By Deeba Ahmed
The malware Raspberry Robin is distributed via external drives and uses Microsoft Standard installer to execute malicious commands.…
This is a post from HackRead.com Read the original post: USB-based Wormable Raspberry Robin Malware Targeting Windows Installer

The malware Raspberry Robin is distributed via external drives and uses Microsoft Standard installer to execute malicious commands.

Red Canary’s Detection Engineering team has discovered a new worm-like Windows malware being distributed via removable USB drives. The malware was detected in several customer networks, mainly in the manufacturing and technology sectors.

**About Raspberry Robin**

Red Canary intelligence analysts attributed the malware to the Raspberry Robin cluster, noting that the worm leverages “Windows Installer” to access QNAP-linked domains and download a malicious DLL.

Raspberry Robin’s activity was first documented in September 2021. The operator’s objective is unclear, and researchers are also clueless about when and how the external drives get infected. They suspect that this infection occurs offline.

**Attack Chain Details**

> Raspberry Robin’s attack chain starts with connecting an infected external/USB drive to a Windows device. Researchers noted that adversaries use msiexec.exe to deliver malware while “Raspberry Robin uses msiexec.exe to attempt external network communication to a malicious domain for C2 purposes.
> 
> Lauren Podber and Stef Rand  
> Red Canary

The external drive is equipped with the worm payload that appears as a .LNK shortcut file in a legit folder. The worm creates a new process using cmd.exe to read/execute the malicious file on the USB drive.

According to Red Canary’s blog post, once this is done, the worm launches explorer.exe and msiexec.exe. The latter is used to establish network communication with a rogue domain and for downloading/installing the DLL library file.

Raspberry Robin event outline (Red Canary)

This DLL file is loaded and executed using legitimate Windows utilities like rundll32.exe, fodhelper.exe, and odbcconf.exe to bypass the UAC (User Account Control). Researchers also detected an outbound C2 contact involving regsvr32.exe, dllhost.exe, and rundll32.exe processes to IP addresses linked with Tor nodes.

Regarding why the worm installs a malicious DLL, the researchers were unclear. They hypothesized that it could be done to maintain persistence on the infected machine.

**More Windows Malware News**

1.  Beware of Fake Windows 11 Update Delivering Malware
2.  LodaRAT Windows malware now hunting Android devices
3.  New malware tool can steal files from air-gapped PCs using USBs
4.  PyMICROPSIA Windows malware steals browsing data, records audio
5.  Fake Windows website dropped Redline malware as Windows 11 upgrade

USB-based Wormable Raspberry Robin Malware Targeting Windows Installer

By Deeba Ahmed
Attackers from the Ukrainian IT army successfully disrupted alcohol shipments in Russia by targeting EGAIS, the country’s primary…
This is a post from HackRead.com Read the original post: DDoS Attacks by Hacktivists Disrupted Russian Alcohol Supply Chain

Attackers from the Ukrainian IT army successfully disrupted alcohol shipments in Russia by targeting EGAIS, the country’s primary online portal for alcohol distribution.

According to Russian news portal Vedomosti, Ukrainian hacktivists took down Russia’s central alcohol distribution platform called Unified State Automated Alcohol Accounting Information System or EGAIS, with DDoS attacks launched on May 2nd and 3rd.

EGAIS is an important portal since, as per the law, all alcohol producers and distributors must register their shipments at EGAIS. Therefore, an attack on this platform caused extensive service blockage across Russia.

**Details of the Attack**

Reportedly, three sites belonging to the platform received DDoS attacks. When checked on May 4th, two EGAIS sites gave the error “the server stopped responding,” and the third didn’t work.

The attacks began on May 2nd and the next day system failures became more obvious. Wine trader Fort claimed that service disruption occurred on May 4th while the Union of Alcohol Producers, Igor Kosarev, and Ladoga representative claimed the same.

Fort’s executive director, Alexander Lipilin, stated that 70% of the invoices failed to be uploaded to EGAIS on May 4th. Strong alcoholic beverages producer Beluga Group didn’t report any problems with EGAIS.

The problem got partially resolved on the morning of May 4th. Out of the 1,500 documents queued in Ladoga, 600 were sent to the system. The problem is expected to be fully fixed within the next two days.

CIFFRA (Center for Research on Federal and Regional Alcohol Markets) director, Vadim Drobiz, stated that the EGAIS attack didn’t affect the end consumer as stores had stocked alcohol before the holidays.

**Widespread Impact of the Attack**

The entire EGAIS system got paralyzed, and as a result, the alcohol supply chain was disrupted during the May holidays. Vedomosti further noted that the DDoS attacks continued until May 4th, due to which manufacturers and suppliers couldn’t contact technical support to address delays or fix invoices and complete orders.

According to Russian news portal Vedomosti, shipments to retail chains failed for many companies; factories didn’t receive a tank full of alcohol while restaurants couldn’t upload receipts. 

