All About Hacking Based Operating Systems

I almost hate to admit it because it takes some of the “Prestige” away from “Being a Hacker,” but the fact of the matter is that most of the worlds most famous hackers and/or hacktivists aren’t really hackers at all – they merely just run Operating Systems designed around “Ethical Hacking” and “Penetration Testing,” the field of legalized hacking. In fact, I’m willing to bet that 95% of “Hackers,” or at least 95% of anyone whom calls themselves a hacker, aren’t necessarily hackers at all – they merely just run any one of the operating systems disclosed below. The people whom design these systems and/or build, program or code the tools inside of them are the real hackers – though they make up an extreme minority of the overall hacking population.

You might also be surprised to learn that nearly all of the worlds top hacking programs and operating systems aren’t necessarily some sort of big secret either, but rather, they are all free and open source – open to the public and 100% legal for anyone to own or download. On top of this, one of the most famous websites used by hackers to post and retrieve source codes for various exploits and tools – Github.com – is actually one of the worlds top 100 most trafficked websites.

However, it must be noted that while owning these programs, tools and systems is legal, using them without the proper licenses, certifications, consent or permissions can be illegal. For example, in order to perform their work, Penetration Testers usually have to pass some sort of written exam for certification/licensing, register with the Government as a public hacker, then sign a contract with a given company to attack their systems – usually designated on a certain time or day(s) and launched from behind a pre-defined or pre-designated number of IP Addresses. However, just as with anything else in life, there are ways around everything.

How To Hack Legally?

There are many ways you can learn computer hacking or the hacking arts, legally, from your home. For example, you can learn how to set up security on one computer, by hacking it from a different computer. Or, you can join an online chatroom and agree to hack some of your friends or friends systems. It is important to understand that the US Computer Fraud and Abuse Act directly states that “any unauthorized access to another persons devices, systems  or networks” is illegal, meaning that it is not illegal if you have authorization. Just find the right group of people and/or friends, and you can learn as much as you want – really.

Also, you can learn more about hacking and how to hack by simply entering different searches on Google or YouTube than any article you could possibly ever read – just saying.

Top Open Source Hacking Systems:

Kali Linux

See the source image

For anyone whom has ever watched the hit series “Mr. Robot,” you would know that this is Elliot’s Operating System of choice. Outside of television, Kali Linux is hands down the most popular hacking OS on the market. In fact, I’m willing to bet that anyone/everyone whom has ever thought about becoming a hacker or went on to become one has at one point or another used/run Kali Linux in their lifetime. It’s not for no reason that I top today’s list of hacking OS’s with Kali, it’s pretty much king.

Download: https://www.kali.org/downloads/

ParrotSec

See the source image

In terms of Ethical Hacking distro’s, ParrotSec OS is one of the newest systems on the market – but has quickly developed a massive following. For whatever reason, ParrotSec tends to be particularly popular amoungst some of the worlds newest or youngest hackers/hacking groups. What has always been the systems biggest claim to fame, and what I think has made it so popular over recent years, is it’s graphic package – which has essentially turned a world class hacking OS into something that’s visually stunning, which people therefore do not mind running on their computers on a regular basis.

Download: https://www.parrotsec.org/download.php

BlackArch

See the source image

BlackArch Linux just so happens to be my personal Operating System of choice, or at least used to be. This is because the OS itself is extremely simple and straight forward, with literally thousands of exploits, tools programs built in. In terms of sheer quantity, the system is virtually unmatched. However, BlackArch has always had somewhat of a smaller following due to its generic user interface. While some people prefer things simple and straight to the point, seeing this as a positive, others look at it as boring – and therefore see it as a negative. Honestly, it’s all relative to your personal preferences.

Download: https://blackarch.org/downloads.html

Backbox

See the source image

Truth be told I never heard of Backbox until very recently, but it just so happens to the OS of choice for Al1ne3737 – an international hacker, formerly of Pryzraky, whom has made a number of appearances on Rogue Media Labs. In an interview earlier this week, Al1ne3737 said that BackBox is her Operating System of choice because it only hosts a few hacking tools/exploits – only tools/exploits relevant to modern hackers. In addition to this, the OS comes in an extremely light weight package, therefore making it easier and faster to use – especially when duel booting.

