Friday 31 July 2015
Public Media and Utilities Could be Crushed by TPP: Wikileaks
Wikileaks has dropped another TPP bombshell with a leaked letter suggesting the deal could force mass privatizations of state-owned enterprises The Trans-Pacific Partnership (TPP) could force state enterprises such as public utilities to put profits before public welfare and lead to mass privatizations, according to documents published by Wikileaks Wednesday. Under the TPP, state-owned enterprises (SOEs) would be forced to act “on the basis of commercial considerations,” according to the leak.
The document also suggests multinational corporations could be empowered to sue SOEs for supposedly uncompetitive actions like favoring local businesses. The bombshell leak centers around a classified letter from the TPP’s December 2013 ministerial meeting. SOEs themselves are common in most TPP countries, and advocates say they perform crucial services aimed at supporting public needs rather than turn a profit. Some examples include Canada’s main postal operator, Canada Post, and Australia’s public broadcaster ABC.
The latter is consistently rated by viewers as one of Australia’s most trusted sources of news. “SOEs are almost always state owned because they have functions other than those that are merely commercial, such as guaranteed access to important services, or because social, cultural, development and commercial functions are inextricably intertwined,” said Professor Jane Kelsey, from New Zealand’s University of Auckland. In an analysis of Wednesday’s leak commissioned by Wikileaks, Kelsey concluded the TPP could carve out a “backdoor to privatization” of state enterprises. She argued seemingly proposed regulations outlined in the leaked document ignore “the reality that SOEs and private firms are driven by different imperatives and obligations.”
Kelsey’s main complaint was with the document’s demand that SOEs prioritize “commercial considerations,” pointing out many state enterprises intentionally run at losses for the public good. “Even where SOEs are profit-oriented, a government may elect not to extract full commercial profits, and choose to reinvest in the enterprise to strengthen the asset base or the quality of the services in ways that private investors would rarely do,” she explained. For example, Australia Post is restricted to using its profits to reinvest in improving services, or handing dividends back to Australia’s federal government. Australian Greens trade spokesperson Peter Whish-Wilson told
The Saturday Paper that the TPP’s chapter on SOEs “directly challenges a government’s right to own and operate any enterprise such as Australia Post, the ABC or power utilities that compete with corporate entities, but ultimately also the provision of public good services including healthcare, education. “(It’s) a direct assault by corporations trying to limit the role of government,” he said. In a statement, Wikileaks said the leaked document proved the TPP will force member states to swallow “a wide-ranging privatization and globalization strategy.”
“In this leak we see the radical effects the TPP will have, not only on developing countries, but on states very close to the center of the Western system,” said Wikileaks founder Julian Assange. Under negotiation for more than seven years, supporters say the TPP will streamline global trade and promote economic growth. Once the TPP is completed, its provisions will override national laws of its 12 member states, including Canada, Australia, New Zealand, Japan and the United States. The deal is already being hailed as the largest trade agreement in world history, and will encompass over 40 percent of global GDP. However, the deal’s provisions have been almost entirely withheld from the public, prompting critics to argue the agreement is subject to undue secrecy.
The few glimpses the public has had into the closed door talks have been leaked drafts of the TPP published by Wikileaks. Independent analysts say the trade deal is a “bonanza” for big business, and a raw deal for consumers. U.S. trade officials have responded by urging the public not to read the leaks, arguing the draft documents may not accurately represent the final document. The controversial deal has already sparked international protests, with activists demanding negotiators open talks to public scrutiny. Warning that the TPP will erect a “’one size fits all’ economic system,” Assange said public debate on the trade deal is urgently needed. “If we are to restructure our societies into an ultra-neoliberal legal and economic bloc that will last for the next 50 years then this should be said openly and debated,” he said.
View the original content and more from this author here: http://ift.tt/1SP997g.
from hacker samurai http://ift.tt/1KEI9W1
via IFTTT
Hackers are extorting financial firms, and how to lower your cable bill
Hackers are increasingly extorting financial firms
They’re threatening to black out websites unless big banks and brokerages pay up, the FBI tells us.
Drink this vodka to save endangered cats
Really. Snow Leopard Vodka donates 15% of its proceeds to helping the animal.
The foolproof way to lower your cable bill
We find that sometimes all you have to do is ask.
Why cybersecurity pros don’t want to work for the FBI
The agency can attract about 5,000 candidates to a recruitment event, but ends up only being able to hire two of them.
Mariah Carey’s $10,000-a-night Airbnb rental
She’ll stay on Malibu’s Billionaires’ Beach.
How you can be ‘The Millionaire Next Door’
The first steps: Buy a smaller house and drive an older car.
View the original content and more from this author here: http://ift.tt/1IwWTH9
from hacker samurai http://ift.tt/1DUS8BB
via IFTTT
Dominic Basulto: Cracking down on hackers hurts innovation
Every week seems to bring a new hacking story, so it’s perhaps no surprise that the knee-jerk reaction is to take the fight directly to the hackers. By making the penalties tougher, by expanding the scope of federal anti-hacking statutes and making it easier to prosecute wrongdoers, it’ll convince hackers that it’s just not worth the risk, right?
But simply toughening the laws on hackers by extending their scope and reach or extending prison sentences is not going to help catch the real hackers — the criminalized, anonymous hackers who operate in places such as China. Instead, they’re more likely to ensnare the likes of hacktivist heroes such as Aaron Swartz.
Getting tough on hackers by extending the definition of what a hacker is would theoretically mean that people who even so much as retweet or click on a link with unauthorized information could be committing a felony. Moreover, the white hat hackers (the “good guys”) could be ensnared as well, because their work, at its core, is indistinguishable from that of the black hat hackers (the “bad guys”).
And that could have a chilling effect on innovation.
Laws and regulations can’t keep up with the pace of technological change and end up either prosecuting the wrong people or prosecuting the right people, but on charges that far exceed the scope of the crime. Consider that the current anti-hacking federal statute, the Computer Fraud and Abuse Act (CFAA), was enacted in 1986, well before most politicians had ever heard of the Internet.
As a result, you get odd rulings where it’s obvious the law hasn’t kept up with the technology.
If tough hacking laws had been around 20 years ago, it might have stopped Google from launching its method of indexing Web pages or Apple from launching many of its innovative consumer gadgets.
And there’s another reason why tougher laws on hacking would have a chilling effect on innovation, and that’s because it would not require corporations to do more on their end to correct fatal security flaws before they are found by hackers. As we already know from experience, the last thing corporations want to do is to add an extra cost layer to their products by taking action to correct security flaws — even when they know the potential implications of a major security breach. If they know that the law will make it easier to recoup damages from hackers, they could have fewer incentives to find all possible security flaws.
In the case of Ashley Madison, the company didn’t even bother to encrypt the underlying data, which means that once a hacker got into the company, it was a simple task of scooping up names, addresses and credit card information. You could argue that the hackers who broke into Ashley Madison are criminals, but you could just as easily argue that the company was criminally negligent in allowing the security breach to happen in the first place.
If anything, the race to punish similar types of hackers would encourage corporations to deepen their intelligence and security sharing with one another and the government, and that means, you guessed it, even more security surveillance on the Internet. And the more that the tech sector becomes infected with a security surveillance mind-set, the worse it is for innovation.
To see how all this might play out, consider President Barack Obama’s proposed crackdown on hacking, first announced during the State of the Union after the high-profile hacking case of Sony Pictures. The proposals, as the Electronic Frontier Foundation pointed out in January, is a “mishmash of old, outdated policy solutions.” The concern is that overzealous application of new laws could be used to prosecute hackers for anything as minor as violating the terms of service of a Web site.
In many ways, the U.S. crackdown on hackers is our new war on drugs. Just as the U.S. sought to win the “war on drugs” by adding aggressive charges and excessive punishment to round up all the drug dealers, it’s now trying to win the “war on hackers” by stiffening up the federal anti-hacking statutes to round up all the hackers. By toughening the laws on hacking, you might catch the Internet equivalent of all the low-level drug dealers and mules, but it won’t get to the core of the problem — the high-level, anonymous kingpins who live beyond our borders.
And just as massively criminalizing the war on drugs led to a spike in prison terms and a negative economic drag on society, we could see the same thing with tech culture. Any coder, hacker or technology activist would be at risk of running afoul of the government and its stepped-up campaign against hackers.
Maybe tougher hacker laws will scare off the youngest generation from a life of crime. But it could also scare them off a life of computers, and that would be the greatest shame, because it would shut down the innovation pipeline of the nation. As we’ve seen before with other cyberlegislation, whenever the government thinks it’s doing what’s best for business, it’s not necessarily doing what’s best for innovation.
View the original content and more from this author here: http://ift.tt/1IwWWCz
from hacker samurai http://ift.tt/1IwWTGW
via IFTTT
Hackers can now crack Wi-Fi enabled ‘smart’ sniper rifles
If a device is connected to a wireless network, chances are some talented hackers will find a way to take advantage of its software flaws to make it do what they want, whether we’re talking about smartphones, computers, routers, and even rifles. Yes, there’s a smart Internet-connected rifle out there that can turn anyone into a perfect shot — but some hackers found out how to disable it and even change its target.
