Sen. Rand Paul (R-Ky.) has filed a lawsuit against Pres. Obama's administration and the National Security Agency (NSA), drawing headlines in his attempt to disrupt the NSA and its controversial data snooping efforts. The class-action lawsuit from the potential Republican president candidate is a curious move, as Paul is banking on U.S. citizen anger to gain headlines.
Besides Obama, NSA Director Keith Alexander, FBI Director James Comey and Director of National Intelligence James Clapper were also named in the lawsuit. The class action lawsuit could represent "hundreds of millions" of U.S. citizens, and has received 386,000 signatures on an online petition Paul shared on his website.
If this story isn't weird enough already, apparently Paul and Cuccinelli are under fire from constitutional lawyer Bruce Fein, as Fein wrote the lawsuit but his name was replaced by Cuccinelli. Not only was the lawsuit "stolen," but Fein also said he still hasn't received full compensation from Paul's political action committee, and clearly isn't pleased.
Former NSA contractor Edward Snowden was able to gain access to classified information using a co-worker's login credentials, which led the employee to lose his security clearance and later resign.
Snowden reportedly tricked an employee to use his login credentials on Snowden's computer, and while he was unaware of Snowden's intentions, still didn't "comply with security obligations."
A U.S. lawmaker added: "Unbeknownst to the civilian, Mr. Snowden was able to capture the password, allowing him even greater access to classified information."
In addition to the former NSA civilian contractor, a current active duty U.S. military member and another contractor lost NSA access privileges. The U.S. government is trying to accurately identify how Snowden collected so many documents which were shared with international reporters - and to prevent a similar incident from taking place again in the future.
The Obama administration wants to help utilities, banks and other important industries better defend themselves from cyber attack, launching voluntary cyber security guidelines as reference. The White House didn't want to offer direct requirements in an effort to allow companies to determine what would work best in their own business environment.
"While I believe today's framework marks a turning point, it's clear that much more work needs to be done to enhance our cybersecurity," said Obama, in a statement from the White House. "Our critical infrastructure continues to be at risk from threats in cyberspace, and our economy is harmed by the theft of our intellectual property."
Although the Obama administration worked on the recommendations based on analysis and industry-offered input, it's unlikely to be effective in preventing future attacks.
The US government and military learned in recent years that cyber threats cannot be ignored, especially with many criminal groups operating out of China, Russia, and other political rivals.
You would expect the president of one of the largest financial institutions in the US to have a very robust personal security plan in effect to ensure that his identity or financial information was not stolen, but it appears that is not the case with PayPal's President, David Marcus. This morning Marcus revealed that one of his credit card numbers was stolen during a recent trip to Europe and then used on a large spending spree.
Marcus says that he thinks that his card was skimmed at the hotel he was staying at or at one of the several merchants he swiped the card in question at. Marcus said that despite the card having an EMV chip that is supposes to make it more secure against this sort of attack, the EMV technology did nothing to prevent his card's number from being stolen and used on a fraudulent spending spree. Marcus did take the opportunity to inject a little promotion for PayPal, saying that if the merchant had accepted PayPal then none of this would have happen as PayPal's payment solutions do not share any credit card numbers with the merchant excepting payment.
Former NSA analyst Will Ackerly and his brother, John Ackerly, are the co-founders of Virtru, a startup security company helping users encrypt e-mails and digital communications. Unlike other encryption solutions, Virtru allows users to encrypt information - and send it - and has an extremely easy user interface to ensure neither user needs to be overly tech savvy.
The Virtru plugin easily and quickly encrypts e-mails and other contents using AES 256 encryption standard, and senders must have the plugin installed. However, recipients only need to authenticate their identity with an e-mail address, and Virtru holds the decryption key.
"What we've tried to do - and what's different from what a lot of encrypted communication tools out there have done - is really spend time to integrate the encryption technology directly into Gmail, Yahoo, Outlook.com," John Ackerly, Virtru CTO, in a statement to the media.
Virtru currently has plugin extensions for Google Chrome and Mozilla Firefox, with customized versions for Internet Explorer and Safari expected soon. For mobile devices, Virtru is available for iOS 7, and will be available for Google Android sometime in the near future.
Following the continued controversy of former NSA analyst Edward Snowden's widespread snooping documents, consumers are increasingly worried about government spying.
Thousands of visitors attending and participating in the 2014 Winter Olympics in Sochi, Russia, landed directly in the city located alongside the Black Sea. 3D camera technology company Artec Group is helping Russian security forces with a new system pairing 3D cameras with facial recognition software - and the security could find its way to the United States and European Union (EU) nations soon.
Artec's software can accurately distinguish between twins, can accurately work despite disguises - though security experts are already about potential privacy concerns. Artec Group also has plans to open a showroom and 3D printing location in a town near its headquarters in Silicon Valley.
