretty sick twist is where Phillip recorded individuals engaging in sex, some which where underage individuals.

According to court documents, Phillip often made it a habit of recording those that he spied on, collecting thousands and thousands of images, as well as being able to access tax, medical and banking records of the unlucky individuals and organizations that he spied on from 2003-2017.

Yes, you read that right, 14 years in total.

macos-crimehop

Phillip used FruitFly, a specific malware that is used to target Mac’s, a spyware used to surveille person through mac’s, more specifically watching them through their webcam or camera.

Phillip had been installing the malware onto PC’s for years and once on an individual’s PC, the malware was able to reach out and make contact with others, like the PC’s of businesses, schools, a police department and of course a subsidiary of the U.S. Department of Energy.

Once running, FruitFly was able to steal files, passwords, turned on cameras and microphones.

In some cases, FruitFly would alert Phillip if and when an individual computer were being used to search for porn by a victim.

Court documents indicate that thousands of computers had been infected and comprised and while watching and listening to those that he spied on, this brilliant man took notes, yes he took the time to take down notes with regards to what he heard or saw. 

MacBook-Malware-FruitFly-crimeshop

I know what you are thinking, FruitFly should only be able to work on MacOS right?

Phillip, it seems was able to develop a Windows version which explains how so many PC’s were infected in the end.

As to the child porn charges, while the DOJ has not released much with regards to those charges, it appears that from Oct, 2011 – Jan 2017 Phillip recorded underage teens having sex, recordings he knew he could either share or sell, recordings he knew would be shared.

So how did the DOJ finally catch up with Phillip?

In January of last year, Phillip was accused of hacking into computers at Case Western Reserve University. Upon investigating the complaint against Phillip, the FBI had discovered that the computers had in fact been infected for several years.

This serves as a great way to open the door to some dialogue.  

It doesn’t matter what OS you might be on, just because you think you are safe, you may not be.

We can always count on one individual at the very least, who will be able to develop malware or some way so as to infect whatever OS they desire.

Developers may want to get better at patching things up, closing back-doors, creating devices and software that are smart enough to block infected software, ads and files, or at the very least, ensuring that we cannot be hacked as easily as we currently are.

Cristal M Clark

IOS users can find The Crime Shop on Apple News

@thecrimeshop on twitter

And https://gab.ai/thecrimeshop

CIA hacking air-gapped networks?

US CIA-Crime-shop

US Central Intelligence Agency – Brutal Kangaroo

wikiLeaks-CrimeShop

A newly released dump of intel by WikiLeaks details how the CIA developed a way to hack an air-gapped network using a USB and some creative malware. Technically speaking, this is not in anyway new information. It has always been known that one could hack an air-gapped network using a USB so as to either:

  1. Steal intel on the USB or;
  2. Download some type of malware so as to infect the network promoting the network to send out the requested data should the malware detect any open internet connection.

How does it work you ask?

The software consists of four specific applications:

Shattered Assurance

Drifting Deadline

Shadow

brutal-kangaroo-crime-Shop

And Finally my personal favorite, Brutal Kangaroo.

Shattered Assurance is the server-side of the code that forms the basis of the attack system and infects the USB drives that are plugged into an infected computer with the Drifting Deadline malware.

Once an infected thumb drive is plugged into a target computer that is set up to autorun its contents and is using Windows 7 as an operating system and running .Net 4.5, Drifting Deadline deploys Shadow malware onto the system.

Shadow is a much older piece of code that has both client and server versions and it is highly configurable for specific targets.

The operator can set it up to collect system data of up to 10% of the system’s memory, watermark all data it collects, and store it on an encrypted partition on the infected computer’s hard drive.

Once the infection has been achieved, Shadow will look for other connected systems and infect those too. It can be set up to put the pilfered data onto any new thumb drives that are installed in the system, or send it as a burst if it detects an open internet connection.

The final app in Brutal Kangaroo was once called Broken Promise, which is a tool used to examine the stolen data easily and quickly. Taken together, the Brutal Kangaroo suite could be very useful for defeating air-gapped machines and is certainly more feasible than more esoteric methods.

Or one can just get a job working for the NSA and walk out the door with data and intel. Take your pick right?

At any rate, this should not come as a huge surprise to anyone, you would expect the CIA an intelligence agency to have this sort of tool what does however surprise me is the vivid detail that WikiLeaks released about how the malware works, the data dump details just how each app works together in order to gain the needed or wanted access to intel.

I am all for transparency when it comes to our Governments, but at what point do we begin to question the amount of intel released to the public?

Some of the documentation released in the latest WikiLeaks dump could cause problems later down the road because it fell into the wrong hands and if someone modified one or all of the app’s capabilities making it a worldwide problem like for instance with WannaCry?

Sometimes in our effort to keep our Government’s honest, we manage to create more of a problem than we do good. Anything having to do with Cyber-Security, Cyber-Warefare, Malware and the like, being detailed and released to the world under the guise of keeping our Government’s in check, is simply not accomplishing those efforts.

Cristal M Clark

IOS users can find The Crime Shop on Apple News

@thecrimeshop on twitter

And https://gab.ai/thecrimeshop