The Tracking Point TP750 is a $13,000 gun that has a computer attached to the scope. The gun is a deadly instrument in the right hands, thanks to its on-board computer that can be used to calculate precisely the moment the shot has to be fired to reach its target.
The user can input various data, including ammo weight and wind velocity, and the computer will then initiate the shot at the best moment once the trigger is pulled.
The computer also comes with Wi-Fi connectivity, which is where the problems can start, Wired has learned.
Security researchers Runa Sandvik and Michael Auger purchased their TrackingPoint rifles, dismantled them, reverse-engineered the software, and found ways to take control of a gun from a distance (see the following video).
The hackers can stop a shooter from firing the weapon or can fool them into thinking the bullet will reach its destination. They can also make the gun miss, and even hit a different target. What’s more, they can disable the rifle’s main computer, which would leave the marksman operating a regular sniper rifle that has to be used completely in manual mode.
TrackingPoint told the tech site that it plans to update the software and patch these security issues, and the over 1,000 buyers who have purchased such a gun will receive updated software on USB sticks.
The hackers will further detail the exploit at the Black Hat conference in two weeks. The problem might not be that significant since various conditions have to be met for a hacker to take over the computer of such a rifle. But it still proves that anything connected to the Internet is at risk of being attacked by hackers and used for various malicious purposes.
“There are so many things with the Internet attached to them: cars, fridges, coffee machines, and now guns,” says Sandvik. “There’s a message here for TrackingPoint and other companies…when you put technology on items that haven’t had it before, you run into security challenges you haven’t thought about before.”
View the original content and more from this author here: http://ift.tt/1UaTmlA
from hacker samurai http://ift.tt/1DeBUZ1
via IFTTT
The academic universe is indifferent to WikiLeaks
As the hard-working staff here at Spoiler Alerts continue its slow segue back from vacation, let’s focus on a relatively easy topic: the alleged hand-in-glove relationship between the U.S. State Department, the International Studies Association [ISA] and American academics.
Let me explain: Earlier this month WikiLeaks founder Julian Assange gave an interview to Germany’s Der Spiegel in which he lamented over the failure of academics to exploit WikiLeaks’ release of U.S. diplomatic cables to the fullest:
[W]here were the young professors stepping forward trying to make sense of it all? Where is the new Michel Foucault who tries to explain how modern power is exercised? Absurdly, Noam Chomsky was making some of the best comments and he is now 86….
I worry most about academia and the particular part of academia that is dealing with international relations. WikiLeaks has published over 2 million diplomatic cables. It is the single largest repository for international relations of primary source materials, all searchable. It is the cannon for international relations. It is the biggest dog in the room. There has been some research published in Spanish and in Asian languages. But where are the American and English journals? There is a concrete explanation: They act as feeder schools for the US State Department. The US association that controls the big five international relations journals, the ISA, has a quiet, official policy of not accepting any paper that is derived from WikiLeaks’ materials.
Now this last allegation is a blatant falsehood. The executive director of the International Studies Association flatly denied Assange’s claims, as Ben Norton reported on his blog, Furthermore, Norton discovered at least a few articles in ISA journals that have cited the WikiLeaks cables.
But he didn’t discover a lot of articles. Which leads Norton to wonder:
In short, there may not be an explicit rule against the citation of WikiLeaks cables in ISA-run journals, but, although slightly incorrect in his insistence that the ISA “officially” bans the use of WikiLeaks records, Assange does has a point: It is indeed striking how few articles in these major US academic journals have cited any of the over two million diplomatic cables in “the single largest repository for international relations of primary source materials, all searchable.”
Is this evidence that the ISA unofficially censors some scholarly articles that rely on documents released by WikiLeaks, even if it sometimes lets a few get by? This is hard to say; there is not enough evidence to know.
No there isn’t, but hey, let’s just throw that baseless allegation out there and see if it sticks.
As a dues-paying member of the International Studies Association, as well as a professor at a school that really is something of a feeder for the U.S. government, here’s my reaction to the suggestions of Norton and Assange:
First of all, as a frequent attendee of ISA meetings and conferences, the notion of that organization cozying up to the United States government is pretty funny. Compared to, say, the American Political Science Association, ISA has a more global membership and is far more sympathetic to constructivist, postmodernist and critical scholarship. As an association, the ISA’s collective membership is more critical of American foreign policy than APSA.
Second, a quick scan of Google Scholar keywords suggests that it’s not just ISA journals that are not exploiting WikiLeaks’ diplomatic archive. Pretty much the entire global academy that is not citing WikiLeaks all that much. Even when they are, the citation count suggests that not many people are reading such articles.
There are two possible conclusions one could draw from this. One possibility is that the structural forces opposing WikiLeaks are so powerful that a constructivist Norwegian scholar who wants to write a piece exposing U.S. perfidy in the Middle East for Third World Quarterly chooses not to do so because of a fear of being blackballed. I suspect that is the inference that Assange and Norton want us to draw.
There is another possibility, however: the WikiLeaks diplomatic cables are not nearly as significant as Assange believes. As I noted when the diplomatic cables were first released:
Assange [and Manning] seem to think that these documents will expose American perfidy. Based on the initial round of reactions, they’re in for a world of disappointment. Oh, sure, there are small lies and lies of omission — Bob Gates probably didn’t mention to Dmitri Medvedev or Vladimir Putin that “Russian democracy has disappeared.” Still, I’m not entirely sure how either world politics or American interests would be improved if Gates had been that blunt in Moscow.
If this kind of official hypocrisy is really the good stuff, then there is no really good stuff. U.S. officials don’t always perfectly advocate for human rights? Not even the most naive human rights activist would believe otherwise. American diplomats are advancing U.S. commercial interests? American officials have been doing that since the beginning of the Republic. American diplomats help out their friends? Yeah, that’s called being human. I’m willing to be convinced otherwise, but it strikes me that these leaks show other governments engaged in far more hypocritical behavior.
Indeed, the effect of WikiLeaks’ cables on American foreign policy was pretty mild — in contrast to, say, Edward Snowden’s revelations. It was so mild that I once had a Fletcher student ask me if Julian Assange was actually a CIA agent designed to bolster America’s image in the world, because it turned out that what U.S. diplomats said privately closely matched what they said publicly.
There’s only one thing that terrifies Assange and his supporters more than the prospect of an American power structure trying to suppress and censor them at every turn: it’s that there actually is no Big Lie:
View the original content and more from this author here: http://ift.tt/1Mxxe2E
from hacker samurai http://ift.tt/1DeBUYV
via IFTTT
Thursday 30 July 2015
Hackers Trick Email Systems Into Wiring Them Large Sums
Cybercriminals are exploiting publicly available information and weaknesses in corporate email systems to trick small businesses into transferring large sums of money into fraudulent bank accounts, in schemes known as “corporate account takeover” or “business email fraud.”
Companies across the globe lost more than $1 billion from October 2013 through June 2015 as a result of such schemes, according to the Federal Bureau of Investigation. The estimates include complaints from businesses in 64 countries, though most come from U.S. firms. Both “organized crime groups from overseas and domestic-based actors” are typical perpetrators, said Patrick Fallon, a section chief in the FBI’s Criminal Investigative Division.
Their targets are businesses such as Mega Metals Inc., a 30-year-old scrap processor. In April, the company wired $100,000 to a German vendor to pay for a 40,000-pound container load of titanium shavings. Mega Metals typically buys three to four loads of titanium a week from suppliers in Europe and Asia, for anywhere from $50,000 to $5 million or more per transaction. Mega Metals crushes and washes the titanium scrap before selling it to mills that remelt the scrap into new products.
But following the recent transaction, the vendor complained that it hadn’t received payment. A third party had infected the email account used by a broker working for Mega Metals, the company said. “We got tricked,” said David Megdal, vice president of the family-owned business in Phoenix, which has 30 employees. “We, in fact, had sent a wire to who knows where.”
George Kurtz, chief executive of CrowdStrike Inc., an Irvine, Calif., cybersecurity firm that investigated the loss, said it appears that malicious software implanted on the broker’s computer allowed the crooks to collect passwords that provided access to the broker’s email system, and then to falsify wire-transfer instructions for a legitimate purchase. “Given that the money has been moved out several times, there is no hope of recovering it,” said Mr. Kurtz.
‘We got tricked,’ said David Megdal, vice president of Mega Metals. ‘We in fact had sent a wire to who knows where.’PHOTO: MARK PETERMAN FOR THE WALL STREET JOURNAL
Mr. Megdal of Mega Metals said that he reported the incident to his bank, Comerica Inc.“We investigate reported instances of potential fraud,” said a Comerica spokesman, adding that it is bank policy not to comment on its “internal fraud policies or procedures or on matters involving a current or former customer claim.”
In a recent advisory, the FBI said its Dallas office had identified six Nigerians, possibly working as a group, who had targeted roughly 25 Dallas companies, “with an attempted loss of over $100 million.” The emails appeared to be from high-level executives in the company being targeted, the FBI said in the advisory. But in fact, the emails were sent from a domain that was similar, not identical, to the target’s actual domain name.
In other instances, cybercrooks have used malware to insert themselves into a company’s email system. After monitoring email traffic, they tinker with a legitimate message, altering wire transfer or Automated Clearing House orders so that the payment is diverted to a bank account they control.
