TweakTown NewsRefine News by Category:
The Obama Administration desperately seeks changes to encryption, hoping technology companies will install hidden backdoors just for them. Former NSA analyst Edward Snowden is defending the argument supported by companies such as Google and Apple, as politicians in Washington demand better access.
"The central problem with insecurity mandates has never been addressed by its proponents: if one government can demand access to private communications, all governments can," Snowden said in an email published by The Intercept. "No matter how good the reason, if the US sets the precedent that Apple has to compromise the security of a customer in response to a piece of government paper, what can they do when the government is China and the customer is the Dalai Lama?"
"Technologists and companies working to protect ordinary citizens should be applauded, not sued or prosecuted," Snowden also said in the email.
Who could have foreseen a Wi-Fi-connected self-aiming weapon could be compromised so hackers are able to digitally "tag" a target independent of what the shooter wanted to fire at. TrackingPoint created an uber pricey rifle that allows for amateur shooters to accurately hit targets up to a half mile away - unless a hacker changes the target.
Using the weapon's Wi-Fi system, the researchers were able to compromise its software - and they found a way to manipulate its scope, feeding the shooter false wind direction, temperatures, and other considerations. Amateur shooters wouldn't likely notice the changing variables, even if the rifle locked onto a different target.
"You can make it lie constantly to the user so they'll always miss their shot," said Runa Sandvik, a researcher able to hack the rifle, in a statement published by Wired. "If the scope is bricked, you have a six to seven thousand dollar computer you can't use on top of a rifle that you still have to aim yourself."
As more vehicles include connected features such as high-tech infotainment systems, the problem won't just disappear anytime soon. In fact, this is something that we'll end up hearing more about in the future, as more problems are identified.
"This is the shot across the bow. Everybody's been saying 'cybersecurity,'" said Mark Rosekind, head of the National Transportation Safety Administration (NTSA), in a statement published by the NBC News. "You've got to see the entire industry proactively dealing with these things."
News that hackers were able to hijack a Jeep vehicle was the most recent connected car security fear - and it's something that has the NTSA frightened. "The supplier didn't just supply radios to Chrysler but to a lot of other manufacturers - a lot of our work now is trying to find out how broad the vulnerability could be."
The Chinese government and suspected hacker groups with ties to Beijing are enjoying their attacks against the United States economy, according to a secret map compiled by the National Security Agency (NSA). Each red dot signifies a major corporate, private or government cyberattack victim from suspected Chinese sources:
When it comes to cybersecurity, the United States clearly hasn't taken the threat seriously enough, and it's glaringly obvious to organized hackers and foreign governments. Although the folks in Washington absolutely love to spy on others, they haven't done a very good job trying to prevent these attacks.
If the map is accurate, the NSA has a pretty good idea on which companies, government networks, and critical infrastructure the Chinese hackers are interested in compromising.
WikiLeaks has published "Target Tokyo," listing 35 "Top Secret NSA targets" located in Japan, including intercepts from US-Japan relations, trade negotiations and sensitive climate change strategy.
The United States spied on companies such as Mitsubishi and Matsui, Japanese government officials, ministries and senior advisers to Prime Minister Shinzo Abe's administration. Other targets included the Japanese Cabinet Office switchboard, Japanese Central Bank officials, governors, and other high-ranking officials.
"In these documents we see the Japanese government worrying in private about how much or how little to tell the United States, in order to prevent undermining of its climate change proposal or its diplomatic relationship," said Julian Assange, Editor-in-Chief of WikiLeaks. "And yet we now know that the United States heard everything and read everything, and was passing around the deliberations of Japanese leadership to Australia, Canada, New Zealand and the UK."
Cybercriminals known as "ratters," responsible for hijacking webcams and other electronic devices to spy on unsuspecting users, are finding new ways to launch attacks. Specifically, the groups use remote access tools (RATs) to steal images and photos from webcams, and have lately started charging others for this stolen data.
"Ratters are disturbingly comfortable with spreading misery and fear," said Adam Benson, deputy executive director for the Digital Citizens Alliance. "It's like a game for them. We saw them chat about it on Hack Forums and then share videos showing off how they scare young people, spy on people in private moments, and steal pictures from victims' accounts."
It's not uncommon to find RATs available for download on Internet forums and through file-sharing services. One such forum offered access to compromised devices for $1 for guys and $5 for women - showing there a modest financial incentive.
White hat hacker Samy Kamkar recently posted a video discussing how he found a way to "locate, unlock and remote-start" General Motors vehicles by compromising the OnStar vehicle communications system.
Using the gadget, which cost around $100 to make, the system makes it possible to locate, unlock, and start the engine. Once a small wireless device has been placed near a GM car with OnStar, Kamkar was able to gain unauthorized access to the vehicle.
Dubbed the "OwnStar" system, Kamkar showed he was able to intercept communication from the OnStar service and OnStar RemoteLink mobile app. Technical details will be revealed during Def Con next week.
The FBI isn't finding it very easy to beef up its cybersecurity ranks, largely due to lower salaries, according to a report from the US Department of Justice.
In addition to higher salaries in the private sector, trying to get a government position related to cybersecurity involves multiple hoops that people won't have to jump through if they simply go to Silicon Valley. Applicants have to undergo extensive background checks, drug screenings, and other hurdles that private sector companies typically don't bother with.
Under the Justice Department's Next Generation Cyber Initiative, which went live in 2012, the FBI has successfully recruited just 52 of the 134 computer scientists it was granted permission to hire.
United Airlines, the No. 2 largest airline company in the world, was apparently attacked by Chinese hackers in May or June.
If true, it looks like hackers could have been able to collect movement data on millions of American travelers. Passengers, flight origins and destinations, and other data was likely taken by the hackers, according to unnamed officials speaking with Bloomberg.
"Speculation that China is responsible for the United Airlines breach is interesting but at this point, irrelevant," said Jason Polanich, founder and chief architect of SurfWatch Labs. " Too many companies have a false sense of security, thinking it won't happen to them. Pair that with the fact that hacking tools are available to virtually everyone today via illicit trade on the Dark Web and in other places and you've got a recipe for disaster.
The United States faces an overwhelming number of foreign-based cyberattacks, and there is no clear strategy on how to defend - and retaliate - against these attacks.
"We have known for a long time that there are significant vulnerabilities and that these vulnerabilities are gonna accelerate as time goes by, both in systems within government and within the private sector," Obama noted during an international summit last month.
Even though it's important to be able to conduct surveillance - the United States, which arguable has more to lose in the cybersecurity space than other nations - should have worked more diligently to improve its security infrastructure.