He's joking mostly. He uploaded a webshell through the very poorly designed system that was in use. A webshell just runs whatever command it's given on a the machine its located and returns the results.
Probably this. I'm extremely left leaning but even I know vice is absolute dogshit. I used to work in the tar sands with my brother's, and once a year we have a tradition of watching the Vice tar sands "documentary" to laugh at how wildly inaccurate and ill-informed it is.
Or the individual could have made all of that up, nothing here that validates the story at all, could just be a smart kid trolling vice.
I mean really no citations except for what the individual provided them and some half-baked analysis that words from the kaspersky report were in what they received.
> “Hacking back should be legalized so Kaspersky could of done this themselves,” the hacker wrote in their message on the ZooPark server.
That line right there sounds like very much the propaganda the U.S. government has been pushing lately to convince people to support "hacking back." I've only heard government members promote this.
I guess this could be an operation where they try to make "hacking back" into something "heroes" (vigilantes) do.
If it's only government agencies that support hacking back, they sure are playing the long game.
E.g. the hack of the Gamma Group [1] was also purportedly carried out by a vigilante, who later published guides [2], [3] that also use the "hacking back" language. What are the odds?!
I had this same thought when I read “hacking back” in the article. I just dismissed it as conspiratorial thinking, but now I see another article with the same phrase and premise... hmmmmm. It is something I would do if I were trying to get legislation passed.
But it could be easily explained by the fact the government uses the phrase constantly in the media. It’s not necessarily unexpected that two hackers would use them use the phrase when discussing the merits of, well, “hacking back.”
It's not just exploits tbh. Apple have really, really good tools for locking down and monitoring iPhones. The device enrolment thing they have is fantastic, and very streamlined. Meanwhile I have no idea what's going on with Android Enterprise/Samsung Knox/Whatever It's Called, and I don't think any sysadmins I know have a clue either.
Even without malware, Android needs to fix its permissions. What's the point in enforcing security policies on phones when a legitimate app, when given permission to, can read text messages on an employee's phone and send all the data to China? Businesses care about not having communications with customers leaked and Android is absolutely the wrong platform for that.
I agree.. It is crazy i HAVE to go through a complex procedure to root my phone, and install a different operating system, just so i can deny apps access to parts of my phone they should never have access to and because there is no easy way to tell if apps are accessing parts they shouldn't be.
> “Hacking back should be legalized so Kaspersky could of done this themselves,” the hacker wrote
This sentiment seems to becoming more and more popular; I wonder if we'll see more vigilantes (which the person in the article purports to be) as a result.
Unfortunately, I suspect vigilante behaviour and thinking is becoming more popular in society as a whole, both in cyber security and outside of it. See also the attacks on social media sites/attempts to get people fired/blacklisted, the increase in protests turning violent, and hacking attempts in general.
Feels like a decent percentage of the population have lost faith in the government and rule of law.
Which to be fair, wouldn't exactly be a shocking belief where cybersecurity is concerned. The police and authorities rarely do anything effective against hackers, virus creators and other internet law breakers in general, in part because it requires a lot of resources to investigate someone/some group who might very well be on the other side of the planet and outside the victim's legal system. In that sense, I'm not surprised it's getting more popular.
Shouldn't "hacking back" be extended to companies that collect user's data without obtaining their consent properly, without respecting privacy and local customs like Google, Cambridge Analytics, or Facebook do?
would you characterize the bipartisan introduction of the active cyber defense certainty act (ACDC)[1] to the US house of representatives as "propaganda" or a real thing that happened? we don't know if it's popular (amongst the law makers who control its fate) because there hasn't been a vote yet.
"more and more popular," maybe not amongst the infosec community, but "more and more likely to make it to a vote in the years that have passed since the introduction of CFAA?" that seems possible to me.
...custom 0day html script...?
Who is this guy? Batman?
Can anybody explain how an html 0day might be able to pwn a php file uploader?
That sounds terrifying... but at least I can be somewhat reassured that nobody is going to waste that on my wordpress installation...
[0] https://web.archive.org/web/20180508063705/http://5.61.27.15...