Hackers Take Over HBO Social Accounts, Plant Spyware in App Store and Target Scottish Parliament

It's another week in ThreatWatch, Nextgov's regularly updated index of cyber events. Here's what you missed last week:

Hacking Group Takes Over HBO Social Media Accounts

HBO’s cyber nightmare continues after a well-known hacking group took over several of the company's Twitter accounts late Wednesday night, the New York Times reports.

Security hackers known as OurMine posted two tweets across multiple HBO Twitter accounts, including the main handles for “Game of Thrones” and “Girls.” The group wrote “we are just testing your security” and “let’s make #HBOHacked trending!”

Though HBO took the tweets down shortly after they were posted, the hack adds insult to injury for a company plagued by cyberattacks throughout August.

So far this month, two episodes of “Game of Thrones” have been leaked before their premiere, including the one airing this coming Sunday, and a hacker called Mr. Smith is asking HBO for ransom for the stolen materials.

OurMine has taken over a number of high-profile Twitter accounts in the past, including Netflix, Google and Marvel. The group uses the publicity to advertise its security services.

Google Boots Apps with Spyware from Store

Researchers at the security firm Lookout discovered at least three messaging apps on the Google Play Market carrying spyware that can hijack people’s phones, completely undetected.

One of the apps, Soniac, contained malware that could record audio, make calls, send text messages and collect sensitive data like contacts, call logs and Wi-Fi access, according to ArsTechnica. Thousands of Android users downloaded the app before Google removed it from its store. Two other apps containing spyware—Hulk Messenger and Troy Chat—were also taken down from the site.

Lookout determined the three apps all come from a family of malware the organization dubbed SonicSpy. Researchers found more than 4,000 SonicSpy apps that have been available to Android users across a variety of channels.

“What’s commonly seen in all SonicSpy samples is that once they compromise a device they beacon to command and control servers and await for instructions from the operator who can issue one of seventy-three supported commands,” researcher Michael Flossman told ArsTechnica in an email. “The way this has been implemented is distinct across the entire SonicSpy family.”

Hackers Are Trying to Crack into Scottish Parliment's Networks

Hackers attempted to gain access to Scottish Parliament networks by systematically trying to crack members’ weak passwords, according to The Guardian.

The Parliament’s chief executive Sir Paul Grice warned employees about the brute-force attack through an internal memo on Tuesday, but reassured them the government’s IT systems “remain fully operational.” The incident comes weeks after a similar cyberattack on the U.K. Parliament, in which up to 90 email accounts were accessed by hackers.

Grice didn’t name any suspects in the incident, but he highlighted similarities between the attacks in Scotland and Westminster, including pervasive account lockouts and failed logins, the BBC reported.