Hacking, Security & Privacy News - Page 40

We all know that the NSA has stepped over some pretty serious privacy boundaries, but now Wikipedia is suing the US spy agency over the constitutionality of its mass surveillance program.

Wikipedia has slapped the NSA with a lawsuit with the Justice Department, claiming that its mass surveillance regine threatens the freedom of speech under the First Amendment and the Fourth Amendment's protection against the unreasonable search and seizures. Executive Director of the Wikipedia Foundation, Lila Tretikov, explains: "By tapping the backbone of the Internet, the NSA is straining the backbone of democracy. Wikipedia is founded on the freedoms of expression, inquiry, and information. By violating our users' privacy, the NSA is threatening the intellectual freedom that is central to people's ability to create and understand knowledge".

Wikipedia's founder Jimmy Wales, along with Tretikov, argued in a op-ed in The New York Times on Tuesday that "pervasive surveillance" of Wikipedia's hundreds of millions of users had a scary effect that "stifles freedom of expression and the free exchange of knowledge". The duo continued, writing: "Whenever someone overseas views or edits a Wikipedia page, it's likely that the N.S.A. is tracking that activity-including the content of what was read or typed, as well as other information that can be linked to the person's physical location and possible identity. These activities are sensitive and private: They can reveal everything from a person's political and religious beliefs to sexual orientation and medical conditions".

Former NSA contractor Edward Snowden, currently residing in Russia, says he would like if the Swiss government granted him asylum. Snowden once lived in Geneva while working undercover for the CIA, and enjoyed his time in the European country.

In addition to Switzerland preferring a neutral stance on current military wars and other issues, the country also boasts a high quality of life and treatment of citizens. Unfortunately, current Swiss laws dictate someone applying for asylum must already be in Switzerland - and it's unknown if the government is willing to make an exception for Snowden.

"I would love to return to Switzerland, some of my favorite memories are from Geneva," Snowden recently said during the International Film Festival and Forum on Human Rights. "It's a wonderful place. I do think Switzerland would be a sort of great political option because it has a history of neutrality."

The NSA and US Department of Justice are being sued by the Wikimedia Foundation, accusing the US organizations of violating US laws related to freedom of speech. The American Civil Liberties Union (ACLU) is representing Wikimedia, which was joined by Amnesty International, Human Rights Watch, and several other major organizations in the lawsuit.

The NSA's use of "upstream" surveillance, which "taps the Internet's 'backbone' to capture communications with 'non-US persons,'" is available for a large amount of possible uses - however, it is believed to ultimately collect data not involved in their investigations. Wikimedia and other groups are concerned that journalists, clients, foreign government officials and others won't be as willing to turn over information and discuss sensitive topics with them.

"Our lawsuit says that the NSA's mass surveillance of Internet traffic on American soil - often called 'upstream' surveillance - violates the Fourth Amendment, which protects the right to privacy, as well as the First Amendment, which protects the freedoms of expression and association," according to a Wikipedia op-ed published by the New York Times. "We also argue that this agency activity exceeds the authority granted by the Foreign Intelligence Surveillance Act that Congress amended in 2008."

Criminals took $16 billion from 12.7 million US consumers last year, with a new identity fraud victim every two seconds, according to a new report from Javelin Strategy & Research. Two-thirds of identity fraud victims last year received notification that their personal information was compromised in a data breach, which took over headlines as major retailers were hit.

On the bright side, new account fraud, which is when a criminal opens up an account in a victim's name, dropped to a record low in 2014. In addition, new monitoring and protection systems saw the amount lost due to fraud dropping 11 percent year-over-year, from $18 billion in 2013 down to $16 billion in 2014.

"Despite the headlines, the occurrence of identity fraud hasn't changed much over the past year, and it is still a significant problem," said Al Pascual, director of fraud & security at Javelin Strategy & Research. "Consumers, financial institutions and retailers are all taking aggressive steps, yet we must remain vigilant. The criminals will continue to find new ways to commit fraud, so taking advantage of available technology and services to protect against, detect and resolve identity fraud is a must for all individuals and corporations."

Former NSA contractor Edward Snowden wants to return to the United States in the future, but needs guarantees of a fair trial. The only promise he has been given is that he wouldn't face the death penalty if he is convicted - and privacy advocates believe the US government, which wants to do anything to get him into custody, cannot be trusted.

