Heineken and Shell Linked to Massive Espionage Scandal in Italy

Dutch beer brewer Heineken and Anglo-Dutch fossil energy company Shell have been linked to a major espionage scandal ongoing in Italy. The Italian company Equalize is accused of stealing and selling tax data and police information on Italian politicians and businessmen, among others, to its customers. Heineken and Shell were among those customers, NRC reports.

On paper, Equalize provides services like business intelligence and reputation management. It conducts research into the reliability of suppliers, the position of competitors, or misconduct by customers’ staff. Under the counter, Equalize also sold confidential data gained from hacking into police systems, the Italian tax authorities’ systems, and the reporting center for suspicious bank transactions, according to the Italian authorities. The company also had informants within Italian government organizations. more

How Apple's Network can be a Potential Tracking Tool

George Mason University researchers recently uncovered a way for hackers to track the location of nearly any computer or mobile device. Named "nRootTag" by the team, the attack uses a device’s Bluetooth address combined with Apple's Find My network to essentially turn target devices into unwitting homing beacons. 

"It's like transforming any laptop, phone, or even gaming console into an Apple AirTag - without the owner ever realizing it," said Junming Chen, lead author of the study. "And the hacker can do it all remotely, from thousands of miles away, with just a few dollars." 

The team of Qiang Zeng and Lannan Luo—both associate professors in the Department of Computer Science—and PhD students Chen and Xiaoyue Ma found the attack works by tricking Apple's Find My network into thinking the target device is a lost AirTag. AirTag sends Bluetooth messages to nearby Apple devices, which then anonymously relay its location via Apple Cloud to the owner for tracking. Their attack method can turn a device—whether it's a desktop, smartphone, or IoT device—into an "AirTag" without Apple's permission, at which point the network begins tracking. 

In experiments, they were able to pinpoint a stationary computer's location to within 10 feet, accurately track a moving e-bike's route through a city, and even reconstruct the exact flight path and identify the flight number of a gaming console brought onboard an airplane. Zeng gave an alarming example: “While it is scary if your smart lock is hacked, it becomes far more horrifying if the attacker also knows its location. With the attack method we introduced, the attacker can achieve this.” more

Threat Actors Allegedly Selling SnowDog RAT Malware With Control Panel on Hacker Forums

A new Remote Access Trojan (RAT) dubbed “SnowDog RAT” is malicious software purportedly marketed for $300 per month. It appears to have been specifically developed for corporate espionage and targeted attacks on business environments.

The malware advertisement, discovered on Thursday, April 3, 2025, describes sophisticated capabilities that could threaten organizations worldwide.

According to a ThreatMon post shared on X, the advertisement claims that SnowDog RAT offers an extensive array of intrusion and persistence features that make it particularly dangerous. more

Lawsuit Alleges Pharmacist Hacked Hundreds of Computers to Watch Women Undress

A recently filed class action lawsuit accuses a former pharmacist at the University of Maryland Medical Center of having hacked into hundreds of computers.

Court documents say Matthew Bathula targeted at least 80 of his coworkers, most of whom are women pharmacists, residents, and other medical professionals.

Bathula allegedly accessed their computers using passwords and usernames extracted from UMMC computers and was able to gain access to their personal email, texts, photo libraries, and "private and sensitive electronically stored information."

He also allegedly downloaded partially nude photographs and recordings, photographs, and recordings depicting the women breastfeeding their children.

The complaint states Bathula activated internet-enabled cameras in patient treatment rooms to watch and record his coworkers he knew to be pumping breast milk at work and accessed home security cameras remotely to spy on the women in their homes, recording all of them in multiple stages of undress, in private family interactions, and having intercourse with their husbands.

Bathula accessed at least 400 computers, per court documents, and the active spying went on for at least a decade. more

Chinese Spooks Hacking US Mobile Users in Real Time

Millions of US mobile users could be vulnerable to Chinese government spooks who are apparently desperate to know when they are picking up their snowflakes from school and where they order their pizza...

The US intelligence community briefed six current or former senior US officials about the attack. The Chinese hackers believed to be linked to Beijing's Ministry of State Security, have infiltrated the private wiretapping and surveillance system that American telecom companies built exclusively for US federal law enforcement agencies.