Download: https://www.backbox.org/

TAILS

See the source image

TAILS OS is typically known as an “incognito live system,” and this is because it’s almost exclusively designed around cyber security and privacy – which is why I include it here today. While you can not hack anything outright with this system, you can duel boot on it – creating a world class security system you can then utilize for hacking. While it may be a bit extreme, there is perhaps no better way to hide your tracks whilst hacking – which is growing ever more important to hackers worldwide.

Download: https://tails.boum.org/install/

Windows cmd

Yes, you read that right. Most people think that Windows cmd has no seat at the drivers table when it comes to hacking – but they are sorrily mistaken. In fact, you might not know it, but a mastery of Windows cmd is demanded of all of the US Governments top hackers – including the FBI. Combining Windows cmd with a duel boot of any hacking OS of your choosing for example, quite literally provides hackers with the best of both worlds – from both Linux and Windows.

Other Hacking OS’s:

Alternative Hacker OS: https://ghostbin.com/paste/79ht8
Anonymous Operating System: https://www.whonix.org/wiki/VirtualBox/XFCE
Cyborg Hawk: https://archiveos.org/cyborg-hawk/

Mastering The Command Lines:

cmd Commands Encyclopedia for Windows: https://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en-us/ntcmds.mspx?mfr=true
Windows cmd Encyclopedia: https://ss64.com/nt/
Linux Bash Commands Encyclopedia: http://ss64.com/bash/
Terminal Commands Encyclopedia for Mac: http://ss64.com/osx/
DOS Commands Encyclopedia: http://www.computerhope.com/msdos.htm#02

Understanding Linux:

Linux Installation and Initial Configuration: http://www.mediafire.com/download/xxz33o4tq1obpzk/Linux+Installation+and+Initial+Configuration.rar
Introduction to the Bash Shell: http://www.mediafire.com/download/i24oogco4ch9ma4/Introduction+to+the+Bash+Shell.rar
Shell Scripting with Bash: http://www.mediafire.com/download/t5eha9cr4eckayb/Shell+Scripting+with+Bash.rar
Linux Command Line Interface Fundamentals: http://www.mediafire.com/download/27hfeldyqrs2ae8/Linux+Command+Line+Interface+%28CLI%29+Fundamentals.rar

Miscellaneous:

Network Pentesting using Python and Kali Linux: http://www.mediafire.com/download/7rq1ujn9424d3hb/Network+PT+Using+Python+and+K_4li+Linux.rar
Operating Systems: http://www.mediafire.com/download/mi3mvleyyd8ayu4/CompTIA+A%2B+Part+4%3B+Operating+Systems.rar
Installing Duel OS’s Through Virtual Machines: https://www.vmware.com/pdf/dualboot_tech_note.pdf

Duel Boot Tutorial:

[pdf-embedder url=”https://roguemedia.co/wp-content/uploads/2019/10/dualboot_tech_note.pdf”%5D

** If you can’t navigate the document, hover you mouse over the pdf (above) and look down at the bottom left and you will see an up and down arrow. These will help you flip the pages **

 

The Art of Human Hacking: How A Firm Grasp of Mentalism & Social Engineering are Two Intangible Tools for Every Modern Hacker

Most people would be surprised to learn that often times the most valuable tool in computer hacking isn’t a program, tool or exploit at all – but rather the human mind. For the purposes of this article I would like to discuss two invaluable strategies employed by some of the worlds most dangerous hackers as a means of compromising and/or tracking their targets online. These would be the psychological practices of “Mentalism” and “Social Engineering.” Before moving forward, you should understand the differences between the two.

Mentalism is the skill of getting people to tell you information about themselves without them realizing they are providing you with information. It’s a skill or talent most commonly associated with “Cold Readers” and/or “Psychics,” but has absolutely nothing to do with any sort of magical abilities – imaginary or otherwise. Rather, they are purely logical and psychological talents/techniques. Social Engineering on the other hand is the art of making people to execute your will or do things for you – usually under false or manipulative pretenses.

Below you will find a brief strategy guide and overview of these two tactics/techniques, utilized by some of the worlds best hackers to infiltrate different circles online – be it the KKK, Islamic State, CIA or anyone else for that matter. These are also techniques I’ve personally taught to hundreds of individuals on underground forums and online chats over the years – allegedly. Good luck proving it, anyways 😉

How Does It Work?

