‘Journalist’s’ Tagged Posts

South America hacker team targets dissidents, journalists

The breadth and brazenness of the activity of the hackers' carries the characteristics of state sponsorship. As do its objectives. The group is a...


South America hacker team targets dissidents, journalists

The breadth and brazenness of the activity of the hackers’ carries the characteristics of state sponsorship. As do its objectives.

The group is attacking opposition and independent journalists in Ecuador with spyware. It also has dummy websites. The most comprehensive, targeting Venezuela, was a constantly updated news site with thoughtful obtained “scoops” on alleged corruption among the ruling socialists. In Ecuador, was to draw a similar fake website size disgruntled police officers.

The researchers launched the three-month investigation into the provision that spyware found on the smartphone of the Argentine prosecutor Alberto Nisman is written to send pilfered data to the same command-and-control structure as malware sent goals infected in Ecuador. She said the hackers have a “sharp and systematic interest in the political opposition and the independent press” in the three nations, led by allied leftist governments. This suggests that can, on behalf of one or more of these authorities industry, the 60-page report.

In September, the hackers threatened a Citizen Lab researcher if he stabbing around in a US-based machine, the group infected.

“We’re going brains analyzed with a bullet â ??” and your family, too, “have to read a message that popped up on his computer screen.” You want to play the spy and go where you do not know what you should know that it costs a â ?? “Your life!”

It is barely professional behavior among hackers, might suggest little fear of criminal prosecution, said Morgan Marquis-Boire, one of the researchers.

In November the group has tried to computer infected an Associated Press reporter who is also research, a phishing attack designed to steal from his Google password.

The researchers identified the group sent by intertwined internet domains and indicator digital signatures on e-mail to infect computers. She said it active for seven years, it finds use hosting services in Brazil since at least 2008.

The determination behind the intrusion, but can be possible only by court order because of Internet hosting companies privacy policy.

In two examples, goals receive an e-mail from a fake organization that pretend to President Rafael Correa of ​​Ecuador. Others received a message falsely by a leader of the opposition claims the names of people investigated signed by Ecuador intelligence reveals.

That clicked on embedded links their computers infected with spyware that secretly culled information from user machines and send it to servers run by the group, which researchers called “packrat.”

“We believe this is a very efficient operation,” says John Scott-Railton, principal investigator on the team Citizen Lab at the University of Toronto Munk School for Global Business. “Packrat seems carefully choose and then mercilessly behind its objectives.”

The group use the same Internet domains for the year despite some exposure, a technical comfort which would occur by garden-variety cybercriminals cautious seized by law enforcement agencies.

Citizen Lab marked surgery packrat since the hackers use commercially available packages of remote access trojans â ?? “or rats â ??” which infected computers and smartphones, allowing hackers to capture keystrokes, emails and text messaging. The software can even cape microphones and webcams.

The malware is expertly packed to avoid detection by anti-virus programs, according to the researchers, who are at least 35 different types of wrestling-trapped files found.

packrat industry from domains hosted by companies in Argentina, Brazil, France, Spain, Sweden, Uruguay and the United States of America, Citizen Lab said, and notified it of most of the suppliers Friday, asking that his infrastructure are cruel.

For much of the past two years, about two dozen locations that are “placed” packrat malware resident at one time or another on servers owned US-based GoDaddy.com LLC, a web hosting company. They included soporte-yahoo.com, update-outlook.com, lavozamericana.info, mgoogle.us and login-office365.com, all of whom are registered by the company.

The AP asked GoDaddy if and when someone malicious activity by placing a notice of the draw for Citizen Lab and which have been reported as something is done.

GoDaddy spokesman Nick Fuller said via email that the company was “working on the answers.” He said that as a matter of policy that taking immediate action when the identification of a problem website.

“GoDaddy host approximately 10 million Web sites, and are constantly working with the Internet community to keep safe the Internet,” he wrote.

The study started after that packrat has focused Nisman, the Argentine special prosecutor found dead of a gunshot wound in January while trying â ?? “failed â ??” to criminal charges against president Argentina

Researchers say packrat sent a top Argentine journalist Jorge lanata, the same virus that Nisman received a month before his death.

The virus’ bring digital. fingerprints, the building is to communicate with the same Internet domains used to spy on the opposition Ecuadorians who packrat malware identified in their e-mail with a search script written by the researchers.

Most of the goals identified in Ecuador, as researcher Scott-Railton warned that they probably represent a piece of the activity of the group.

“I doubt their Brazil-centric operations are stopped,” he said. “We do not want Ecuador to overshadow the fact that we are looking for a campaign all over the place.”

In Ecuador, packrat oriented reporters, environmentalists and even the satirist known as Crudo Ecuador, whose lampoons infuriated the president. It also has a website designed to provide the e-mail web interface of the National Assembly Ecuador mirror in an apparent attempt to usernames and passwords legislators’ harvest and break into their accounts, the study found.

Journalist Janet Hinostroza which has a 2013 press freedom award from the New York-based Committee to Protect Journalists, said they hacked in January and then again in August, a month after the Minister of the Interior claims that they were involved in a plot to overthrow the government .

“My computer is infected for so long that I think they have had access to all my information,” says Hinostroza.