> “Due to a large-scale failure, factories cannot accept tanks with alcohol, and customers, stores, and distributors cannot receive finished products that have already been delivered to them,” Vedomosti reported.

One of the companies impacted by the closure of the EGAIS portal announced to suspend all purchases as its warehouses were full. The outage mainly affected Vodka distribution, but wine companies also reported service disruption.

**Ukrainian Hacktivists Claim Responsibility**

Ukrainian hacktivists, particularly the Disbalancer group, claimed responsibility for the attack and announced their plans to launch more attacks on the platform. It is worth noting that the Ukrainian IT Army earlier announced to target EGAIS servers on its Telegram channel, including the portals check.egais.ru, egais.ru, and service.egais.ru. 

Ukrainian IT Army is a special cyber force that recruits volunteers from across the globe to launch cyberattacks against Russian infrastructure/entities.

**More DDoS Attack Stories**

1.  Christian crowdfunding site GiveSendGo hit by DDoS attack
2.  Imperva mitigated a series of massive ransom DDoS attacks
3.  DDoS Attack and Data Wiper Malware hit Computers in Ukraine
4.  Cloudflare Successfully Thwarted One of The Largest DDoS Attacks
5.  Microsoft Azure customer hit by largest ever 3.47 Tbps DDoS attack
6.  DDoS attacks on Minecraft event crippled the Internet of a European country

DDoS Attacks by Hacktivists Disrupted Russian Alcohol Supply Chain

By Owais Sultan
Launched in 2009, Bitcoin was the first-ever digital coin that marked the beginning of a cryptocurrency era. It…
This is a post from HackRead.com Read the original post: The Operational Structure of Bitcoin

Launched in 2009, Bitcoin was the first-ever digital coin that marked the beginning of a cryptocurrency era. It is a decentralized digital currency, not controlled by any authority like a bank. Instead, Bitcoin’s electronic system is powered by a peer-to-peer network where the currency is directly traded and exchanged between users.

A web of thousands of computers verifies the Bitcoin transactions by recording each one of them on a public distributed ledger, accessible to everyone. Bitcoin has established its value as a change-resistant, secure, and decentralized payment protocol. 

It is noteworthy that this digital coin has significantly grown in worth by more than 460,000% since its launch. Bitcoin, which once traded below $10, is currently hovering around $46,000. Although the pricing of Bitcoin depends on a variety of factors, including its fixed 21 million supply and corresponding demand, its value is determined by the high-value people give it.

**The working mechanism of Bitcoin**

The operational technology of Bitcoin is the Blockchain protocol that contains a string of data blocks with information about each Bitcoin transaction. A new block is added to the chain through the mining process when a new transaction is broadcasted. Once the new block is minted, the latest information becomes available to all network participants. In other words, the data gets imprinted on a public ledger.

This distributed ledger technology makes it almost impossible to amend the already-present data, due to the hashing of all previous blocks. Thus, tampering with any data would necessitate the alteration of all the previous blocks, which is impractical without taking control of 51% of the whole system. 

**What are the primary uses of Bitcoin? **

Like fiat currencies, Bitcoin can be used for purchasing various items; however, currently, only a limited number of merchants are accepting it as a mode of payment. Moreover, many services allow the linking of debit cards to your crypto wallet, making it possible to use Bitcoin with a debit or credit card.

Besides these applications, Bitcoin trading and HODLing (in other words, long-term holding) are the two most popular use cases of this digital currency, attributable to its high volatility and liquidity. Some prefer to seek financial benefits by learning how to trade Bitcoin, while others choose to hold it long-term, as they believe its worth is set to significantly increase over time.

Bitcoin mining with its subsequent rewards is also one of the most popular ways to take advantage of this digital currency. 

**Proof-of-work – The basis of Bitcoin mining**

Mining is the process by which new blocks are added to the Bitcoin blockchain, and proof of work is the consensus mechanism that miners follow to verify transactions and maintain the integrity of the network. According to the PoW protocol, miners must solve complex computational puzzles to validate transactions. As an incentive, the system grants them block rewards to appreciate their efforts in supporting the network.

Proof of work ensures the viability of the Bitcoin system by checking that there is no double-spending of coins and that all the transactions are consistent with previous information. The decentralized blockchain technology, with its proof of work protocol, makes it possible for the Bitcoin network to run smoothly and securely, without any central control.  

**More Crypto and Blockchain Topics**

1.  Security Tips For Trading Cryptocurrency Online
2.  The Advantages of a More Secure and Safer Blockchain
3.  5 Things to Consider When Getting into Cryptocurrency
4.  How Will Blockchain Technology Revolutionize Logistics?
5.  How Blockchain Can Revolutionize Personal Data Storage?

Owais takes care of Hackread's social media from the very first day. At the same time He is pursuing for chartered accountancy and doing part time freelance writing.

