TweakTown NewsRefine News by Category:
Small drones being flown by recreational hobbyists can be hijacked using malware, as a security expert found a backdoor in the Parrot AR drone. The AR quadcopter helicopter drone can be controlled by a smartphone, tablet, NVIDIA Shield and similar devices, but can be hijacked with the Maldrone malware.
Security specialist Rahul Sasi was able to infect the drone and could interfere with its navigation features. Once compromised, he could issue a kill command, or fly the drone under his command - opening the odor to potential invasion of privacy cases, or stealing an onboard camera/video recorder.
"In this we would show infecting a drone with Maldrone and expecting a reverse tcp connection from drone," according to researchers. "Once connection is established we can interact with the software as well as drivers/sensors of the drone directly. There is an existing AR drone piloting program. Our backdoors kills the autopilot and takes control. The backdoor is persistent across resets."
The Drug Enforcement Agency (DEA) is currently engaged in a widespread license plate reader program nationwide, and millions of license plates have been collected, according to a report from the American Civil Liberties Union (ACLU). The campaign started in 2008 and focused on taking pictures of vehicles, occupants and license plates, in an effort to identify and better track suspected criminals smuggling drugs and money to and from Mexico.
"It's not the kind of information government should be compiling," said Jay Stanley, a policy analyst for the ACLU, in a statement to the media. "Location data is very powerful information."
The following states were targeted, based on popular drug smuggling routes on highways: California, Arizona, New Mexico, Nevada, Texas, Georgia, Florida and New Jersey. Once collected and archived, the DEA shared information with local and state policy officials. Data was stored on record for two years until 2012, when program officials dropped it down to six months, the ACLU report found.
The NSA and GCHQ might have the most developed spy programs uncovered by former NSA contractor Edward Snowden, but recent documents reveal the Canadian Communications Security Establishment (CSE) project also has widespread surveillance operations. Canada is a member of the "Five Eyes" intelligence-sharing network along with Australia, the United States, UK and New Zealand - though is often quieter regarding its operations.
The CSE "Levitation" program focused on 10 to 15 million uploads and downloads from free websites per day, designed to fight terrorism and defend national security.
"Every single thing that you do - in this case uploading/downloading files to these sites - that act is being archived, collected and analyzed," said Ron Deibert, director of the Internet security think tank Citizen Lab, in a statement to the CBC.
Hackers hijacked Taylor Swift's Twitter and Instagram accounts today, threatening to release naked pictures of the popular singer. Swift has bitten back, announcing on her Twitter that there are no 'nudes' to be had and the only way they could 'uncover' anything would be to use Photoshop.
After stating that her Twitter had been compromised though Tumblr, she later announced that her Instagram had also fallen victim. People are questioning if the superstar has been using the same password for multiple social media accounts, as it's uncommon to see a small amount of accounts compromised like this - usually its a singular service taken or its everything in one go.
The hacker-made tweets have now been deleted from her account and everything has gone back to normal. Seemingly Swift has been able to shake it off quite well - laughing in the face of the hackers.
Launching cyberattacks against targets once was a time intensive, difficult and costly effort, but it has become easier and inexpensive to launch distributed denial of service (DDoS) attacks.
Groups such as Anonymous and Lizard Squad are able to launch devastating attacks against large corporations and major targets using botnets of hijacked computers and routers. However, companies are becoming better at identifying these types of cyberattacks, but prove to be hugely inconvenient when the attacks succeed.
"There's been a massive jump in the number of very large attacks going on out there," said Darren Anstee, senior analyst at Arbor, while speaking to BBC. "In 2014 we saw more volumetric attacks, with attackers trying to knock people offline by saturating their access to the Internet."
The US government is no stranger to casting a large net in hopes of catching a few fish, so news of a new vehicle tracking database isn't entirely surprising. The Justice Department has a sophisticated database to track vehicle movements, and several other agencies are already using the data.
Several US law enforcement agencies already use automated license plate scanners mounted to police vehicles, and there also stationary systems that monitor highways and also take pictures of the vehicles. Some of these systems can actually be used to identify individuals inside of the vehicles.
The Justice Department has noted that there are already 343 million records in the database. This data includes the vehicle, time, and direction of travel. The primary intention is to find trafficking offenders for the DEA, but the Justice Department plans to expand the system to search for vehicles involved in rapes and murders. There is no word if the system will be expanded to encompass even more types of crime.
Companies have struggled against cyberattacks and distributed denial of service (DDoS) attacks, while mobile devices remain "the perfect target for attackers," said Thomas Tschersich, Deutsche Telekom's computer security chief.
Cybercriminals are able to easily compromise mobile devices, and with connection speeds via mobile topping many home broadband connections, can be exploited to launch attacks against targets. To counter this threat, Deutsche Telekom informs around 20,000 German subscribers per month about malware infection - and urges them to remove the malware.
Despite Deutsche Telekom's proactive efforts, attack bandwidth is estimated at several gigabytes per hour from these mobile devices. For just a couple hundred euros, criminals are able to launch attack and generate an impressive return on investment (ROI) for their efforts.
The Lizard Squad hacker group crippled the website of Malaysia Airlines for about seven hours on Monday morning, threatening to release stolen information. The website was replaced by a "404 - Plane Not Found" statement, referring to two major airline disaster suffered by Malaysia Airlines in 2014.
Although Malaysia Airlines said user data was not compromised, Lizard Squad posted a screenshot that appeared to be a passenger flight booking from MA's internal email system - and promised that it was "going to dump some loot found on malaysiaairlines.com servers soon."
The hacker group has been linked to multiple high-profile cyberattacks over the past year, including bringing down Microsoft Xbox Live and Sony PlayStation Network on Christmas Day.
Business leaders need to become more computer literate so they are better able to understand evolving threats posed by cybercriminals. Criminals are using the digital equivalent of an F-16 fighter jet to launch attacks against governments and corporations, finding surprising levels of success, according to an Israeli cybersecurity expert.
"The breakers in cyber are one step ahead of the makers... we're out of equilibrium," said Nadav Zafrir, former Israel Defense Force tech commander and founder of Team8 Cyber Security Venture Creation, during a recent meeting with corporate leaders. "You have to redefine control. You have to let go, and it's scary. It's too important to leave it to the cyber experts. You [the CEO] have to become cyber literate."
Business leaders are confused in their efforts to defend against cyberattacks, often unsure how to prevent data breaches - and what to do if one occurs. However, analysts and experts recommend companies focus on preventing insider attacks, try to clamp down on outside threats, and have a recovery plan in case a breach does take place.
Dennis Rodman doesn't believe North Korea is responsible for attacking Sony Pictures, with the former NBA champion thinking Pyongyang wouldn't lash out against Sony Pictures just for making "The Interview."
"If the North wanted to hack anything in the world, anything in the world, really, they are going to go hack a movie? Really?!" Rodman recently said in an interview with The Hollywood Reporter. "How many movies have there been attacking North Korea? And they never hacked those. North Korea is going to hack a comedy, a movie that is really nothing? I can't see that happening. Of all the companies... really? Over a movie?
It's worth noting, however, North Korea has been blamed for attacking South Korean infrastructure, including financial institutions - and has a budding cybercriminal unit that is well-trained and financed by Pyongyang. Furthermore, if North Korea actually is responsible for breaching SPE, it was likely done to further develop its cyberespionage abilities that could be used against future targets.