Results 1 to 5 of 5

Thread: Hacker Wipes a Spyware Company’s Servers... for the Second Time

  1. #1
    Administrator Aragorn's Avatar
    Join Date
    17th March 2015
    Location
    Middle-Earth
    Posts
    20,239
    Thanks
    88,435
    Thanked 80,968 Times in 20,254 Posts

    Thumbs Up Hacker Wipes a Spyware Company’s Servers... for the Second Time

    This one's from the "Sweet Justice" department...








    Source: Motherboard


    "I don't want to live in a world where younger generations grow up without privacy."


    Last year, a vigilante hacker broke into the servers of a company that sells spyware to everyday consumers and wiped their servers, deleting photos captured from monitored devices. A year later, the hacker has done it again.

    Thursday, the hacker said he started wiping some cloud servers that belong to Retina-X Studios, a Florida-based company that sells spyware products targeted at parents and employers, but that are also used by people to spy on their partners without their consent.

    Retina-X was one of two companies that were breached last year in a series of hacks that exposed the fact that many otherwise ordinary people surreptitiously install spyware on their partners’ and children’s phones in order to spy on them. This software has been called “stalkerware” by some. This spyware allows people to have practically full access to the smartphone or computer of their targets. Whoever controls the software can see the photos the target snaps with their phone, read their text messages, or see what websites they go to, and track their location.

    A Retina-X spokesperson said in an email Thursday that the company hasn’t detected a new data breach since last year. Friday morning, after the hacker told us he had deleted much of Retina-X’s data, the company again said it had not been hacked. But Motherboard confirmed that the hacker does indeed have access to its servers.

    Friday, Motherboard created a test account using Retina-X’s PhoneSheriff spyware in order to verify the hacker’s claims. We downloaded and installed PhoneSheriff onto an Android phone and used the phone’s camera to take a photo of our shoes.

    “I have 2 photos of shoes,” the hacker told us moments later.

    The hacker also described other photos we had on the device, told us the email account we used to register the account, and then deleted the data from our PhoneSheriff account.

    “None of this should be online at all,” the hacker told Motherboard, claiming that he had deleted a total of 1 terabyte of data.

    “Aside from the technical flaws, I really find this category of software disturbing. In the US, it's mainly targeted to parents,” the hacker said, explaining his motivations for going after Retina-X. “Edward Snowden has said that privacy is what gives you the ability to share with the world who you are on your own terms, and to protect for yourself the parts of you that you're still experimenting with. I don't want to live in a world where younger generations grow up without that right.”

    In the first Retina-X data breach last year, the hacker was able to access private photos, messages, and other sensitive data from people who were monitored using one of Retina-X’s products. The private data was stored in containers provided by cloud provider Rackspace. The hacker found the key and credentials to those containers inside the Android app of PhoneSheriff, one of Retina-X’s spyware products. The API key and the credentials were stored in plaintext, meaning the hacker could take them and gain access to the server.

    This time, the hacker said the API key was obfuscated, but it was still relatively easy for him to obtain it and break in again. Because he feared another hacker getting in and then posting the private photos online, the hacker decided to wipe the containers again.

    Shortly after Motherboard first reported the Retina-X breach in February of last year, a second hacker independently approached us, and said they already had been inside the company’s systems for some time. The hacker provided other internal files from Retina-X, some of which Motherboard verified at the time.

    Answering a series of questions about what Retina-X changed after last year’s hack, a spokesperson wrote in an email that “we have been taking steps to enhance our data security measures. Sharing details of security measures could only serve to potentially compromise those efforts.”

    “Retina-X Studios is committed to protecting the privacy of its users and we have cooperated with investigating authorities,” the spokesperson wrote. “Unfortunately, as we are well aware, the perpetrators of these egregious actions against consumers and private companies are often never identified and brought to justice.”






    At the end of 2016, the hacker gained access to the servers of Retina-X, which makes several spyware products, and started collecting data and moving inside the company’s networks. Weeks later, the hacker shared samples of some of the data he accessed and stole with Motherboard. But he didn’t post any of it online. Instead, he wiped some of the servers he got into, as the company later admitted in February of 2017.

