Hacking, Security & Privacy News - Page 42

The National Security Agency (NSA) still has a fragile relationship with Silicon Valley companies, and both sides are trading shots at one another. In the most recent incident, a Yahoo executive challenged the NSA regarding its demand for encryption backdoors.

"If we're going to build defects, backdoors or golden master keys for the US government, do you believe we should do so for the Chinese government, the Russian government, the Saudi Arabian government, the Israeli government, the French government?" said Alex Stamos, CISO of Yahoo.

NSA Director Adm. Michael Rogers initially tried to deflect the question, and then offered the following answer: "I think that we're lying that this isn't technically feasible - now, it needs to be done within a framework. I'm the first to acknowledge that," Adm. Rogers said.

It was only last week that it was revealed that the National Security Agency hacked into Gemalto, the largest SIM card maker in the world, which broke just after we wrote about the NSA reportedly having access to backdoors in Western Digital and Seagate firmware.

The NSA is back in the news once again, with its director, Mike Rogers, wanting to see calmer action in regards to the government's plans to keep its backdoors operating smoothly. Rogers said that maintaining these "backdoors" would not be harmful to citizens' privacy, would not "fatally compromise encryption and would not ruin international markets for US technology products", reports The Guardian. Rogers said: "If you look at the topology of that attack from North Korea against Sony Pictures Entertainment, it literally bounced all over the world before it got to California. Infrastructure located on multiple continents, in multiple different geographic regions".

Rogers wasn't too clear on how legal or technological protections could be installed so that the various government agencies wouldn't take advantage of having all of this data. The White House is working directly with tech giants like Apple, Yahoo and Google on their encryption for the government to access their mobile data, cloud computing and more.

Companies nervous about their cybersecurity defenses are relying on white hat hackers to test systems and help identify security flaws. Offering a bounty allows additional skilled users outside of a company's software and IT team to help track down anything that may have unknowingly fallen through the cracks.

"We're curious, we want to test our skills, we want to help these companies," said Mike Santillana, white hat hacker for Bugcrowd, in a statement published by CBS News. "I've found several bugs where you can completely compromise another user's account."

Additional companies are paying security experts and programmers as part of increasingly lucrative bug bounty programs. These hackers enjoy the monetary incentive and the challenge of identifying security flaws that could pose problems for companies and their customers.

Former NSA contractor Edward Snowden would have liked to come forward sooner regarding NSA surveillance, but had to wait until the appropriate time.

"I would have come forward sooner... [but] these programs would have been a little less entrenched, and those abusing them would have felt a little less familiar with and accustomed to the exercise of those powers," Snowden said during a Reddit "Ask Me Anything" session. "This is something we see in almost every sector of government, not just in the national security space, but it's very important. Once you grant the government some new power or authority, it becomes exponentially more difficult to roll it back."

Snowden knowingly sacrificed himself to help reveal NSA surveillance and spying activities, which has opened an international debate. In addition, Apple, Google and other companies are modifying their behaviors, including adding encryption and other technologies, to help keep user data more secure from outside snooping.

The National Security Agency (NSA) is under fire for claims it used sophisticated spyware loaded on hard drives for surveillance, with the head of the agency saying his agency complies with national law.

"Clearly I'm not going to get into the specifics of allegations," said US Navy Admiral Michael Rogers, refusing to speak out regarding NSA spyware accusations, while at the Washington forum. "But the point I would make is, we fully comply with the law."

The latest controversy stems from a Kaspersky Lab report that says the NSA embedded spyware on Western Digital, Toshiba and Seagate hard drives, giving them the ability to eavesdrop on users.

Distributed denial of service (DDoS) cyberattacks have plagued consumers and businesses for quite some time, but the rising number of DDoS attacks available as a paid service is troubling. Clients can pay from $2 up to $5 per hour to launch DDoS attacks, or pay a subscription for prices as low as $800 per month.

The Lizard Squad hacker group helped draw increased scrutiny to the underground cybercriminal activity - demonstrating its LizardStresser DDoS service in successful attacks against the Sony PlayStation Network and Microsoft Xbox Live. Meanwhile, the Gwapo DDoS service has been publicly advertised via social media and YouTube posted videos, with attacks starting at $2 per hour.

"Since their inception in 2010, DDoS-for-hire capabilities have advanced in success, services and popularity, but what's most unnerving is booters have been remarkably skilled at working under the radar," according to the "Distributed Denial of Service Trends" report from Verisign. "Given the ready availability o DDoS-as-a-service offerings and the increasing affordability of such services, organizations of all sizes and industries are at a greater risk than ever of falling victim to a DDoS attack that can cripple network availability and productivity."

Tech executives aren't impressed by President Obama's current efforts to streamline cybersecurity, with a strong lack of trust after increased knowledge of government surveillance operations. It's a fragile relationship that must be improved, especially if Obama is serious about Silicon Valley companies sharing threat data with the US government.

"I think we missed an opportunity," said Jason Healey, former director of cyber infrastructure protection for the White House, in a statement published by The Hill. "Real leaders focus on privacy and they don't compromise on that."

There will need to be an open discussion from the Obama Administration regarding encryption, privacy, and other matters - but trying to boost cybersecurity efforts appears to be a more pressing matter.

Ransomware cyberattacks are on the rise, and businesses must be ready to address the threat head on, with law enforcement constantly one step behind.

The FBI previously issued a warning regarding ransomware attacks, especially as cybercriminals tweak their malware code. Similar to statements issued by cybersecurity experts, the FBI says users should be extremely careful when opening email attachments - the most popular infection method to compromise business users.

The authors of the CryptoLocker ransomware were able to quickly generate at least $3 million in revenue from ransomware attacks, collecting hundreds of dollars in ransom at a time. Cybercriminals are opportunistic and will continue to rely on ransomware attacks as long as they easily find victims installing the malware on PCs and laptops.

The Midlothian Police Department paid $500 after being compromised with the Cryptoware ransomware, encrypting files on one computer. A spear-phishing email likely is the culprit behind the Cryptoware infection, with Midlothian Police Chief Harold Kaufman confirming a cybersecurity incident.

The police department spent a total of $606 to rid itself of the infection, following the addition of bank fees and subsequent surcharges.

Cybersecurity experts recommend business users routinely back up their data - and that is often left to IT administrators - with urgent need to train employees so they can spot social engineering attempts.

Hunter Moore, 28, the founder of revenge porn website IsAnyoneUp.com, has pleaded guilty and faces years in prison. Moore pleaded guilty to identity theft, unauthorized access to a computer, and aiding and abetting unauthorized access of a computer. Unlike other revenge porn website operators, Moore paid a hacker to access email accounts looking for photos to steal.

Each charge carries a maximum prison sentence of two to five years, and Moore should be sentenced in a few months. Moore was once called "the most hated man on the Internet" for creating IsAnyoneUp.com, which served as one of the most popular revenge porn websites.

The infamous revenge porn website generated up to $10,000 per month in advertising revenue - and featured nude images and videos of ex-boyfriends and ex-girlfriends. The person's full name, city of residence, social media profile and profession were prominently listed on the website.