Google’s top security teams unilaterally shut down a counterterrorism operation
https://www.technologyreview.com/2021/03/26/1021318/google-security-shut-down-counter-terrorist-us-ally/

The decision to block an “expert” level cyberattack has caused controversy inside Google after it emerged that the hackers in question were working for a US ally.

by Patrick Howell O’Neillarchive page
March 26, 2021
Google office
UNSPLASH
Google’s security teams publicly exposed a nine-month hacking operation
What wasn’t disclosed: The move shut down an active counter-terrorist operation being conducted by a Western government
The decision has raised alarms inside Google and elsewhere
Google runs some of the most venerated cybersecurity operations on the planet: its Project Zero team, for example, finds powerful undiscovered security vulnerabilities, while its Threat Analysis Group directly counters hacking backed by governments, including North Korea, China, and Russia. And those two teams caught an unexpectedly big fish recently: an “expert” hacking group exploiting 11 powerful vulnerabilities to compromise devices running iOS, Android, and Windows.

But MIT Technology Review has learned that the hackers in question were actually Western government operatives actively conducting a counterterrorism operation. The company’s decision to stop and publicize the attack caused internal division at Google and raised questions inside the intelligence communities of the United States and its allies.

Several people wrote into The Register to let us know about the personal data leak, with reader Terry saying: “You will notice the Fatface email is marked as confidential. This annoyed me.”

Chief exec Liz Evans wrote in an email titled “Strictly private and confidential – Notice of security incident” sent to users yesterday:

Please do keep this email and the information included within it strictly private and confidential.

Carding Mafia, a forum for stealing and trading credit cards has been hacked, exposing almost 300,000 user accounts, according to data breach notification service Have I Been Pwned.

https://haveibeenpwned.com/PwnedWebsites#CardingMafia

In March 2021, the Carding Mafia forum suffered a data breach that exposed almost 300k members’ email addresses. Dedicated to the theft and trading of stolen credit cards, the forum breach also exposed usernames, IP addresses and passwords stored as salted MD5 hashes.

Hackers are stealing videos from private security cameras and selling them as home video tapes
https://www.scmp.com/news/people-culture/article/3127659/hackers-are-stealing-videos-private-security-cameras-and

Videos can cost as little as US$3 and the perpetrators offer ‘set meal’ packages with multiple live streams
One man claims 8,000 videos were shared in one group chat within 20 days in February

Tens of thousands of hacked security videos are being sold online. Many are fairly boring, showing people just sitting around their homes or hotels.

The video footage showcases clips from cameras
installed by homeowners for security reasons or others secretly installed by ill-intentioned people in hotels, fitting rooms and beauty salons.

The videos are priced based on how exciting they are and are sold via social media, according to an undercover investigative report aired by the television station on Monday.

Video clips involving nudity or sexual acts are priced at 50 yuan (US$8) each, while those “normal ones shot in hotel rooms” are 20 yuan (US$3), said an unidentified seller of these videos in the report.

Real-time viewing is also available at “set meal” prices. People can buy the IDs and passwords of cameras in 10 households for just 70 yuan (US$11), while 10 hotels plus 10 households costs 150 yuan (US$23), and 20 hotels plus 20 households for 258 yuan (US$39), according to another seller.

They came from cameras located across the country, with Guangdong, Hunan and Hubei province being the most prominent sources.

Companies Must Quickly Report Hacks to U.S. Under Proposed Order
https://www.bloomberg.com/news/articles/2021-03-31/companies-must-report-hacks-to-u-s-within-days-in-draft-order

Companies doing business with the federal government would be required to report hacks of their computer networks within a few days, according to a draft executive order that the Biden administration is urgently trying to complete, people familiar with the matter said.

President Joe Biden hasn’t yet signed off on the executive actions, which are likely to reach his desk in the next two weeks, one of the people said.

The executive order, when signed, would mandate important cybersecurity improvements, but it also would push basic changes that could deter cyber-attacks in both the government and private sector, according to people familiar with it. They requested anonymity to speak about actions the administration hasn’t yet announced.