TweakTown NewsRefine News by Category:
The NSA and US Department of Justice are being sued by the Wikimedia Foundation, accusing the US organizations of violating US laws related to freedom of speech. The American Civil Liberties Union (ACLU) is representing Wikimedia, which was joined by Amnesty International, Human Rights Watch, and several other major organizations in the lawsuit.
The NSA's use of "upstream" surveillance, which "taps the Internet's 'backbone' to capture communications with 'non-US persons,'" is available for a large amount of possible uses - however, it is believed to ultimately collect data not involved in their investigations. Wikimedia and other groups are concerned that journalists, clients, foreign government officials and others won't be as willing to turn over information and discuss sensitive topics with them.
"Our lawsuit says that the NSA's mass surveillance of Internet traffic on American soil - often called 'upstream' surveillance - violates the Fourth Amendment, which protects the right to privacy, as well as the First Amendment, which protects the freedoms of expression and association," according to a Wikipedia op-ed published by the New York Times. "We also argue that this agency activity exceeds the authority granted by the Foreign Intelligence Surveillance Act that Congress amended in 2008."
The Central Intelligence Agency is undergoing a technology modernization, with officials especially interested in developing its digital abilities. The CIA will appoint a "Directorate of Digital Innovation," tasked with keeping better tabs of cyber technology.
"Our ability to carry out our responsibilities for human intelligence and national security responsibilities has become more challenging" in the current digital landscape, said John Brennan, director of the CIA, in a statement published by Reuters. "And so what we need to do as an agency is make sure we're able to understand all of the aspects of that digital environment."
The NSA and FBI are well known for their cyber surveillance programs, but the CIA and other departments want their respective cyber-related efforts to be updated. Additional details regarding what the CIA hopes to accomplish with a renewed focus on cybersecurity wasn't discussed by CIA officials.
Consumers in the United States are receiving new credit cards and retailers must upgrade their payment terminals. Cybersecurity experts warn that since credit card companies will rely on signatures while PIN numbers won't be required - due to higher cost and increased complexity - stolen and lost cards could still be vulnerable.
Chip-enabled cards will help lower fraud in retail stores, but online fraud is likely to increase, which has happened in other countries that adopted similar technology years ago. There will be a learning process for US consumers and retailers unfamiliar with Chip-and-PIN - but it should help usher in change, even if security concerns remain.
"A payment standard that is accepted globally will substantially reduce transaction costs for them," said Rick Dakin, CEO of the Coalfire cybersecurity risk and compliance firm, in a statement to Reuters. "Also they have already done the heavy lifting for EMV so they are ready and pushing for it."
Criminals took $16 billion from 12.7 million US consumers last year, with a new identity fraud victim every two seconds, according to a new report from Javelin Strategy & Research. Two-thirds of identity fraud victims last year received notification that their personal information was compromised in a data breach, which took over headlines as major retailers were hit.
On the bright side, new account fraud, which is when a criminal opens up an account in a victim's name, dropped to a record low in 2014. In addition, new monitoring and protection systems saw the amount lost due to fraud dropping 11 percent year-over-year, from $18 billion in 2013 down to $16 billion in 2014.
"Despite the headlines, the occurrence of identity fraud hasn't changed much over the past year, and it is still a significant problem," said Al Pascual, director of fraud & security at Javelin Strategy & Research. "Consumers, financial institutions and retailers are all taking aggressive steps, yet we must remain vigilant. The criminals will continue to find new ways to commit fraud, so taking advantage of available technology and services to protect against, detect and resolve identity fraud is a must for all individuals and corporations."
The "FREAK attack" may have exposed millions of Apple and Google Android Internet users, though there have been no confirmed cases of attacks against Web browsers. If exploited, hackers could compromise usernames, passwords, and other personal information in a rather simple manner.