It may or may not be common knowledge at this point, but starting in 2015 I started my own international intelligence/espionage group known as the “Anonymous Intelligence Agency” – an organization which accepted a broad range of tips, leaks and other sensitive information from hackers all around the world. Over the years, through the moderation of online forums and chatroom’s, part of my dealings have involved the instruction of various techniques, strategies and styles to go about extracting information from others, and/or acquiring information about specific targets online. Strategies at the very heart of social engineering and mentalist theory.

Learn More – The Anonymous Intelligence Agency: https://roguesecuritylabs.ltd/anon-intell/

Say for example you are starting from scratch and want to narrow down someones location online. You might open a conversation with something like “man, it’s so cold here, I can’t stand the cold weather!” To which someone might respond something like “yeah, its cold here too” or “well, sucks for you, its warm here.” Might sound like an innocent exchange – right? But the person you’re talking to just identified they are currently residing somewhere in the southern hemisphere. Continuing the conversation on a little further or at a different point in time, you might then bring up the weather that day by saying something like “man, its such a nice day out today, not a cloud in site!” To which someone might respond “well, its raining here” – vice versa. Cross referencing a weather map from that day, there’s only a few places on Earth where it’s raining at the present moment in time – further narrowing down their geo-location. See where I am going with this?

This is what is refereed to as mentalism, getting people to provide you with information/intelligence without them having a clue they are actually doing it. You can do this with almost any conversation as well, be it through politics, personality, sexual interests, hobbies, food preferences – et cetera.

For example, take a bold stand on a political issue in one director or another and see how people react/respond to it, I guarantee it’ll tell you a lot about their personality, ideals, personal beliefs and behaviors. Just by “triggering” someone with a controversial statement, which doesn’t necessarily even have to be something you personally believe or think is true,  allows you to uncover so much about a person or group of people. This is also something you can do quite easily with sexuality as well. Just pretend to make a candid statement about your own fantasies, fetishes, interests or desires and people will almost certainly react or respond to it with their own. With the proper level of skill and over a long enough period of time, you can begin putting together full psychological profile on individuals or even fully compromise our target, without said target even realizing you’ve done so.

Dealing with Scammers or Fraudsters

When you are not trying to track someone or uncover their identities online, there are other techniques you can utilize for separate purposes – say for use in law enforcement. For example, I always instructed people to play as dumb as humanly possible when dealing with fraudsters, scammers or the like – techniques which have resulted in dozens of tips worldwide, presumably dozens of arrests at the same time.

For example, say you become aware of a phone, email or internet scam asking for money, donations or any other financial information. When dealing with these people you should pretend to be as open as humanly possible about getting them money. For example, say you are dealing with a charity fraudster. Tell them something like,”you know, I’ve been meaning to get involved with a charity for quite some time now. Yours sounds like the perfect opportunity! If I wanted to write a check is there a physical address I can mail it to?” Or, “do you have a bank account I could wire a bigger sum of money to?” Or “do you have an email address or web address where I can ask questions or learn more about what your trying to do?” See where I am going with this? If they give you any of this information, then this is all tangible evidence authorities can use to compromise the individual(s) behind the scam. By playing dumb and being as open as possible to cooperating with them, without actually giving them anything, this is how you can trick them into handing you more information than they otherwise should or would have given upfront.

Social Engineering

Social engineering is quite literally referred to as “the Art of human hacking” and it’s  essentially the art of manipulating others to execute your goals or do something for you – essentially making others work on your behalf. Unlike mentalism which is purely psychological, social engineering usually refers to any physical action carried out by someone else under the guise of your manipulation, guidance or direction.

Believe it or not, in most circles around the world social engineering itself is considered to be the single largest threat to cyber security worldwide – not any sort of malware, computer program, exploit, Operating System or otherwise. If you’d like a demonstration of why this is, look no further than an interview with the hacker behind the breach of CIA Director John Brennan’s personal emails in 2016 – a hack almost exclusively pulled off through their the use of social engineering to trick a low-level corporate employee. As the old saying goes, you’re only as strong as your weakest link. Or at least in this instance, you are only as secure as your dumbest or most clueless employee……

Social engineers are also infamous for penetrating different hacking circles or groups online, simply just to compromise their members. For example, look no further than ZHacker and what he did to Nama Tikure of Anonymous and different members of Pryzraky within days of ‘joining’ or assisting them. For those of you not aware, ZHacker is a state sponsored hacker given protection by international law enforcement authorities to go undercover as a “Black Hat,” simply just to try and infiltrate some of the worlds most active or top hacking groups.