A spokeswoman for Nacha, the industry-run group overseeing ACH transactions, says the group “strongly advocates” that businesses “work together with their financial institutions to understand and use sound business practices to prevent and mitigate the risk of corporate account takeover.”
In the last year, some insurers began offering “social engineering fraud” coverage as an add-on to their standard crime policies, reimbursing companies for losses when employees are intentionally misled into sending money or diverting a payment based on fraudulent information provided via email, fax, phone call or other means.
Mega Metals now verifies emailed wire-transfer instructions with a phone call to the company getting the payment, using a number received from a source other than the emailed instructions. PHOTO: MARK PETERMAN FOR THE WALL STREET JOURNAL
The problem is “really quite new in its frequency and severity,” said Steven Balmer, social engineering product manager with Travelers Cos. “Larger companies have some belief that they are better protected because of their internal procedures and controls, but there is strong interest in the coverage from midsize and smaller businesses once they are made aware of the exposure.”
“It is very likely that the hacker was able to get into our electronic mails, changing the information for his own benefit,” said Giampiero D’Angelo, owner of Co.se.tra Sri, in Naples, Italy, the broker that acted as the middleman between Mega Metals and the vendor. His company has added new verification procedures in an effort to prevent future problems, Mr. D’Angelo said.
Companies of all sizes have lost money as a result of such schemes, but “small businesses are probably one of the biggest targets because they don’t have the same budgets for security and investigations,” said Brian Hussey, global director of incident response for cybersecurity firm Trustwave Holdings Inc.
In February, the chief financial officer for Infront Consulting Group Inc., based in Toronto and Las Vegas, received an email that appeared to come from the company’s chief executive, instructing her to “Process a payment of $169,705.00 USD.” Attached wire transfer instructions, reviewed by The Wall Street Journal, directed that payment be made via Northern Trust Co. to “Cat Financial Power Investment” in Naples, Fla.
The scheme unraveled when Infront CEO Rory McCaw, by coincidence, called the CFO as she was reviewing the request. When she asked what the money was for, Mr. McCaw said he knew nothing about it. Further scrutiny revealed that the email was sent from an address similar to the company’s, but that lacked the letter “I” in “consulting.”
“We could have missed it,” said Mr. McCaw, whose 38-person firm helps companies implement Microsoft software. “We were somewhat lucky that we caught it when we did.”
Mr. McCaw said he reported the incident to the police in Lexington, Mass., because the domain was registered at a store in that location.
“The Lexington Police Department decided not to pursue the investigation since no money was lost, it was difficult to determine jurisdiction to investigate, and because bank security was in a better position to track the interstate fraud attempt,” said Lexington Police Chief Mark Corr. “These types of banking/security fraud cases are difficult for a small police department to solve.”
A Northern Trust spokeswoman said the bank has “robust procedures for detecting and reporting on potentially fraudulent transactions. Upon receiving Mr. McCaw’s information,” she added, “we promptly followed those procedures.” A search of Florida State Division of Corporations records shows no registration for a Cat Financial Power Investment.
Fraudulent transfer schemes are proliferating because “everything is online these days,” said Steven Bullitt, an assistant special agent in charge of the Secret Service’s Dallas Field Office. By monitoring social media, a company’s website and other sources, crooks can gather intelligence needed to craft a legitimate-seeming request, security experts say.
Banks can sometimes “claw back” or recover some or all of the funds by notifying the receiving bank that the wire was the result of a fraudulent transaction, said Bill Nelsonpresident of the Financial Services Information Sharing and Analysis Center, a nonprofit focusing on cybersecurity issues whose members include banks and other financial institutions.
The window for recovering missing funds can be hours, or at best, a few days. “Once you reach beyond the 72-hour mark, it’s extremely difficult,” said Mr. Fallon of the FBI.
Mega Metals now verifies emailed wire-transfer instructions with a phone call to the company receiving the payment, using a number received from a source other than the emailed instructions, such as the vendor’s website, or via fax.
“We are always trying to make our process more ironclad,” Mr. Megdal said. Losing the $100,000 “was an expensive learning lesson,” he added, “but at least it wasn’t a career-ending lesson.”
View the original content and more from this author here: http://ift.tt/1eBQa2p
from hacker samurai http://ift.tt/1LZ2wAw
via IFTTT
WikiLeaks: A translation that shows Gaddafi’s son asked Saudi Arabia for asylum
A document in WikiLeaks’ Saudi Cables earlier this week appears to give a little more insight in the Gaddafi family’s situation following the Libyan revolution, purporting to show they were seeking refuge in Saudi Arabia.
Allegedly sent from Foreign Affairs Minister Saud al-Faisal to the chair of the Royal Court, the letter refers to the Saudi king as “Custodian of the Two Holy Mosques.” Here’s the translation:
I report that His Royal Highness Ambassador of the Custodian of the Two Holy Mosques in London had recently received the attached letter submitted to the Custodian of the Two Holy Mosques, God protect him, from Mr. Mohammed Muammar al-Gaddafi in which he clarified his desire of granting asylum for him and his family, which contains five persons to the kingdom. Hoping to present that for kind review.
The document seems to fit the description of Gaddafi’s son, Mohammed — he, his mother, his brother and sister were the ones who managed to find asylum in Oman.
It’s unclear who the fifth person was in the letter. The letter was dated in April 2012, months after Gaddafi was killed in Libya. After the Libyan revolution, his family fled to Algeria in 2011 before their 2013 arrival in Oman was confirmed (though we’re not sure where they spent those two years in between).
Mohammed was the only one of Gaddafi’s children not wanted by Interpol, the International Criminal Police Organization, who had not died, fled or been captured by Libyan rebels.
The letter makes us wonder how many other countries from which the family had requested asylum before they successfully sought refuge in Libya. Two years later Oman had approved the family’s request so long as they don’t “engage in political activities,” an anonymous official had told Reuters back then.
View the original content and more from this author here: http://ift.tt/1LZ2yIF
from hacker samurai http://ift.tt/1SOcF1I
via IFTTT
Russian Hackers Cover Their Tracks With Twitter
Can social media be turned into an alibi for a weapon? The answer would be maybe, or perhaps even an outright “Yes” if you were to take what had just happened into consideration. Basically, hackers from Russia have managed to find a method in making use of Twitter in order to communicate with malware which has already infected target computers. By doing so, the hackers would have successfully snuffed out their tracks at the same time snaking their way into confidential computer systems – and yes, even government computer systems, just in case you were wondering.
How do the hackers do it? Well, they will first upload special images over to Twitter which are used to transmit directions to installed malware on the quiet, which will then allow them to perform various potentially damaging actions such as stealing files as reported byThe Financial Times. This particular approach works simply because the “victimized” computer systems does not even realize or register such an intrusion, as it resembles yet another Tweet.
Cybersecurity firm FireEye has labeled this particular trick as “Hammertoss”, citing that such as attack method was “designed so that defenders can neither detect nor characterize its activity”. It looks like a whole lot more things than just computers are getting hacked these days, including self-targeting sniper rifles and a Jeep. Perhaps it really is time to live off the grid from now on.
View the original content and more from this author here: http://ift.tt/1SOcF1A
from hacker samurai http://ift.tt/1LZ2yIB
via IFTTT
Have hackers stolen your personal information? This handy quiz will let you know
Over the past few years, there has been no shortage of high-profile credit card breaches at some of the largest retailers in the country. From Target to Home Depot, it seems that we can’t go a few months without hearing a story regarding some new worrisome data breach. With respect to Home Depot in particular, it’s estimated that nearly 60 million credit cards were compromised over a 5-month period.
Compounding the problem is that retailers aren’t the only target that hackers have their eyes on. In recent months, hackers have managed to obtain confidential information from targets as varied as the U.S. Government, health insurance providers, and even popular apps like Twitter and Snapchat. Indeed, it can get a bit tiring trying to keep up with what sites have been exposed to security breaches and when.
Jumping to the rescue is The New York Times which recently put out a handy quiz that lets users figure out a) if their personal information has been exposed to hackers and b) what type of personal information may have been compromised.
Without question, the most worrisome hack involves the federal government. As the quiz lays out, anyone who either applied for a job or who worked for the federal government anytime after 2000 may have had their address, employment history, financial history, fingerprints, and even social security number compromised.
While some breaches, like Twitter, only put your email and password at risk, an Adobe breach from before 2013 put user credit card information at risk.
All in all, if you’re at all concerned with online privacy and keeping your confidential information free from prying eyes, this quiz is definitely worth checking out.
As for what consumers can do to protect themselves, well, that’s an interesting question.
The Times notes that part of the problem centers on outdated equipment:
At government agencies, old, out-of-date systems and budget shortfalls have left information vulnerable. Security experts say there is no way to keep hackers out of systems with traditional defenses like firewalls and antivirus software.
With breaches now the norm, organizations are finally moving towards more modern defenses, like monitoring software that can pick up unusual network activity and two-factor authentication, a system that requires employees and Internet users to enter a second, one-time password when they log in from a new computer. But security experts say the only way information can be protected is to scramble it with encryption technology that makes it unreadable to hackers.
So while consumers are essentially helpless when an entity like a health insurance provider is hacked, certain services like Apple Pay can help reduce the likelihood of losing one’s sensitive information when conducting traditional retail transactions.
