san.com straightarrownews Sep 08, 2025 at 06:20 PM GMT+2
Mikael Thalen (Tech Reporter)
Summary
Sensitive data leaked
More than 2,000 files linked to former U.K. Prime Minister Boris Johnson were stolen by hackers and leaked online.
‘Devastating’ breach
Cybersecurity experts describe the leak as a serious exposure of data belonging to a world leader.
‘High-priority target’
A former U.K. official says the breach could be related to an influence campaign by a foreign adversary.
Full story
Leaked computer files tied to former U.K. Prime Minister Boris Johnson offer an unprecedented glimpse into a scandal over COVID-19 protocols, his response to the Ukraine war and his private views on world leaders, including Russian President Vladimir Putin. The hack also found documents pitching a reality television show.
Taken together, the files paint an intimate portrait of the former politician’s day-to-day activities, including during his time as prime minister from 2019 to 2022.
Straight Arrow News obtained the more than 2,000 files from the nonprofit leak archiver DDoSecrets. Unidentified hackers quietly posted the data online last year, according to DDoSecrets co-founder Emma Best, but it has not been previously reported.
SAN sent an inquiry to Johnson’s office, where the data appears to have originated, as well as to Johnson’s personal email address, but did not receive a reply.
Little is known about the details surrounding the breach and those responsible. But cybersecurity experts describe the data leak as a serious exposure of information in the hands of a world leader.
“It’s obviously a devastating compromise if personal emails, documents and the like have been collected and breached,” Shashank Joshi, visiting fellow at the Department of War Studies at King’s College London, told SAN.
World leaders are regularly targeted by both criminal and nation-state hackers. In 2020, according to researchers at Citizen Lab, the University of Toronto-based group that specializes in spyware detection, multiple phones at Johnson’s office and the foreign office were compromised.
That attack, which Citizen Lab linked to the United Arab Emirates, was carried out with the advanced Israeli-made spyware known as Pegasus. Both the UAE and NSO Group, the company behind the spyware, denied involvement.
Rob Pritchard, the former deputy head of the U.K.’s Cyber Security Operations Centre and founder of the consulting firm The Cyber Security Expert, told SAN that it is entirely possible that the hack of Johnson could be tied to an influence operation from a foreign adversary.
“I think this really highlights the importance of ensuring good practices when it comes to cybersecurity, especially for high-profile individuals,” Pritchard said. “Ex-prime ministers will undoubtedly still be very high-priority targets for a range of countries, and their private office will hold sensitive information, if not actually classified information in the strict sense.”
‘Security briefing: Nuclear’
A folder titled “Travel” underscores the hack’s intrusiveness.
It includes photos of Johnson’s passport and driver’s license, as well as his visa information for Australia, Canada, Kurdistan, Saudi Arabia and the U.S. Identifying documents for family and staff are also present.
Itineraries outlining visits to numerous countries offer insight into Johnson’s routine. One U.S. visit, which does not include a date but appears to have been during President Donald Trump’s first term, shows efforts by Johnson to meet prominent politicians, such as Sen. Ted Cruz, R-Texas, former National Security Adviser John Bolton, former United Nations Ambassador Nikki Haley and Florida Gov. Ron DeSantis.
Other itineraries, including one for a November 2023 visit to Israel, mention Johnson’s security measures. The document states that although Johnson did not bring a protection force of his own, “4 Israeli private security agents” would look after his group while “on the ground.”
Documents related to a November 2022 visit to Egypt show the names and phone numbers of two individuals tasked with protecting Johnson while in the city of Sharm El-Sheikh. The travel folder also contains documents related to VIP suite bookings at London Gatwick Airport and COVID-19 vaccination records for those traveling with Johnson.
Another folder called “Speeches” contains dozens of notes and transcripts for talks by Johnson both during and after his tenure. Invoices show how much Johnson charged for several speaking engagements in 2024 after leaving office, including $350,000 for a speech to Masdar, a clean energy company in the UAE. After deductions, however, Johnson appears to have pocketed $94,459.08.