The US government believes the hackers likely still have access to the system. Since the breach was first detected in August, the US government and the telecom companies involved have said very little publicly, leaving the public to rely on details trickling out through leaks.

The lawful-access system breached by the Salt Typhoon hackers was established by telecom carriers after the terrorist attacks of September 11, 2001. It allows federal law enforcement officials to execute legal warrants for records of Americans' phone activity or to wiretap them in real-time, depending on the warrant.

Many of these cases are authorised under the Foreign Intelligence Surveillance Act (FISA), which investigates foreign spying involving contact with US citizens. The system is also used for legal wiretaps related to domestic crimes. more

Student Finds 'Hacker-like' Approach to Bypass Cell Phone Security

Forensic investigators face significant challenges in securing crucial data from criminals' phones. University of Amsterdam PhD candidate Aya Fukami has identified hardware vulnerabilities in phones to bypass the security of modern devices, allowing her to extract data from phones in a way that was previously not possible...

"Traditional methods of hacking or scraping data from phones still often yield only encrypted data. Researchers then face great difficulty making that encrypted data usable," Fukami says. "It's a process that also takes a long time and doesn't always result in usable evidence."

To overcome this, Fukami explored ways to bypass vulnerabilities in phone system security. And she succeeded. more

Chinese Hackers Breached US Court Wiretap Systems

Chinese hackers accessed the networks of U.S. broadband providers and obtained information from systems the federal government uses for court-authorized wiretapping, the Wall Street Journal reported on Saturday.

Verizon Communications, AT&T and Lumen Technologies), are among the telecoms companies whose networks were breached by the recently discovered intrusion, the newspaper said, citing people familiar with the matter.

The hackers might have held access for months to network infrastructure used by the companies to cooperate with court-authorized U.S. requests for communications data, the Journal said. It said the hackers had also accessed other tranches of internet traffic. more

A $500 Open Source Tool Lets Anyone Hack Computer Chips With Lasers

IN MODERN MICROCHIPS, where some transistors have been shrunk to less than a 10th of the size of a Covid-19 virus, it doesn't take much to mess with the minuscule electrical charges that serve as the 0s and 1s underpinning all computing. 

A few photons from a stray beam of light can be enough to knock those electrons out of place and glitch a computer's programming. Or that same optical glitching can be achieved more purposefully—say, with a very precisely targeted and well timed blast from a laser. Now that physics-bending feat of computer exploitation is about to become available to far more hardware hackers than ever before.

At the Black Hat cybersecurity conference in Las Vegas next week, Sam Beaumont and Larry “Patch” Trowell, both hackers at the security firm NetSPI, plan to present a new laser hacking device they're calling the RayV Lite. 

Their tool, whose design and component list they plan to release open source, aims to let anyone achieve arcane laser-based tricks to reverse engineer chips, trigger their vulnerabilities, and expose their secrets—methods that have historically only been available to researchers inside of well-funded companies, academic labs, and government agencies. more

Karma Files: Multi-platform Spyware Provider Spytech Gets Hacked

Second spyware provider hacked this month...

Minnesota-based spyware provider Spytech has been hacked, with files stolen from the company's servers containing detailed device activity logs from a global pool of mostly Windows PCs but also some Macs, Chromebooks, and even Android devices. 

The total number of spyware victims impacted by Spytech and noted by TechCrunch analyzing the scale of the breach is "more than 10,000 devices since 2013," and this cross-platform invasion of privacy stretches across the entire globe, including the US, EU, the Middle East, Africa, Asia, and Australia. 

Spytech provides a brand of spyware best known as "stalkerware" since it's typically installed by a person with physical access to the victim's device. more

Lawsuit Claim: Shopping App Temu - “Dangerous Malware,” Spying on Your Texts

Temu—the Chinese shopping app that has rapidly grown so popular in the US that even Amazon is reportedly trying to copy it—is "dangerous malware" that's secretly monetizing a broad swath of unauthorized user data, Arkansas Attorney General Tim Griffin alleged in a lawsuit filed Tuesday.

Griffin cited research and media reports exposing Temu's allegedly nefarious design, which "purposely" allows Temu to "gain unrestricted access to a user's phone operating system, including, but not limited to, a user's camera, specific location, contacts, text messages, documents, and other applications."

"Temu is designed to make this expansive access undetected, even by sophisticated users," Griffin's complaint said. "Once installed, Temu can recompile itself and change properties, including overriding the data privacy settings users believe they have in place." more

TeamViewer Confirms Cyberattack

TeamViewer, the prominent provider of remote access tools, has confirmed a significant cyberattack on its corporate network. 

This attack has been attributed to APT29, a hacking group allegedly linked to Russian intelligence. The breach, discovered on June 26, involved compromised credentials of an employee account, marking another sophisticated cyber-espionage campaign executed by state-sponsored hackers.

According to TeamViewer’s investigation, the breach began with the compromise of credentials from a standard employee account within their corporate IT environment. 

The company has emphasized that the attack was contained within its corporate network, assuring that their internal network and customer systems are separate...Despite these assurances, the company’s investigation is ongoing. more

Beware the Spies in Disguise

Unethical hackers are often hired by companies for corporate espionage: to infiltrate the IT systems of rival organizations to steal sensitive information, trade secrets, and strategic plans. The information can provide a competitive advantage or be sold for financial gain.

Although getting in touch with these hackers is comparatively easier, they have now resorted to anonymous modes of messaging through discreet texting applications that do not store metadata. Such apps use encrypted chat rooms, which makes it difficult for authorities to trace communications.

The internet is also filled with tutorials providing step-by-step guides for many kinds of unethical hacking tasks, which are often used by tech-savvy anti-social elements.

On the other hand, hacking into social media accounts threatens the individual privacy of creators and is often used for blackmail and extortion. more

This is a major problem on LinkedIn. 

Here are some of the come-ons I receive...

• It's nice to meet new people. Can we talk?
• Hello, it's a pleasure to contact you. Your resume and skills are excellent. I hope to make friends with you.
• I am Sophia, I checked your profile. I saw that your professional field is the talent we are looking for, which will be of great help to the new project I am about to start. If you are interested. You can leave your phone number and contact information, and I will arrange a time with you for a detailed conversation and make an appointment for a telephone conference. When is it convenient for you?
• After reading your resume and work experience, I found that you are a very talented person! can we talk?
• I think your field of work is great. Can we exchange ideas and learn from each other?

Spy Tip: Remember your Stranger Danger training.

NASCAR Radio Comms Hacked - “That Was Some Weird Sh*t”

Unwelcome Participant Eavesdropping on Bubba Wallace...

Remember the 2023 All-Star Race? The No. 23 team and specifically its driver, Bubba Wallace, experienced a bad situation. Somebody hacked into the team’s radio channel and delivered a derogatory message...Although NASCAR investigated the incident, the mysterious voice remained unknown.

A similar situation seems to have propped up at the 2024 Coca-Cola 600 race, but devoid of the hurtful comments. While Bubba Wallace was prying for the lead in stage 2, an unfamiliar voice popped in between his communication with his pit team. The 23XI Racing driver was surprised yet fascinated by this occurrence.

Earlier in 2024, the No. 23 team’s radio buffered during the race at Talladega Superspeedway. As it turned out, not only Bubba Wallace but also other drivers faced a similar problem. Joe Gibbs Racing’s No. 19 driver Martin Truex Jr was audibly frustrated: “All our radios are f***ed up right now.”

Now another mysterious glitch has surfaced in Charlotte, with unfamiliar voices on Wallace’s radio. We can only wait till the end of the weather-delayed race to delve deeper into this curious matter. more

......

Care to eavesdrop yourself? "DOWNLOAD NASCAR MOBILE APP and click on Buy Premium link in the navigation to subscribe for full access on mobile devices." more 

Or... do what that mysterious voice did... Buy a cheap 2-way radio.

Dump of Chinese Hacking Documents - A Window into Surveillance

Chinese police are investigating an unauthorized and highly unusual online dump of documents from a private security contractor linked to the nation’s top policing agency and other parts of its government — a trove that catalogs apparent hacking activity and tools to spy on both Chinese and foreigners...

The dump of scores of documents late last week and subsequent investigation were confirmed by two employees of I-Soon, known as Anxun in Mandarin, which has ties to the powerful Ministry of Public Security... They reveal, in detail, methods used by Chinese authorities used to surveil dissidents overseas, hack other nations and promote pro-Beijing narratives on social media. more

Van Eck Redux: Hackers Can Spy on Cameras Through Walls

Capturing real-time video through walls isn’t hard if you have an antenna and a little bit of engineering know-how. It could be a massive threat to billions of security and phone cameras... 

Kevin Fu, a professor of electrical and computer engineering at Northeastern who specializes in cybersecurity, has figured out a way to eavesdrop on most modern cameras, from home security cameras and dash cams to the camera on your phone. Called EM Eye, short for Electromagnetic Eye, the technique can capture the video from another person’s camera through walls in real time. It redefines the idea of a Peeping Tom...

Results vary on how far away someone would have to be in order to eavesdrop on these different devices. For some, a peeping Tom would have to be less than 1 foot away; for others, they could be as far away as 16 feet...

Fu says. “Maybe you don’t want to put this [camera] on your wall you share with your neighbor.” more
Van Eck  Interesting, but no need for the average person to worry.

Harry Hacking: Payout in Phone-Hacking Case Against Mirror Publisher

Prince Harry has won 15 claims in his case accusing Mirror Group Newspapers of unlawfully gathering information for stories published about him. A judge has ruled in his favour on almost half of the sample of 33 stories used in his claims of phone hacking and other methods.

High Court ruling found evidence of "widespread and habitual" use of phone hacking at the Mirror newspapers... He was awarded £140,600 in damages... more

Weirdest Spy Story of 2023?

NY Attorney Accuses Ben Affleck & Matt Damon of Stalking and Bugging Her Home

A New York attorney is suing actors Ben Affleck and Matt Damon, accusing the besties of stalking her and bugging her home to use private details of her life in their movies.

The attorney is hiding her identity as she moves forward with the bizarre case. The Daily Mail got a hold of court documents that claim the actors also hacked her devices and left the attorney in fear of being kidnapped and raped... She found a bug, saw an owl-shaped camera pointed at her home, woke to find a man in her bedroom and saw a man pointing a telescope at her after an alert that her emails had been hacked, according to the suit.

Also named in the suit are Affleck’s brother, Casey Affleck, his wife, singer/actress Jennifer Lopez, actor Kevin Smith, and disgraced Hollywood producer Harvey Weinstein. The suit is also targeting Dimension Films, Disney, Lionsgate, Warner Bros., and Paramount Pictures, who she is accusing of negligence for allowing harassment and plagiarism to take place. more

How an Indian Startup Hacked the World

Appin was a leading Indian cyberespionage firm that few people even knew existed. 

A Reuters investigation found that the company grew from an educational startup to a hack-for-hire powerhouse that stole secrets from executives, politicians, military officials and wealthy elites around the globe. 

Appin alumni went on to form other firms that are still active...

Chuck Randall was on the verge of unveiling an ambitious real estate deal he hoped would give his small Native American tribe a bigger cut of a potentially lucrative casino project.

A well-timed leak derailed it all.

In July of 2012, printed excerpts from Randall’s private emails were hand-distributed across the Shinnecock Nation’s square-mile reservation, a wooded peninsula hanging off the South Fork of Long Island...  more

Shady Things You Can Do With a Flipper Zero

Since it’s evil week at Lifehacker, let’s take a look at a gadget that can be used for mild evil: the Flipper Zero. Despite its toy-like looks, this pocket-friendly multitool can be used for all kinds of hacking and penetration testing. 

It gives anyone, even newbs, an easy-to-understand way to interact with the invisible waves that surround us, whether they’re RFID, NFC, Bluetooth, wifi, or radio. It’s a like a hacker Swiss army knife that you can buy for less than $200.

You can use a Flipper Zero to control your TV, cheat your Nintendo, replace your work ID, open your hotel room door, and more. I’m sure you could see where the “evil” part could comes in. But on the other hand, it’s just a tool, and its ability to commit crimes is... more

Flipper Zero – Corporate Security Threat

Legacy Systems Threaten Security in Mergers & Acquisitions

Here’s a simple fact: Legacy systems are far more likely to get hacked. This is especially true for companies that become involved in private equity transactions, such as mergers, acquisitions, and divestitures...

We have seen two primary trends throughout 2023:

– Threat groups are closely following news cycles, enabling them to quickly target entire portfolios with zero-day attacks designed to upend aging technologies — disrupting businesses and their supply chains.

– Corporate espionage cases are also on the rise as threat actors embrace longer dwell times and employ greater calculation in methods of monetizing attacks. more