TweakTown NewsRefine News by Category:
A new study found that four out of every five Internet-connected homes in the United States could be attacked through their wireless router, according to Avast Software. Cybercriminals have easy access to unsecured routers - despite many ISPs now forcing subscribers to choose a password and implement security - with criminals able to access personal information, financial information, usernames, passwords, photos, and Internet browsing history.
Unfortunately, at least half of all wireless routers use default or common usernames/passwords, such as admin/admin, admin/password, or admin/ . Furthermore, 25 percent of consumers will use their name, address, phone number, street name, or some other form of easy password.
"Today's router security situation is very reminiscent of PCs in the 1990s, with lax attitudes towards security combined with new vulnerabilities being discovered every day creating an easily exploitable environment," said Vince Steckler, Avast CEO. "The main difference is people have much more personal information stored on their devices today than they did back then. Consumers need strong yet simple-to-use tools that can prevent attacks before they happen."
Researchers from Google and the University of California, Berkeley discovered almost one quarter of smartphone owners believe they don't have anything on their phones worth protecting - and some others simply cannot be bothered to lock/unlock their smartphones.
However, 70 percent of survey respondents said they locked their smartphones shortly after purchase, but more alarming, some phone owners are oblivious to how much personal data their phones contain.
"While many of the interview participants who did not lock their devices had fewer applications installed, and therefore potentially less sensitive information, every participant's smartphone still had access to email, which did not require additional authentication," according to researchers. "Thus, it is possible that these email accounts might be a fruitful target for an attacker."
Pirate Bay co-founder Fredrik Neij was arrested by Thai immigration police after being caught trying to enter the country from Laos. Neij faces a jail sentence in Sweden for copyright violations after being convicted in 2009 - and while he did a good job of hiding up to this point - the Swedish embassy wanted authorities to be on the lookout for him.
Neij reportedly had $153,000 in a local bank account at his disposal, but the cash alone wasn't enough to keep him off the radar of a law firm reportedly hired by US movie companies. The Swedish embassy will take custody of Neij from Thai immigration police in Bangkok, and then he will be extradited back to Sweden.
Fellow Pirate Bay co-founder Gottfrid Warg was sentenced to 42 months in prison after being convicted of hacking charges in Denmark.
A showdown between the Obama Administration and Chinese president Xi Jinping is looming when the two political leaders meet to discuss cybersecurity concerns. China has continually denied it sponsors hacker groups to conduct cyberespionage against US and European governments and private companies - but it seems unlikely significant progress will be made between the two countries.
"We've been very clear about how strongly we object to any cyber-enabled theft of trade secrets and other sensitive information from our companies, whoever may be doing it," said John Kerry, US Secretary of State, when speaking at the Johns Hopkins School of Advanced International Studies. "And we are convinced that is in China's interest to help put an end to this practice."
The United States has lost credibility when criticizing other countries regarding cyberattacks, after former NSA contractor Edward Snowden revealed widespread surveillance activities.
Convicted hacker Cameron Lacroix, 26, will serve four years in federal prison for his cybercrimes, and recently apologized to Paris Hilton for stealing her nude photographs when he was a teenager.
The incident took place in 2005, when Lacroix was 15, as he hacked Hilton's Sidekick, stole photos and published her phonebook and messages.
"Paris, I'm sorry I put your information online," Lacroix recently said. "I should never have done it. I wouldn't want it done to me. It all started because I wanted a T-Mobile phone. Once I got in there, I realized, 'Hey, I have access to everybody's stuff! Sure enough, it was under her name. I went into it and was shocked at what I saw."
The British Government Communications Headquarters (GCHQ) has a new leader, and not surprisingly, he believes privacy isn't an "absolute right" for Internet users. Robert Hannigan believes governments and technology companies need a "new deal" that can be used "in the area of protecting our citizens," and added that "privacy has never been an absolute right" on the Internet.
Former NSA contractor Edward Snowden revealed widespread surveillance campaigns by the NSA and the GCHQ, much to the dismay to security experts on both sides of the pond.
The European Union says privacy actually is an ingrained right for Internet users, and governments should act legally and ethically when conducting any surveillance operations.
National Security Agency director Mike Rogers visits Silicon Valley at least twice per year to keep tabs on technology development - and use it to recruit new talent. Although the federal government cannot match the extremely high salaries of the region, "we are going to give you the opportunity to do some neat stuff, things you probably aren't going to be able to do anywhere else," Rogers recently said while at Stanford University.
"I'm comfortable with what we do, with our partners," said Rogers, though that type of statement wouldn't be overly convincing to US citizens.
However, Mark Jaycox, Electronic Frontier Foundation legislative analyst, isn't completely convinced: "Unfortunately, Admiral Rogers hasn't yet engaged on many of the NSA's more egregious activities like disrupting national standards for encryption or the NSA's hacking of American companies' internal databases.
Companies are suffering from third party hacks as employees are being targeted by savvy cybercriminals, with employees from 221 Fortune 500 companies having credentials exposed, according to a recent study from Recorded Future. Third party hacks are when cybercriminals attack outside sources - often a partner company or software/hardware vendor - and once compromised, can more easily gain access to data.
"Most corporate IT security departments and personnel seem to have blinders on when it comes to hacking events that occur outside the realm of their immediate responsibility," said Joe Caruso, Global Digital Forensics (GDF) CEO, "but what happens to their employees on the outside can certainly come back to bite them if those attitudes don't change in a hurry.
Cyberattacks targeting private businesses continue to increase, forcing companies to be more vigilant - and recent incidents that targeted Snapchat, Dropbox, and others show how real this problem can be.
The Russian government is blamed for an increasing number of organized cyberattacks against geographic rivals, Western Europe and the United States - but actually trying to prove their involvement has been overly difficult. Even though cybersecurity experts point towards Russia, with Russian political figures routinely denying involvement, it's difficult to take political action without a smoking gun present.
Cyberattacks from the US, UK, Israel, France, and Russia are sometimes masked to look like attacks originated from other regions of the world - and trying to determine legitimate sources will remain difficult, security experts note. However, some Chinese hackers like to leave calling cards to indicate who they are and where they are from when launching attacks against foreign governments and companies.
"Attribution is almost impossible to do," said C. Thomas, a hacker known as "Space Rogue," as he now serves as a computer security consultant. "Anything can be faked. People who do this stuff for a living - and their lives depend on it - will forge that stuff."
Companies operating in the European Union (EU) recently held another round of cyberattack simulations, designed to help test cyberattack response ability. The European Network and Information Security Agency (ENISA) used white hat hackers to mock attack 200 companies located in 25 EU nations for a 24-hour period.
The Cyber Europe 2014 drill focused on financial institutions, security companies, government ministries, energy providers and Internet service providers (ISPs), with distributed denial of service (DDoS) attacks, data exfiltration, and Web defacement attacks.
"The outcome of today's exercise will tell us where we stand and identify the next steps to take in order to keep improving," said Udo Helmbrecht, ENISA executive director.