To set himself up, ZHacker pretends to write malware samples or manipulates screen shots to make it appear as though he has carried out certain hacks, or is in possession of information he’s actually not. This is done for no other reason than to boost his so called ‘street cred,‘ to falsely gain the admiration or attention of others. This is how he and others like him attempt to infiltrate groups or lull them into a false sense of security. Then, once their guard is down, he compromises them before exposing their identities to the world. Simply by just pretending to be a black hat, he socially engineers actual black hats into trusting him before ultimately compromising them. This is how people/hackers like them work.

Honestly, this article could go on like this for quite some time, but I think I’ve given you a base understanding the basic principles involved here? It should go without saying, but the human mind is the most dangerous weapon anyone can wield – plan accordingly.

 

State Biological Institue of Sau Paulo Hacked, Site Admin Credentials Leaked Online

On December 3rd 2018, a hacker going by the name of “Sh4wtyy K!ng” announced a hack of the State Biological Institue of Sau Paulo, Brasil (hxxp://biologico.sp.gov.br), leaking sensitive information tied to the sites databases online. Among other things, through the leak provided below you can find the login username and encrypted password for 6 site administrators, granting full access to the sites backend. In a statement available online, Shawtyy says that he was first able to exploit the site through an SQL Injection vulnerability on the home page – though no explanation as to his motives was given.

Raw Full Leak: https://ghostbin.com/paste/m92u4/raw

https://twitter.com/Lil_Sh4wtyy/status/1069581088090132480?s=19

Republican Party of Brasil Hacked, Databases Leaked Online

As was first reported by Defon Lab, a hacker going by the name of “Knushh” has claimed responsibility for a string of hacks and leaks targeting Brasil’s Republican Party, though the hackers never did express any political motivations behind the attack. As was pointed out by Defcon Lab, “this is yet another demonstration of the motivation and technical ability of Knushh Yukasan, who has been the subject of more than ten hacking events” over recent months – making Knushh perhaps one of Brasil’s most active/influential hackers at the present moment in time. Below you can find page data leaked from the Brasilian Republican Party‘s (PRB) Minas Gerais state directory yesterday, November 23rd 2018.

Leak 1: https://ghostbin.com/paste/c9f56
Leak 2: http://www.gladysid.in/2.txt

https://twitter.com/Knushh/status/1066175398784974848

https://twitter.com/Knushh/status/1066167519566864384

22% of Palestinian Women Have Stopped Using The Internet Because of Ongoing Targeted Hacks & Online Sexual Harassment

Earlier this month I reached out to the Director of the Askar refugee camp in Palestine in an effort to help secure his website, emails and online accounts. This was work I was willing to provide ‘pro bono,’ out of my own pocket. As for why I was offering to help the people of Palestine it is because, given my past experience, I know exactly what is happening to people there – as well as what the Israeli Government is up to/capable of.

Whether it hurts your feelings to say or not, the fact of the matter is that Israeli is beyond a shadow of a doubt the hacking capitol of the world. This is because given Israel’s post-WWII status, the country has been given a sort of legal immunity of over the years that allows the country and its peoples/Government to get away with things/acts other countries are not, such as cyber espionage and large scale hacking operations. To this effect, a new report surfaced this week outlining online discrimination, sexual harassment and targeted hacks against women living in the Palestinian territories.

Officially entitled “A Violent Network – Gender Based Violence Against Palestinian Women In Cyber Space,” the 25 page document chronicles how Muslim women living in the occupied territories are increasingly coming under cyber attack in our digital age. This includes things like account/email hacking, having their personal pictures stolen or posted in public, as well as being the victim of online blackmail/extortion campaigns. Conducted by researchers at the 7amleh Center and Kvinna til Kvinna Foundation, in interviews with 1,200 Palestinian women between the ages of 15 -30, researchers discovered that:

  • 33% of women reported receiving videos or photos with inappropriate sexual content
  • 30% reported having been the victim of hackers
  • 28% said they receive unwarranted immoral or inappropriate comments on social media
  • 16% report having been sexually harassed online in the past
  • 5% report they have been subjected to sexual extortion online
  • As a result of all this, 22% of Palestinian women say they have closed all of their online accounts and no longer use the internet

Full Research Paper:

[pdf-embedder url=”https://roguemedia.co/wp-content/uploads/2018/11/Report_GBV_-_KtK.pdf”%5D

Anonymous Europe – Cyber Guerrilla Leak Files from Clandestine UK Operation “Integrity Initiative”

In news first brought to my attention via Sputnik, one of Russia’s largest news corporations, Anonymous hackers have published documents outlining a large scale clandestine operation undertaken by United Kingdom from 2015 to present entitled the “Integrity Initiative,” designed to create a “secret large-scale information service” across Europe. According to the leak, the operation was carried out under the pretext of countering the “Russian propaganda” and its main objectives were “to provide a coordinated Western response to Russian misinformation and other elements of hybrid warfare.