The Operational Structure of Bitcoin

By Waqas
Let’s take a closer look at what a dark web search engine is, how to find them and…
This is a post from HackRead.com Read the original post: What Are Dark Web Search Engines and How to Find Them?

**Let’s take a closer look at what a dark web search engine is, how to find them and what are some of the best dark web search engines out there.**

The web is full of information. To find that information, you need search engines. The dark web search engine is one of the best ways to find information that is hidden from the public. There are many different dark web search engines, and they each have their specialty.

To understand what they do, their strengths, and how to find them, you need to know a little bit about the dark web (also known as the hidden web). The **dark web** is a network of Onion websites and services that are only accessible through the Tor browser.

There are many uses for the dark web, but one of the most common is finding hidden information. That’s where dark web search engines come in. They let you find sites that aren’t easily accessible by the general public but are useful for finding information about things like hacking, drugs, leaked data, and other activities a lot of which can be illegal.

Let’s take a closer look at what a dark web search engine is, how to find them and what are some of the best dark web search engines out there.

**What is a Dark Web Search Engine?**

A dark web search engine is a tool that lets you find hidden information on the dark web. There are many different types of dark web search engines, and each has its specialty. For example, some have better searching capabilities than others. Some specialize in finding surveillance tools or tips and tricks for journalists to tackle government-led surveillance and censorship while some search engines will find sites with illegal content like drugs or cybercrime activities. Others are more generalized and will find almost anything on the dark web.

**How to Find Dark Web Search Engines**

There are many dark web search engines, which can be a bit overwhelming. You will be able to find them by doing a little research. However, there are some common searches that you can do to help with your search. One of the most popular is “Dark Web Search Engine” on Google. This will give you a list of websites that allow you to search the dark web.

But since you are on Hackread.com, you don’t have to Google it. We got you. Here are 5 best dark web search engines:

**Best Dark Web Search Engine in 2022**

As mentioned earlier, there are several dark web search engines with different searching algorithms. We are listing 5 of the best dark web search engines that are known for displaying appropriate and desired results.

**Ahmia.fi**

Ahmia.fi remains reliable and also has a policy against any “abuse material”, something different from many other dark web search engines that also index websites featuring child sexual abuse content. Ahmia is also available on the **surface web** and supports searches on the i2p network as well. You can visit Ahmia’s .Onion domain **here**. 

**The Hidden Wiki**

The Hidden Wiki is not a literal search engine but it is very useful. You see, whenever you make a search query on a dark web search engine, you’re bound to see 20 spammy links and then maybe 1 legitimate one. This can make it a time-consuming process to search.

However, this Wiki helps solve this by providing a directory list of websites on the dark web allowing you to easily access them. A **surface web version** is also available. Other websites that offer similar content include **TorLinks** and **OnionLinks**. You can visit The Hidden Wiki by following its .Onion link **here**. 

**Haystak**

Claiming to have indexed over 1.5 billion pages which includes more than 260,000 websites, Haystak indeed would stand out to be a resourceful engine on the list. It also has a paid version which offers several additional features such as searching using regular expressions, browsing now-defunct onion sites, and accessing their API. 

You can’t bet them to have your best interests at hand though considering one of these features allows you to access a database of stolen credit card information and email addresses as well. You can visit Haystak by following its .Onion link **here**. 

**Torch**

This one too is one of those search engines that have lasted for long enough(since 1996) but the search results are not impressive. In the query above, I wanted to know Facebook’s onion URL, a very simple piece of information. Yet, it reported everything but that showing how far these search engines have to go to improve.

On the other hand, it is fast and can come in handy regardless. Nevertheless, you can visit Torch by following its .Onion link **here**. 

**DuckDuckGo**

A long-time foe of Google; you’re bound to find this on almost every dark web search engine list. Yet, it reports surface web search results in more than those from the dark web and so the only good point we’re left with is the anonymity it offers. We couldn’t find 1 dark web search result through a couple of random queries.

So DuckDuckGo deserves our honorable mention kudos to its privacy-focused rather than business-oriented vision. You can visit DuckDuckGo by visiting its .Onion link **here**. 

**More Dark Web Topics**

1.  Authorities seize world’s biggest dark web child abuse site
2.  179 Dark Web vendors arrested, 500kg worth of drugs seized
3.  Twitter Goes on Tor with New Dark Web Domain to Evade Censorship
4.  DoJ seizes $1 billion in Bitcoin linked to Silk Road dark web marketplace
5.  CIA Wants Russians to Share Secret Info with the Agency via its Darknet Site

**How Safe Are Dark Web Search Engines?**

Even though dark web search engines are useful for finding information that isn’t accessible to the general public, they can be dangerous. If you are going to use a dark web search engine, it’s important to make sure you don’t use it from your normal computer. You might accidentally be putting your passwords, crypto funds, and other personal information at risk with these search engines.

Plus, some sites on the dark web may have malware that can infect your computer and steal information. However, what’s worse is that some results can lead to highly explicit and disturbing content that you may not be ready for such as child abuse, gore, torture, violence, threatening, terrorism, or other types of illicit content.

