AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 06/14/2021

How Hackers Used Slack to Break into EA Games

The group of hackers who stole a wealth of data from game publishing giant Electronic Arts broke into the company in part by tricking an employee over Slack to provide a login token, Motherboard has learned. The group stole the source code for FIFA 21 and related matchmaking tools, as well as the source code for the Frostbite engine that powers games like Battlefield and other internal game development tools. In all, the hackers claim they have 780GB of data, and are advertising it for sale on various underground forums. EA previously confirmed the data impacted in the breach to Motherboard. A representative for the hackers told Motherboard in an online chat that the process started by purchasing stolen cookies being sold online for $10 and using those to gain access to a Slack channel used by EA. Cookies can save the login details of particular users, and potentially let hackers log into services as that person. In this case, the hackers were able to get into EA’s Slack using the stolen cookie. (Although not necessarily connected, in February 2020 Motherboard reported that a group of researchers discovered an ex-engineer had left a list of the names of EA Slack channels in a public facing code repository).


As Ransomware Demands Boom, Insurance Companies Keep Paying Out

EARLIER THIS WEEK, Colonial Pipeline CEO Joseph Blount testified before the House Homeland Security Committee that his company had filed a claim with its cyberinsurance carrier for the $4.4 million cryptocurrency ransom it paid last month. This week, US authorities announced that they had managed to recover $2.3 million of that ransom, raising further questions about who would receive that money—Colonial Pipeline or its insurance carriers—and what signal it would send to ransomware victims and their insurers. In May, the same week that Colonial Pipeline made its ransom payment, the insurance carrier AXA announced that it would stop covering ransom payments under its cyberinsurance policies in France. Around the same time, Swiss Re CEO Christian Mumenthaler said in an interview that “overall the problem [of cybersecurity] is so big it’s not insurable.” But anyone hoping that insurance companies might be the ones to break the cycle of million-dollar ransom payments will likely end up disappointed.


Self-driving Waymo trucks to haul loads between Houston and Fort Worth

On Thursday morning, Waymo announced that it is working with trucking company JB Hunt to autonomously haul cargo loads in Texas. Waymo’s Class 8 trucks equipped with the autonomous driving software and hardware system called Waymo Driver will operate on I-45 in Texas, taking cargo between Houston and Fort Worth. However, the trucks will still carry humans—a trained truck driver and Waymo technicians—to supervise and take over if necessary. Although Waymo is better known for the autonomous taxi service it operates in a suburb of Phoenix, the company started experimenting with adding its autonomous technology to freight haulers several years ago. And in 2018, it began testing those trucks in the Atlanta area. What makes today’s news notable is the partnership with a major truck operator.


DOJ charges security exec for hacking a Georgia healthcare company in 2018

A security company executive has been charged for hacking into (PDF) the Gwinnett Medical Center’s network on or around September 27th, 2018. According to the Department of Justice, Vikas Singla from Georgia conducted a cyberattack on the not-for-profit network of healthcare providers in part for commercial advantage and personal financial gain. Singla was the chief operating officer of a network security company in metro-Atlanta — the DOJ didn’t name the company, but the profile matches that of Securolytics — that served the healthcare industry. He (and his yet-to-be-named associates) allegedly disrupted GMC’s phone service, obtained information from a digitizing device and disrupted network printer service during the attack.


Privacy analysis of FLoC

In a previous post, I wrote about a new set of technologies “Privacy Preserving Advertising”, which are intended to allow for advertising without compromising privacy. This post discusses one of those proposals–Federated Learning of Cohorts (FLoC)–which Chrome is currently testing. The idea behind FLoC is to make it possible to target ads based on the interests of users without revealing their browsing history to advertisers. We have conducted a detailed analysis of FLoC privacy. This post provides a summary of our findings.


McDonald’s hit by data breaches in US, South Korea and Taiwan

McDonald’s is the latest massive corporation to be hit by a cyberattack. According to The Wall Street Journal, the bad actors that infiltrated its systems managed to steal customer and employee information from its businesses in the US, South Korea and Taiwan. No customer data was stolen in the US, in particular, but the hackers got away with contact information for US employees and franchisees. They also helped themselves to some store information, including seating capacity and the size of play areas. In South Korea and Taiwan, however, the hackers were able to steal customer information, including people’s emails, phone numbers and delivery addresses.

Related Posts