The "Factoring attack on RSA-EXPORT Keys" attack stems from a US law that required "export-grade" products with weaker encryption protocols to be shipped overseas. Despite the federal restrictions being lifted more than 15 years ago, popular software - which eventually found its way to the United States - were still vulnerable.
Apple and Google have both created software updates to prevent this type of attack from being problematic. The Apple update will be issued next week, while Google has already offered an update to wireless carriers and smartphone manufacturers.
Former NSA contractor Edward Snowden wants to return to the United States in the future, but needs guarantees of a fair trial. The only promise he has been given is that he wouldn't face the death penalty if he is convicted - and privacy advocates believe the US government, which wants to do anything to get him into custody, cannot be trusted.
"He is thinking about it," said Anatoly Kucherena, a Russian lawyer representing Snowden, during a recent news conference. "He has a desire to return and we are doing everything we can to make it happen. Snowden is ready to return to the United States, but on the condition that he is given a guarantee of a legal and impartial trial."
Kucherena also noted that he is working with a group of international lawyers to determine the best method for Snowden's potential return to the United States. Snowden has a three-year Russian residency, but would likely face immediate arrest if he tried to leave Russia.
The US federal government is worried about a growing number of cases related to Stolen Identity Refund Fraud (SIRF), with criminals filing state and federal taxes - and making off with the tax refunds. Tax-related identity theft was the most reported type of fraud submitted to the Federal Trade Commission (FTC) in 2014, with the agency receiving 109,063 complaints.
Recently, the Internal Revenue Service (IRS) issued another public advisory to remind people that any telephone calls or emails claiming to be the IRS are fraudulent. In these scams, criminals ask victims to provide personal information or transfer money to them.
"It is a massive problem," said Brian Krebs, independent cybersecurity investigative reporter, in a statement published by the Milwaukee Journal Sentinel. "It's probably going to emerge as the biggest identity theft problem this year."
Ben Lawsky, a New York financial regulator and head of the New York Department of Financial Services, is reportedly considering new regulation to help prevent against "an Armageddon-type" cyberattack. There is concern that a coordinated cyberattack would be able to hit the "broader economy" of the United States.
"We are concerned that within the next decade, or perhaps sooner, we will experience an Armageddon-type cyber event that causes a significant disruption in the financial system for a period of time," Lawsky said while speaking at Columbia Law School.
To help prevent against a "cyber 9/11," Lawsky wants financial institutions and insurance companies be graded by the DFS. The legislation may also require multifactor authentication and other requirements to keep data secure. Banks also must be proactive in their effort to keep data secure, as foreign-based hackers continue their attempts to disrupt Wall Street.
Lenovo likely only collected $200,000 up to $250,000 for its Superfish adware installations on consumer PCs, according to a report from Forbes. Previous estimates predicted higher figures - but considering the company's major earnings - the low sum likely won't be worth the legal and public relations headaches.
It is alarming Lenovo, which finalized a deal in summer 2014 to pre-install Superfish, received such a small amount for jeopardizing so much. In addition to promising no more Superfish installations, the company's website was reportedly compromised by the Lizard Squad hacker group last week.
It looks like Lenovo is learning from its mistakes, promising to be more transparent about pre-installed software in the future. For new machines running Microsoft Windows 10, the Lenovo standard image will only include the OS, security software, Lenovo applications, and software/drivers required to make hardware work well.
More than five billion downloaded Google Android apps could be targeted by hackers, according to cybersecurity experts. Most forms of malware (96 percent) are focused on compromising Android, according to data from the FireEye cybersecurity firm.
Android is open source and allows more developers to contribute to the OS, but that also gives hackers a great opportunity to create sophisticated malware. Malware targeting Android drastically increased from 240,000 samples in 2013 up to 390,000 unique samples last year - and the problem seems to be accelerating.
"You can get all the code and then you can insert additional instructions and make it look and feel like the original app and no way for a consumer to tell the difference when they download it," said Jason Steer, director of technology strategy at FireEye, in a statement given to CNBC.