TweakTown NewsRefine News by Category:
Just days after we reported that the NSA had backdoor access to the firmware level of major HDD manufacturers in Seagate and Western Digital, Edward Snowden is back with new information that the National Security Agency (NSA) and its British partner GCHQ hacked into Gemalto. Gemalto, is a Netherlands SIM card manufacturer, the largest in the world.
Gemalto makes two billion SIM cards each year, with the NSA hacking into the company and stealing its encryption keys, giving them access to secretly monitor both voice calls and data. The Intercept reported on the news, which has reportedly provided spy agencies with the ability of secretly monitoring gigantic portions of the world's cellular communications, which experts have said is a major violation of international laws. Considering Gemalto makes SIM cards for companies like AT&T, Sprint, T-Mobile and Verizon, you can begin to see the scope of this hack by the US government agency. Gemalto itself operates in some 85 countries around the world, providing SIM cards to over 450 wireless network providers.
With the NSA having these encryption keys in its hands, it has the power to monitor mobile communications "without the approval of telecom companies and foreign governments", reports The Guardian. This is something I talked about in my last OpEd, where the Obama administration needs to address it, and as I said "The NSA needs to be ripped apart, and its powers neutered". Most people think that 3G and 4G mobile networks have their calls encrypted, and while they might be, but with the keys that the NSA and GCHQ have, it's like they are living "in the phone".
Following news of which films are up for Oscars, online piracy of nominated movies increased 385 percent since January 15, according to the Irdeto piracy monitoring firm.
Irdeto uses a crawler to monitor torrent downloads, and saw increased interest following the Oscar nominations - largely due to increased media coverage - with screener films sometimes leaked online.
"Hollywood screeners specifically accounted for a substantial 31 percent of the total illegal downloads tracked between January 15 and February 14," according to Irdeto, as published by TorrentFreak. "Six nominated movies currently unavailable for retail purchase on Blu-ray, DVD, VOD or legal streaming/download sites saw the majority of piracy coming directly from these screeners: American Sniper, The Imitation Game, Wild, Selma, Whiplash and Still Alice."
Computer manufacturer Lenovo will no longer pre-install the controversial Superfish adware on PCs and laptops, due to growing public backlash from customers. Cybersecurity experts warned Superfish potentially left them vulnerable, after injecting advertisements to browsers.
"The way the Superfish functionality appears to work means that they must be intercepting traffic in order to insert ads," said Eric Rand, researcher for Brown Hat Security, in a statement to Reuters. "This amounts to a wiretap."
Lenovo must now answer questions regarding its use of Superfish, including how long it was pre-installed, and how much data was collected by the software. Superfish was installed on consumer PCs and notebooks only.
Swedish citizen Alex Yucel, 24, has pleaded guilty for his role in being co-creator of the BlackShades malware, which infected more than 500,000 PCs across the world. Yucel pleaded guilty to one count of distribution of malicious software, and faces a maximum sentence of 10 years.
In exchange for his guilty plea, there is a stipulated agreement that will see Yucel receive a sentence ranging from 70 to 87 months. "I do actually want to plead guilty," Yucel said in his court appearance. "I knew that the program would be used to cause damage."
Yucel was arrested in November 2013 while in Moldova, and was extradited to the United States. As the operator of the criminal organization, Yucel hired administrators, marketing and customer support staff to interact with customers - generating upwards of $350,000 in revenue.
Companies are under cyberattack, and many of them are being caught off guard when a data breach occurs. More than half of small and midsize businesses (SMBs) don't have an appropriate breach response plan currently in place, according to a survey from Software Advice.
There are 47 states with breach notification laws that force companies to disclose data breaches when personal information is impacted. However, just 33 percent of SMB decision makers feel "very confident" they understand their state laws regarding breach notification - and it remains a confusing matter.
"Most of the time, when [valuable] information leaks out of a company, it is instantly being monetized on underground forums," said Bogdan Botezatu, senior e-threat analyst of the Bitdefender antivirus firm. This data can be moved quickly, as cybercriminals tend to want to exploit data before changes are made - and companies must inform their clients and customers promptly.
Vladimir Drinkman, 34, has pleaded not guilty after being officially accused of operating in a large international hacker ring responsible for stealing up to 160 million credit cards. The group allegedly installed malware on vulnerable computer systems, with stolen information sold on the black market.
Drinkman's specialty was penetrating networks to gain access to corporate databases that could later be mined.
The hacker group hit NASDAQ, 7-Eleven, Dow Jones, JetBlue, and other high-profile targets - with the "far-reaching" scheme responsible for compromising usernames, passwords, along with debit and credit card numbers.
Members of the RBS and NatWest financial institutions can use the Touch ID feature on their Apple iPhones to access their mobile accounts. Customers will be required to activate the feature in their accounts, supported by the iPhone 5s, 6 and 6 Plus.
If there are three consecutive failed login attempts, members will be forced to enter their traditional password before gaining account access.
The use of biometrics seems appealing for financial institutions, but the use of Touch ID has drawn criticism from some cybersecurity experts.
To help defend against cyberattacks, executives at private corporations need assistance from the US government and cybersecurity firms.
It took longer than experts would have liked, but it appears 90 percent of CEOs in the United States find cybersecurity strategically important, according to a PwC survey. The survey also found 87 percent are worried about cyberattacks, and 45 percent are extremely concerned about mounting attacks - many aimed at stealing employee and customer personal data.
President Barack Obama hosted a cybersecurity summit last week at Stanford University, seeking greater cooperation between the United States and Silicon Valley. "When you step back and look at the role of a company versus the role of a government, clearly if we're going to provide the safest possible [customer] experience in [the] aggregate, government and companies need to work together," said John Donahoe, CEO of eBay, in a statement to Fortune.
The Operation Arid Viper campaign has successfully stolen more than 1 million files with current malware campaigns underway, though it's not the usual suspects, according to Kaspersky Lab and Trend Micro.
The Arab-speaking group, with ties to Gaza, have targeted foreign government offices, critical infrastructure, military, universities, and other high-profile targets. The attacks likely occurred starting in mid-2013 and a full investigation into their actions is underway.
"Whoever the real culprits are, it is clear that they are part of the Arab world, evidence of a budding generation of Arab hackers and malware creators intent on taking down their chosen adversaries," researchers said in a study. "Some of the black hats - be they mercenaries or cybersoldiers - are actively targeting countries such as Israel due to political motivations. We have seen all of the ingredients of a cyberskirmish guerrilla war that goes unnoticed by mainstream IT security media."
Japanese infrastructure endured 25.6 billion cyberattacks in 2014 alone, with 40 percent reportedly traced back to Chinese sources, according to Japan's National Institute of Information and Communications Technology (NICT).
It wouldn't be surprising to hear Japan faced a large number of cyberattacks tied to China, especially with political turbulence between Tokyo and Beijing. There were a number of attacks originating from the United States, South Korea and Russia - as cybersecurity efforts continue to grow.
When the survey was first conducted, in 2005, there were just 310 million cyberattacks detected by the Japanese government. The latest NICT report discovered a growing number of attacks aimed at compromising home and business routers, IoT-enabled systems, networks, and security cameras.