The usernames, passwords, phone numbers and email addresses used for Johnson’s accounts on Facebook, Instagram, Twitter, LinkedIn, Snapchat and Threads are exposed as well in a file marked “confidential.”
Another folder, labeled “DIARY,” includes Johnson’s daily schedules, marked as both “sensitive” and “confidential,” during his time as prime minister. One schedule from July 2019 simply states, “Security briefing: Nuclear.” Another entry from that month: “Telephone call with the President of the United States of America, Donald Trump.”
‘Partygate’
A folder titled “Notebooks” includes scans of hundreds of pages of Johnson’s handwritten notes. Many sections have been redacted with “National Security” warnings.
SAN confirmed that the documents are related to the U.K.’s independent public inquiry into the COVID-19 pandemic, which required Johnson to hand over copies of his diaries and notebooks. Although many of the documents related to the inquiry were made public, those obtained by SAN were not.
The investigation found that Johnson attended numerous social gatherings during the pandemic in breach of COVID-19 lockdown regulations. The ensuing scandal, known as “Partygate,” ultimately led to Johnson’s resignation.
In one notebook entry dated March 19, 2020, Johnson writes that “some very difficult rationing decisions” would be required because of the pandemic’s strain on the U.K.’s medical system.
Another entry regarding the 2021 G7 summit in Cornwall, England, highlights the issues Johnson planned to discuss with numerous world leaders, including former President Joe Biden, French President Emmanuel Macron and former German Chancellor Angela Merkel.
‘It would only take one missile’
The data cache contains 160 emails from the first 22 months following Johnson’s tenure as prime minister. They appear to have come from the account of Johnson’s senior adviser.
These emails discuss Johnson’s private endeavors, including a document pitching a reality TV show to popular streaming platforms, complete with AI-generated photos of the former world leader.
One of the later emails contained in the breach, dated June 10, 2024, shows attempts by the U.K.’s National Security Secretariat to schedule a meeting with Johnson regarding “a sensitive security issue” almost two years after he left office.
The email, sent on behalf of Deputy National Security Adviser Matt Collins, noted a “strong preference” for an in-person meeting with the former prime minister. It’s unclear what spurred the meeting request and whether it was related to the breach.
The final folder from the leaked data involves the Russian invasion of Ukraine.
Notes on a widely reported phone call between Johnson and Russian President Vladimir Putin from February 2022 offer insight into the former prime minister’s thinking. The conversation is described by Johnson, who makes specific mention of Putin’s use of profanity, as “weirdly intimate in tone.”
Johnson also claims that Putin said, “I don’t want to hurt you boris but it would only take one missile.”
Johnson later revealed the threat in a 2023 documentary by the BBC. A Kremlin spokesperson responded by calling the claim a “lie.”
In another entry dated “25 October,” Johnson reminds himself to “call Putin” with an invite to a United Nations Climate Change Conference. Johnson notes that such events are “not really his bag since it is all about moving beyond hydrocarbons and he is paranoid about covid.”
The leak also contains a U.K. Defense Intelligence document dated December 2022 regarding the status of a nuclear power plant in Ukraine. The document includes numerous classification labels, such as sensitive, which denotes that it is not intended for public release. Other markings show that the document may only be shared with international partners in the European Union, NATO, Australia and New Zealand.
The U.K.’s Cabinet Office, which supports the prime minister, did not provide a statement when contacted by SAN.
Alan Judd (Content Editor) and Devin Pavlou (Digital Producer) contributed to this report.
san.com Aug 23, 2025 at 12:34 AM GMT+2
A hacker breached an airline and stole information on hundreds of thousands of people, including U.S. government employees.
Summary
Exposed IDs
Straight Arrow News examined 2,626 photos of identifying documents such as passports, IDs and birth certificates that were stolen by a hacker.
U.S. government data
The data includes the names, emails and phone numbers of employees from the State Deptartment, ICE, TSA, CBP and more.
Airline denial
Uzbekistan Airways denied that any intrusion took place and even suggested that leaked data may have been generated with artificial intelligence.
