In an unusual episodeof bullies turned into victims, an anonymous hacker hasbreached a popular pay-for-hire mobile hackingagency known for selling surveillance and data extraction solutions to intelligence and law enforcementorgans.
Motherboard reports the vigilante attacker has lifted900GB of data from Israeli firm Cellebriteand provided the publication with a copy of the stolen information. Theretrieved data includes customer credentials, databases and immense amounts of technical data describing the company’s products.“This event was off the charts”
Gary Vaynerchuk was so impressed with TNW Conference 2016 he paused mid-talk to applaud us.
FIND OUT WHY
Cellebrite’s bestseller is the portable Universal Forensic Extraction Device (UFED) which has the capacity to rip data from a wide variety of smartphones as long as the UFED-useris in possession of the handset. Once plugged in, the UFED can pull data like SMS messages, emails and call logs.
The Israeli firm has purportedly been supplying a number of US government agencies as well as authoritarian regimes from the likes of Russia, the United Arab Emirates and Turkey.
Motherboard has confirmed the stolen data is indeed authentic. According to the report, the information appears to have been retrieved from the customer section of Cellebrite’s website, where users can access new software updates.
Apart from user credentials and databases, the breach allegedly also includes logs from Cellebrite devices as well as evidence files from seized mobile devices.
The hacking firm has since confirmed the breach on its website, advising customers to change their password:
Cellebrite recently experienced unauthorized access to an external web server. The company is conducting an investigation to determine the extent of the breach.
Presently, it is known that the information accessed includes basic contact information of users registered for alerts or notifications on Cellebrite products and hashed passwords for users who have not yet migrated to the new system.To date, the company is not aware of any specific increased risk to customers as a result of this incident; however, my.Cellebrite account holders are advised to change their passwords as a precaution
In a similar case from last year, notorious hacker PhineasFisher breached two separate surveillance services implicated inproviding hacking solutions designed for spying on unsuspecting citizens to various government agencies.
While PhineasFisher went a step further and leaked the stolen data to the internet, the Cellebrite attacker has taken a more cautious approach, releasing the information exclusively to Motherboard and a few select individuals in IRC chat rooms.
Online security has been a growing cause for concern these days.
In an effort to raise awareness about the dangers of hacking, a group of Dutch journalists recently infiltrated the accounts of several local politicians , ultimatelytaking over the Twitter accounts of the government officials to break the story.
Hacker Steals 900 GB of Cellebrite Data on Motherboard