    The new alleged hack comes just a few days after the hacker resurfaced online. At the beginning of February, the hacker started to dump online some of the old data he stole from Retina-X in late 2016. The hacker is now using a Mastodon account called “Precise Buffalo” to share screenshots recounting how he broke in, as well as raw data from the breach, though no private data from victims and targets.

    In February of 2017, a Motherboard investigation based on data provided by hackers showed that tens of thousands of people—teachers, construction workers, lawyers parents, jealous lovers—use stalkerware apps. Some of those people use the stalkerware apps to spy on their own partners without their consent, something that is illegal in the United States and is often associated with domestic abuse and violence.

    Retina-X was not the only spyware company hacked last year. Other hackers also breached FlexiSpy, an infamous provider of spyware that has actively marketed its apps to jealous lovers. At the time, the hackers promised that their two victims—FlexiSpy and Retina-X—were only the first in line, and that they would target more companies that sell similar products.


    Source: Motherboard
    = DEATH BEFORE DISHONOR =

  2. The Following 6 Users Say Thank You to Aragorn For This Useful Post:

    Dreamtimer (17th February 2018), Elen (17th February 2018), enjoy being (17th February 2018), JRS (19th February 2018), Kathy (18th February 2018), Wind (17th February 2018)

  3. #2
    Super Moderator Wind's Avatar
    Join Date
    16th January 2015
    Location
    Just here
    Posts
    7,206
    Thanks
    33,712
    Thanked 27,303 Times in 7,219 Posts
    We are living in a world of stalkers. We can no longer believe that anything we share digitally would be private, no matter how good the encryption protection might be. In a way I think it’s a shame that it has come to this. Of course also all sorts nasty secrets are being revealed too thanks to the internet.

  4. The Following 5 Users Say Thank You to Wind For This Useful Post:

    Aragorn (17th February 2018), Dreamtimer (17th February 2018), Elen (17th February 2018), enjoy being (17th February 2018), Kathy (18th February 2018)

  5. #3
    Retired Member Norway
    Join Date
    2nd July 2015
    Location
    Scotland
    Posts
    5,065
    Thanks
    73,935
    Thanked 23,318 Times in 5,067 Posts
    Everyone is on stage, act accordingly!

  6. The Following 5 Users Say Thank You to Elen For This Useful Post:

    Aragorn (17th February 2018), Dreamtimer (17th February 2018), enjoy being (17th February 2018), Kathy (18th February 2018), Wind (17th February 2018)

  7. #4
    Retired Member United States
    Join Date
    7th April 2015
    Location
    Patapsco Valley
    Posts
    14,610
    Thanks
    70,673
    Thanked 62,025 Times in 14,520 Posts
    It's weird, having to look back and think about what one might have done that was caught on film in some way.

    It's outrageous to think that once your record is 'clean' it never really is.

    Nobody is perfect. If we expect 'perfection' then anyone who makes a mistake becomes some kind of 'criminal' or 'sinner' or whatever the stigma du jour is.

    And we've all been walking down this road together.

    I feel quite confident there's a way/are ways to stop it. I just don't know what they all are yet.

    As Wind points out, and Modwiz too, the Earth, our mother Sophia, may have some things to say about it all.


    (there is a group of guys who stalked me out of college for a quarter century. They almost drugged me and took me away from a festival. I found the patch and foiled their plans. I wonder how much easier it would be nowadays for people to do what these guys from the 80s did.)

  8. The Following 6 Users Say Thank You to Dreamtimer For This Useful Post:

    Aragorn (17th February 2018), Dumpster Diver (17th February 2018), Elen (17th February 2018), enjoy being (17th February 2018), Kathy (18th February 2018), Wind (17th February 2018)

  9. #5
    Retired Member
    Join Date
    6th August 2015
    Posts
    1,853
    Thanks
    4,608
    Thanked 11,685 Times in 2,094 Posts
    Yeah, there's a healthy concept of a day of reckoning within humans that takes many forms huh. Shiva, Karma, Cause and Effect, The wrath of God, Nature..

  10. The Following 6 Users Say Thank You to enjoy being For This Useful Post:

    Aragorn (17th February 2018), Dreamtimer (17th February 2018), Dumpster Diver (17th February 2018), Elen (17th February 2018), Kathy (18th February 2018), Wind (17th February 2018)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •