Boffins fight pacemaker hacks with ultrasound security

Some research into the potentially exploitable low-power state of iPhones has sparked headlines this week.

While pretty much no one is going to utilize the study's findings to attack Apple users in any meaningful way, and only the most high-profile targets may find themselves troubled by all this, it at least provides some insight into what exactly your iOS handheld is up to when it's seemingly off or asleep. Or none of this is news to you. We'll see.

According to the research, an Apple iPhone that goes asleep into low-power mode or is turned off isn't necessarily protected against surveillance. That's because some parts of it are still operating at low power.

End-to-end encryption (E2EE) has become a global flashpoint in the ongoing debate between the security of private communications versus the need of law enforcement agencies to protect the public from criminals.

The Register has written at length about this increasingly strident back-and-forth that is seeing proponents of both sides more entrenched in their beliefs.

London-based think tank the Royal United Services Institute (RUSI) released a report [PDF] this week laying out the contours of the privacy-vs-safety debate, weighing the needs and exploring possible solutions.

A new remote access trojan (RAT) dubbed "Borat" doesn't come with many laughs but offers bad actors a menu of cyberthreats to choose from.

RATs are typically used by cybercriminals to get full control of a victim's system, enabling them to access files and network resources and manipulate the mouse and keyboard. Borat does all this and also delivers features to enable hackers to run ransomware, distributed denial of service attacks (DDoS) and other online assaults and to install spyware, according to researchers at cybersecurity biz Cyble.

"The Borat RAT provides a dashboard to Threat Actors (TAs) to perform RAT activities and also has an option to compile the malware binary for performing DDoS and ransomware attacks on the victim's machine," the researchers wrote in a blog post, noting the malware is being made available for sale to hackers.

A Russian national was indicted in the US on Tuesday for allegedly running an online marketplace selling access to credit card, shopping, and web payment accounts belonging to tens of thousands of victims.

Igor Dekhtyarchuk, 23, who is on the FBI's Cyber's Most Wanted list, is suspected to be the mastermind of an underground cyber-souk dubbed "Marketplace A" by the US Department of Justice. The site, launched in 2018 and known as a carding shop in the cyber-security industry, sold login details for people's internet banking and retail accounts so that fraudsters could, for instance, go on spending sprees on a stranger's dime.

Marketplace A functioned like any other online store, and even had bundle deals, such as an offer to buy access to two online retail accounts and get some credit card information thrown in, for the same victim, it was claimed. The credentials were priced according to a victim's account balances; miscreants allegedly had to pay more for data associated with accounts with more money to steal from.

Three former US intelligence and military operatives broke America's weapons export and computer security laws by, among other things, helping the United Arab Emirates hijack and siphon data from people's iPhones, it emerged on Tuesday.

US citizens Marc Baier, 49, and Ryan Adams, 34, and ex-citizen Daniel Gericke, 40, were charged [PDF] with using "illicit, fraudulent, and criminal means, including the use of advanced covert hacking systems that utilized computer exploits obtained from the United States and elsewhere, to gain unauthorized access to protected computers in the United States and elsewhere and to illicitly obtain information ... from victims from around the world."

They also, according to the rap sheet, obtained and used people's passwords and authentication tokens to break into accounts and systems in the US and beyond. And they did all that "while evading the export control supervision of the United States government."

Register debate Last week, we argued over whether or not the media, including El Reg, should stop using the word hacker as a pejorative.

This debate came about after infosec pro Alyssa Miller and a few others from the Hacking Is Not A Crime movement politely asked Register vultures on Twitter to quit using the h-word as a lazy shorthand for criminal.

We said we'd think about it. And we thought about it, and we thought about it some more. And in the end, since we're writing for you, we decided to put it to the audience: we published an article for and an article against the proposal, and let everyone vote for whichever side they agreed with.

An expert penetration tester working for the notorious cyber-crime gang FIN7 was sent down for seven years on Friday and told to cough up $2.5m for breaking into corporate computer systems.

Andrii Kolpakov, 33, a Ukrainian national, was cuffed by authorities in Lepe, Spain, in 2018, and extradited to the US in 2019. He was a high-ranking member of the crew, and served as its penetration tester from 2016 to 2018, looking for ways to exploit security vulnerabilities in businesses.

FIN7 injected malware into the networks of thousands of American food, hospitality, and gaming chains to steal customers' financial details. Millions of credit and debit card numbers were scraped and later sold to other miscreants online, who went on spending sprees.

Fans of 'cyber' flick Hackers can amuse themselves by visiting an exhibition of the characters’ costumes in London – but time is running short if you want to catch a glimpse of Angelina Jolie’s bizarre getups.

“Back in the future of 1995, the teen techno-thriller Hackers (directed by Iain Softley) burst onto cinema screens with its cyber phreak aesthetics, video game visuals and mind-bending techno soundtrack. For many, it was the vibrancy of the cartoon-like, surreal costumes that gave the film its unique identity, cult status and era-defining quality that still resonates today,” burbles the London exhibition’s description.

Hackers is remembered fondly by infosec greybeards for being one of the first mainstream depictions of computer hacking culture, and by film buffs for being Angelina Jolie’s first major role. The 1995 movie didn’t do very well at the box office, but has an endearing appeal among some cyberpunks and computer nerds alike.

The sheriff of a small city in Florida warned on Monday that hackers had tried to poison its water.

Pinellas County Sheriff Bob Gualtieri said Oldsmar's water treatment system, which serves roughly 15,000 people, was broken into by someone, via the internet, who had hoped to flood the supply with levels of sodium hydroxide more than 100 times the normal amount.

The miscreant gained access through remote-control software TeamViewer that was running on a PC at the plant, the sheriff told Reuters, and used that machine to ultimately attempt to jack up the levels of sodium hydroxide.