Therefore, keep your searches legal and limited to what you are looking for and **avoid using proxies** as hackers can easily infect them with malware or use them to steal your crypto funds.

The safest way to access a dark web search engine is through an anonymous browser like Tor. This browser will help protect your identity and personal data while browsing the dark web. It is also recommended that along with the **Tor browser** you should connect your device to a **VPN**.

Those who are not interested in the Tor browser can use an alternative browser such as:

*   12P
*   Whonix
*   Globus
*   Freepto
*   Disconnect

A full list of Tor browser alternatives is available here.

**How to Use Dark Web Search Engines**

Dark web search engines use complex software to crawl the dark web and index all of the information they find. Once indexed, these search engines allow you to find that information through a search engine interface.

However, not all dark web search engines are created equal. To maximize your searching ability, it’s important to understand what each dark web search engine is best at finding. Some popular dark web search engines include Grams or The Hidden Wiki, each one has its strengths and weaknesses.

For example, Grams search engine is infamously known for illegal drugs while The Hidden Wiki is better for things like eBooks and articles about privacy. No matter which dark web search engine you choose, it will provide you with access to sites that are hidden from the general public but are useful for finding specific types of information.

**Summing up**

To remain safe, be sure to steer clear of search results that may lead you to illegal sites. Always use a reliable VPN and keep your Tor browser up to date to avoid cyber criminals from snooping in.

**Best Security and Privacy Tools**

1.  Best OSINT Tools for 2020
2.  New tool lets teens report, remove their nude photos online
3.  CISA Publishes List of Free Cybersecurity Tools and Services
4.  New Underactor tool reveals pixelated text to expose sensitive data
5.  Download Kali Linux 2022.1 with new tools and wider SSH compatibility

What Are Dark Web Search Engines and How to Find Them?

By Waqas
CIA’s darknet website will be accessible to Russians through the Tor internet browser. The Central Intelligence Agency (CIA)…
This is a post from HackRead.com Read the original post: CIA Wants Russians to Share Secret Info with the Agency via its Darknet Site

**CIA’s darknet website will be accessible to Russians through the Tor internet browser.**

The Central Intelligence Agency (CIA) of the United States has issued instructions for Russians unhappy with their president Vladimir Putin’s invasion of Ukraine and trying to get in touch with the agency.

The CIA has published a comprehensive guide in English and Russian languages on how Russian citizens can share secrets with the agency. The guidelines appeared on the agency’s Instagram page on Monday. 

> “Our global mission demands that individuals can contact us securely from anywhere.”
> 
> CIA

**About CIA’s Darknet Site**

The step-by-step guide explains how “concerned Russians” can access the CIA’s darknet site, which is exactly like its regular homepage but can be accessed only via the encryption-based Tor anonymity browser.

It is worth noting that the CIA’s darknet site was launched in 2019 and is accessible through The Onion Router, aka Tor browser. The browser routes internet traffic across multiple third parties to hide the user’s location and identity.

Once downloaded, the browser requires users to enter a long string of characters followed by .onion to strip away any tracking of users’ digital activities, such as through cookies.

**More Darknet aka Dark Web News**

1.  Latest Top 6 Dark Web Search Engines for 2022
2.  Tor Anonymity: Things NOT To Do While Using Tor
3.  Records with data on 129M Russian car owners sold on dark web
4.  Russian Dark Web Market Hydra Taken Down; $25M in BTC Seized
5.  Twitter Goes on Tor with New Dark Web Domain to Evade Censorship

**CIA Urges Russian Tipsters to be Careful**

The CIA claims that it isn’t safe to directly engage America in the Russian domestic issues “physically or virtually,” hence, it has requested Russians to contact them securely via Tor since it will protect them from Russian snooping.

“There are concerned Russians who are desperately trying to reach the CIA,” a CIA official quoted by AP, declining to mention how many Russians have tried to contact the agency so far.

CIA has requested “tipsters” to provide their full name and country from where they are contacting the agency, their official position, and the information they intend to deliver. The agency asked the tipsters not to use their office or home computer to connect with the agency.

Moreover, the CIA urged Russians to use a VPN based out of Russia, China, or any country that’s not a US ally and avoid using free VPN services to evade online monitoring.

I am a UK-based cybersecurity journalist with a passion for covering the latest happenings in cyber security and tech world. I am also into gaming, reading and investigative journalism

CIA Wants Russians to Share Secret Info with the Agency via its Darknet Site

By Deeba Ahmed
The Indian government recently passed a new law that mandates all internet service providers to collect and store…
This is a post from HackRead.com Read the original post: India to Collect User Data from VPNs, Data Centers, and Cloud Service Providers

The Indian government recently passed a new law that mandates all internet service providers to collect and store user data for the past five years.

