Celebrities Email accounts get hacked, exposing scripts and sex tapes

Katniss_Hunting

After the event that shake and moved all…The fappening. It seems the celebs haven’t learnt their lesson yet to keep their personal stuff safe. Over 130 celebrities have got their E-mails hacked exposing their scripts and sex tapes. 

The thief

The culprits name is Alonzo Knowles. A (now arrested) Bahamian hacker who, after stealing the Scripts and Other stuff (wink-wink) had the audacity to try to sell the documents to a famous radio host. The don’t-wanna-be-named famous host informed the homeland security regarding this who further used their own pawn as an interested buyer to lure the hacker in its claws(wait…pawns do have claws right?).

The stolen

The digitized items that were stolen by Alonzo were:

  • Three scripts of comedy films (Should’ve downloaded the script and deleted the email)
  • A biopic regarding hip-hop
  • A television show
  • Sex-Tapes of celebs (Why WOULD YOU PUT SOMETHING LIKE THIS IN YOUR EMAIL)
  • 130  social security numbers
  • 130 email and phone numbers

Alonzo arrived from the Bahamas to Manhattan on Monday. His motive was to sell the agent 15 movies and TV show scripts and SSN of actresses and 2 athletes for $80,000. He told the agent that all of the showing stuff were just the sample, and would be willing to sell more if the (pretend)buyer was interested.

The modus-operandi

Although unrelated to the Fappening, the modus operandi of the hacker was to send a virus to the emails and steal the sensitive stuff.

Apart from the virus, Knowles sent a fake text to the account holders to ask for their passwords to make the Mail-Id secure. The gullibility and desperation-to-save-the=sex-tape drove celebrities to get their account hacked.

Knowles was held without bail on Tuesday with copyright infringement and identity theft charges. Both of which have up to 5 years of being someones’ prison bitch.

 

 

 

Instagram got its first hackjob! Researcher hacks into Instagram

instagram-logo

A researcher hacks into Instagram to reveal a flaw and he may be still screwed.

Every now and then a student comes into ethical hacking and his starting question is this..”Sir, how do I hack my friends’ facebook account?”. As menial and snooze-worthy this question is, a teacher is always afraid that this just might happen and voila, this just happened. Instagram got its first hackjob and facebook is not happy about it. Even if it was a report of the server security, even if it was responsible, big conglomerate don’t want their flaws to be known.

After the reveal of vulnerability in security and configuration flaws in Instagram that allowed the ethical hacker access to sensitive on the servers that included

  • Source code of Instagram
  • Details of Instagram user as well as employees
  • Authentication Cookie keys
  • And many more goodies

but like the saying “no good deed goes unpunished” all he got from this action is a lawsuit threat and no reward.

The researchers’ name is Wesley Weinberg. Wesley Weinberg here is a security researcher at Synpack. Now he participated in the facebooks’ bug bounty program and started keeping a close eye at Instagram after one of his buddies directed him towards the vulnerable box of information called sensu.instagram.com. You see the irony here, facebook itself put the bounty and then is threatening to sue him for just being good at it. Ooh! Such injustice!

But what DID he find?

Well, he found a Remote Code Execution bug that was itself responsible for two major weaknesses:

  • The app running the server had hard-coded Ruby Token imprinted inside
  • the host running Ruby ver 3.x was susceptible to code execution…meaning this bitch is programmable by an outsider.

And the server threw up all sorts data such as login details, including Instagram and facebook employee credentials(One of them is bound to be fired). Even the passwords that were encrypted with Bcrypt got taken out by Wesley. But that’s the users’ fault, having passwords like password, changeme, passwd doesn’t do anyone good.

Selfies exposed…Oh no! he Didn’t!!

86868-Conan-OBrien-oh-no-you-didnt-s-JUM3

There was no stopping of the Wesley force. For his hacks into Instagram prompted him to find more…. a LOT more. He found all the damn keys that at first didn’t reveal much, but a closer Wesley look found the keys of all the 82 Storage units of sensu setup. Damn son!

In return, he gets threats and no reward

But the responsible report from Wesley Weinberg apparently got him threats of firing and lawsuit rather than the reward he was promised. He got disqualified from the bounty because the access of private documents doesn’t come under the bounty…IN WHAT UNIVERSE FACEBOOK?! IN WHAT UNIVERSE?! That’s’ not all, OOHH NO! His boss apparently got a scary call from Alex Stamos , the facebook security chief to FIRE Wesley! Although, this was straight up denied by him in social media afterward.

The response the Social media giant……Facebook!

Facebook claims that the other claims made by Wesley who claimed the bullying from facebook are all false. Never thought I would write this sentence…in like ever. However, they did say that they are aware of the RCE bug and would have given the reward to Wesley and his friend if they had not peeped into the personal documents. Its’ really petty coming from a billion dollar conglomerate bitching over $2500. But that’s how rich are rich! So this is the news for the hacks into Instagram .lotr-gollum