UK’s Electoral Commission Hacked

Aug 09 2023

Gone Phishing Banner

Welcome to Gone Phishing, your daily cybersecurity newsletter that brings the smoke to cybercrime ๐Ÿ’€๐Ÿ’€๐Ÿ’€

Todayโ€™s hottest cyber security stories:

  • ๐ŸŒHACKED! UK's electoral registers struck by a smooth cybercriminal ๐ŸŽฉ

  • โŒจ๏ธ New software allows phones to decipher typed passwords just by listening ๐Ÿ‘‚

  • ๐Ÿ‘พ New malware targets newbie cybercriminals with โ€˜OpenBullet Configsโ€™ ๐Ÿ”ซ

#StopTheSteal! ๐Ÿ˜‚๐Ÿ˜‚๐Ÿ˜‚

๐Ÿ”’๐Ÿ—ณ๏ธ UK's Elections Watchdog Hit by Cyber Attack ๐ŸŒ๐Ÿ”“

The UK's Electoral Commission has fallen victim to a "complex cyber-attack" potentially impacting millions of voters ๐Ÿšจ๐Ÿ•ต๏ธโ€โ™‚๏ธ. "Hostile actors" gained unauthorised access to electoral registers dating back to August 2021, also breaching emails and "control systems" ๐Ÿ’ป๐Ÿ“ง.

Though the breach was only discovered in October of the previous year, the watchdog urges people to be vigilant about their data usage ๐Ÿ›ก๏ธ๐Ÿ”. The commission reveals hackers accessed register copies held for research and political donor checks ๐Ÿ’ผ๏ฟฝ๏ฟฝ.

Chief Executive Officer Shaun McNally confirms awareness of the compromised systems, yet can't definitively identify accessed files ๐Ÿ“‚โ“. Breached data includes names and addresses of UK voters registered between 2014 and 2022, encompassing private registers and overseas voters' names ๐Ÿ ๐ŸŒ.

While personal data held on the registers doesn't pose "high risk," it could potentially be combined with public information for profiling purposesย ๐Ÿ“๐Ÿ”. The watchdog emphasises hackers couldn't alter or delete information on electoral registers ๐ŸšซโŒ.

The commission delayed public disclosure to mitigate vulnerabilities, and the Information Commissioner's Office is urgently investigating the data breach ๐Ÿ•ต๏ธโ€โ™‚๏ธ๐Ÿ”.

The watchdog assures steps have been taken to enhance cybersecurity against future attacks ๐Ÿ›ก๏ธ๐Ÿ”’. Hope so!

I came across ZZZ money club during the crypto market bull run when everyoneโ€™s a winner, even during the bear market this discord group has been amazing at giving information on projects and ways to make passive income in various ways.

The group is very active and everyone in this private discord group is very chatty and helpful.

Its run by Yourfriendandy and Decadeinvestor, you can find them here on YouTube, both top guys with great content.

If you are interested in joining the group you can through the link below.

You may want to type lightly ๐Ÿ‘€

๐Ÿ”๐ŸŽฎ Academics Develop "Keystroke Sound" Hack! ๐Ÿ•ต๏ธโ€โ™‚๏ธ๐Ÿ’ป

Researchers have created a "deep learning-based acoustic side-channel attack" that identifies laptop keystrokes recorded by a nearby phone with 95% accuracy ๐Ÿ“ฑ๐Ÿ”Š.

When trained on Zoom-recorded keystrokes, accuracy reached 93%, setting a new medium record ๐Ÿ“ˆ๐Ÿ”.

These "side-channel attacks" exploit a system's physical effects during data processing, such as acoustics, to gather insights ๐Ÿ”’๐Ÿ”Š. These attacks pose a threat to user privacy and security, enabling malicious actors to steal passwords and sensitive data ๐Ÿ’ฅ๐Ÿ”.

The ubiquity of keyboard sounds makes them a convenient target. People tend to underestimate their sound while typing, even if they hide their screen ๐Ÿ‘€๐Ÿ”ˆ.

To execute this attack, researchers used MacBook Pro keys, recorded their sounds, and employed a deep learning model, CoAtNet, to classify keystrokes ๐ŸŽน๐Ÿค–.

๐Ÿ›ก๏ธ Top Tips:

Countermeasures include altering typing style, using randomised passwords, and adding fake keystrokes for voice call attacks ๐Ÿ›ก๏ธ๐Ÿ”ข. This innovation highlights the need to guard against seemingly innocuous attack vectors ๐Ÿšจ๐Ÿ”Š.

๐Ÿ—ž๏ธ Extra, Extra! Read all about itย ๐Ÿ—ž๏ธ

Each fortnite, we carefully select three hot newsletters to show you. Reputation is everything, so any links we share come from personal recommendation or carefully researched businesses at the time of posting. Enjoy!

  • ๐Ÿ’ฐ Daily Dough: Bite-sized investing ideas, wisdom, news, and trends you need to grow your dough!

  • ๐Ÿ“ˆย ProductivityGlide: A bite-sized email for your most productive day yet!

  • ๐Ÿซย AI Marketing School: The latest AI Marketing tools, techniques, and news delivered biweekly.

Let us know what you think!

Cybercrime will eat itself ๐Ÿคค

๐Ÿ”’๐Ÿฆ  Malware Alert: New Campaign Targets Aspiring Hackers! ๐Ÿšจ๐Ÿ’ป

A fresh malware campaign is using malicious OpenBullet configuration files to exploit inexperienced cybercriminals, aiming to deploy a remote access trojan (RAT) capable of data theft ๐Ÿ”“๐ŸŒ.

Kasada, a bot mitigation firm, has identified this activity as an attempt to exploit "trusted criminal networks," with advanced threat actors preying on novice hackers ๐Ÿ•ต๏ธโ€โ™‚๏ธ๐Ÿ•ต๏ธโ€โ™€๏ธ.

OpenBullet, initially a legitimate open-source penetration testing tool, is now being misused. It automates credential stuffing attacks, powered by a customised configuration file tailored to a specific website. This facilitates attacks without cumbersome browser windows ๐Ÿ“œ๐Ÿ”.

These configurations are traded within criminal circles, empowering less skilled hackers, or "script kiddies," to launch their own attacks ๐Ÿ› ๏ธ๐Ÿ’ฅ. The flexibility of this approach has also led to a new attack route, targeting other hackers seeking these files in hacking forums ๐ŸŒ๐Ÿ’ฃ.

The malware focuses on popular browsers and crypto wallets, exploiting the likes of Brave, Chrome, and Microsoft Edgeย ๐ŸŒ๐Ÿ’ผ. The campaign's unique use of Telegram to distribute malicious configs highlights the criminals' cryptocurrency preference ๐Ÿ“ฒ๐Ÿ”—.

No honour among cyber-thieves!

This breach among thieves shows the ever-evolving landscape of cyber threats ๐Ÿ”„๐Ÿ”’.

So long and thanks for reading all the phish!

Recent articles