As per the press release of the Indian Computer Emergency Response Team (CERT-In, under the Information Technology Act 2000 provisions of sub-section (6) of section 70B, the agency will collect information from service providers including VPNs, data centers, intermediaries, and body corporate. 

All VPN service providers, VPS (virtual private server) providers, cloud service providers, Know Your Customer (KYC) norms, and practices used by virtual asset service providers, custodian wallet service providers, and virtual asset exchange providers will have to follow the new directives that come into effect on June 27th, 2022.

The new law, according to the press release, aims to fill the gaps that cause hindrance in incident analysis and ensure “safe & trusted Internet in the country.”

**What Information Will be Collected?**

The new directions cover various aspects of synchronizing ICT system clocks, maintaining ICT system logs, mandatory reporting of cyber incidents within six hours, and providing subscriber/customer registration details.

Furthermore, the agency noted that service providers would collect records of financial transactions for a period of 5 years to offer optimum security in payments and financial markets.

A look at directions released by the Ministry of Electronics and Information Technology (MeitY) Indian and CERT-In, Data Centers, VPS and VPN service providers, and Cloud service providers will have to collect and store the following data for at least five years or longer.

1.  Date and period of hire
2.  Purpose of subscribing to services
3.  Verified contact numbers and address
4.  Ownership patterns of customers/subscribers using their services
5.  Authenticated names of customers and subscribers using their services
6.  IPs allotted to the customers/subscribers or being used by the members
7.  IP address, email address, and time stamp used when registering or on-boarding

**VPN Providers Refuse to Oblige**

The new directives risk compromising user privacy and undermine the unique selling point of VPNs, which is safeguarding users’ digital footprint. CERT-IN requires government organizations, all service providers, data centers, and body corporate to enable logs of their ICT systems and securely maintain them for 180 days.

However, some reports suggest that three mainstream VPN service providers may not follow the new policy. According to Surfshark, which observes a no-logs policy, the company is currently investigating the implications of the new regulations and aims to continue its no-logs policy.

ProtonVPN stated that the new VPN requirements would erode civil liberties, and they will never take measures that weaken or threaten users’ privacy. ExpressVPN also clarified that they are “fully committed to protecting users’ privacy and would never log user activity.

A full transcript of the law can be accessed here .

**More VPN News on Hackread.com**

1.  PureVPN Aided FBI to Track CyberStalker by Providing His Logs
2.  VPN company that claims zero logs policy leaks 20 million user logs
3.  Israeli firm Kape Technologies buys ExpressVPN raising privacy concerns
4.  HotSpot Shield, PureVPN & ZenMate found leaking users real IP addresses
5.  Israeli firm buys Private Internet Access (PIA) VPN raising privacy concerns

India to Collect User Data from VPNs, Data Centers, and Cloud Service Providers

By Waqas
Cloudflare explained that it wasn’t the largest application-layer attack but the largest ever noted in the HTTPS category.…
This is a post from HackRead.com Read the original post: Cloudflare Successfully Thwarted One of The Largest DDoS Attacks

Cloudflare explained that it wasn’t the largest application-layer attack but the largest ever noted in the HTTPS category.

Internet Infrastructure company Cloudflare has mitigated one of the world’s largest distributed denial of service attacks (DDoS attacks) recorded to date. According to Cloudflare’s blog post published on April 27th, the company mitigated a 15.3 million rps (request-per-second) DDoS attack earlier in April 2022.

That’s one of the largest HTTPS DDoS attacks recorded so far. It is worth noting that HTTPS DDoS attacks extract more computing power from the device and tend to be more expensive since creating a secure TLS encrypted connection is far costlier than traditional attacks.

> “Therefore it costs the attacker more to launch the attack, and for the victim to mitigate it. We’ve seen very large attacks in the past over (unencrypted) HTTP, but this attack stands out because of the resources it required at its scale,”
> 
> Omer Yoachimik and Julien Desgats – Cloudflare

In August 2021, Cloudflare stopped the largest ever recorded DDoS attack involving 1.72 million HTTP rps. This figure was three times larger than all previously registered volumetric DDoS attacks.

**Volumetric and Bandwidth Attacks**

It is worth noting that volumetric DDoS attacks are different from conventional bandwidth DDoS attacks. In the latter, the attacker tries to exhaust and clog up the internet connection bandwidth of the targeted device.

In contrast, in the former, the attacker focuses on bombarding the victim with as many junk HTTP requests as possible to use up the server CPU and RAM. Moreover, volumetric DDoS attacks prevent other legit users from accessing/visiting the website.

**Details of the Attack**

According to Cloudflare, the victim was its customer using a crypto launchpad that surfaces DeFi (decentralized finance) projects to potential investors. Cloudflare revealed that around 1,300 different networks, including top networks like German provider Hetzner Online GmbH, OVH in France, Azteca Comunicaciones Colombia, and other cloud providers, were used for the attack.

However, the attack lasted less than fifteen seconds and was launched from a botnet comprising 6,000 unique bots originating from 112 countries. 15% of the traffic originated from Indonesia, while other most prominent countries included Russia, Brazil, India, Colombia, and the USA.

Cloudflare didn’t clarify whether the attack was linked to the Emotet botnet, but it did admit that it came from a botnet they have been tracking lately. Another interesting finding Cloudflare shared is that the attack originated from data centers mostly.

**More DDoS Attacks News**

1.  Christian crowdfunding site GiveSendGo hit by DDoS attack
2.  Imperva mitigated a series of massive ransom DDoS attacks
3.  DDoS Attack and Data Wiper Malware hit Computers in Ukraine
4.  Microsoft Azure customer hit by largest ever 3.47 Tbps DDoS attack
5.  DDoS attacks on Minecraft event crippled Internet of a European country

I am a UK-based cybersecurity journalist with a passion for covering the latest happenings in cyber security and tech world. I am also into gaming, reading and investigative journalism

Cloudflare Successfully Thwarted One of The Largest DDoS Attacks

By Waqas
In total, Anonymous leaked 285,635 confidential emails belonging to the Nauru Police Force of the tiny Nauru Island…
This is a post from HackRead.com Read the original post: Anonymous Leak 82GB of Police Emails Against Australia’s Offshore Detention

In total, Anonymous leaked 285,635 confidential emails belonging to the Nauru Police Force of the tiny Nauru Island infamously known for being used by Australia as an offshore refugee detention center in return for aid.

On Monday, May 2nd, 2022, the Anonymous collective released 82GB worth of emails apparently belonging to the Nauru Police Force. According to Anonymous, the data leak was in protest against the alleged ill-treatment of asylum seekers and refugees carried out by Island authorities on behalf of the Australian government.

For your information, Nauru is a tiny island country in Micronesia, northeast of Australia infamously known for being used by Australia as an offshore refugee detention center in return for aid.

As seen by Hackread.com, the total number of leaked emails is 285,635 and available for direct and torrent download through the official website of “Enlace Hacktivista,” a platform that aims to “Document hacker history.”

Art from the statement Anonymous released (left) – Direct download page of the leaked emails (right)

Although Hackread.com could not analyze the trove of emails, in a statement, Anonymous explained that the leaked confidential emails contain details related to abuses that the Nauru Police Force and the Australian government tried to cover up.

The statement also demands an end to the policy of mandatory immigration detention and the permanent closing of immigration detention facilities, including on the island of Nauru.

Anonymous also urged authorities to launch an investigation of all allegations of abuse in the immigration detention centers and pay lifetime reparations to victims.

So we decided to hack the Nauru Police Force, who were tasked by the
Australian government with policing the island and obtained 285,635
confidential emails related to abuses that they tried to cover up, and we
are making them all public.

The Republic of Nauru has previously disputed reports of torture, sexual
assault and child abuse on the island. Can they still dispute this when
all their emails are out in the open?

The things we saw and read made us sick. We are asking the newly elected Australian government to by the end of 2022:

  ~ End the policy of mandatory immigration detention and permanently close
    immigration detention facilities, including on the island Nauru.

  ~ Grant permanent residence to all asylum seekers, including the 124 people
    forcibly moved out from Manus Island.

  ~ Investigate all allegations of abuse in the immigration detention centres
    and pay lifetime repairations to victims.

Anonymous!

On Twitter, Emma Best, journalist, and co-founder of a non-profit whistleblower organization DDoSecretsDistributed Denial of Secrets, aka DDoSecrets, confirmed the leak. Best also announced that the enormous data dump is also available on DDoSecrets.

On the other hand, @YourAnonNews, one of the largest social media representatives of Anonymous also tweeted about the data leak stating that “Anonymous hackers release 1/4 million Nauru Island Immigration Detention Center Police emails documenting abuses suffered by asylum seekers and refugees under successive Scott Morrison (Prime Minister of Australia since 24 August 2018) portfolios.”

@AnonOpsSE, another prominent representative of the Anonymous collective tweeted that “Enlace Hacktivista has released 285,635 emails (82 GB) from the Nauru Police Force, documenting conditions of the island and abuses endured by asylum-seekers and refugees.”

At the time of publishing this article, there was no comment from the Nauru Police Force or Australian authorities.

**Anonymous Against Police Brutality**

1.  Anonymous Hacks Spanish Police Server, Leaks Data Against Gag Law
2.  Anonymous Linked Team Hacks Kenyan Oil Firm Against Police Brutality
3.  Anonymous Hacks Chile Govt against police brutality on student protests
4.  Police Brutality: Anonymous Hacks San Bernardino County Sheriff Support Site
5.  Anonymous Shuts Down Montreal Police Site Against Brutality on Student Demo

I am a UK-based cybersecurity journalist with a passion for covering the latest happenings in cyber security and tech world. I am also into gaming, reading and investigative journalism

Anonymous Leak 82GB of Police Emails Against Australia’s Offshore Detention

By Owais Sultan
What a good tech stack for a mobile app is and how to, actually, pick the right one…
This is a post from HackRead.com Read the original post: How to Choose Tech Stack for Mobile App Development

What a good tech stack for a mobile app is and how to, actually, pick the right one to avoid wasting time and resources.

**Introduction**

An excellent mobile app has to be a one-size-fits-all for your specific audience nowadays. It has to meet the needs and requirements of the users it is created for. Needless to say, all users expect only safety, smooth and flawless operation, and a user-friendly interface from your app. Taking into account the reviews of customers on the app stores, not every developer or business can ensure such an experience for their users.

According to Jat App, every company should choose the best stack for developing its mobile app. The success of the app directly depends on it. It will save tons of your time for the development, create new opportunities, and facilitate your further project. The question about how to pick the right technology stack for your future app remains urgent and concerns a lot of business owners. 

Below, you are going to learn more about it, how to choose the stack for your native app, or cross-platform app development. The modern world is mobile-oriented and you cannot deny it. If you are going to succeed with your mobile app and bring only positive experiences to your users, then read carefully and see which mobile app stack will be the most effective and valuable for you. 

**What a Tech Stack, Actually, Is**

First, let us figure out what a tech stack is. To make it simple, a tech stack is a range of tools, programming languages, libraries, and frameworks. It has two core sides — server and client. The rest of the constituents are user experience, stability, development platform, reliability, etc. 

The choice of a mobile app tech stack affects the success and efficiency of your future app. Yes, it is that important! If you do not weigh all the pros and cons and make the wrong decision, you risk wasting your time and money. Last but not least, it can cause the failure of your future app. 

Thus, choosing the right and appropriate tech stack is crucial. To do that, you have to think of the goal of your app first. 

**How to Choose a Tech Stack for Your Needs?**

A tech stack consists of:

*   Back-end

Which, in turn, includes:

*   Server
*   Database
*   Front-end 
*   Webserver
*   Web framework
*   Operating system
*   Programming language

Which includes the following components:

*   CSS 
*   HTML
*   Java Script
*   User’s Browser 

Although everything looks complicated, it is not really so. The market is full of different technology stacks. Picking one of them will not be too complicated. However, before you start working, you must have a plan that will affect the success of your app and business. Your app must have a range of appropriate features, and be functional, scalable, secure, and maintainable. 

It’s crucial to consider several aspects while creating your plan before making a decision. Let’s see how you can and should do that properly! 

**General App Needs**

All apps are different and have different needs and requirements. You cannot deny that applying the same rules and approaches to all of them is impossible. The device for which the app is created, user experience, network type, the platform to run on, time to market, etc. differ for different apps. 

All these aspects must be key factors when choosing a tech stack for a mobile app because the library, language, software, and framework you will choose will depend on them. 

**The Range of Skills of The Development Team**

Different languages and frameworks bring the same results. However, you must reach brilliant results, and thus, pick clear factors. When choosing the stack, it is crucial to take into account the developer’s skills. 

Not every tech stack is user-friendly, unfortunately. If you pick such one, it will only raise the development time. It’s not difficult to guess that the cost of the development will also grow. Vice versa, if you choose a good user-friendly stack with which your team is comfortable, you save their time and therefore, your budget. 

**The Overall Goals of The App**

While making your stack mobile choice, it is necessary to take into account the app goals. Mainely, its primary target. If the app depends on heavy load processing, then it is necessary to pick a reliable tech stack. Precisely streamlined interactions will not be suitable in this case.

**Multiple-platform Running**

If you compare an app running on one platform and the one running on all platforms, you will notice that their tech stacks will be different. But apart from that, you have to take into account the necessary set of tools to scale the app and port it to other platforms, such as Hybrid Platform App Development or Cross. They will be totally different from the set of tools required to develop a native app. 

**Parent Company**

Taking into account the parent company of the web application tech stack is also crucial when developing your app. Some platforms (Google, Adobe, or Microsoft) offer much better community support and documentation than the rest of them. Advanced development options will be a good bonus. 

**Data Security**

The safety of your data matters. Even a small leak of users’ data may seriously harm your reputation. It will all lead to the loss of trust from users. For that reason, you should always choose only the tech stack that guarantees the highest security of all information and data.

**Budget**

The type of your project is affected by many features, such as functionalities, the cost of the development, the time required to complete the project, etc. Your task is to consider all of the needs without extra features. It will boost the development process and save you money from unnecessary expenses. 

Taking into account the enlisted aspects, you will know what kind of stack you need to pick for your project. It has to make your app really innovative and scale it. 

**Compatibility With Other Technologies**

Current technologies are also important when it comes to a choice of a tech stack. They both have to comply with one another. It is not all yet. The tools you plan to input into your app later must also be compatible with the chosen stack. 

**The Difference Between Native and Cross-Platform Apps**

Native app development prevents you from difficulties with creating a sustainable product that covers several platforms and is focused on creating an appropriate design for such target platforms as iOS, Android, or others. 

