Posts by kimzetter@infosec.exchange
(DIR) Post #AQePfs7bWKGRYNRU5w by kimzetter@infosec.exchange
2022-12-16T02:16:50Z
0 likes, 1 repeats
Twitter has suspended accounts of more than half a dozen journalists from CNN, NYT, WaPo and others. "Many of the suspended accounts had recently written about a dispute between...Musk, and [a] Twitter user who had tracked the billionaire’s private jet travels"https://www.washingtonpost.com/media/2022/12/15/twitter-journalists-suspended-musk/
(DIR) Post #AQtSDzJ6QS8expcBoO by kimzetter@infosec.exchange
2022-12-22T22:50:30Z
0 likes, 0 repeats
Pretty explosive news. "ByteDance, the parent company of video-sharing platform TikTok, found that employees tracked multiple journalists covering the company, improperly gaining access to their IP addresses and user data in an attempt to identify whether they had been in the same locales as ByteDance employees."https://www.forbes.com/sites/emilybaker-white/2022/12/22/tiktok-tracks-forbes-journalists-bytedance/
(DIR) Post #ARgUsI3mN7dchGV6kS by kimzetter@infosec.exchange
2023-01-16T00:52:58Z
0 likes, 1 repeats
Guccifer -- not the Russian one that hacked the DNC and Hillary Clinton campaign in 2016 but the Romanian one whose 2013 hacks exposed Hillary Clinton's use of a private email server and supposedly inspired the later Russian Guccifer (Guccifer 2.0) -- speaks for the first time since leaving a U.S. prison in 2001.https://twitter.com/theintercept/status/1614579854808125444
(DIR) Post #ARgoMEqqlQPEYvRmqm by kimzetter@infosec.exchange
2023-01-16T00:55:53Z
0 likes, 2 repeats
Guccifer -- not the Russian one that hacked the DNC and Hillary Clinton campaign in 2016 but the Romanian one whose 2013 hacks exposed Hillary Clinton's use of a private email server and supposedly inspired the later Russian Guccifer (Guccifer 2.0) -- speaks for the first time since leaving a U.S. prison in 2021.https://theintercept.com/2023/01/15/guccifer-interview-hacked-clinton-emails/?utm_campaign=theintercept&utm_medium=social&utm_source=twitter
(DIR) Post #ASCk7Nml5DCrAVuaPo by kimzetter@infosec.exchange
2023-01-31T13:44:17Z
0 likes, 0 repeats
"A TikTok official speaking on condition of anonymity described the company’s proposal to the Committee on Foreign Investment in the United States...which will decide whether the company can continue to operate in the U.S., the company has begun to describe the proposal in greater technical detail. Under the terms of the proposal, TikTok would divulge core segments of its technology to Oracle and a set of third-party auditors who would verify that the app is not promoting content in line with Beijing’s wishes or sharing U.S. user data with China."https://cyberscoop.com/tiktok-national-security-cfius/
(DIR) Post #ASTN9XvYLhs6xMGMZk by kimzetter@infosec.exchange
2023-02-08T14:26:42Z
0 likes, 0 repeats
Wondering what people make of this explosive story from Seymour Hersh claiming that US divers were behind the Nord Stream pipeline sabotage https://seymourhersh.substack.com/p/how-america-took-out-the-nord-stream?utm_source=share&utm_medium=android
(DIR) Post #AUaCIgtZiExFUnFdgW by kimzetter@infosec.exchange
2023-04-12T13:52:16Z
1 likes, 1 repeats
Two years ago on Super Bowl weekend in Tampa Bay, a Florida sheriff and city manager held a press conference to tell the world that hackers had penetrated the city's water control system and increased the lye to a dangerous level. "Somebody hacked into the system. Not just once, but twice and controlled the system, took control of the mouse.," the sheriff told reporters. For the next two years media outlets tried to get an update on the case but the sheriff, the city, and the FBI would only say the investigation was ongoing. Now it turns out that the FBI had in truth concluded its investigation within four months of the incident and determined that no hack had occurred and that likely a city worker had mistakenly altered the level of lye. But no one bothered to tell the public or give reporters the update they had been seeking. https://www.wfla.com/8-on-your-side/employee-error-oldsmars-water-system-wasnt-hacked-former-city-manager-says/
(DIR) Post #AVFQqNQN6nRek7OOXo by kimzetter@infosec.exchange
2023-05-02T14:29:00Z
0 likes, 4 repeats
I spent a year digging into the SolarWinds hack - talking with SolarWinds/Mandiant/Microsoft and others -- to bring you this detailed story of how the hackers pulled off the boldest, most sophisticated supply-chain hack in history ... and how they got caught. https://www.wired.com/story/the-untold-story-of-solarwinds-the-boldest-supply-chain-hack-ever/
(DIR) Post #AVKBzAssZi9MvzGO1o by kimzetter@infosec.exchange
2023-05-04T21:47:45Z
0 likes, 0 repeats
@textfiles I would also be sad if you were dead. I hope you're not, because this would mean I'm communicating with a bot.
