August 16, 2022

                August 16, 2022

            August 16, 2022

            The hackers who generously decided not to ransomware a UK water treatment company are missing a trick. But, before we look at that, it is worth mentioning that the threat actor appears to count coup on the wrong victim, and the reporting follows along. Thames Water isn’t the victim of this breach, so that’s lol. 
Subscribe now
On to the hack, these guys are making a mistake, attacking a water treatment plant and threatening it. Even to say, “see, we could’ve done worse but didn’t”, is going to get people very riled up. This is critical national infrastructure. This is a big deal. GCHQ will be hunting them down, and the public would be happy to see them strung up. Do not fuck with people’s water supply.
How to turn that around and make it a tool they could use to their advantage? Easy. UK water companies are terrible, horrible, polluters dumping sewage and plastic into the water. They are fucking with people’s water supply.
These hackers should’ve pulled all the emails they could find and made them available to researchers (academics and journalists). Put them up as an online search tool and as an afterthought also available to download. Something to give the researchers plausible deniability so they can look at the data “in the public interest.” 
“It was publicly available, and normally we would never look through private files, but given the public interest and the public nature of the available documents, we felt that it was worth… blah blah. Anyway.
“Here is the terrible thing that water companies are doing!!!
The water companies are fucking with peoples water supply; only no one is talking about it. Change that. Expose the duplicity and corruption in handling the UK’s water, and people will forget the origin of the data. Hell, they’d probably get a medal. 
Since they’re not making money, their best option is exposing sewage dumping polluters. The worst option — the one they chose — is to say, “we could have totally killed you guys, but we didn’t. You’re welcome.” 
Have fun getting wrecked by Cyber von Cheltenham!
MrR3b00t | #StandWithUkraine #DefendAsOne @UK_Daniel_CardWhen attribution goes wrong!
@Daily_Express appears to miss attribute a breach to @thameswater ! the actual victim appears to be another organisation!

CLOP #ransomware actor writes the wrong org name!

#ThamesWater #NotHacked #Breach #Cyber #Incident  #Cyber #Threat #Intel #CTI 
6:55 PM ∙ Aug 15, 2022
85Likes37Retweets-
Great WoTR piece: Ending the Ideology of the Offensive

https://warontherocks.com/2022/08/ending-the-ideology-of-the-offense-part-i/

-
Liam Sheedy @Sheeds1984
I’m not saying this clock the wife got from Kmart is shit, but the alarm didn’t go off this morning and the time is now 9:77 
12:20 AM ∙ Aug 14, 2022
309,287Likes20,309Retweets
-
Signal @signalapp
Message history, profile info, contact lists, & other data were NOT & could not be accessed. The information attackers accessed could allow them to attempt to register a Signal user’s phone number on a new device if that user had not enabled registration lock. 2/4:52 PM ∙ Aug 15, 2022
936Likes160Retweets
-
~Attacking Titan M with Only One Byte~

https://blog.quarkslab.com/attacking-titan-m-with-only-one-byte.html

-
cats with jobs @CatWorkers
Hacker (unsuccessful). 
7:20 PM ∙ Aug 15, 2022
43,541Likes4,697Retweets
-
Emily Mullin @emilylmullin
All infants born in the US undergo a heel-prick test to be screened for certain diseases.

Some states hold onto those blood samples for years, even decades, and police may now be using them in criminal investigations. 

My latest for @WIRED: 
wired.comPolice Used a Baby’s DNA to Investigate Its Father for a CrimeSmall pinpricks of blood are used to screen newborns for serious health conditions—but this genetic data can have legal uses too.1:20 PM ∙ Aug 15, 2022
2,751Likes1,503Retweets
-
Patrick Walton @pcwaltonThis paper is awesome (h/t @tqbf): usenix.org/system/files/s…

