Friend
Professional
- Messages
- 2,653
- Reaction score
- 850
- Points
- 113
Never rely on your own developments if there are well-thought-out solutions.
Law enforcement agencies recently gained access to the encrypted communications platform Ghost, which has been linked to organized crime activities. As a result of the hack, they were able to intercept users' messages. Regardless of this case, a cybersecurity researcher identified vulnerabilities in Ghost's infrastructure that allowed him to obtain a list of usernames and support messages through an open server.
The incident shows that even secure networks created by criminal gangs can be vulnerable to attacks by law enforcement agencies and external hackers. Cybersecurity expert Jamison O'Reilly of Dvuln said the problems began when Ghost switched to using its own code rather than technology from large companies. "When Ghost relied on their code rather than enterprise-grade code, it became clear how poorly it was done," he said.
During his research, O'Reilly discovered an open login data on a source code platform (similar to GitHub) — a username and password that belonged to the developer of Ghost. This developer was involved in the creation of the Ghost API and web portal. Usually, encrypted communication platforms create such portals so that distributors can add new users or manage customer devices.
Disclosed information in the repository
The most severe vulnerability was the discovery of an unsecured API access point. It allowed you to retrieve sensitive data from more than 1,000 Ghost users, such as their names, email addresses, passwords, and subscription expiration. In addition, the researcher gained access to information about the company's resellers — partners who distribute Ghost products.
Encrypted companies often use a network of distributors who operate in specific regions and transfer a portion of the company's profits. This structure sometimes leads to conflicts and competition between dealers, and access to reseller data can create additional risks for their activities.
O'Reilly also gained access to messages sent to Ghost support. They contained requests to reinstall or update applications, as well as questions about the work of other messengers, such as Threema and Signal. Reports indicate that Ghost users are not always able to manage their devices themselves and often seek help from technical support.
Some appeals clearly indicate customer concerns about hacking by the authorities. In one of the messages, a user asks, "Please confirm that your app and security system have been hacked by the authorities. My law firm needs to assess the situation urgently." This is presumably due to a separate incident of Ghost being hacked by law enforcement.
Since the researcher discovered the vulnerabilities, the Ghost server has become unavailable. However, the data breach has already occurred, and this could affect the security of many users and partners of the platform. At the time of publication, a message about the seizure of the FBI resource was posted on the Ghost website, and users were asked to contact the agency for further instructions.
Source
Law enforcement agencies recently gained access to the encrypted communications platform Ghost, which has been linked to organized crime activities. As a result of the hack, they were able to intercept users' messages. Regardless of this case, a cybersecurity researcher identified vulnerabilities in Ghost's infrastructure that allowed him to obtain a list of usernames and support messages through an open server.
The incident shows that even secure networks created by criminal gangs can be vulnerable to attacks by law enforcement agencies and external hackers. Cybersecurity expert Jamison O'Reilly of Dvuln said the problems began when Ghost switched to using its own code rather than technology from large companies. "When Ghost relied on their code rather than enterprise-grade code, it became clear how poorly it was done," he said.
During his research, O'Reilly discovered an open login data on a source code platform (similar to GitHub) — a username and password that belonged to the developer of Ghost. This developer was involved in the creation of the Ghost API and web portal. Usually, encrypted communication platforms create such portals so that distributors can add new users or manage customer devices.
Disclosed information in the repository
The most severe vulnerability was the discovery of an unsecured API access point. It allowed you to retrieve sensitive data from more than 1,000 Ghost users, such as their names, email addresses, passwords, and subscription expiration. In addition, the researcher gained access to information about the company's resellers — partners who distribute Ghost products.
Encrypted companies often use a network of distributors who operate in specific regions and transfer a portion of the company's profits. This structure sometimes leads to conflicts and competition between dealers, and access to reseller data can create additional risks for their activities.
O'Reilly also gained access to messages sent to Ghost support. They contained requests to reinstall or update applications, as well as questions about the work of other messengers, such as Threema and Signal. Reports indicate that Ghost users are not always able to manage their devices themselves and often seek help from technical support.
Some appeals clearly indicate customer concerns about hacking by the authorities. In one of the messages, a user asks, "Please confirm that your app and security system have been hacked by the authorities. My law firm needs to assess the situation urgently." This is presumably due to a separate incident of Ghost being hacked by law enforcement.
Since the researcher discovered the vulnerabilities, the Ghost server has become unavailable. However, the data breach has already occurred, and this could affect the security of many users and partners of the platform. At the time of publication, a message about the seizure of the FBI resource was posted on the Ghost website, and users were asked to contact the agency for further instructions.
Source
