TweakTown NewsRefine News by Category:
Former NSA contractor Edward Snowden was disgusted by NSA and GCHQ mass surveillance activities, and disclosed the questionable actions of both agencies. However, multiple lawmakers and politicians have spoken out against his actions, saying he has put military personnel and intelligence agents at risk.
British lawmakers hope to push the Communications Data Bill, which would force ISPs and mobile service carriers to keep Internet browsing activity, social media, email correspondence, voice calls, Internet gaming activity, texting, and other records on file for a minimum of 12 months. Phone and email contact data is already retained due to the Data Retention Regulations 2014 bill.
"Consequently there are people dying who actually would now be alive," said Lord West, a former UK security minister and Navy admiral. "It is now critical that we move forward the Communications Data Bill that was paused so unreasonably because there is a very real danger that unless we do this, I think it is not exaggerating to say that people will die in this country who would have been safe if that had been in place."
Sigurdur Thordarson, a computer hacker and former Wikileaks associate, has pleaded guilty for embezzling at least $240,000 from the group. Operating under the name of "Siggi the Hacker," the Icelandic man claims he also became an FBI informant in 2011, though rejected accusations he stole any funds from the group.
"After going over the charges thoroughly and speaking with my client, he has decided to plead guilty to all charges," said Vilhjalmur Vilhjalmsson, the hacker's attorney, noted. It was a surprising announcement, but Thordarson changed his mind - and his reasoning remains unknown - but he will face sentencing in Iceland sometime in the future.
"He was a volunteer who abused his position through fraud to obtain money from T-shirts and coffee mugs just after we were imposed with the banking blockade," said Kristinn Hrafnsson, Wikileaks representative. "We lodged a complaint in Denmark pertaining to a meeting that took place between him and FBI agents in 2011. We want that to be probed on the basis that it was an illegal operation according to Danish law."
The British government requested data on one journalist as part of Operation Elveden, focused on alleged bribes made to public officials for information, and "accidentally" received data on 1,000 News UK staff. Vodafone said there was some type of human error that led to the extra data being supplied, while police officials said they returned the information.
Police wanted information focused on one journalists that worked for News UK from 2005 to 2007, and used the Regulation of Investigatory Powers Act (RIPA) to receive the data - and the information was returned back to Vodafone after about four months.
"Unfortunately, there was a human error during the processing of this information - which was drawn manually from a legacy system - as a consequence of which the Met Police were supplied with a corrupted dataset containing a significantly higher volume of metadata than had been the focus of the warrant received by Vodafone. The metadata in question relates to call logs and other information, such as pricing data, not the content or location of any communications."
One-third of consumers are careless when making online transactions, opening them up to potential security problems, according to the Kaspersky Lab Consumer Security Risks Survey. Only 58 percent of Google Android smartphone users utilize a security solution on their mobile device, and 30 percent of consumers are storing financial data on their phones and tablets.
Kaspersky offers the following advice: Don't use public Wi-Fi while shopping online, and ensure there is a mobile security solution installed if using a smartphone or tablet. Always turn off Bluetooth and switch to cellular when using a mobile device.
"When people ignore safety measures they can fall victim to cybercriminals," said Ross Hogan, Kaspersky Lab Global Head of the Fraud Protection Division. "However, the banks often end up having to pay for that negligence. With so many careless users, banks and e-payment systems operators must ensure themselves against financial and reputational risks by using specialized security solutions that can prevent cybercrime."
Home Depot is now facing at least 44 lawsuits related to its massive data breach that it suffered earlier in 2014, along with several state and federal agencies investigating the incident. The data breach hit 56 million customers, with debit and credit card information at risk.
The company expects "significant legal and other professional services expenses" from the breach, while also facing lawsuit problems in the United States and Canada. The lawsuits were filed almost immediately after the breach was publicly disclosed, and it is possible others will be filed in the near future.