Full story
A hacker claims to have stolen information on hundreds of thousands of people — including U.S. government employees — after breaching an international airline. Straight Arrow News obtained a sample of the data, allegedly taken from Uzbekistan Airways, and confirmed the presence of sensitive documents such as scans of thousands of passports.
The data was advertised on Thursday by the hacker, who is known online as ByteToBreach and purports to be a native of the Swiss Alps, on a dark web forum known for hosting leaks, malware and hacking tools. The purportedly 300-gigabyte data cache contains, among other things, the email addresses of 500,000 passengers and 400 airline employees.
The post included a sample of the data, such as alleged credentials for multiple servers and software programs run by the airline. It also showed partial credit card data, as well as scans of 75 passports from the U.S., Russia, Israel, the U.K., South Korea and other nations. The hacker claims to have obtained identifying documents from more than 40 different countries.
The hacker provided Straight Arrow News with a larger data sample than the one posted online, containing 2,626 photos of identifying documents such as passports, IDs, marriage licenses and birth certificates. Numerous passports belonged to babies and young children.
Passports and other identifying data are valuable on underground markets given their potential use for a range of criminal activities, such as fraud and identity theft. Hackers could also leverage the prevalence of data on government employees for phishing attacks.
U.S. government employees’ data compromised
Another document from the sample the hacker provided to SAN contained 285 email addresses belonging to airline employees. A list of email addresses for passengers held 503,410 entries.
A spreadsheet with personal information of 379,603 members of Uzbekistan Airways’ loyalty program exposes names, genders, birthdates, nationalities, email addresses, phone numbers, member IDs and more.
The email addresses indicate that those members include employees of several U.S. government agencies, including the State Department, the Department of Energy, Immigration and Customs Enforcement, Customs and Border Protection and the Transportation Security Administration.
Employees of foreign government agencies from countries like Russia, Uzbekistan and the United Arab Emirates were also in the data.
SAN reached out to several phone numbers of government employees. An apparent TSA employee answered the phone by introducing themselves with the first name listed in the hacked data, as well as their government position. After SAN explained that their data had been exposed, the employee declined to comment and referred a reporter to the Department of Homeland Security’s public affairs office.
The public affairs office did not respond to an email from SAN. An email to the State Department’s office of press operations went unanswered as well.
Four files containing raw reservation and ticketing data mention airlines, airports, flight numbers and other information. The hacker also claimed that the raw data contained partial credit card information, although SAN was unable to independently verify the presence of financial data.
...
Hackers are using a custom Flipper Zero firmware to bypass security protections in automotive key fobs, putting millions of vehicles at risk.
Hackers have a new way to break into – or even steal – your car, and all it takes is the push of a button. Malicious actors are circumventing modern security protections in automotive key fobs, researchers warn, putting millions of vehicles at risk.
The hack works by intercepting and cloning a key fob’s radio signal, using custom firmware built for the Flipper Zero, a handheld device designed for analyzing and testing wireless communication protocols.
It bypasses a security mechanism known as rolling codes, designed to prevent thieves from reusing captured key fob signals to unlock a car. Each time the key fob is pressed, an internal algorithm generates a new, one-time-use code, leading the vehicle to unlock only if the code is confirmed to be valid.
But the new hack sidesteps these protections by exploiting the rolling code algorithm to calculate valid key fob commands based on a single intercepted signal.
“I can sit in a parking lot and wait for someone to lock their car, and immediately I get all their fob buttons,” Jeremy Yablan, a hacker known online as RocketGod, told Straight Arrow News. “Other attacks are tricks. This one just captures a single keypress and decodes all buttons and rolling codes in an instant. You open your trunk – the bad guy has your entire fob.”
Yablan described the attack as “ridiculously fast and easy.”
Many vehicles vulnerable
SAN obtained a copy of the firmware and tested the attack in a controlled setting with the permission of vehicle owners. In one case, capturing a single unlock signal allowed the Flipper Zero to repeatedly lock, unlock and open the trunk of the target car.
The hack also disabled the original key fob until it was manually reset.
