TweakTown NewsRefine News by Category:
A couple of days after temporarily shutting down its external email service, the US State Department has restored access after a suspected organized cyberattack from Russian hackers. State Department IT security staff detected "activity of concern" several weeks ago, and a response plan was developed to ensure no classified data was impacted. Full access to the service still hasn't gone live yet, while security experts verify new security protocols are complete.
"I can report that our external email services from our main unclassified system are now operating normally," said Jeff Rathke, State Department spokesman. "And for those who feel they are, you know, tethered to their BlackBerrys, they are once again - because the BlackBerry service is working."
US federal agencies have been under attack, as there have been breaches against the US Postal Service, White House and the National Oceanic and Atmospheric Administration (NOAA) in recent weeks. It would appear all of the attacks can be tied back to Russian state-sponsored hackers, which would not surprise security experts.
Seventeen people have been arrested as part of an identity theft ring aimed at defrauding the Internal Revenue System (IRS), trying to cash in on $2 million in fraudulent tax refunds. Federal prosecutors said identity thieves were able to use university student financial records to obtain the tax refunds, and the ringleader is accused of directing at least 92 tax refunds to a single account.
"The disturbing fact is that (many) of these individuals are current or former students who allowed their accounts to be compromised," said United States Attorney Wilfredo Ferrer.
While identity theft - and tax fraud - remain significant problems nationwide, it is especially problematic in Florida. Cybercriminals are targeting everything from medical records and tax refunds to debit and credit card accounts, and have been found stealing physical mail from residents' homes. There were 190 complaints filed for every 100,000 individuals, according to the Department of Justice, and 804.9 people per 100,000 filed fraud complaints in 2013.
The US Senate didn't receive the required 60 votes to move a bill forward that would have forced changes to the National Security Agency's (NSA) phone surveillance program. The USA Freedom Act was brought before the Senate following former NSA contractor Edward Snowden's revelations of mass surveillance of US citizens, including a sophisticated phone snooping program.
The Senate voted 58-42 to prevent the Freedom Act from moving forward, but there will be similar legal efforts to try to limit the NSA's snooping ability. The same amount of information would have been collected, but phone companies would have retained the records instead of passed them along to the government - unless a court order was produced.
"In the past five or six months, we have witnessed heights U.S. national security concerns with terrorist threats, geopolitical problems, and cybersecurity challenges from Russia and China," said David Fidler, Indiana University's Center for Applied Cybersecurity Research professor of law. "Addressing these concerns requires strong American intelligence and surveillance capabilities - creating the potential for stronger opposition to the Snowden-inspired reforms today than existed only a few months ago."
The Interactive Advertising Bureau's Anti-Malware Working Group has teamed up with the FBI and US Department of Justice in their effort to fight malware and cybercrime. There has been an increase in organized cyberattacks targeting the IAB, and federal partnerships could help limit future widespread issues.
The FBI and other government agencies want to increase proactive behavior to clamp down on cybercrime, and this marks the first industrywide relationship they have created. The IAB Anti-Malware Group formed in September and has generated widespread interest, including from the US government, as cybercriminals make millions from compromising companies and users.
"We have become such a target of organized crime that we think this is the only way to truly be successful long-term," said Mike Zaneis, IAB executive vice president. "In the advertising space, what we're particually worried about is the type of malware that will basically make your computer a zombie, or a bot, and will begin to generate non-human traffic back to criminal websites or just selling traffic on networks or exchanges."
There were a number of major data breaches reported in 2014, but it would appear companies have higher hopes for data security in 2015, according to a study published by ThreatTrack Security. In its "2015 Predictions from the Front Lines," 81 percent of enterprise security staffers said they would be willing to "personally guarantee that their company's customer data will be safe in 2015."
Hearing that eight out of 10 security staff would be willing to guarantee customer data sounds absolutely ridiculous - but might be a necessary leap of faith to win over customers, increasingly concerned their personal information could be leaked.
Millions of US consumers faced debit and credit card fraud from the Home Depot and Target breaches alone, with a number of other companies also breached in between.
