Honestly, I’ve been waiting for something, anything, to start happening again with “Operation Whales” (#OpWhales), an international hacking operation largely led by the Anonymous hacker collective. In the past, particularly throughout the course of 2015 and 2016, #OpWhales was at one time considered to be 1 of the 10 most active/influential Anonymous operations worldwide, with several major hacks, leaks and defaces of multinational corporations – such as Nissan, whose country of origin (Japan) has historically been one of the worlds foremost exploiters of commercial whaling.
Learn More – #OpKillingBay: https://twitter.com/search?vertical=default&q=%23opkillingbay&src=typd
Learn More: #OpWhales: https://twitter.com/hashtag/OpWhales?src=hash
Learn More – #OpWhales Hacktivism History: https://anonhq.com/?s=%23OpWhales
However, at least from the perspective of a hacking news writer, #OpWhales has essentially been dead in the water for the better part of the last 2-3 years running – no pun intended. That was until I stumbled upon a leak tonight, originally posted online March 30th, by an activist going by the name of “Jazzy Dolphin.”
While it is uncertain what their motives were or what the common thread between all the companies implicated the leaks are, what we do know is that well over 200 emails across 15 Norwegian companies were named in the data dump. Presumably, the companies were named because of their close connections to the international fishing industry, in retaliation for #OpKillingBay which takes place on the Faroe Islands every year. As such, you are asked to spam bomb/email all of the individuals named in the leak, letting them know how disgusted you are with Norway’s annual “tradition” – demanding that the country put an end to it.
Companies Implicated Across Email Dump:
Full Email Dump: https://ghostbin.com/paste/jw9xr
Document Backup: https://roguemedia.co/wp-content/uploads/2019/04/jw9xr.txt
Unfortunately, this is a very real headline. As was first reported by Kyodo News, a Japanese based news firm, Japan’s chief cybersecurity strategist, Yoshitaka Sakurada, has personally admitted that he has never used a computer. According to the paper, this revelation came during a Government hearing in Japans lower house session on Wednesday, November 14th 2017. To get the quote exactly right, Sakurada said “Since I was 25 years old and independent, I have instructed my staff and secretaries. I have never used a computer in my life.” Explaining that he believes he need not feel any shame for accepting the position, believing that cybersecurity will rely on the collective actions/efforts of the Japanese Government as a whole, not solely upon himself.
However, this news is particularly troubling considering the fact that Mr. Sakurada will be in charge of mitigating attacks ahead of and during the 2020 Olympic games in Tokyo, Japan. It is important to note that Sakurada was only elected to this position last month and given his statement in office this week, may be seeing his time in office coming to an end much sooner than later – if other lawmakers in Japan have their way, that is. Regardless, for the time being, he very well may be the most under-qualified person to serve in such a position since Donald Trump appointed Rudy Giuliani to be his “Chief Cyber Security Strategist” in 2016.
Cybersecurity ahead of the 2020 games will also be critically important, not just because the country is surrounded by APT’s in China, Russia and North Korea, whom all consider Japan more of an enemy than an ally, but also because the 2020 games is set to unveil/debut the worlds first biometric currency exchange. Meaning that people whom attend the games will be allowed to buy, sell and carry out transactions using nothing more than their own fingerprints – something never before seen. Among other things, besides attempting to be revolutionary and push the envelope, Japans biometric currency system will be established in an attempt to cut down on all the theft, robbery and crime that plagued tourists during the 2016 Olympic games in Basil.
Rogue Security Labs has managed to uncover the email addresses and login passwords to approximately 370 paid/premium accounts allegedly attached to the NordVPN service. The hacked accounts were compiled from a string of 4 different leaks, from 3 different hackers across Syria, Japan, and Denmark over the course of October 26th to November 6th 2018. In addition to releasing customer login information, hackers also released a new ‘hack’ used to exploit different functions of PayPal through faked email addresses in order to trick companies like Nord into providing them with free VPN service. To uncover more about the incident, as well as how/where the hackers got the information the first place, Rogue Security Labs has attempted to make contact with each of the parties responsible for the leaks, but all parties have declined comment. Upon further investigation however, there appears to be no known ties behind each individual involved.
As of November 8th 2018, NordVPN has been notified of the leaks and in a statement to Rogue Security Labs made it clear that their company and service has “never been breached” and that “any accounts available online are not leaked from our servers, but matched from other databases available online.” Research into the breach is still ongoing. If you are worried that your account might have been compromised, you are advised to reach out to NordVPN customer support for more information. The problem can also be mitigated by simply changing the login password to your account itself as well. Additionally, if you use the same root password for your Nord account as you do your email or any other service, you are advised to change this as well.
** Due to the number of civilian customers/accounts involved, Rogue Security Labs has declined to share the original leaks with the general public. **