All said, The Integrity Initiative has an annual operating budget of $2.4 million dollars and is said to consists of groups of local politicians, journalists, military personnel, scientists and academics across over a dozen countries. Working together, the team is dedicated to finding and publishing alleged evidence of Russian interference in European affairs and, at the same time, influencing community policy.

In response to the leak, in statements to Sputnik, Konstantin Kosachov, chairman of the International Affairs Committee of the Council of the Russian Federation said that “The hackers’ information on the actions of the British special services against Russia requires a thorough investigation. The Commission for the Protection of State Sovereignty will analyze the data just published.

Full Leak from Anonymous:

Greetings. We are Anonymous.

We have obtained a large number of documents relating to the activities of the ‘Integrity Initiative’ project that was launched back in the fall of 2015 and funded by the British government. The declared goal of the project is to counteract Russian propaganda and the hybrid warfare of Moscow. Hiding behind benevolent intentions, Britain has in fact created a large-scale information secret service in Europe, the United States and Canada, which consists of representatives of political, military, academic and journalistic communities with the think tank in London at the head of it.

As part of the project Britain has time and again intervened into domestic affairs of independent European states. A most demonstrative example is operation ‘Moncloa’ in Spain. Britain set to prevent Pedro Baños from appointment to the post of Director of Spain’s Department of Homeland Security. It took the Spanish cluster of the Integrity Initiative only a few hours to accomplish the task.

https://www.scribd.com/document/392195691/Moncloa-Campaign-6-AttTwitter-08-06-18

For now, Britain is capable of conducting such operations in the following states:

Spain: https://www.scribd.com/document/392195775/Spain-Cluster

France: https://www.scribd.com/document/392195457/France-Cluster

Germany: https://www.scribd.com/document/392195486/Germany-Cluster

Italy: https://www.scribd.com/document/392195660/Italy-Cluster

Greece: https://www.scribd.com/document/392195527/Greece-Cluster

The Netherlands: https://www.scribd.com/document/392195718/Netherlands-Cluster

Lithuania: https://www.scribd.com/document/392195170/Baltics-Cluster

Norway: https://www.scribd.com/document/392195748/Nordic-Clusters

Serbia and Montenegro: https://www.scribd.com/document/392195208/Central-Eastern-Cluster

London’s near-term plans to create similar clusters include Latvia, Estonia, Portugal, Sweden, Belgium, Canada, Armenia, Ukraine, Moldova, Malta, Czechia, countries of the Middle East and North Africa, Poland, Slovakia, Romania, Bulgaria, Georgia, Hungary, Cyprus, Austria, Switzerland, Turkey, Finland, Iceland, Denmark, and the USA.

https://www.scribd.com/document/392195321/Cluster-Roundup-Jul18

All the work is done under absolute secrecy via concealed contacts in British embassies, which gives rise to more suspicion that Britain uses plausible excuse to create a global system of information influence and political interference into affairs of other countries.

Covert structures for political and financial manipulative activities under control of British secret services are created not only in the EU countries but also on other continents. In point of fact, quiet colonization of both former British neighbors in the EU and NATO allies is taking place.

The government of Great Britain has to come out of the dark and declare straight its intentions and unveil the results of the Integrity Initiative activities! Otherwise, we will do it!

Today, we make public a part of the documents we have available. In case London gives no response to our demands during the following week, we will reveal the rest of the documents that contain many more secrets of the United Kingdom.