Cross-platform development is aimed at creating an app that can cover as many followers of the brand as possible thanks to covering a wide amount of end devices in the process of development and programming. Cross-platform apps are perfect for new requirements of omnichannel retailing where consumers expect the main interaction between devices and channels. 

Here are the core differences between native and cross-platform apps:

*   Cost — Native app development is more expensive than cross-platform app development
*   Code usability — Native apps work for one platform while cross-platform apps can work for multiple platforms
*   Performance — Native apps have high and responsive performance while cross-platform apps have high performance, but lags and hardware compatibility issues are not uncommon
*   Device access — Native apps’ platform SDK provides access to the device’s API without any hindrance; With cross-platform apps, there is no access to all device’s API 

**Conclusion**

Choosing the application technology stack is an important stage of the development process. It has to be done before you start working on your app, otherwise, all your finances and precious time can be simply wasted. Take into account the above-mentioned factors before choosing your technology stack. It will decide whether the development process and the app itself are going to be successful.

How to Choose Tech Stack for Mobile App Development

By Owais Sultan
Once you invest in cryptocurrency, it is primarily important to secure your investments.  With rising numbers of cyber-attacks,…
This is a post from HackRead.com Read the original post: How To Safeguard Your Cryptocurrency Investments?

Once you invest in cryptocurrency, it is primarily important to secure your investments. 

With rising numbers of cyber-attacks, chances of crypto theft have also soared nowadays. Reports suggest that almost 3.7 million crypto coins have been lost to date. 

But thankfully, there are different methods too, to protect the cryptocurrencies you own. You need to keep your assets safe by adopting methods that suit the type of asset you have in possession. 

Here are the most effective methods to consider for storing crypto assets. 

**Storing cryptocurrency in a custodian wallet **

For crypto storage, custodian wallets are the most preferred option above all. Your crypto asset is kept safe by third parties via online and offline or both methods.

Generally, when you purchase cryptocurrency through P2P trading platforms or otherwise, the assets you gained are preserved in your wallet under the control of the app, platform, or stockbrokers. And if you wish to store it yourself, you are free to transfer the assets to hot or cold wallets. Not every platform permits such transfers.

Now let us discuss the advantages of using custodian wallets to preserve investments. 

*   The user does not have to put in a lot of effort or time 
*   It is easier to access and trade your assets without hefty procedures as they are kept safely in your personal account. 
*   It is one hundred percent guaranteed that one of your crypto assets goes missing as far as you have aces to your account. 

**Storing cryptocurrency in a cold wallet **

Cold wallets, otherwise called offline wallets, are considered the safest means of preserving cryptocurrency investments. There are numerous cold crypto storage options available, of which the most popular one is the hardware wallet.

You might be wondering what these hardware wallets are. These devices can be connected to your desktop for storing your crypto investments. This is the safest method because they preserve your funds offline. 

Here are how cold hardware wallets operate:

*   Not all hardware wallets are built to sate the same type of cryptocurrencies. There are specific wallets for each asset; some are made to store smaller assets, while some can handle 1000 plus cryptos. 
*   By connecting the hardware to your system, you can transfer crypto from different addresses as well. Every hardware wallet has a unique recovery phrase that nobody should share. This is because by having access to the recovery phase, they can access your crypto, lock you out or even steal your assets. 

**Storing cryptocurrency in a hot wallet**

Hot wallets are the online ones. even though cold wallets are considered safer than hot wallets, the biggest downside of offline wallets is their inconvenience. Those who find offline wallets not efficient enough can switch to holt or online wallets.

Here your crypto assets are stored online and are easy to make trade as you remain online the entire time. This hardware a readily available as apps that can be installed on the desktop. If you are not comfortable with the app, you can go for web-based hot wallets. 

Significant advantages of using hot wallets:

*   Freely available almost every time. 
*   The owner has control over the assets
*   Speedy transactions and user-friendly. 

**Storing cryptocurrency in a physical wallet **

The physical wallet is a variant of a cold wallet where you have a printout of private keys and QR codes. These are popularly known as paper wallets and are completely free and offer maximum security with almost zero cost. The major downside of paper or physical wallets is highly inconvenient. 

**The most popular methods of safeguarding cryptocurrencies**

*   Store the bulk assets in a cold wallet while using a smaller or hot wallet if you want to carry out frequent trades. 
*   Never share the recovery phrase or private key with anyone, nor save them to your computer. 
*   Write down every recovered phrase of your wallet; you can either physically write down these or use steel tools that do the job well. 

**Conclusion **

Storing crypto assets safely is a significant component if you are active in the cryptocurrency market. As soon as you earn crypto, transfer them to the wallet, note down the recovery phrase and store it somewhere safe. 

Owais takes care of Hackread's social media from the very first day. At the same time He is pursuing for chartered accountancy and doing part time freelance writing.

Source

HackRead