Additionally, turning on two-factor authentication whenever possible can help quite a bit. And last but not least, remember to never use the same password across all online sites.
View the original content and more from this author here: http://ift.tt/1SiyT0E
from hacker samurai http://ift.tt/1LZ2yIx
via IFTTT
Hackers can crack the self-aiming rifle to change its target
TrackingPoint’s computer-augmented rifle sights, better known as the ShotView targeting system, have set off a wave of controversy and debate since they first debuted in 2014. That debate is about to get even hotter now that security researchers Runa Sandvik and Michael Auger have shown Wired a way to break into the rifle and shut it down or, even worse, change the target to the hacker’s choosing.
According to a report from Wired, the married hackers have developed a method to break into the rifle via a WiFi connection and take command through a series of software exploits. This allows them near complete control over the aiming and firing functions. They can reportedly adjust the scope’s trajectory calculations, disable the aiming computer entirely and even prevent the gun from firing in the first place. Last we heard, however, the company was dealing with financial troubles and wasn’t taking orders for new weapons so this might not be too much of a problem. The hackers recently gaveWired a demonstration of their attack and plan to present their findings at the Black Hat conference in Las Vegas in August.
View the original content and more from this author here: http://ift.tt/1OPKVcp
from hacker samurai http://ift.tt/1LZ2yIv
via IFTTT
Wednesday 29 July 2015
Behavior Analytics takes center stage in DC
Securonix was recently invited as an ICIT fellow and industry leader to participate in an advisory meeting with senate staffers on the benefits of Behavior Analytics and to help describe the extensive ways in which it can be leveraged for insider and cyber threat detection and risk reduction.
As we sat waiting for our appointment in the senate cafeteria, senators and political figures walked by and the realization on what type of impact our discussion could have began to set in. The opportunity to help set the bar higher for cyber threat detection through data analytics and educate a room – possibly a nation – on the next generation of insider threat detection and mitigation capabilities.
The discussions were engaging, dialog flowed freely, and an appetite to learn and absorb could be felt throughout the room. With the OPM breach and Anthem still showing fresh scars, the importance and need for these discussions is bigger than ever.
Insider threat awareness has dramatically increased over the last 18-24 months, but organizations still focus on external threats, when the very access and data these actors are striving to obtain is available to your internal user population and the modus operandi for the external attackers is to compromise existing internal credentials to obtain access to the data.
The importance of peer analysis, volume spikes, and establishing a baseline of normal behaviors play a pivotal foundation to all conversations around behavior analytics. The complexities of technical vs. non-technical control points, data aggregation and catering to different industries and company sizes all provide their own unique challenges.
It is hard not to feel a great sense of satisfaction at times like these. There is a sense of pride when your daily job includes providing objective analysis that helps other organizations identify how existing technologies can address their insider threat needs. Securonix is leading the innovation for these problems.
To our Securonix partners, customers, and family: we consider these types of moments a reminder that together we are part of a dramatic change in the cyber security space.
View the original content and more from this author here: http://ift.tt/1glQjIU
from hacker samurai http://ift.tt/1SMzlPC
via IFTTT
Australian police and Defence Force used infamous Hacking Team, Wikileaks reveals
Australian Federal Police and the Defence Force used the services of the world’s most infamous hacking company, according to secrets revealed by Wikileaks, and there are Australian companies selling spyware here and overseas.
SABRA LANE, PRESENTER: The rise of terrorism, technology and national security has forged a network not only of police and spy agencies, but of private companies with extraordinary capabilities the country knows little about.
Cracks opened into this hidden world of hacking and surveillance when the world’s most notorious hacking company’s secrets were spilled by WikiLeaks.
It was revealed the Australian Federal Police had used its services to spy on potential targets.
An investigation by 7.30 has unearthed a number of private Australian companies selling spyware here and overseas, including one that claimed the Australian Defence Force as its client.
Conor Duffy and Lisa Main report.
CONOR DUFFY, REPORTER: In quiet Australian suburbs right across the country, some of the nation’s most secretive countries ply their trade in spyware. They sell technology to governments around the world that’s so powerful it can turn your computer into a recording device, access your most sensitive information or even track your movements.
ADAM MOLNAR, DEAKIN UNI., DEPT. OF CRIMINOLOGY: The private surveillance industry is massive. It’s one of the few sectors that continually posts significant growth compared to others.
NIGEL PHAIR, FORMER AFP: The private sector have got to be critical key partners in the development of this sort of technology. You know, they play a vital role, they’re able to do development. The Government just hasn’t got enough staff to be able to create these sorts of things.
SCOTT LUDLAM, GREENS SENATOR: I think we should be really concerned with the outsourcing effectively of the state’s military-industrial complex, if you like. In addition to the sort of normal national security shroud that gets thrown over some of these things, you’ve got commercial-in-confidence.
CONOR DUFFY: Little is known about exactly what technologies are being sold and to whom. But the thick walls protecting this industry were knocked flat when a hacker breached the defences of the world’s most infamous spyware company, Hacking Team, which is based in Milan, Italy.
The company’s most famous product is attack software called Remote Control System that infects and tracks a target’s computer or smartphone.
SHUBHAM SHAH, INFORMATION SECURITY PROFESSIONAL: The software allows for Hacking Team to basically infect people, infect them in the sense of putting a virus or malware on their computer and then essentially have full access to their computer. They can do all sorts of things. They can download files on the computer, they can upload files to the computer, they can monitor all internet traffic.
SCOTT LUDLAM: Well they appear to not have a particularly high moral threshold when it comes to choosing some of the client regimes that they work with. … Their fourth-largest source of revenue comes from Saudi Arabia, which has a horrific human rights record. They’ve worked with the UAE, with – they (inaudible) ran demo software to a Bangladeshi death squad. It’s hard to imagine some of their customers having a worse human rights record.
CONOR DUFFY: After Hacking Team’s security was breached, WikiLeaks published more than one million of the company’s emails. Buried in that massive data dump are rare glimpses of Australian companies that trade in secrets.
This is the Perth base of Providence Australasia, the Australian offshoot of a bigger company based in England. It’s made up of retired Special Forces soldiers. In November, 2012, the company’s Australian representative, Matt Jamieson, wrote to Hacking Team on behalf of agencies in Australia and New Zealand. Hacking Team was delighted Providence was bringing a brand new customer.
MATT JAMIESON, DIR., PROVIDENCE AUSTRALASIA (male voiceover, email): “The client Providence is representing in Australia is the Special Forces from Defence. Apparently this client is already using Gamma’s solution, but is not happy at all with it and asked Providence to contact us. Time for us to defeat the competition!”
CONOR DUFFY: Another email a month later shows Hacking Team was keen to meet with Defence and nudge out rival spyware company Gamma.
MATT JAMIESON (male voiceover, email): “I just wanted to follow up on Australian Special Forces as I am currently organising the agenda for February.”
CONOR DUFFY: It certainly seems Providence wasn’t just boasting about working for Defence. Government documents show Providence billed the Defence Department $70,000 for multimedia surveillance in July this year.
In a statement, Defence said it had no record of a meeting with Hacking Team. It also said it had no direct relationship with the company. It said it engaged Providence for equipment and training from 2010 to 2015.
What the emails do prove is that the business wasn’t all one way. Providence sent Hacking Team a brochure demonstrating they could do break-ins to secretly plant video and recording devices. These black op’ skills included lock picking as well as tracking targets and the Italian company was very interested.
MATT JAMIESON (male voiceover, email): “The training they provide is unconventional, focusing on military intelligence and surveillance. … Premium price here is mandatory!”
CONOR DUFFY: Providence did not respond to repeated requests to discuss the emails, but information about its Australian arm was removed from its website after 7.30 began making inquiries.
Another company in touch with Hacking Team is Criterion Solutions, based here in Canberra. Emails show Criterion contacted Hacking Team, who believed Criterion was representing Australian domestic spy agency ASIO.
CRITERION SOLUTIONS EMAIL (male voiceover): “Hi Marco, Australian customer interested in our product is ASIO.”
CONOR DUFFY: In a phone interview, the company’s sales rep’, Michael Sinkowitsch, said negotiations didn’t progress beyond a nondisclosure agreement.
And is it correct that your client was ASIO?
MICHAEL SINKOWITSCH, SALES REP., CRITERION SOLUTIONS: No, I genuinely don’t know where that’s come from.
CONOR DUFFY: In the past year, Criterion Solutions has received over $5 million from Defence for surveillance aircraft, communication devices, multimedia network equipment and electronic hardware.
NIGEL PHAIR: Their speciality is drones, so they import drones out of the Nordic countries and sell them into Defence. They’re particularly good technology. They have great range, great capability and are very stealthy.
CONOR DUFFY: The company also boasts it is the exclusive Australian supplier of QRC Technology. Among the products QRC sells is Stingray technology – fake mobile phone towers that can suck all the sensitive information out of a smartphone.
ADAM MOLNAR: It’s a technology that law enforcement can use that sits in between a real cellphone tower, mobile phone tower and an individual’s mobile phone. The FBI has been very adamant about their use. The FBI says that they purge that data after the end of every operation, but in countries like Australia where there is no limit on how long data can be retained by law enforcement, it creates a circumstance where there’s a trove of data that is now subsequently searchable and can be acted upon.
CONOR DUFFY: Criterion says it only sells QRC products to phone companies wanting to test mobile phone networks and denied it could be used to target cellphones.
MICHAEL SINKOWITSCH: I’ve never heard of it other than something that unfortunately killed Steve Irwin. I’ve never heard, you know, the term Stingray in technology.
CONOR DUFFY: This quiet suburban home in regional NSW is the registered address of another Australian company called Miltech that pitches itself as one of the most high-tech in the country. As well as doing deals with Australian Defence, its director, Kevin McKinnon, sought to position himself as a middleman between Hacking Team and Indonesian intelligence, which was already using a number of his services.
Emails show negotiations between Miltech and Hacking Team fell through, but Hacking Team wanted to take advantage of the rift between Australia and Indonesia, sparked by revelations Australia tapped the Indonesian President’s phone.
HACKING TEAM EMAIL (male voiceover): “The Indonesia Government is trying to achieve a sort of intelligence autarchy because it deeply mistrusts the so-called Five Eyes. So the Indonesian market is ready. It is willing to build up its own intelligence apparatus.”
CONOR DUFFY: Hacking Team declined to be interviewed, but in an email defended its products, saying the only illegal act was when it itself was hacked.
HACKING TEAM EMAIL (male voiceover): “Hacking Team requires clients to affirm that HT technology will not be used for illegal or military purposes.”
CONOR DUFFY: The leaked Hacking Team files allow a glimpse of a rapidly-expanding industry that wants secrets, but would prefer to keep its own. It’s impossible to know exactly what all this spyware is being used for. While it may all be legal and potentially crucial for law enforcement, it’s feared oversight may not be keeping pace with what are incredibly invasive surveillance techniques.
ADAM MOLNAR: The Australian case is that you could have an agency who has a legitimate warrant to conduct the operation. They collect the data. But once the data’s collected, it would be very easy for that data to be retained indefinitely and then subsequently shared.
SCOTT LUDLAM: Hacking Team are getting singled out at the moment because they got so comprehensively owned and had effectively the company’s DNA spooled out on WikiLeaks. But there are a lot of other outfits like them and I suspect this is really the tip of the iceberg.
NIGEL PHAIR: I think if those outfits are legitimate, and by legitimate, not just corporately legitimate, they have good people that work there, they’re not pseudo-criminal outfits, I think we should have some degree of comfort. But as a society, we need to have that discussion.
SABRA LANE: Conor Duffy and Lisa Main with that report.
For more information on this story, you can read the responses to 7.30 from Hacking Team:
Q: Emails from hacking team claim that Providence’s Australian rep was brokering a deal on behalf of ‘Australian Special Forces’. Did this deal go ahead and what was supplied?
A: As a matter of long-standing policy, Hacking Team does not disclose details of contracts or even the identities of clients. We are not authenticating any of the various documents published after the criminal attack on our company that was revealed on July 6.
Q: Other emails show Hacking Team was interested in services offered by Providence that included bypassing alarms and allowing ‘physical infections’. Why was this capability desirable or necessary?
A: Again Hacking Team does not comment on details of proposals or actual agreements with clients.
Q: Hacking team has been criticised for dealing with countries like Saudi Arabia, does Hacking Team do any due diligence around the human rights records of its customers? How can it be ethical to operate in regimes were opposition figures and journalists are targeted?
A: Please see our Customer Policy. Hacking Team has always sold its technology in accordance with the law. When new regulation went into effect (the Wassenaar Arrangement protocol) in Italy in January of this year, Hacking Team immediately complied with the new rules.
Hacking Team is the first and only company offering lawful surveillance tools to voluntarily publish a policy that attempts to deal with responsible sales and operations. This is an attempt to go beyond the requirements of law.
However, many countries that are labeled “repressive” by activists have a very serious need for tools to fight crime and terrorism. You mention Saudi Arabia, an ally of the west. However Saudi Arabia is where the terrorists who plotted and carried out the 9/11 attack on the U.S. began their work. It is in the interests of the world community that the Saudis have tools to fight terrorists. Furthermore, Saudi Arabia has never been on any blacklist that prohibited the sale of surveillance technology to the country.
Additionally, Hacking Team requires clients to affirm that HT technology will not be used for military or illegal purposes.
Q: Emails show Providence setting up a potential deal for Hacking Team with the Ministry of the Interior in Ecuador. Did the planned demonstration of this software go ahead? Is a deal going to be done?
A: Hacking Team demonstrates its software to many potential clients, however, demonstrations do not always lead to sales. Again, no comment on contacts with clients or potential clients.
Q: Does Hacking Team have any suspicions on who carried out the hack on it?
We believe these criminals were sophisticated, well-funded and had ample time to plan and execute the attack. Beyond that we have no theories to offer. Police agencies are investigating and, of course, we are cooperating in any way possible.
Q: Can the company recover from this?
A: The work of recovery is well underway and the company is focused on providing law enforcement the tools needed to investigate crime, prevent it or prosecute criminals in the digital age.
In the digital age, criminals and terrorists take full advantage of the secrecy provided by the Internet, encrypted communications over mobil and fixed devices and Internet services such as Tor to conduct crime. Each of us runs the risk of becoming a victim of fraud, extortion or worse because of this situation. There are hundreds of examples of crime such as the theft of financial data that has a direct impact on both consumers and business.
Law enforcement must have a way to do what it has always done, that is to track criminals and prevent or prosecute crime. With the development of global terrorism and especially the ‘lone wolf’ terrorist, this requirement is even more important.
Hacking Team has helped fight crime by providing a surveillance tool to law enforcement. The company believes this is a small step toward a more secure world for all who wish to used the Internet and digital tools lawfully.
View the original content and more from this author here: http://ift.tt/1Jse5OP
from hacker samurai http://ift.tt/1I0MD8k
via IFTTT
Anthem health insurance hackers are a well-funded, busy outfit
The hackers behind one of the largest attacks on a US health insurer last year are a highly professional group that’s been active since at least 2012, according to new research from Symantec.
The security firm has dubbed the group, Black Vine, and pins it for a wave of attacks on primarily US companies including Anthem, a US health insurer, that lost 80 million patient records in an attack that began in early 2014 but was only discovered in February 2015.
The attack set in motion a major hunt for the perpetrators, which the FBI has suspected originate from China and as Symantec has now laid out, is likely to have been behind dozens of other attacks over the past three years.
According to Symantec, Black Vine is well-funded enough to have access to multiple zero-day exploits and typically initiates espionage activities by using so-called watering hole attacks where a website is selected, compromised and rigged to deliver attacks on a certain profile of visitor.
In Black Vine’s case, those targets were primarily from energy, aerospace and healthcare sectors, which occurred over waves between 2012 to 2015.
Symantec has also partially attributed the attacks to a Chinese security firm that other researchers have previously linked to the attack on Anthem.
“Based on our own analysis of the campaigns, along with support from open-source data, Symantec believes that some actors of Black Vine may be associated with an IT security organization based in Beijing called Topsec,” Symantec researchers said.
The report doesn’t offer any explanation as to the motivations of the attackers but infers some by fleshing out details about the group’s history, its tactics, malware of choice, and the fact it targeted more companies than just Anthem.
It has been speculated, due to the scale of Anthem’s breach, that the attackers were after health data that could be used to glean information about defence contractors, government workers and others, according to Bloomberg sources.
Symantec earlier this year reported a piece of malware it called “Mivast” that was seen in the Anthem attacks, noting at the time that it connected to domain names with “Topsec” in them. The company, with offices across China, hosts an annual hacking competition called Topsec Cup.
“The organization has reportedly hired known hackers to provide security services and training,” said Symantec researchers.
Details of the connection to Topsec were first reported by security firm ThreatConnect and subsequently by security blogger Brian Krebs who criticised rival security vendors for failing to agree on a common name for the attackers. Other names attributed to Anthem’s suspected attackers include “Deep Panda”, given by Google Ventures-backed CrowdStrike, as well as the names “Axiom”, “Group 7” and “Shell_Crew”.
Symantec researchers outlined today that Black Vine had a trio of preferred malware including Mivast, Sakurel, and Hurix — all custom-developed software that would have required large resources to maintain and use. All three could be used to open a back door; execute files and commands; delete, modify and create registry keys; and gather and transmit information about the infected computer, it said.
The attackers would also use common software to disguise themselves, such as Media Center, VPN and Citrix applications. As previous research has revealed, most of the malware samples had been signed by Korean software company DTOPTOOLZ Co or embedded software product developer Micro Digital Inc.
One of Black Vine’s earliest campaigns was discovered by researcher Eric Romang in December 2012, targeting visitors to the website of Capstone Turbine, a gas turbine manufacturer. The website was rigged to exploit a then zero-day bug in Microsoft’s Internet Explorer (CVE-2012-4792) and deliver Sakurel. A separate attack, observed later in December, via another unnamed turbine power and technology manufacturer’s website also used the Sakurel malware.
Symantec pins Black Vine for a subsequent wave of attacks on the aerospace industry that began in February 2014 and used an unnamed European aerospace company’s website to compromise visitors, this time using a new zero-day bug in Internet Explorer (CVE-2014-0322). Again, the payload was Sakurel, only an updated version.
According to Symantec’s researchers, there are signs that Black Vine didn’t have exclusive access to the aforementioned exploits. The 2012 IE bug for example was used that year against visitors of the Council of Foreign Relations’ website but delivered malware it labels Bifrose and associates with a separate cyberespionage campaigm.
Meanwhile the use of CVE-2014-0322 preceded the attack on Anthem and the aerospace firm, but also delivered different malware to those used by Black Vine.
“Between February 11 and February 15, 2014, the websites of the US Veterans of Foreign Wars (VFW.org) and the home page of a large European aerospace manufacturer both became victims of watering-hole attacks. Similar to the 2012 attacks, the sites were forced to redirect to an exploit for a previously unknown zero-day vulnerability in Internet Explorer (CVE-2014-0322) in order to deliver a malicious payload,” said Symantec’s researchers.
“In the VFW.org attack, the delivered payload was a variant of Backdoor.Moudoor. Moudoor has been used in targeted attacks by a group previously reported by Symantec, referred as Hidden Lynx. The attack against the aerospace manufacturer took place simultaneously with the VFW attack and exploited the same zero-day vulnerability. The payload in the aerospace watering-hole attack was Black Vine’s Sakurel malware,” they added.
View the original content and more from this author here: http://ift.tt/1Kywnwu
from hacker samurai http://ift.tt/1KywpnV
via IFTTT
Anonymous Hackers Release Canadian Spy Service Doc After Member’s Death
In retaliation for the police shooting death of an Anonymous member, the hacking group has released a document which brings to light the shadowy practices of the Canadian intelligence service to light. And they promise there’s more to come.
Earlier this month, a group of protesters demonstrated against a hydroelectric project planned along the Peace River in British Columbia. During a clash with local police, an individual wearing the iconic Guy Fawkes mask was shot in killed. That individual was later identified as 48-year-old James Daniel McIntyre, and according to the hacking group Anonymous, he was among their ranks.
“Anonymous will not stand idly by while our own are cut down in mask,” read a statement given to the National Post by the hackers. “If we do not receive justice, rest assured there will be revenge.”
As authorities have so far failed to arrest the officer responsible for McIntyre’s death, the group appears to have made good on its word. Anonymous has provided a classified document stolen from the servers of the Canadian Security Intelligence Service to the Post.
“We are now privy to many of Stephen Harper’s most cherished secrets,” an Anonymous spokesman said. “We will be releasing stunning secrets at irregular intervals.”
And the initial unveiling already involves a bombshell.
Officially, CSIS maintains three foreign stations outside of Canada, all in the capital cities of major allies. With offices in Washington DC, London, and Paris, CSIS “collects and analyzes information and intelligence that may constitute threats to the security of Canada from across Canada and overseas,” according to the document, allegedly from the Treasury Board of Canada.
But also included are detailed financial records used by the agency which show that Canadian intelligence operates far more than foreign stations than they’ve acknowledged. With approximately 70 staff at each location, the government maintains 25 offices worldwide, most in “developing countries and/or unstable environments.”
Even more embarrassing is the fact that these heretofore secret stations are grossly outdated.
“The tools to access and process intelligence information from these foreign stations have not been updated since the Service’s foreign collection activities began in the mid-1980s,” the document reads.
It goes on to say CSIS needs an extra $20,626,549 in order to extend the agency’s “secure corporate network” to those 25 stations.
“We do not comment on leaked documents and we continue to monitor this situation closely,” Jeremy Laurin, a spokesman for Public Safety Minister Steve Blaney, told the Post regarding the leak.
Ray Boisvert, a former assistant director with CSIS, confirmed with the National Post that while the inner workings of the agency remain unknown to the public, it has nevertheless transformed into “a global powerhouse.”
He stressed that the Canadian government’s foreign operations are conducted with the cooperation of host countries, and also noted that Anonymous’ ability to allegedly breach the government networks was more troubling than the document itself.
Still, the hacking group claims that the released document is only one of many, and it plans to continue leaking information until the guilty police officer is apprehended.
“Disagree with our tactics?” an Anonymous spokesman told the Post during an interview via encrypted channels. “Show us a better way to get there.”
View the original content and more from this author here: http://ift.tt/1SfgodA
from hacker samurai http://ift.tt/1KywpnR
via IFTTT
Hackers Have Declared War On Planned Parenthood
It’s been a rough summer for Planned Parenthood, and it appears that it’s not getting easier any time soon.
As first reported by the Daily Dot , the organization, long known for providing women affordable gynecological care and education, including abortion services, has now come under attack from hackers.
The hacking supposedly occurred this past Sunday, with an hacker by the name of ‘E’ claiming credit for the attack as part of an group called 3301. “Trying to mold an atrocious monstrosity into socially acceptable behaviors is repulsive,” ‘E’ told the Daily Dot in an email. “Obviously what [Planned Parenthood] does is a very ominous practice. It’ll be interesting to see what surfaces when [Planned Parenthood] is stripped naked and exposed to the public.”
On Monday, the organization at least confirmed that an attack has happened. “Today Planned Parenthood has notified the Department of Justice and separately the FBI that extremists who oppose Planned Parenthood’s mission and services have launched an attack on our information systems, and have called on the world’s most sophisticated hackers to assist them in breaching our systems and threatening the privacy and safety of our staff members,” said Dawn Laguens, Planned Parenthood’s executive vice president, in a statement.
According to ‘E’, the hackers have already released the information of Planned Parenthood employees on their website and further plan to release its internal emails and other files. But it’s unknown at this point the veracity of those claims.
Earlier this month, Planned Parenthood was the target of several hidden camera videos (three, as of now) that purportedly showed its employees discussing and negotiating the selling of aborted fetal tissue — claims which the organization and its defenders have vigorously denied as outright lies.
While fetal tissue is often donated, with the full consent of the patient, to medical research labs, Planned Parenthood and its affiliates do not financially benefit from the transaction, according to Cecilie Richards, president of Planned Parenthood. Richards denounced the videos as deceptive and edited propaganda produced by an anti-abortion group in her own video response last week.
That defense has not stopped renewed calls to strip away federal funding for the organization, with the Senate fast-tracking legislation intended to do so this past Sunday. “We’re going to see if we can have a meeting of the minds on what’s the best way to deal with these horrendous videos that we’ve all been viewing,” Senate Majority leader Mitch McConnell (R-Ky.) said in a statement on Tuesday. A Senate vote will come as early as next week, according to Politico , though it’s unlikely to succeed past a Democratic filibuster.
None of the federal funding available currently is allowed to be used in providing abortion services.
View the original content and more from this author here: http://ift.tt/1Sew3Kg
from hacker samurai http://ift.tt/1Kywnwn
via IFTTT
Festival of Code aims to help young hackers find jobs
Youth unemployment across Europe is running at 20 percent yet technology companies are struggling to fill jobs.
In an effort to address that imbalance, 1,200 young people across Britain and beyond are hunched over their computers this week participating in the Festival of Code.
The world’s largest annual hack event for young people is about preparing them to one day land a job in an IT department.
Fifteen young people, one a girl, one as young as 12, are pecking away at their laptops in the basement at the London offices of Ticketmaster.
They are all taking part in the Young Rewired State hackathon: coming up with an idea for an app, designing it and then presenting it this weekend in Birmingham, England.
Ticketmaster and other technology companies are keen to take part as they struggle to fill jobs.
‘’Open positions (in technology) stay open longer,’’ said Gerry McDonnell, Ticketmaster’s senior vice president of technology.
‘’A lot of young coders find their way in the bedrooms and they maybe lose interest because they don’t find other like-minded young people to share their ideas with.
“So these type of events provide a great channel, a great platform to get together and share ideas and hopefully continue with their careers into coding because there is a great shortage,’’ McDonnell said.
There is no simple answer to why the jobs are vacant.
Some successful programmers prefer to work as independent consultants, giving them the freedom to work from home and on a variety of projects.
That’s what Stephen Mount, 21, decided to do after he won the Festival of Code in 2009 with an app that maps crime rates. He said it was often difficult for him to integrate into an office.
‘’A lot of developers do suffer from this, I do as well,” Mount said.
“Sometimes it’s hard to explain things, maybe you don’t have the concentration span that is needed to get the task done but it’s hard to tell the other person that, they just want the job done. Hackathons do improve your confidence and business skills,’’ said Mount, 21.
Jack Spence will carry on computing as a hobby, he’s on track to study law at Cambridge University.
He said the industry has some way to go to improve its image of a non-communicative, solitary programmer, bent over a screen at home.
“The expectation is that people are sitting on their own, that it is something boring just sitting down doing maths. But it’s not, it’s much more doing problem-solving,’’ said Spence, 18, who is working on an app to help monitor cloud cover for night sky watchers.
David Suleman-Waters, 12, is working on an app that tells you when the food in your fridge will go off. It sends a message to your phone before the mould has a chance to bloom and grow.
Organisers say a third of the young people in the festival this year are female but Jessica Ebner-Statt is the sole representative of her gender here.
The 13 year old is working on an app making travel easier for music lovers following their favourite bands on tour.
In Ebner-Statt’s group of friends there are a number of girls interested in computers, maths and engineering but she admits that may be an anomaly.
“They need to put more opportunities in schools and start people learning (coding) from the beginning because there is no point in teaching people when you’re 18,” said Ebner-Statt.