The breach was likely orchestrated by state-sponsored Russian hackers, with all of its retail stores impacted.
Consumers and retailers both took a beating in 2014, with a number of significant data breaches hitting millions of victims. A recent survey found that consumers are uneasy when shopping online, along with some customers avoiding retailers because of data breach concerns. Sixty-two percent of consumers are worried about online shopping, while 23 percent said they are making less online purchases, according to information from the International Data Group and NCC Group.
Even more frightening, more shoppers expect to be victimized, with 64 percent believing they will be compromised in a data breach at least once in the next year.
"The data suggests that this could continue," said Stephen Boyer, BitSight CTO. "It's going to take some time for retailers to right this ship. If everybody had cleaned up we would see very different results. I hope that we don't see another Target-like breach this year, but when we look at the sector we see that they are actually worse off."
Many cybersecurity specialists working for the NSA and GCHQ tend to get burned out, and then head to the private sector. It provides a unique opportunity to hear more about some of the efforts the US government have employed to conduct organized cyberespionage against foreign governments.
For regular Internet users, it doesn't matter whether it's the government or a foreign cybercriminal, cybersecurity must be appreciated and not overlooked. As former government programmers and security experts abandon their government jobs in favor of the private sector, companies want to rely on technology advice from intelligence officials - providing valuable insight into how governments are conducting increased surveillance.
"Whether they're cybercriminals or state sponsored actors, I think a lot of times they can get into a network using a less sophisticated approach or a variant of a known piece of malware... it's a lower risk operationally for them," said Jim Penrose, former NSA employee and part of the department's Tailored Access Operations (TAO) group. "They don't want to fire silver bullets unless it's absolutely necessary; like a zero day or something like that, or a previously unseen piece of malware. Those are really high quality and you want to save those for a time when it's absolutely critical."
Russian cybercriminals, largely backed by the Russian government, have growing coordination as their attacks victimize the United States, UK, and Western European nations. The Energetic Bear, APT28 and Uroburous - three Russian-based malware families - are being used to conduct cyberespionage, rather than conduct data theft purely for financial gain.
Although Russian-based cybercrime targeting businesses gets most of the attention, threats of cyberespionage remain more problematic. Each new discovered exploit and toolkit reveals significant sophistication, as cybercriminals are able to rack up victims in a stealthy manner - often being discovered long after breaching targets, if at all.
"China has economic objectives," said Christopher Ahlberg, co-founder and CEO of Recorded Future. "Russia wants to show the world they are strong politically. Energy is incredibly important to them [as well]... They also want to sell gas to Western Europe - there's more of a focus on commodity markets and geopolitical [interests."
Cybercriminals will likely increase attacks against small and midsize retailers that hire temporary works to help augment staff ahead of the holidays. Cyberattacks don't peak during November or December, but criminals change their tactics to focus on companies that might hire additional staff and have focus on other day-to-day business operations.
Seasonal temporary workers haven't been trained in company policy, and might not be aware of current social engineering attacks, so they make easy prey, according to Akli Adjaoute, CEO of the Brighterion security firm. "These less-trained workers that are hired during the holiday season are much more vulnerable to social engineering attacks."
The financial impact of a data breach - or other cybersecurity problems - have been a painful lesson for companies throughout 2014. However, many companies struggle in their efforts to
After details of the sophisticated Regin malware was published online, there was concern that security companies didn't do enough to protect Internet users from the threat. Since it was released years ago, it took some time before Symantec reportedly identified - and included it in detection systems in December 2013.
However, it would appear Symantec identified Regin sometime in 2010 and it was labelled a Trojan in 2011, while F-Secure identified parts of the malware in 2009, with Microsoft learning of it in 2010.
"Symantec has been monitoring Regin for some time," Symantec recently told Forbes. "However, it has taken some time to gather all necessary components so that we can build a good understanding of the threat. We have also been monitoring for any further activity and attacks. Since no further information has come to light we have made the decision to release our findings publicly."