Turns out that machine learning can reconstruct reasonable variable names from decompiled source! I'd love to see this integrated with Ghidra.
8:38 PM ∙ Aug 15, 2022
284Likes56Retweets
-
switched @switch_d
Microsoft Announces Disruption of Russian Espionage APT securityweek.comMicrosoft Announces Disruption of Russian Espionage APT | SecurityWeek.ComMicrosoft disrupts Russian APT actor, cutting off access to accounts used for pre-attack reconnaissance, phishing, and email harvesting.8:42 PM ∙ Aug 15, 2022
17Likes9Retweets
-
MalwareHunterTeam @malwrhunterteam
Among the usual stuffs like passport photos and etc, Clop ransomware gang published these screenshots in the leak page for Thames Water...
👀
🤔 
6:25 PM ∙ Aug 15, 2022
176Likes64Retweets
-
MrR3b00t | #StandWithUkraine #DefendAsOne @UK_Daniel_CardAn update on SOUTH STAFFS! hugs to @SthStaffsWater teams and IR team!
south-staffs-water.co.uk/news/important… 
8:09 PM ∙ Aug 15, 2022
33Likes9Retweets
-
Rachel Figueroa 🐝🐝🐝🌻🌻🍄 @Jewyorican
Mix things up by putting framed quotes meant for the kitchen into the bathroom 
8:16 PM ∙ Aug 15, 2022
120,911Likes9,896Retweets
-
Bushra seddique @bushra_seddique
“No one is left to chronicle how Afghans are paying the price for the Taliban’s victory. Activists are arrested, and journalists are forbidden from reporting the truth. It is hard to be an exile, but it would be harder still to be silenced”

theatlantic.comI Smuggled My Laptop Past the Taliban So I Could Write This StoryMy escape from Afghanistan1:23 AM ∙ Aug 16, 2022
200Likes67Retweets
-
Xeno Kovah @XenoKovah🧵Tl;dr: the below is a fork with updated instructions on running @_markel___, @h0t_max, & @_Dmit’s Apollo Lake TXE exploit PoC on AAEON UP Squared boards (since you can buy them currently, but you can’t buy the original targeted boards)

github.com/XenoKovah/Inte…
github.comIntelTXE-PoC/README.md at master · XenoKovah/IntelTXE-PoCIntel Management Engine JTAG Proof of Concept - 2022 Instructions - IntelTXE-PoC/README.md at master · XenoKovah/IntelTXE-PoC7:19 PM ∙ Aug 15, 2022
40Likes16Retweets
-
Ravi Nayyar @ravirockksAlleged:
1) Hack ≥ 31 retail brokerage accounts.
2) Buy securities of Companies X and Y.
3) Inflate value of holdings.
4) Sell 'em.
4) Make > $1 mn in profit.

= Cyber-induced market manipulation.

= Critical infrastructure cyber risk.
@thegrugq
sec.govSEC.gov | SEC Charges 18 Defendants in International Scheme to Manipulate Stocks Using Hacked US Brokerage Accounts1:05 AM ∙ Aug 16, 2022
12Likes6Retweets-
Best of Nextdoor @bestofnextdoor
3:30 AM ∙ Aug 16, 2022
2,775Likes193Retweets
-
An anti tracking device that scans for SSIDs and MACs (presumably from phones) and alerts if the same ones keep showing up.

https://www.wired.com/story/this-anti-tracking-tool-checks-if-youre-being-followed/

https://github.com/azmatt/chasing_your_tail

-
イカビク @RCAVictorCo
5:01 PM ∙ Aug 14, 2022
3,413Likes557Retweets
-
This thread is really cool
𝕻𝖆𝖗𝖆𝖘𝖔𝖈𝖎𝖆𝖑𝖎𝖙𝖞 @parasociality
A hierarchy of alienness: Pictures of animals from least to most related to you.

Least-related animal: Sponges. You and sponges are both animals. That's basically all you've got in common. 
9:56 PM ∙ Aug 14, 2022
69,816Likes13,749Retweets
-
Natalia Antonova 🇺🇸🇺🇦 @NataliaAntonova
“Battle gays are attacking Belarus from the Baltics” 

Is somehow not a parody headline in Russia 
12:58 PM ∙ May 27, 2021
1,288Likes341Retweets

The Info Op is a reader-supported publication. To receive new posts and support my work, consider becoming a free or paid subscriber.

Don't miss what's next. Subscribe to the grugq's newsletter: