Former National Security Agency (NSA) IT contractor Edward Snowden could be able to stay in Russia for more than one year, as the Russian government said they don't plan to send him packing.
Snowden, currently in Russia on a temporary one-year asylum, has offers from Brazil and several Central American countries interested in taking him in - but Alexy Pushkov, the Russian Foreign Affairs Committee legislator, noted that Snowden could stay longer. The 30-year-old American is now free to stay in Russia, working for private Russian companies, until he is ready to return back to the U.S.
During a recent online chat, Snowden said he would like to one day return to the United States, but that cannot happen unless he's granted protection under the federal Whistleblower Protection Act - which doesn't apply to former government contractors. Meanwhile, Snowden continues to claim he didn't carry out actions for Russia or any other foreign government, though some U.S. lawmakers still aren't so sure about that.
After a handful of high-profile malware attacks targeting retail point-of-sale, the FBI identified around 20 similar hacking cases over the past 12 months.
Dubbed the "Recent Cyber Intrusion Events Directed Towards Retail Firms," which was dated January 17, and is a shocking wake up call for retailers, credit card and banking executives trying to protect consumers.
"We believe POS malware crime will continue to grow over the near term, despite law enforcement and security firms' actions to mitigate it," the FBI noted in a recent report. "The accessibility of the malware on underground forums, the affordability of the software and the huge potential profits to be made from retail POS systems in the United States make this type of financially motivated cyber crime attractive to a wide range of actors."
Target continues to combat a public relations nightmare after 70+ million customers were affected, while Neiman Marcus also is battling a recent data breach that has led to fraudulent credit and debit card charges.
High-end boutique retailer Neiman Marcus confirmed up to 1.1 million credit cards were affected during a security data breach that was disclosed over the 2013 holiday shopping season. Starting in mid-July to late October last year, malware collected credit card and debit card information, with 2,400 cards reportedly used for fraudulent purchases.
Customer Social Security numbers, debit card PIN numbers and birth dates weren't disclosed, and online shoppers haven't been affected.
"The malware the thieves deployed is more sophisticated and an unusual and a new way of gathering data," said David Robertson, The Nilson Report publisher, when speaking with the media. "In the history of the fight between hackers and retailers and anyone who holds payment data, the attack has occurred at the data center. That's where the largest number of accounts are. That's where the attack occurred because that's the biggest payoff."
Retailers already must deal with a number of different online threats, but malware and security risks facing brick and mortar retailers is a newer issue.
Media giant CNN was recently attacked by the Syrian Electronic Army hacker group, with several social media accounts and one live blog targeted. The official CNN Twitter and Facebook accounts were temporarily defaced before CNN was able to regain control within a few minutes.
The CNN Twitter feed featured the following tweet, for example: "Syrian Electronic Army Was Here... Stop Lying.... All your reports are fake!"
CNN was reportedly targeted for reportedly "viciously lying reporting aimed at prolonging the suffering in Syria," according to the group.
The Syrian Electronic Army recently targeted Microsoft's social media accounts, and continues to take aim at high-profile targets. Even if the compromised company is able to reset passwords and delete fraudulent postings, screenshots are quickly shared. The SEA also has hit The New York Times, Associated Press, BBC, Al Jazeera, The Guardian, and other major global news publications during its campaign.
Edward Snowden, the former National Security Agency (NSA) IT contractor now living in Russia following his high-profile data leak, won't return to the United States until current laws are changed. The federal Whistleblower Protection Act isn't applicable to former government contractors, which means he could face significant legal trouble if he returns to the United States.
"Returning to the U.S., I think, is the best resolution for the government, the public, and myself, but it's unfortunately not possible in the face of current whistleblower protection laws," Snowden said in response to a question about getting a fair shake if he one day returns to the United States.
It seems highly unlikely Snowden will return to the U.S. unless he's offered immunity by the U.S. government, which is something the White House hasn't recently discussed publicly. It seems that the NSA and other government agencies would be able to learn from Snowden, but he won't touch U.S. soil just to face possible espionage charges.
Snowden is currently in Russia where he was given one-year asylum, and could eventually find his way to a country like Brazil after his stay in Russia ends. There are rumors private Russian companies are interested in hiring Snowden and trying to help him secure permanent residency.