Integrity Initiative Handbook: https://www.scribd.com/document/392195560/II-Handbook-v2

Integrity Initiative Guide to Countering Russian Disinformation May 2018: https://www.scribd.com/document/392195802/The-Integrity-Initiative-Guide-to-Countering-Russian-Disinformation-May-2018-v1

Austria Cluster: https://www.scribd.com/document/392194912/Austria-Cluster

Cluster leaders: https://www.scribd.com/document/392195250/Cluster-Leaders

Cluster participants: https://www.scribd.com/document/392195286/Cluster-Participants

UK Cluster: https://www.scribd.com/document/392195849/UK-Cluster

USA and Canada Cluster: https://www.scribd.com/document/392195882/USA-Canada-Cluster

xCountry: https://www.scribd.com/document/392195906/x-Country

xOutreach: https://www.scribd.com/document/392195933/x-Outreach

FCO application form 2017-18: https://www.scribd.com/document/392195350/FCO-Application-Form-2017-18

FCO application form 2018v2: https://www.scribd.com/document/392195390/FCO-Application-Form-2018-v2

FCO proposal Integrity budget 2017-18: https://www.scribd.com/document/392195430/FCO-Proposal-Integrity-Budget-2017-18

Integrity 2018 Activity Budget v3: https://www.scribd.com/document/392195593/Integrity-2018-Activity-Budget-v3

Top 3 deliverables (for FCO): https://www.scribd.com/document/392195825/Top-3-Deliverables-for-FCO

We are Anonymous.

We are Legion.

We do not forgive.

We do not forget.

Expect us.

[pdf-embedder url=”https://roguemedia.co/wp-content/uploads/2018/11/AnonymousEurope_Leak01.pdf”%5D

Op-Ed: What I Am Attempting To Do/Accomplish Here

I am not trying to make this my mission statement 2.0, but people are starting to ask why I keep jumping from cyber security and hacking to human rights and War so often with my material? The answer is I don’t really know, I don’t necessarily have a “plan” when I wake up every morning. When I see something I want to write about or care about, I write about it – it’s as simple as that, really. Vladimir Putin once said that hackers are like “artists,” they might simply wake up one morning and decide to make, create or do something beautiful. There’s really no more logic to it than that. Just as with the mind of any great artist, the creative process is entirely outside of their control and can not be predicted.

I named this website Rogue Media Labs for a reason, not just because it’s a play off my security company, Rogue Security Labs, but also because I am attempting to do something new here – something that no one has ever seen before. From writing articles in mixed languages, to publishing leaks, to color, theme and design, to embedded Tweets, videos and pdf’s, I am attempting to write articles and make content that no one has ever seen/read before. In this way, my website serves as my own personal “Laboratory,” where I “Frankenstein” different ideas/pieces of information together to make truly unique content. That’s my primary objective here, to do/accomplish things that no one else can.

I am also attempting to turn my website into a catalog or encyclopedia of sorts, something that I can look back on and draw off of at a later date in time – say 2019-2021, when the US Presidential election is sure to kick off the next global media boom/frenzy. I have absolutely no “goals” for this website in 2018, necessarily, I am simply attempting to build a brand, develop a following/reputation and keep steadily pumping out content. Over the course of the next 1-2 years, I want to establish myself as a credible/trustworthy source of information that people want to go when the time really comes – when the time really matters. But this takes time, hard work, patience and perseverance – something I am willing to sacrifice to put in. I do not get paid to run this website, I alone am the editor, staff writer, researcher, proof reader, web designer, graphic designer, web security architect, social media coordinator, marketing director and SEO strategist. What you see on this website only costs me time and money, but I love doing it – so whatever.

I am also developing this website in an attempt to put Anonymous back on the map or back into the “mainstream“- so to speak. Call me sentimental, but I only got a start in this industry/business because someone in Anonymous once gave me a chance, gave me a platform to speak my mind and to this day, I would be absolutely nothing without the help or assistance of the Anonymous Hacker Collective. Honestly, I don’t even know if I would still be alive without them. Even though I’ve now/since gone public, I still feel as though I owe Anonymous something, and have an unshakable bond with the group and their work.

I keep hearing people say “Anonymous is dead” and and for a while there, I kind of felt the same way too. However, now that I am starting to get back in the rhythm of producing/generating content again, I am blown away by what I am finding. Anonymous isn’t dead at all, it’s just more decentralized than ever before – something which isn’t necessarily a bad thing, either. Say what you want about AnonHQ, it was still the single largest Anonymous news platform, hacking forum and online chat in the world – there’s no debating this. However, following its Blacklisting by Google and Facebook as “Russian Propaganda” though the PropOrNot List, even though the site had been dying for months/years at that point, when the site finally did shut down for good in the summer of 2018 no one had any place to go anymore, or any central point of contact – and no new or curious people were flowing into the group.