(DIR) Post #AY1AuKj49mP3WklOCG by kimzetter@infosec.exchange
2023-07-24T10:26:59Z
1 likes, 2 repeats
For 25+ yrs police, military, intel agencies and critical infrastructure around the world have relied on the TETRA radio standard to secure their critical communications. But now Dutch researchers have examined secret algorithms used in TETRA and found something startling -- an intentional backdoor. This and other issues the researchers found would allow malicious actors to decrypt communications and also, in some cases, send malicious communication to radios to affect critical infrastructure or disrupt police operations and more. https://www.wired.com/story/tetra-radio-encryption-backdoor/
(DIR) Post #AYq0FRUVtbNFXLSkNc by kimzetter@infosec.exchange
2023-08-17T17:18:34Z
0 likes, 1 repeats
Prosecutors have accused a Florida journalist of violating the CFAA anti-hacking law to obtain and leak un-aired Tucker Carlson clips that embarrassed Fox News. Attorneys for Timothy Burke say he hacked nothing, and that the clips were publicly available and unencrypted. Mark Rasch, one of the attorneys on Burke's defense team, says prosecutors are using a “novel and unsupported” interpretation of the CFAA to assert a crime that doesn’t exist under the law and justify the raid on Burke's home office. Rasch understand the CFAA better than most. He's a former federal prosecutor who helped craft CFAA. I looked into the case:https://zetter.substack.com/p/did-a-journalist-violate-hacking
(DIR) Post #AqqUbj7z5IxKBt3D9c by kimzetter@infosec.exchange
2025-02-06T14:57:55Z
0 likes, 1 repeats
In a first-ever report from the intelligence community, the US government has revealed that it disclosed 39 zero day vulnerabilities to vendors/public to be patched rather than keep them for NSA/CIA/FBI to exploit in hacking operations. The report, however, doesn't say how many zero days the gov discovered in 2023 that it kept to exploit. And ten of the 39 it did disclose that year, it had already kept secret for an unknown number of years to exploit before deciding to disclose them in 2023. Here's my story: https://www.zetter-zeroday.com/u-s-government-disclosed-39-zero-day-vulnerabilities-in-2023-per-first-ever-report/
(DIR) Post #Ar9UdGM4UCq9ImghqC by kimzetter@infosec.exchange
2025-02-15T04:41:45Z
0 likes, 1 repeats
DHS fired more than 400 employees today, including 130 people from CISA. If you work or worked for CISA or have information about what's going on there, you can reach me on Signal at KimZ.42https://abcnews.go.com/Politics/dhs-cuts-405-employees-workforce/story?id=118847047
(DIR) Post #AtAOgwLXRZOn6oFMMi by kimzetter@infosec.exchange
2025-04-16T22:05:24Z
0 likes, 1 repeats
Chris Krebs has quit his job at SentinalOne to launch a legal and public relations fight against Trump and the presidential memo Trump he signed against Krebs last week. "Krebs said he understood why some have kept a low profile and tried not to further anger the president. But he said he disagreed with that approach. "I don’t think this lay-low-and-hope-this-blows-over approach is the right one for the moment we’re in."Miles Taylor who was also targeted by Trump said "the memos targeting him and Krebs were 'punishment for dissent' and that he too planned to fight back.... 'How we respond will set the tone inevitably for how others targeted by these EOs decide to respond.”https://www.wsj.com/politics/policy/chris-krebs-trump-cybersecurity-executive-action-31cb99cb
(DIR) Post #AuJLxkGRVO2PmpKj20 by kimzetter@infosec.exchange
2025-05-20T11:30:53Z
0 likes, 1 repeats
The UAE has been trying to recruit Pentagon workers displaced by DOGE to move to Abu Dhabi to work on AI for the UAE's military. A UAE brigadier general met last month with two former staffers of the Defense Digital Service who have worked on US classified projects and tried to recruit them and their entire DDS team to move to Abu Dhabi. The general was apparently given permission by the Pentagon to recruit the members of Defense Digital Service -- who resigned enmasse from their jobs last month due to DOGE --- despite warnings last year from US spy agencies and federal lawmakers that the UAE could share AI tech with China and despite the UAE's disturbing history of recruitment of US workers. Remember Dark Matter when the UAE recruited former NSA operators/analysts to work on cybersecurity jobs only to have them help UAE spy agencies hack other nations, members of the royal family and dissidents and journalists? One of the people from the UAE who assisted with the recruiting of DDS workers has ties to Dark Matter. Here's my story: https://www.zetter-zeroday.com/uae-recruiting-us-personnel-displaced-by-doge-to-work-on-ai-for-its-military/
(DIR) Post #AwwMM9wW4Xuu7nnL8K by kimzetter@infosec.exchange
2025-08-07T18:53:25Z
1 likes, 4 repeats
Two years ago when researchers found and publicly exposed an intentional backdoor in a TETRA encryption algorithm used to secure radio communications for police/military/intel agencies around the world -- the algorithm involved a key advertised as one strength but secretly reduced to 32 bits -- the European organization that produced the algorithm told users that to secure their communications they could deploy an end-to-end encryption solution on top of the backdoor'd algorithm. Now the same researchers say they found a security problem with the end-to-end solution as well -- another reduced key. Here's my story for Wired: https://www.wired.com/story/encryption-made-for-police-and-military-radios-may-be-easily-cracked-researchers-find/