The National Security Agency (NSA) phone surveillance program that monitored U.S. citizen phone calls wasn't legal, according to the Privacy and Civil Liberties Oversight Board. Of note, the panel discovered Section 215 of the Patriot Act doesn't give the NSA legal basis to listen in and record phone conversations of American citizens.
"The report reaffirms the conclusion of many that the Section 215 bulk phone records program has not been critical to our national security, is not worth the intrusion on Americans' privacy, and should be shut down immediately," said Sen. Patrick Leah, (D-Vermont), in a statement. "The report appropriately calls into question the legality and constitutionality of the program, and underscores the need to change the law to rein in the government's overboard interpretation of Section 215."
Following data leaks of Edward Snowden, a former NSA IT contractor, President Barack Obama and the NSA have battled against strong public backlash. White House Press Secretary Carney fired back against the PCLOB's analysis, saying the White House "simply disagrees" on the "legality of the program," in what will continue to be a complicated matter.
Just a few hours after Microsoft introduced a revamped Office blog, the Syrian Electronic Army victimized the software company by hacking and defacing the site. A few of the blog posts featured "hacked by the Syrian Electronic Army" byline instead of the original blog titles - with the group confirming the hack via its Twitter account.
No customer information was compromised in the attack, and the blogs were quickly restored back to normal.
The Syrian Electronic Army has enjoyed targeting Microsoft, and previously accessed a "small number" of Microsoft employee e-mail accounts. SEA also sent the following Tweet from Microsoft's official Skype account: "Don't use Microsoft emails (Hotmail, Outlook), they are monitoring your accounts and selling data to the governments. More details soon."
Expect SEA to target Microsoft in future hacks, as the group continues to target Microsoft, The New York Times, Associated Press, BBC, Al Jazeera, The Guardian, and other major news media outlets. The group typically uses phishing tactics to gain access into Twitter and other social media platforms, which continue to prove successful.
A representative from the Korea Credit Bureau (KCB) has reportedly been arrested following accusations he stole personal customer information from three different credit card companies, media reports from South Korea indicate.
The stolen information includes full customer names, Social Security numbers, credit card numbers and expiration dates, and phone numbers, according to the South Korean Financial Supervisory Service (FSS). The information was continually stolen from May 2012 until December 2013, with the suspect saving information on a flash drive.
Companies and government agencies providing access to large amounts of personal information must now combat the information from being mistakenly released - or intentionally stolen and later shared - as customers demand better privacy protection.
The United States government believes National Security Agency (NSA) whistle blower Edward Snowden possibly received support from the Russian government.
"I don't think Mr. Snowden woke up one day and had the wherewithal to do this all by himself," said Rep. Michael McCaul (R-Teaxas), in a recent TV interview. "To say definitively I can't answer that, but I personally believe he was cultivated by a foreign power to do what he did. Again, I can't give a definitive statement on that, but I think given all the evidence I know Mige Rogers has access to, that I've seen, that I don't think he was acting alone."
Snowden has evolved into an enigma since his public data breach last year, as the former CIA technical assistant received a GED and dropped out of a Maryland community college. Described as a "geek," it seems shocking that he would eventually find his way to the U.S. government contractor Booz Allen Hamilton - and would remain there until he quickly left for Hong Kong in 2013.
Sen. Dianne Feinstein from California, head of the Senate Intelligence Committee, also noted that Snowden "may well have" received support from an outside source. Whether or not Snowden received foreign support to steal information and publicly share it, government lawmakers and the NSA have struggled with heavy criticism from American citizens.
The recent high-profile data theft that left more than 70 million Target shoppers affected could be part of a more organized cyber plot against major retailers, according to a recent U.S. government document. The credit card readers used in the Target data breach reportedly became available last spring, partially written in Russia, and it couldn't be detected by anti-virus software.
A 17-year-old from St. Petersburg, Russia, is reportedly responsible for creating the BlackPOS malware which was later sold to the Russian organized crime group.