Vehicles vulnerable to the attack include numerous models manufactured by Chrysler, Dodge, Fiat, Ford, Hyundai, Jeep, Kia, Mitsubishi and Subaru, according to an infographic provided with the firmware. The infographic says updates to attack other car makers, such as Honda, are “in development.” It also mentions high-end car companies such as Alfa Romeo, Ferrari and Maserati.
Numerous car companies listed as susceptible to attack did not respond to SAN’s requests for comment. James Bell, the head of corporate communications at Kia America, said his company “is not aware of this situation and therefore have no comment to offer.”
The team behind the Flipper Zero device, which does not endorse the custom firmware, did not respond to requests for comment.
Created by Russian hacker
The hack appears to be based on a 2022 attack known as “RollBack,” developed by researchers at CrySys Lab in Hungary. The researchers demonstrated how rolling code protections could be broken by capturing valid signals and replaying them in a specific order to bypass a vehicle’s code synchronization system.
The firmware for the Flipper Zero apparently was created by a Russian hacker. Advertisements for the firmware, which includes a serial lock designed to keep it from being distributed to additional users, show it being listed online for as much as $1,000.
The firmware obtained by SAN was a version that had its serial lock disabled by security researchers. The firmware’s creator told SAN that a newer version has since been developed. He shared an updated infographic that lists Suzuki as another vulnerable make.
SAN is not naming the hacker to avoid facilitating the sale of his firmware to potential thieves.
The freelance security researcher and YouTuber known as Talking Sasquach, who regularly covers the Flipper Zero, said the firmware’s creator is marketing the tool specifically to criminals.
‘Only a matter of time’
Protections against the attack are limited.
“There’s really not much people can do to protect themselves against this attack short of just not using your key fob and only using the keys,” Talking Sasquach said.
Given that many modern vehicles do not use traditional keys and rely entirely on key fobs, such workarounds are not viable for all drivers.
“Car companies could issue an update,” Talking Sasquach said, “but they’d have to pull in all of the vehicles and change their software and the key fob’s software, which would probably not be feasible, and a huge cost to manufacturers.”
Despite attempts by the firmware’s creator to limit its distribution, Yablan and other hackers have already managed to remove the built-in licensing restrictions.
The hack is likely to become more commonly used, security researcher Ryan Montgomery, founder of Pentester.com, told SAN.
“It’s only a matter of time,” he said, “before it gets leaked to the masses.”
san.com - Data stolen by a ransomware gang has exposed highly sensitive information from a Louisiana sheriff’s office, including the names, telephone numbers and Social Security numbers of confidential informants in criminal investigations. Straight Arrow News obtained a copy of the data from DDoSecrets, a non-profit that archives hacked and leaked documents in the public interest.
Medusa, a suspected Russian cybercrime group, said on its Dark Web blog in April 2024 that it had pilfered more than 90 gigabytes of data from the East Baton Rouge Sheriff’s Office.
The sheriff’s office initially claimed the intrusion had been quickly detected and stopped, allowing the hackers to obtain only a limited amount of data, such as “screenshots of file folders and still images from video files, WBRZ-TV reported.
65,000 files
A sample of the stolen files shared at the time by Medusa included payroll information, showing that the breach was more substantial than first claimed by the sheriff’s office. Medusa threatened to release all of the data, which contains over 65,000 files, unless the sheriff’s office paid $300,000. There’s no indication the ransom was ever paid.
The East Baton Rouge Sheriff’s Office did not respond to a request for comment from SAN.
SAN’s analysis of the full data cache provides an insight into just how damaging the breach was. Given the sensitivity of the data, DDoSecrets is only sharing it with approved journalists, researchers and defense attorneys practicing in Baton Rouge.
The data covers both the banal day-to-day operations of a law enforcement agency and the potentially life-and-death details of drug cases and other criminal investigations.
“The East Baton Rouge Sheriff’s Office data is an extraordinary example of the inner workings of a police department, down to Internal Affairs investigations and details about the use of confidential informants,” DDoSecrets co-founder Emma Best told SAN. “While the police are obviously of public interest and deserve no privacy, their targets and victims do. With that in mind, we’re refraining from republishing the full data to the public while encouraging journalists and civil rights advocates to engage with it.”