Kaspersky is imagining the future of the world, with the increase in use of technology, the increase of threats are there too. Infrastructure attacks, financial system attacks, governments being hit, and much more. The video below does an incredible job of showing us how Kaspersky view the future.
One of the scarier things Kaspersky says in its video, is "will a single click trigger a global economic crisis", but follows it by a "world where technology works for us", or "controls us". The video continues, sayign "could it be a truly connected universe, where we'll be able to express the full power and imagination. Or one where those connections make our critical infrastructure vulnerable to attack".
The ad makes you really think about the many, many possibilities we as a human race have to face - as the world is constantly changing around us. Not only are we dealing with things at a personal level, but societal level, and then infrastructure level. Are the governments of the world prepared for these attacks, or simply taking our freedoms away with far-reaching government agencies like the NSA and GCHQ spying on all citizens at once. What do you think?
The Department of Justice (DOJ) program that reportedly uses cell-tower mimicking equipment during airplane flights that allows the federal government to snoop on mobile phones has drawn an angry response from many Americans.
Senator Ed Markey (D-Mass) wants Attorney General Eric Holder to provide details about the DOJ operation, such as mission length, additional surveillance programs, and which cities were impacted.
"Americans are rightfully disturbed by just how pervasive collection of mobile phone information is, even of innocent individuals. While this data can be an important tool for law enforcement to identify and capture criminals and terrorists, we must ensure the privacy rights of Americans are protected," Sen. Markey said in a public statement. "We need to know what information is being collected, what authority is being used to collect it, and if and how this information is retained and stored."
The rise and fall of the Mt. Gox bitcoin exchange took just a few years, but left a serious black mark on the budding cryptocurrency market. More consumers and retailers are willing to experiment using bitcoins as currency and potential investments, despite continued security concerns.
The actual bitcoin protocol hasn't been breached by cybercriminals, and thieves have found ways to compromise bitcoin storage solutions, exchanges, and bitcoin owners directly. With no government regulation and very little insurance of recouping lost funds, some have shied away from jumping into the bitcoin market.
"It's important to remember that Bitcoin as a protocol and the blockchain, the record of transactions, has no known security vulnerabilities," said Trevor Murphy, Chief Technology Officer of bitcoin storage solution company BitStash. "It's impossible to counterfeit bitcoin and an impossibility with current computing power to modify a transaction that has been confirmed, say five or six times on the blockchain. This is very important. In fact, bitcoin marks the first time in human history that a currency has these attributes. People have been counterfeiting money, bouncing checks and chipping little bits off gold coins since time began."
It has become apparent that Tor isn't so secure after all, with government snooping and privacy experts showing the network can be easily compromised. Using Cisco Netflow, 81 percent of Tor users were de-anonymized by computer science professor Sambuddho Chakravarty - the end-user's IP address could be seen, along with a physical mailing address.
Silk Road - and additional Dark Net offerings - tried to use Tor to help keep organizers and users secure, but federal agencies were able to de-anonymize users.
"End users don't know how to properly configure it - they think it's a silver bullet," said Jayson Street, Infosec Ranger at the Pwnie Express security assessment company. "They think once they use this tool, they don't have to take other precautions. It's another reminder to users that nothing is 100 percent secure. If you're trying to stay protected online, you have to layer your defenses."
A new advanced persistent threat (APT), known as DarkHotel, is now targeting C-level executives of major businesses. Instead of trying to compromise governments to steal state secrets, Dark Hotel is cleverly engineered to conduct corporate espionage, likely for a foreign state-sponsored group, utilizing poor wireless hotel security - a rather clever technique for when business leaders are staying in hotels.
Utilizing Flash zero-day exploits and using spear-phishing to compromise users, DarkHotel has been found to steal and re-use digital certificates that inject malicious code. The attacks have taken aim at business visitors in the United States, Japan, South Korea, India, mainland China, Russia, Germany, Hong Kong and Ireland.
"Just think about the playing field IT security professionals have to deal with, and why they need all the help they can get," said Joe Caruso, Global Digital Forensics (GDC) CEO and CTO. "There are mobile devices like smartphones and tablets being used more than ever before, all with seemingly endless choices of software and applications, and all providing a potential threat vector for cross-platform intrusions and attacks."