Chissà perché gli iraniani volevano mostrare questo.. Il ven 17 lug 2020, 10:02 Giacomo Tesio <giacomo@tesio.it> ha scritto:
In two videos IBM showed to WIRED on the condition that they not be published, the hackers demonstrate the workflow for siphoning data out of a hacked account. In one video, the hacker logs into a compromised Gmail account—a dummy account for the demonstration—by plugging in credentials from a text document, and links it to the email software Zimbra, designed to manage multiple accounts from a single interface, using Zimbra to download the account's entire inbox to the hacker's machine. Then the hacker quickly deletes the alert in the victim's Gmail that says their account permissions have been changed. Next the hacker downloads the victim's contacts and photos from their Google account too. A second video shows a similar workflow for a Yahoo account.
The most telling element of the video, Wikoff says, is the speed the hacker demonstrates in exfiltrating the accounts' information in real time. The Google account's data is stolen in around four minutes. The Yahoo account takes less than three minutes. In both cases, of course, a real account populated with tens or hundreds of gigabytes of data would take far longer to download. But the clips demonstrate how quickly that download process is set up, Wikoff says, and suggest that the hackers are likely carrying out this sort of personal data theft on a mass scale. "To see how adept they are at going in and out of all these different webmail accounts and setting them up to exfiltrate, it is just amazing," says Wikoff. "It’s a well-oiled machine." [...]
In other videos the IBM researchers declined to show to WIRED, the researchers say the hackers appeared to be combing through and exfiltrating data from real victims' accounts, rather than ones they created for training purposes. One victim was a member of the US Navy, and another was a two-decade veteran of the Greek Navy. The researchers say the APT35 hackers appear to have stolen photos, emails, tax records, and other personal information from both targeted individuals.
Continua su http://web.archive.org/web/20200717040312/https://www.wired.com/story/iran-a...
Personalmente credo che in IBM si siano anzitutto sorpresi delle implicazioni economiche del video.
Negli States questo tipo di operazioni è del tutto automatizzata. In Iran può essere fatta manualmente.
Giacomo _______________________________________________ nexa mailing list nexa@server-nexa.polito.it https://server-nexa.polito.it/cgi-bin/mailman/listinfo/nexa