New Seytonic Video Explores Cybersecurity Breaches and Abuses of Power

This video from the Seytonic channel delves into several notable stories related to cybersecurity, hacking, and technological abuses of power, presented in an informative and engaging tone. The first topic covers a remarkable incident in a Romanian prison where inmates managed to gain administrative privileges on a governmental computer system, leading to surprising and concerning consequences.

The story begins in Dej Prison, Romania, where inmates have access to computer kiosks managed by the Ministry of Justice. These kiosks allow prisoners to view information about their sentences, manage a money balance for prison purchases, or engage in educational activities. However, as often happens with poorly secured computer systems, it didn't take long for an inmate to find a way around the restrictions. A prisoner named Aurel, convicted for counterfeiting money, managed to obtain the credentials of the former prison director. The technical details remain unclear: according to initial statements from the prison guards' union, another inmate, claiming to be a member of the Anonymous collective, exploited a vulnerability by spamming the Start menu of the operating system to access hidden features. He then discovered a shared printing service that exposed the credentials. However, the union later stated they could not reproduce this vulnerability, leaving a mystery about how the information was stolen.

Regardless, these credentials gave Aurel unlimited administrative access to the platform used in almost all Romanian prisons. Once transferred to a prison in the south of the country, he began exploiting his new powers. First, he spent hundreds of hours viewing adult content, even sharing this access with other inmates, who accumulated over 300 hours of connection to this type of content. But Aurel didn't stop there: he modified sensitive data, including the balances of prisoners' accounts. By simply adding zeros to the amounts, he virtually enriched about fifteen inmates. One of them even saw his account credited with over a million dollars. Ironically, Aurel was imprisoned for financial crimes, making this manipulation even more striking. The inmates were also able to reduce the length of their sentences by modifying their "merit days," a measure that rewards prisoners for participating in educational or professional activities in prison.

The incident was discovered less than two months later when financial auditors noticed inconsistencies in the data. The Romanian Ministry of Justice, clearly embarrassed, downplayed the incident, describing it as a "simple temporary alteration of the confidentiality and integrity of certain data sets," a phrasing that seems like an attempt to minimize what is actually a major security breach. The platform, introduced only a few years ago, had already been criticized for its bugs and vulnerabilities. A thorough investigation is now underway, and for Aurel, the consequences could be severe: while he was due to be released next month after serving a nine-year sentence, this new incident could extend his stay behind bars.

The second topic in the video discusses a controversial attempt by the Indian government to impose a cybersecurity application on all smartphones sold in the country. According to Reuters, the Indian government sent a secret order to phone manufacturers, including Apple, Samsung, and Xiaomi, demanding they preinstall a government application called "Sancharati" (or "Telecom Helper") on all new devices for the Indian market. Worse still, this application was to be impossible to uninstall. For phones already in circulation, a mandatory software update would force its installation. Manufacturers had only 90 days to comply with this demand.

The application, already voluntarily downloaded by over 14 million people, presents itself as a tool to combat online fraud, a growing problem in India. It allows users to report malicious calls and messages, check if a phone is stolen using its IMEI, and remotely block a lost or stolen device. However, the mandatory nature of this application raises serious concerns. The Indian government has previously demonstrated a willingness to use technology for control, as evidenced by the shutdown of mobile services for 27 million people during a manhunt. Moreover, if the application is as poorly designed as the website presenting it—described as having a design reminiscent of a 1990s government project—it could introduce major vulnerabilities on the phones of hundreds of millions of users. With a remote blocking feature, a security flaw in this application could have disastrous consequences.

Fortunately, this initiative quickly faced strong opposition. Shortly after the secret order leaked, likely by one of the affected manufacturers, heated debates erupted in the Indian parliament, accompanied by dramatic music reminiscent of Bollywood films. Apple was the first company to announce it would not comply with this demand, and it seems the Indian government has since backtracked, abandoning the project just days after its public revelation.

The final topic in the video covers a series of radio station hacks in the United States that broadcast inappropriate and illegal content. ESPN confirmed being a victim of such a hack, as did another station a few days earlier. The Federal Communications Commission (FCC) intervened to remind broadcasters of the importance of securing their equipment. Contrary to what one might think, these hacks are not the result of sophisticated attacks but rather negligence in cybersecurity. Radio stations often use equipment like "studio transmitter links" (STLs), which relay the audio signal from the studio to the transmitter. When poorly configured, these devices can be exposed to the internet with default passwords or without security updates. Hackers then only need to use tools like Shodan to locate and exploit them.

In 2016, cybercriminals had already used this method to broadcast inappropriate content, and this time, the hackers even activated the emergency alert signal, a piercing sound composed of two frequencies (853 Hz and 960 Hz) strictly reserved for emergency situations. In the United States, broadcasting this signal without authorization can result in significant fines, even if used for humorous purposes or in fiction. The FCC emphasized that these incidents highlight a severe lack of cybersecurity awareness in the broadcasting sector and urged stations to better protect their infrastructure.

The video concludes on a light note, mentioning the author's accounts on various platforms (YouTube, Blue Sky, Twitter, Reddit), although these seem to have been deleted. As always, Seytonic provides a clear and accessible analysis of the latest cybersecurity news, blending humor and expertise to make complex topics understandable to everyone.