Sure we all still congregate in different places on Discord or the IRC, but Anonymous only moved to Discord in the first place because of AnonVoid. Without Void, no one on Discord would have the platform they do today – including Assange and Unity4J.  There are a lot of activists and hacktivists out there whom have either forgotten or don’t even realize that they owe AnonHQ everything.

But as I look around and start conducting more and more research, I am pleasantly finding Anonymous is alive and well. In fact, I’ve never seen as many new leaks coming out as I do today, and I’ve been in the trenches a while now. This is also why I am covering Anonymous so heavily for Rogue Media Labs. I look around at all of the “Legacy” hacking news publishers in 2018. Honestly, how much original content do you find on these sites any more, and how much of it is simply copy and pasted from other articles or websites – just using different words? How many of these hacking news websites even cover hacking events regularly anymore – let alone publishing leaks? Almost none. For better or worse, it appears as though, along with Anonymous, so too has the main steam hacking news industry slowly but surely started dying over the course of the last several years.

This is also something I want to change. This is why I remain unafraid to cover Anonymous and even less afraid to publish their leaks. Two months ago I told Unity4J that I was coming for Assange’s metaphorical throne, and I meant it. In doing so, I hope to cement myself atop the hacking news world over the course of the next 1-2 years, to become a source everyone wants to release their material to when the time is necessary – to create a news website no one has ever seen before and only report on truly unique content.

Researchers Working To Develop Biometric “Master Key” To Bypass Fingerprint Authentication

Researchers at New York University (NYU) and Michigan State University (MSU) are attempting to develop a revolutionary new means of bypassing biometric fingerprint authentication. To do this, developers are attempting to create synthetic digital fingerprints compromised of multiple images of actual fingerprints superimposed onto one another. Using these different combinations of fingerprints, researchers then attempted to employ a dictionary-style hacking attack against biometric authentication systems, hoping to fool, trick or bypass them. What they found was interesting.

Within a given margin of error, hackers were able to successfully bypass every biometric fingerprint authentication system in front of them. More specifically, hackers were able to bypass systems with a 1% False Match Rate (FMR) 76.67% of the time. At a FMR of 0.1%  hackers were able to bypass the system 22.5% of the time and at a FMR of 0.01% hackers were able to bypass the system 1.11% of the time. Their research paper, entitled “DeepMasterPrints: Generating MasterPrints for Dictionary Attacks via Latent Variable Evolution,” outlining their design, methodology, analysis and conclusions, was officially released to the public earlier last month.

See full pdf below, or download for yourself here: https://arxiv.org/pdf/1705.07386.pdf

[pdf-embedder url=”https://roguemedia.co/wp-content/uploads/2018/11/1705.07386.pdf”%5D

New Hacking Group Going by The Name of NoExistes Claims Responsibility for Nov. 12 Facebook Outage

A new Chilean based hacking group going by the name “NoExistes” has claimed responsibility for a number of hacks, leaks and DDoS attacks this week, including the brief Facebook outage experienced on November 12th 2018. In a string of leaks dumped online over the course of the last 24 hours, the group, whom appeared on Twitter for the first time in late August 2018, claims to have hacked servers belonging to Servipag, a Chilean based online banking/monetary transferring firm, Sernapesca, Chile’s National Fish & Water Conservation Agency, as well as Redbanc, an interbank network connecting ATM’s across Chile.

As proof, the hackers have leaked access to 3 different databases belonging to these services/agencies on Ghostbin. The group also claims to be in possession a brand new DDoS tool they have dubbed the “Kymera Stressor,” allegedly used to briefly shut down Facebook worldwide earlier this week – though it should be noted this claim is essentially impossible to prove/validate. Rogue Media Labs has reached out to NoExistes for comments on the incidents below, but to date the group has declined comment. Upon investigation however, the group appears to be extremely advanced coders, with the ability to string code across different/separate Twitter postings. For example, in the Tweets embedded below and on their own page, you can notice different lines of coding streaking across one Twitter posting to another. These are skills that not every ordinary hacker/coder possesses.