Best said the data cache was posted by Medusa to the messaging app Telegram, but that their channels were repeatedly shut down. The contents of the breach have not been extensively reported on until now.
Law enforcement entities are common targets for ransomware gangs. In 2021, the Metropolitan Police Department in Washington, D.C., was hacked by a Russian-speaking ransomware group known as Babuk, resulting in the leak of 250 gigabytes of data after the department refused to pay a ransom. The data also included sensitive information on informants and police officers.
Confidential informants
Contracts signed by 34 confidential informants in 2023 are among the exposed data from Louisiana.
A document titled “CI Information” lists the names, dates of birth and Social Security numbers of 200 confidential informants involved in narcotics investigations. Names of deputies overseeing informants and case numbers are included, as well as whether the informants are still active. Deactivation dates, indicating when an informant’s work ended, range from 2020 to 2023.
A folder titled “C.I. G.P.S. routes” contains numerous images of maps detailing the movements of informants across Baton Rouge.
Seized devices
A document last edited in August 2023 lists devices seized by the sheriff’s office, primarily mobile phones. The document notes whether a warrant had been requested or obtained, as well as additional steps that may have been needed to access a device’s contents.
Several phones were turned over to the FBI, the data indicates. Some files mention that cellphone hacking tools were needed to pull data from the devices. Files refer to both Cellebrite, an Israeli company that produces tools for extracting data from mobile devices, and GrayKey, a mobile forensics tool developed by the US-based company Grayshift that similarly unlocks and extracts data from phones.
The data also shows that the Drug Enforcement Agency sought access to historical location data and other information from a target’s cell phone.
Cell phone surveillance
Pen trap and trace search warrants — court orders that allow law enforcement to collect cell phone metadata such as numbers dialed — were issued to cellular service providers T-Mobile, AT&T and Verizon.
Many of the warrants mention the use of a “cell site simulator,” also known as an IMSI catcher, to reveal a suspect’s whereabouts. Cell site simulators, commonly referred to as Stingrays, are devices that mimic cell phone towers and can be used to pinpoint the location of specific phones.
Sock puppet accounts
A presentation about online investigations advises officers to create “sock puppet accounts,” a term used to describe a false online identity created to conceal an individual’s real one.
For instance, deputies were told to use a free VPN browser add-on for Google Chrome to hide their IP addresses. The website thisxdoesnotexist.com is also listed as a resource for deputies to create AI-generated images of everything from fake people to resumes.
Hidden cameras and drones
A folder titled “Tech” includes brochures listing an array of surveillance technology, such as GPS trackers and hidden cameras that can be placed inside items such as clothing, vape pens and Newport menthol cigarette packs.
A list of hidden cameras contains IP addresses, login credentials for remote access and identifying information for both the devices and SIM cards used.
One list shows 19 drones operated by the sheriff’s office, the majority of which are made by the Chinese manufacturer DJI. The drones are used by several divisions of the sheriff’s office, including SWAT and narcotics, for suspect apprehension and search and rescue missions.
A PowerPoint presentation in the data cache shows the default password used to access the internal system for logging drone usage. A folder titled “Operation Photos & Videos” shows both surveillance of criminal suspects as well as overhead images of sheriff’s deputies at a shooting range.
Internal affairs
Internal affairs data, including complaints made against the sheriff’s office, accuse deputies of racial profiling, unwarranted searches and excessive force.
Incidents range from a deputy being reprimanded for letting his 10- and 12-year-old children drive his patrol vehicle to another being arrested for battery and suspended for 30 days after being involved in a “road rage-type” episode.
Polygraph results
Other files detail the results of polygraph tests given to both deputies and suspects.
One file graphically details an alleged sexual assault and concludes that the person being tested had been deceitful. A deputy was also accused of being deceitful after being asked whether he’d referred to homosexuals as “disgusting” when discussing a fellow deputy believed to be gay.