“You should be teaching them from when they’re 10 and when you’re teaching both girls and boys the same thing it gives them the equal opportunity for them to say ‘You know what, I am interested in this’.”
The hackathon has 60 centres across the UK and remote centres in Kosovo, Switzerland and the US participating. Three hundred mentors are on hand to help with questions and presentation.
View the original content and more from this author here: http://ift.tt/1SfgnX5
from hacker samurai http://ift.tt/1Kywp7s
via IFTTT
Tuesday 28 July 2015
WikiLeaks’ Exposed Stratfor Trove Maligned with Malware
A system administrator Josh Wieder who recently visited WikiLeaks discovered malware laced into documents of the publicly exposed Stratfor, stated techworm.net dated July 19, 2015.
Austin, Texas (US) situated American think tank, Stratfor that handles security issues, during late 2011, became victim of a hack by Jeremy Hammond. Hammond the hacker forwarded the e-mail archive of the company to WikiLeaks during early the next year. WikiLeaks, as it handles any other leaked file coming into its grip, publicized the dump.
Wieder scanned all the 5m electronic mails dumped together just for discovering malicious software inside most of the files.
In a blog post, Wieder described the data as truly enormous, more than 5.5m e-mails. The dump was probably so enormous that 2-yrs weren’t enough for accurately examining as well as cleansing the documents before they were wholly published during 2014 (from the year 2012 when WL received them). Techworm.net published this, July 19, 2015.
Further as per Wieder, plentiful malware got illegally included as PE/OLE files else VBScript macros. It was probable that more contaminated documents were hanging about inside WikiLeaks’ dump of unfiltered folders. The Register reported this, July 17, 2015.
As an instance of the above, the February 2011 dated internal memo regarding Libya’s conflict-torn regions of Tripolitania and Cyrenaica had an attached Word file, which indicated presence of malware when examined with VirusTotal, as there was one code-execution attack code inside it for the CVE-2010-3333 vulnerability in Mac and Windows (Microsoft Office).
Wieder has prepared one catalog of Stratfor electronic mails that carry the malware described.
He says he discovered eighteen active malware strains inside the e-mail dump, the majority of which had Word, Excel or PDF files implanted. One malware strain had been created for plucking user registration details from applications. These were addresses and names that were then sent over the Internet onto a remote system.
The Sysadmin further states he has been asking the whistle blowing WikiLeaks site for getting the database sanitized. According to him, no reputable news website would be expected to harbor malware-laced documents, therefore WikiLeaks that claims to be accountable, should not either.
View the original content and more from this author here: http://ift.tt/1D8eGUp
from hacker samurai http://ift.tt/1KvI4Ur
via IFTTT
DefCon Hackers Tell How They Cracked Brink’s Safe in 60 Seconds
Gone in 60 seconds. Security researchers will demonstrate at an Aug. 8 DefCon presentation how they can crack a modern Brink’s safe in just a minute.
When it comes to security, a safe—the physical device in which money is deposited for safekeeping—is quite literally supposed to be safe.
Yet, according to new research set to be demonstrated at the DefCon 23 conference in Las Vegas on Aug. 8, certain models of Brink’s CompuSafe digital safes can be exploited to enable an attacker to crack a safe within 60 seconds and steal whatever cash may be stored inside. The model in question is Brink’s CompuSafe Galileo, which is intended for use in retail stores as a cash management system.
Oscar Salazar, senior security associate at security firm Bishop Fox explained that money inserted into the CompuSafe is automatically deposited to the retail store’s bank account. Salazar, along with Dan Petro, security associate at Bishop Fox, can point to many vulnerabilities in the CompuSafe Galileo.
“One of the main vulnerabilities we are focusing on comes by way of a USB port that is on the exterior of the safe,” Salazar told eWEEK. “We have created a little tool that we can just plug into the safe, wait 60 seconds for the tool to do its work, and then the safe doors will open and you can take all the cash out.”
It might raise eyebrows that the operating system that powers CompuSafe Galileo is Windows XP, which Microsoft no longer supports. Salazar emphasized, however, that it’s not Windows XP that is the root cause of the CompuSafe vulnerabilities.
“Even if the CompuSafe were running Windows 10, it wouldn’t have changed the exploit that we will be demonstrating,” Salazar said.
The USB port on the CompuSafe Galileo is not physically secured with an additional key or access restriction, Salazar said. He explained that the CompuSafe is part of a retail point-of-sale system; so it is typically deployed in well-trafficked areas and not usually in some form of hardened secure location with limited physical access, such as a vault.
In the normal operation of the safe, the majority of operations are executed by way of a touch-screen on the safe. Once the money has been inserted into the safe, it is automatically deposited to the retailer’s bank, which means that it’s the bank’s money and a store manager cannot remove cash from the safe. Typically, to remove cash, there is a requirement for both the store manager and a Brink’s employee to be present.
“Part of what’s interesting about our hack is it bypasses everything and just gives us direct access without having a store manager or Brink’s employee present,” Salazar explained.
The tool that Salazar and Petro created basically emulates mouse and keyboard presses. Petro noted that the vulnerability isn’t something that a typical security scanner would catch, but is something that a software quality assurance team should notice.
“A large portion of the attack is about escaping out of the kiosk mode that is put in place on the safe, in order to prevent someone from accessing the backend system,” Petro explained.
Petro said that he and Salazar literally “smashed” on the keyboard to see what would happen when arbitrary keys were pressed together. Using that smashing technique, the researchers were able to figure out how to escape the kiosk mode.
View the original content and more from this author here: http://ift.tt/1D49mBE
from hacker samurai http://ift.tt/1ewhDCp
via IFTTT
Planned Parenthood targeted by anti-abortion hackers
For the second time this month, Planned Parenthood is becoming the target of an anti-abortion group.
On Monday, the organization confirmed that anti-abortion hackers have tried to collect staff email addresses, passwords, internal emails, and other private information.
“I am personally pro-life but I am not for hacking into any database or exposing anyone for any reason,” said Jan Kelly.
“I don’t think it’s ever OK to do it,” Brenda Swain.
The recent hacking attempt comes about two weeks after an anti-abortion group called “The California-Based Center for Medical Progress” posted a controversial video about Planned Parenthood on YouTube.
The video suggests that Planned Parenthood harvests body parts from aborted fetuses and makes money off tissue donations, which would be illegal.
“The allegation that Planned Parenthood profits in any way from tissue donation is not true,” said Cecile Richards, the President of Planned Parenthood Federation of America.
The Texas Tribune has reported that the anti-abortion group responsible for the video may have visited a Planned Parenthood facility in Houston.
Conservative lawmakers are now calling for efforts to de-fund Planned Parenthood.
“I could talk about the video but I think I’d vomit trying to talk about it. It’s disgusting,” said House Speaker John Boehner.
Meanwhile, Planned Parenthood said it has alerted the Department of Justice and the FBI about the recent hacking attempt, saying in part “We treat matters of safety and security with the utmost importance, and are taking every measure possible to mitigate these criminal efforts to undermine our mission and services.”
Texas is one of several states planning to investigate Planned Parenthood.
View the original content and more from this author here: http://ift.tt/1VKljlS
from hacker samurai http://ift.tt/1D56Fjg
via IFTTT
US Disturbed by WikiLeaks German Spy Target Disclosure
Providing German opposition with lists of US espionage targets was unreasonable, the head of American Academy in Berlin, Gerhard Casper, said in an interview with the German Bild newspaper, published Monday.
BERLIN (Sputnik)– On July 8, WikiLeaks revealed that the United States spied on three German chancellors: Helmut Kohl, Gerhard Schroeder and Angela Merkel, as well as a number of other federal government members beginning at least in the 1990s.
Casper, a former president of Stanford University, told the newspaper that revealing the espionage information was not a reasonable decision.
He added, however, that he does not believe that there will be a long-term severance in US-German relations.
According to Casper, US and Germany must now establish clear rules of cooperation between special services, and the discussion should be led in an objective manner.
Earlier in July, the head of the Bundestag committee investigating the espionage scandal, Patrick Sensburg, said the NSA had been spying on German citizens up until at least 2012, in violation of mutual cooperation pacts between the intelligence agencies.
View the original content and more from this author here: http://ift.tt/1KvI4Eb
from hacker samurai http://ift.tt/1ewhDm9
via IFTTT
Hackers Just Attacked Planned Parenthood, but the Real War Is So Much Bigger
They wear masks and bulletproof vests, and they change their driving route on their way to the office. They take back entrances, hide their identities and rarely tell people what they do for a living. Not all of them have it this hard, but for people who work for abortion providers and companies like Planned Parenthood, anonymity can be the only thing standing in the way of those who want to stop their work through any means necessary.
On Monday morning, hackers published a list of 333 names and email addresses of people who are allegedly associated with Planned Parenthood. It’s the most recent installment in a long history of anti-abortion activism, where doxxing isn’t just a tool of shaming and invading privacy but the first step on the road to ruining lives — or ending them.
On Monday afternoon, Planned Parenthood released a statement acknowledging the hack and blaming “extremists” who “have called on the world’s most sophisticated hackers to assist them in breaching our systems and threatening the privacy and safety of our staff members.”