Redbanc Leak:


hostname: R_4140
enable secret: 5 $1$5TdM$TKnveYOeOrB7TthZbDCS8

Sernapesca Leak:

hostname: SERNAPES
boot-start-marker boot-end-marker

enable secret: 5 $1$k4Yk$tfIhLbSTUtLHeXdLlW2RW0

Servipag Leak:


sysname: Servipag_Estado_43
super password level 3 cipher: T9’X:H0IG!P)`M34.L21#!!!

https://twitter.com/_NoExistes/status/1062873252442357760

https://twitter.com/_NoExistes/status/1062868505387786240

https://twitter.com/_NoExistes/status/1062866631179886593

https://twitter.com/_NoExistes/status/1062041918945853440

https://twitter.com/_NoExistes/status/1058150486979870721

 

Target & G Suite Twitter Accounts Hacked To Spread Bitcoin Scam

Around 3:30 am on November 13th 2018, the verified Twitter accounts belonging to Target and Google G Suite were hacked and used to spread a Bitcoin scam utilizing Ethereum. In a press release to the public, Target apologized for the incident, explaining that their account had been hacked for approximately one and half hours early Tuesday morning, and had been used to make a singular post spreading the scam – picture linked below.  Target also took the opportunity to let its consumers know that they have regained full control of the account and remain in close contact with Twitter. As of  4:00 pm November 13th 2018, it appears as though G Suite has also regained control of their account, but have declined comment on the matter. Investigations into the breaches are still ongoing.

Cuban Chamber of Commerce Hacked, System Vulnerabilities Leaked Online

As was first reported by Defcon Lab on November 12th 2018, in conjunction with #OpVenezuala, a hacker going by the name of the_ratattack2.0, also a Venezuelan native, has managed to hack into and compromise the information systems/servers belonging to Cuba’s Financial Management of the State (SIGFE). According to RatAttack 2.0, the leak provided below allows for direct access to the budget execution system of the State run Chamber of Commerce of the Cuban regime.

More specifically, the leak provided below contains the “Resource vulnerability by get protocol, Parameter Qform__FormState protocol POST, Parameter item GET protocol, Three (3) session cookies captured, a Shell Injection protocol GET and Two (2) SQL Injection, GET protocol both. As well as some already deciphered information found in the system on the conformation of the SIGFE system.

Target: hxxp://www.camaracuba.cu/
Full Leak (Spanish): https://pastebin.com/raw/52QUpS94

In a message to the public, RatAttack 2.0 stated:

Hello to all who read and follow my work closely. In this opportunity I make you participate in the successful final result of the work done on one of the safest platforms in the world, a country whose dictatorship and communist system has hijacked all the freedoms in our country.

Through the following work I have managed to penetrate the security systems of the Cuban high government, through its platform of the CUBAN CHAMBER OF COMMERCE. Until it reaches full control of the Information System for the Financial Management of the State (SIGFE) that allows the capture, processing and exhibition of the Budgetary Execution of all institutions of the Cuban Regime.

Through it I have obtained the capture of an invaluable material, referring to the transactions that said communist regime has received from his puppets Maduro and Chavez, as well as also by the time this is published said system would be inoperative in its entirety.

370 NordVPN Accounts Hacked/Leaked Online

Rogue Security Labs has managed to uncover the email addresses and login passwords to approximately 370 paid/premium accounts allegedly attached to the NordVPN service. The hacked accounts were compiled from a string of 4 different leaks, from 3 different hackers across Syria, Japan, and Denmark over the course of October 26th to November 6th 2018. In addition to releasing customer login information, hackers also released a new ‘hack’ used to exploit different functions of PayPal through faked email addresses in order to trick companies like Nord into providing them with free VPN service. To uncover more about the incident, as well as how/where the hackers got the information the first place, Rogue Security Labs has attempted to make contact with each of the parties responsible for the leaks, but all parties have declined comment. Upon further investigation however, there appears to be no known ties behind each individual involved.

As of November 8th 2018, NordVPN has been notified of the leaks and in a statement to Rogue Security Labs made it clear that their company and service has “never been breached” and that “any accounts available online are not leaked from our servers, but matched from other databases available online.” Research into the breach is still ongoing. If you are worried that your account might have been compromised, you are advised to reach out to NordVPN customer support for more information. The problem can also be mitigated by simply changing the login password to your account itself as well. Additionally, if you use the same root password for your Nord account as you do your email or any other service, you are advised to change this as well.

** Due to the number of civilian customers/accounts involved, Rogue Security Labs has declined to share the original leaks with the general public. **