"He is thinking about it," said Anatoly Kucherena, a Russian lawyer representing Snowden, during a recent news conference. "He has a desire to return and we are doing everything we can to make it happen. Snowden is ready to return to the United States, but on the condition that he is given a guarantee of a legal and impartial trial."

Kucherena also noted that he is working with a group of international lawyers to determine the best method for Snowden's potential return to the United States. Snowden has a three-year Russian residency, but would likely face immediate arrest if he tried to leave Russia.

The US federal government is worried about a growing number of cases related to Stolen Identity Refund Fraud (SIRF), with criminals filing state and federal taxes - and making off with the tax refunds. Tax-related identity theft was the most reported type of fraud submitted to the Federal Trade Commission (FTC) in 2014, with the agency receiving 109,063 complaints.

Recently, the Internal Revenue Service (IRS) issued another public advisory to remind people that any telephone calls or emails claiming to be the IRS are fraudulent. In these scams, criminals ask victims to provide personal information or transfer money to them.

"It is a massive problem," said Brian Krebs, independent cybersecurity investigative reporter, in a statement published by the Milwaukee Journal Sentinel. "It's probably going to emerge as the biggest identity theft problem this year."

Ben Lawsky, a New York financial regulator and head of the New York Department of Financial Services, is reportedly considering new regulation to help prevent against "an Armageddon-type" cyberattack. There is concern that a coordinated cyberattack would be able to hit the "broader economy" of the United States.

"We are concerned that within the next decade, or perhaps sooner, we will experience an Armageddon-type cyber event that causes a significant disruption in the financial system for a period of time," Lawsky said while speaking at Columbia Law School.

To help prevent against a "cyber 9/11," Lawsky wants financial institutions and insurance companies be graded by the DFS. The legislation may also require multifactor authentication and other requirements to keep data secure. Banks also must be proactive in their effort to keep data secure, as foreign-based hackers continue their attempts to disrupt Wall Street.

Lenovo likely only collected $200,000 up to $250,000 for its Superfish adware installations on consumer PCs, according to a report from Forbes. Previous estimates predicted higher figures - but considering the company's major earnings - the low sum likely won't be worth the legal and public relations headaches.

It is alarming Lenovo, which finalized a deal in summer 2014 to pre-install Superfish, received such a small amount for jeopardizing so much. In addition to promising no more Superfish installations, the company's website was reportedly compromised by the Lizard Squad hacker group last week.

It looks like Lenovo is learning from its mistakes, promising to be more transparent about pre-installed software in the future. For new machines running Microsoft Windows 10, the Lenovo standard image will only include the OS, security software, Lenovo applications, and software/drivers required to make hardware work well.

More than five billion downloaded Google Android apps could be targeted by hackers, according to cybersecurity experts. Most forms of malware (96 percent) are focused on compromising Android, according to data from the FireEye cybersecurity firm.

Android is open source and allows more developers to contribute to the OS, but that also gives hackers a great opportunity to create sophisticated malware. Malware targeting Android drastically increased from 240,000 samples in 2013 up to 390,000 unique samples last year - and the problem seems to be accelerating.

"You can get all the code and then you can insert additional instructions and make it look and feel like the original app and no way for a consumer to tell the difference when they download it," said Jason Steer, director of technology strategy at FireEye, in a statement given to CNBC.

Cyberattacks from foreign states and rogue hacker groups have become the top threat to the United States, according to US intelligence experts. Director of National Intelligence, James Clapper, is especially concerned of potential attacks from Russia, China, Iran and North Korea - saying low-to-moderate level cyberattacks pose a long-term threat against critical infrastructure.

In addition to cyberespionage from foreign governments, there is rising concern of hacker groups able to infiltrate government agencies and companies - sometimes with support from foreign governments - with the goal of interrupting business operations, stealing money, and compromising employee and customer personal data.

Unfortunately, the US government has focused more on its cyber surveillance programs while largely neglecting cybersecurity. Even though it's effective to have offensive weapons, the United States has a lot more to lose than other countries if a major data breach occurs - and there is growing focus on being able to identify and defend against attacks.