The U.S. Department of Homeland Security (DHS) is working with cyber intelligence company iSight Partners, though other retailers that were affected weren't disclosed by either group. Meanwhile, Target, Nieman Marcus, and other retailers have already suffered due to the cyber crime, with other retailers on the lookout of similar attacks.
Cyber security threats continue to plague users and businesses trying to defend against increasingly sophisticated and well-executed attacks, according to the Cisco 2014 Annual Security Report. Cyber security is a major business as Cisco and other companies develop cyber security efforts to protect end-users and businesses.
Overall cyber attacks increased 14 percent in 2013, with select industries facing a staggering number of attacks designed to steal information and disrupt day-to-day operations. The pharmaceutical, agriculture, mining, chemicals and electronics industries all saw an increase in malware aimed at compromising systems - a whopping growth of 600 percent - while energy, oil and gas industries saw a 400 percent increase in malware and cyber attacks.
"Although the Cisco Annual Security Report paints a grim picture of the current state of cyber security, there is hope for restoring trust in people, institutions and technologies - that that starts with empowering defenders with real-world knowledge about expanding attack surfaces," said John Stewart, Cisco Chief Security Officer, noted in a press release. "To truly protect against all of these possible attacks, defenders must understand the attackers, their motivations and their methods - before, during and after an attack."
President Barack Obama announced an overhaul of the National Security Agency (NSA) phone surveillance program following classified data leaks by former IT analyst Edward Snowden.
"Let us chart a way forward that secures the life of our nation, while preserving the liberties that make our nation worth fighting for," Obama said during his Friday morning press conference. "The United States is not spying on ordinary people who don't threaten our national security ... unless there is a compelling national security purpose, we will not monitor the communications of heads of state and government of our close friends and allies."
Obama's administration has endured a tremendous amount of criticism following NSA data leaks, courtesy of Snowden's disclosure last year. Even with a promised overhaul, many Internet users - and foreign government leaders - expect continued distrust from regular Internet users. Furthermore, Obama's promise of not spying on "close friends and allies" only applies to "dozens" of foreign leaders and high-ranking government officials.
Luxury retailer Neiman Marcus reportedly first had its computer network accessed by hackers dating back to July 2013, with the security hole only recently plugged, according to recent stories. The security breach likely compromised customer names and credit card information used in-store only, and online shoppers reportedly remained safe.
The company didn't reportedly receive an alert about the cyber intrusion until mid-December - a shocking reality check for retailers, as five months elapsed from the first date-stamped data intrusion.
Retailers are facing increasingly sophisticated physical and online security threats - and consumers rightfully demand companies handle personal information carefully - though security experts warn this is only the beginning.
Microsoft has given Windows XP users a brief reprieve by announcing anti-malware support for the 12-year-old operating system will be extended into 2015. The XP end of life scheduled for April 8 will still take place as scheduled, but anti-malware protection will give stragglers an additional layer of much-needed security.
Anti-virus vendors already stepped up support for XP, saying they would continue to provide anti-virus and anti-malware defense - but Microsoft won't provide updates, and that could still leave users vulnerable.
"Our research shows that the effectiveness of anti-malware solutions on out-of-support operating systems is limited," Microsoft said in a recent blog post. "Running a well-protected solution starts with using modern software and hardware designed to help protect against today's threat landscape."
There are still millions of users using XP worldwide, and many businesses are still scrambling trying to migrate from the aging OS.
The threat of distributed denial of service (DDoS) attacks against enterprise users from mobile applications is increasing as more users go mobile, according to DDoS security company Prolexic. Cyber criminals are finding mobile devices can make for a powerful attack tool - and surprisingly easy to use.
"Mobile devices add another layer of complexity," said Stuart Scholly, Prolexic President, in a press statement. "Because mobile networks use super proxies, you cannot simply use a hardware appliance to block source IP addresses as it will also block legitimate traffic. Effective DDoS mitigation requires an additional level of fingerprinting and human expertise so specific blocking signatures can be developed on-the-fly and applied in real-time."
DDoS attacks can lead to website and server downtime, interruption in day-to-day business operations, and lead to lost revenue and wasted manpower. Prolexic discovered a 26 percent increase in DDoS attacks from Q4 2012 to Q4 2013, with a significant number of advanced DDoS attack weapons.