The inside story of the Planned Parenthood attack: The information was leaked by a small hacking group called 3301, an international group of five hackers and friends with various motives and interests. They say they’re affiliated with the notorious Lizard Squad and other hacking groups, and are sympathetic to incarcerated hacker heroes like Rory Guidry, whom they’d like to see set free.
“We have a lot of future targets,” Jansson, one of the members of 3301, told Mic. “We’re going to be here for a while yet.”
“I guess [abortion providers can] just buy a gun,” one of the hackers told Mic. “That’s what America is good for, right?”
Planned Parenthood is 3301’s first publicized target. Two members of the group have strict anti-abortion beliefs, whereas Jansson is just more interested in the challenge of finding vulnerabilities in major systems that claim to be totally secure. Not that Jansson doesn’t have his own political beef with America.
“Corruption, racism, the fact they act like [they’re] the world police,” Jansson told Mic, listing his grievances with the U.S. “Also the fact people think Donald Trump would make a good president is crazy.”
Jansson said that the group has information about women who received abortions at Planned Parenthood facilities, as well as the Social Security number of Planned Parenthood’s CEO, but they don’t plan to release that information — at least not yet. Jansson said he insisted to the team members in charge of leaking info that they only dump the information of workers, not actual abortion-seekers. He trusts that his team won’t leak that info.
This hack wasn’t a sophisticated work of evil genius. Essentially, the team found out that Planned Parenthood was using an old piece of software — an outdated version of CONCRETE5, Planned Parenthood’s content management system — and hit it where it was most dated and vulnerable. The websites of NGOs and municipalities are notoriously easy to exploit.
But even if this is a one-off attack (as opposed to a concerted and consistent effort to take down abortion clinics and family service providers), it’s part of a long history of doxxing and exposing abortion providers and their allies. It’s a gruesome war as old as the Internet itself.
View the original content and more from this author here: http://ift.tt/1h0YdHP
from hacker samurai http://ift.tt/1D56Hrr
via IFTTT
Monday 27 July 2015
HP Fortify finds 100% of tested smartwatches contain significant security vulns
By StephanieWisdom (HP)
Smartwatches—they’re growing in popularity for both their convenience and capabilities (plus, they look pretty cool). But, as they become more mainstream, they’ll continue to store more sensitive information, and through connectivity with mobile applications, they may soon enable physical access functions—unlocking cars and homes. It truly is the era of Internet of Things (IoT).
As part of an ongoing series looking at IoT security, HP has unveiled results of a recent study which confirms that smartwatches with network and communication functionality represent a new and open frontier for cyberattack. The study conducted by HP Fortify found that 100 percent of the tested smartwatches contained significant vulnerabilities, including insufficient authentication, lack of encryption and privacy concerns.
The study questions whether smartwatches are designed to store and protect the sensitive data and tasks for which they are built. HP Fortify on Demand assessed 10 smartwatches, along with their Android and iOS cloud and mobile application components, uncovering numerous security concerns.
You can read the report here, as well as see actionable recommendations for secure smartwatch development and use—both at home and in the office!
View the original content and more from this author here: http://ift.tt/1et5i1T
from hacker samurai http://ift.tt/1D5nw5r
via IFTTT
Hackers remotely turn off engine and jam brakes of car
A leading security company claims data can be sent to a car through Digital Audio Broadcasting (DAB) radio signals, which then mines its way into the car’s computer system and gives the hackers remote access to its key systems, including braking and steering.
NCC Group revealed the exploit on the same day that two US researchers were reported to have taken remote control of a Jeep Cherokee (with the driver’s permission) and applied the brakes without having any previous physical contact with the vehicle. Chrysler has released a software update to address the problem.
Manchester-based NCC Group revealed its findings to the BBC, and explained how it had carried out the hack using relatively cheap, off-the-shelf components connected to a laptop.
Researcher Andy Davis created a DAB station, which a car would be able to connect to through its radio; because DAB stations can send text and pictures to a car’s dashboard screen, an attacker can bundle malicious code with these to gain control of the system.
Taking control of the steering and brakes
Once the attacker has compromised the dashboard and entertainment system, Mr Davis claimed they could then work their way into the car’s critical systems, such as steering and braking.
A more powerful transmitter could let attacks target several vehicles at once, the researcher claims. He also described how attackers could broadcast over the top of existing stations to target as many vehicles as possible.
According to him, “As this is a broadcast medium, if you had a vulnerability within a certain infotainment system in a certain manufacturer’s vehicle, by sending one stream of data, you could attack many cars simultaneously. [The attacker] would probably choose a common radio station to broadcast over the top to make sure they reached the maximum number of target vehicles.”
Modern cars are targets
Modern cars are increasingly becoming targets for cyber attacks due to their expanding roster of autonomous features.
Automatic parking is an option in a number of mid-range cars and gives the vehicle’s computer control of the steering, while automatic braking to avoid low-speed accidents in traffic is also fitted to many others, even at the lower end of the market; cruise control can be used to adjust a car’s speed without a physical connection between the driver and the engine.
If all three systems are compromised on an automatic car (wherein the driver cannot press the clutch pedal to stop the engine engaging the gears), then hackers can potentially gain full control of the vehicle.
“If some persons were able to compromise the infotainment system because of the architecture of its vehicle network, they would in some cases be able to disable the automatic braking functionality.”
He admitted that the hack would take “a lot of time, skill and money” but warned that this “isn’t to say that there aren’t large organisations interested in it.”
View the original content and more from this author here: http://ift.tt/1LMLV2F
from hacker samurai http://ift.tt/1LMLOUO
via IFTTT
Columns – Not a good idea to spy on friends
THERE’s been so much dramatic news these days – from Greece’s miseries to Iran, China from blowhard Donald Trump – that the shocking story of how America’s National Security Agency has been spying on German and French leadership has gone almost unnoticed.
Last year, it was revealed that the NSA had intercepted Chancellor Angela Merkel’s cell phone. She is supposed to be one of Washington’s most important allies and the key power in Europe. There was quiet outrage in always subservient Germany, but no serious punitive action.
Brazil’s president, Dilma Rousseff, was also bugged by American intelligence. Her predecessor, Luiz Lula da Silva, was also apparently bugged.
This year, came revelations that NSA and perhaps CIA had tapped the phones of France’s president, Francois Hollande, and his two predecessors, Nicholas Sarkozy and Jacques Chirac. Hollande ate humble pie and could only summon some faint peeps of protest to Washington. Luckily for the US, Charles de Gaulle was not around. After the US tried to strong-arm France, “le Grand Charles” kicked the US and Nato out of France.
Last week, WikiLeaks revealed that the NSA had bugged the phone of Germany’s foreign minister, Frank-Walter Steinmeier, for over a decade. Imagine the uproar and cries “the Gestapo is back” if it were revealed that German intelligence had bugged the phones of President Barack Obama or Secretary of State John Kerry.
A lot of Germans were really angry that their nation was being treated by the Americans as a northern banana republic. Many recalled that in the bad old days of East Germany its intelligence agency, Stasi, monitored everyone’s communications under the direct supervision of KGB big brother at Moscow Centre.
The National Security Agency and CIA claim their electronic spying is only aimed at thwarting attacks by anti-American groups (aka “terrorism”). This claim, as shown by recent events, is untrue. One supposes the rational must be a twist on the old adage “keep your enemies close, but your friends even closer”.
Ironically, the political leaders listed above – save perhaps Brazil’s da Silva – are all notably pro-American and responsive to Washington’s demands.
Why would the US risk alienating and humiliating some of its closet allies?
One suspects the reason is sheer arrogance … and because US intelligence could do it. But must US intelligence really know what Mr Merkel is making Mrs Merkel for dinner?
Until WikiLeaks blew the whistle, some European leaders may have known they were being spied upon but chose to close their eyes and avoid making an issue. Raising a fuss would have forced them to take action against the mighty US.
Besides, British, Italian and French intelligence are widely believed to have bugged most communications since the 1950’s. But not, of course, the White House or Pentagon. The only nation believed to have gotten away with bugging the White House was Israel during the Clinton years. The Pentagon was bugged by a number of foreign nations, including Israel, China and Russia.
Humiliating Europe’s leaders in this fashion is a gift to the growing numbers of Europeans who believe their nations are being treated by the US as vassal states.
There is widespread belief in Western Europe that US strategic policy aims at preventing deeper integration of the EU and thwarting a common foreign policy or a powerful European military. Britain serves as a Trojan horse for America’s strategic interests in Europe.
Way back in the 1960’s, then German defence minister Franz Josef Strauss, an ardent proponent of a truly united Europe, thundered that Europeans would not play spearmen to America’s atomic knights. But, of course, that’s just what happened.
The US still runs and finances Nato in the same way the Soviet Union commanded the Warsaw Pact. Washington calls on Europe for troop contingents in its Middle East and south Asian colonial wars in the same way that the Persian Empire summoned its vassals to war.
Many Germans and French, both right and left, would like their leaders to react more forcefully to NSA’s ham-handed spying. However, Merkel and Hollande are both political jellyfish eager to evade any confrontation with Big Brother in Washington. Maybe he has too much dirt on them.
But a confrontation is inevitable one day if Europe is to regain its true independence that was lost after World War II.
View the original content and more from this author here: http://ift.tt/1Jpe4uP
from hacker samurai http://ift.tt/1Jpe3XW
via IFTTT
Subscribe to:
Posts (Atom)