His may still not contacts and other data access on her Apple iCloud because hackers changed her password and security question.

Other prominent alleged packrat goals in Ecuador include Martha Roldos, an environmental activist, and the emperor Ricuarte, director of the press freedom watchdog Fundamedios. Roldos has a total of 34 malicious emails packrat, Citizen Lab found.

A website created by packrat, called “justicia-desvinculados.com,” is trying to attract Ecuadorians policemen fired after a September 2010 rebellion on benefits severely shaken Correa. Delete Now, it recorded an associated Twitter account.

The most complicated untrue group website appear Pancaliente.info, the Venezuelan opposition-friendly collection of news including written articles and inaccurate are “win.”

Taken offline Tuesday, the site show no contact information about themselves.

But it has to ask readers for their email addresses.




Citizen Lab: https://citizenlab.org/2015/12/packrat-report/


Frank Bajak on Twitter: http: //twitter.com/fbajak. His work can be found at http://bigstory.ap.org/author/frank-bajak.

Journalist’s lawyer: Prank doesn’t merit prison


Journalist's lawyer: Prank doesn't merit prison

SAN FRANCISCO (AP) â?? A lawyer with a Reuters editor accused of helping hackers damaging story Los Angeles Times reported Friday that the reporter does not commit the crime, but even if it did, it was a joke Internet must not send someone to jail for 25 years.

“No one was injured, no one was injured sustainable Identify individual stolen, lives are ruined,” the lawyer said Matthew Key, “Jay Leiderman.” It was a joke, I have a joke think, you get 25 years in the prison. “

federal government

say in December 2010, provided that the keys hacker group Anonymous with information connected to the computer system of the Tribune Co., parent company of The Times to open. Tribune also owns a television station buttons Sacramento was fired months earlier.

According to the U.S. Department of Justice, a hacker has changed a news time to read “The pressure increases to opt House Chippy 1337,” a reference to another group of hackers. “Chippy 1337” claimed responsibility for damage to the site editor Eidos video game in 2011.

A second attempt to hack the Times has failed, according to the indictment released Thursday.


was accused of one count of conspiracy to information damage to a protected computer and the transmission forward and trying to make this information across. If convicted, the New Jersey native faces a total of 25 years in prison and a $ 500,000 fine if convicted ceiling each count. It is scheduled for arraignment on April 12 Sacramento.

“It’s amazing that we use our laws and our scarce resources on like this,” Leiderman The Associated Press on Friday.

“In the wake of the Aaron Swartz case, we really thought that the judge would kind of take their breath and realize that maybe they had made a mistake in the pursuit of this case forward in such an aggressive way to what is essentially jokes, “said Liederman. ” I think what the court has done, is a kind of double down on it. “

He referred to the Internet activist, 26-year-old who was found dead in his apartment in Brooklyn on January 11 when a process is created in the future.

Family and friends say

Swartz committed suicide after he chased by federal prosecutors. Officials say he helped millions after court documents online for free and illegally downloaded millions of scientific articles an information online.

indictment of keys, also 26, comes after the recent hacks into computer systems of two other American media companies have the New York Times and the Wall Street Journal. Both newspapers reported in February that their computer systems are infiltrated by hackers based in China, state control of the media coverage of the Chinese government considers important.

Anonymous and the derivative Lulz Security, have been linked to a number of large-scale cyber attacks and crimes, many of which were designed to governments, federal agencies and the Giants embarrass the company. they are linked to attacks that data from the FBI partner InfraGard organization took, and they blocked sites of the CIA and the public broadcaster.

Keys page

“Facebook said he worked as a news producer in line for Tribune-owned affiliate KTXL FOX from June 2008 to April 2010.

Researchers say

key than a pirate called “Sharpie” connection information in a chat room on the Internet visited by pirates gave and urged the attacker to do damage to the Tribune Co.

assert federal prosecutors in the court documents that legendary pirate and Chief Anonymous name “Sabu” tips on how to infiltrate systems Tribune gave. The FBI Sabu unmasked when he stopped Hector Xavier Monségur June 7, 2011. Monségur secretly worked as an FBI informant to federal officials announced that helped to stop five suspected pirates March 6, 2012.

Federal officials declined to comment on whether Sabu surveyed keys.

The next day, it was announced that Sabu was an FBI informant, Keys wrote a story for Reuters about “infiltration” chat room pirates.

Keys Reuters hired in 2012, associate editor for social media. David Girardin, a spokesman for the press agency, told the AP in an e-mail Friday keys was suspended with pay Thursday. He would not go.

A spokesman Co., Chicago-based Tribune declined to comment.

According Keys Facebook profile, he is single, lives and works in New York Reuters office in New York, where “I paid to use Twitter and Facebook to work.”

Reuters, a unit of New York-based Thomson Reuters Corp. has expanded its activities in the United States. This year, six of the seven newspapers Tribune fell to the Associated Press, Reuters, citing cost. The Los Angeles Times stayed with AP.


Follow Garance Burke and Paul Elias and http://twitter.com/garanceburke http://twitter.com/paulelias1.

AP National Writer Martha Mendoza in Santa Cruz has also contributed to this report.