Online chat service Snapchat has apologized for increased spam hitting users, but denies there is a connection to a recent username data breach.
"We've heard some complaints over the weekend about an increase in Snap Spam on our service," the company said in a recent blog post. "We want to apologize for any unwanted Snaps and let you know our team is working on resolving the issue. As far as we know, this is unrelated to the Find Friends issue we experienced over the holidays."
Snapchat engineers are likely working to crack down on spam accounts - and prevent future data breaches - though some users have been rattled and abandoned the service. Snapchat said increasing spam is a sign of a "quickly growing service," and recommended users switch to "Only My Friends" in the account settings panel.
The Snapchat user database was recently compromised and affected 4.6 million users, with contact information published online.
Luxury retailer Neiman Marcus recently confirmed a data breach in which an unknown number of in-store shoppers potentially affected from data theft. Prior to Christmas 2013, Neiman Marcus received a report from its credit card processor informing the company of unauthorized payment activity.
Neiman Marcus also didn't disclose what type of personal information is at risk, and didn't' confirm if retailers such as Bergdorf Goodman, and other Neiman Marcus-owned brands that may have suffered a breach.
"The security of our customers' information is always a priority and we sincerely regret any inconvenience," Neiman Marcus officials said in a Twitter statement. "We are taking steps, where possible, to notify customers whose cards we know were used fraudulently after purchasing at our stores."
The Neiman Marcus breach is the second major retailer hit by a significant data breach, after Target confirmed a breach left 70 million customers at risk. Shoppers are increasingly familiar with online shopping threats, but criminals also look to exploit retail stores in an organized effort to steal personal information.
Snapchat is one of the most popular image sharing services in the mobile ecosystem, and today more than 4.6 million users are learning that their contact information has been hacked by unknown persons. A website called SnapchatDB.info has popped up that list out usernames and phone numbers of each account that was compromised.
Originally thought of as a hoax, SnapchatDB.info has been confirmed as real and its creators say that they stole the information and created the website to raise awareness around the security issues surrounding Snapchat. SnapchatDB.info did censor the last two digits of each phone number to reduce spam, and unwanted messages to users, but with only 10 numbers per spot, it would only take a few minutes to figure out which is correct.
A group of hackers who are known as DERP, used DDoS attacks on a few large games and gaming sites, taking a few of them down. EA's home page was victim, Battle.net, League of Legends and Club Penguin were all affected.
It looks like a single gamer by the name of Phantoml0rd is the target of these multiple attacks, with DERP attacking all of the games he streams through Twitch, which include World of Warcraft and League of Legends.
A new DDoS Botnet has the ability to infect both Microsoft Windows along with Linux-based systems, according to the Poland Computer Emergency Response Team (CERT). Unlike many cyber-based attacks, this botnet is only interested in launching DDoS attacks to knock certain servers and websites offline.
The Linux-based botnet reportedly handles dropping servers, while the Windows-based botnet easily hijacked consumer PCs. "Most servers that are injected with these various scripts are then used for a variety of tasks, including DDoS, vulnerability scanning, and exploiting," according to security expert Andre Dimino, in a blog post. "The mining of virtual currency is now often seen running in the background during the attacker's 'downtime.'"
Seeing DDoS attacks to turn zombie PCs into an effective botnet isn't Earth-shattering news, but this cross-platform attack is relatively unique. As bitcoin mining and launching attacks to impact certain companies is easily done when using unsuspecting machines.
Researchers from Johns Hopkins University confirmed it's possible to turn on a laptop's web camera without turning on a light that informs users the camera is on. Just a few years ago, it didn't seem possible to hack a webcam like this, but it's something consumers need to be somewhat vigilant about.
The team focused on Apple MacBook and iMac models available before 2008, but said the exploit can be used on a variety of different models. Although Apple initially opened up communication with Johns Hopkins University to discuss the problem, there reportedly haven't been any further updates.
Using a Remote Administration Tool (RAT), for example, works around the computer's security and remotely controls the computer webcam.
For users worried about being remotely spied on, security researchers recommend simply placing a piece of tape over your web camera when it isn't in use. It may seem like a rather archaic method, but is successful in case the camera has been compromised.