Securities using sophisticated software and hardware are important for keeping the Olympics safe, as it has been a popular terror target in the past. However, this type of software could be used for national defense purposes, an active ability to quickly check visitors through crime and terror databases.
The FBI believes cyber criminals have successfully targeted Target, Neiman Marcus, and other major retailers using security holes that could have been blocked by retailers.
Target suffered the most significant data breach of recent companies, with more than 70 million customers affected, as the company still deals with public backlash. The Target breach reportedly is tied to a third-party HVAC contractor, and Target likely thought there were no security holes present, but the card data shouldn't have been available in the same corporate network locations.
Security experts warn of similar point-of-sale - and Internet-based threats - should raise alarm bells, especially with a few businesses that haven't come forward. The FBI didn't disclose which major retailers haven't come forward, though "remote management software" was related to cyber crimes carried out against the company.
Former NSA contractor Edward Snowden used customized web crawler software to steal at least 200,000 government secrets, according to a new report published in the New York Times.
The NSA is helping try to protect federal agencies from foreign-based cyber attacks, but Snowden's method to steal data was surprisingly simplistic - and extremely successful. If Snowden was based at the NSA's main headquarters, it's likely he would have been detected, but the NSA contractor didn't have policies as stringent.
Snowden is accused of scraping "data out of our systems" as he continued his daily job duties, a senior intelligence official told the Times. "We do not believe this was an individual sitting at a machine and downloading this much material in sequence."
The NSA and U.S. lawmakers continue to show disgust with Snowden's actions over the past year - and citizens are more aware of the NSA's questionable activity - with friction expected in the foreseeable future.
In the continued battle against cyber warfare, the FBI recently opened the door to security experts willing to share information about malware. Specifically, the Investigative Analysis Unit (IAU) wants to create "global awareness of the malware threat" in anticipation of what lies ahead in the future. The request for quote (RFQ) is a unique effort to purchase malware so the FBI intelligence services are able to try and reverse-engineer the security threats.
The FBI is currently seeking security firms to submit malware samples for federal computer teams to learn more about how the malicious software is made and distributed. Executive files, digital media files, exploited code, and Office documents will be collected, though security experts are welcome to try and stump the FBI with select malware.
Sophisticated malware continues to plague desktop and mobile users, with malware targeting Microsoft Windows, Linux, and Apple OS X/iOS.
The 2014 Winter Olympic Games are currently underway from Sochi, Russia, where the Russian government and cyber criminal groups are reportedly compromising smartphones, tablets, laptops, and other consumer electronics. Even after a recent NBC News report that indicated its reporters were quickly digitally compromised, research firm Gartner also reminds users that they face security risks everywhere they go with their devices.
As the media loves attention-grabbing headlines, such as Russian FSB and criminals can't wait to hack western mobile devices during the Olympics, cyber security threats are daily occurrences for many users. The Gartner blog published by Paul Proctor, VP Distinguished Analyst, also called out NBC for not carefully wording the published story - a bit of fear mongering an anti-Russian spying sentiment helped NBC with page views, though didn't offer a 100 percent genuine look at cyber threats.
Furthermore, many of the attacks focusing Sochi guests aren't geographically dependent, and the same security limitations and phishing attacks plague users every day at the local coffee shop, library, or shopping center.
The threat of domestic terrorism and attacks by Al Qaida are pressing matters to national security, but many U.S. government officials are instead focused on former NSA contractor Edward Snowden. A recent official said Snowden has done 'profound damage' to future U.S. security efforts, supporting a previous lawmaker that said Snowden is a traitor and criminal.
"What Snowden has stolen and exposed has gone way, way beyond his professional concerns with so-called domestic surveillance programs," said James Clapper, Director of National Intelligence, during a recent Senate committee hearing. "As a result, we've lost critical foreign intelligence collection sources, including some shared with us by valued partners."
U.S. citizens, foreign leader, and Silicon Valley executives are upset with the NSA's spying practices, which continually trampled over Internet users. However, many U.S. lawmakers remain unhappy with Snowden, and demand he returns government documents without any further disclosures.
Meanwhile, Rep. Marc Thornberry, a Texas Republican, said Snowden's security leaks will "certainly cost billions to repair" moving forward.
U.S. retailer Target is still working its way through a massive security breach that impacted more than 70 million in-store customers, a major issue that was first reported late last year. Additional details made available indicate a serious security overhaul will need to take place within Target, and other major retailers should closely follow suit.
Although it appears sophisticated malware targeted point-of-sale (POS) machines in Target stores, it appears some blame is being thrown towards a heating, ventilation and refrigeration third-party contractor. Cyber criminals behind the Target breach may have used the HVAC contractor's stolen account information to gain access, which led to easier access to Target's internal network.
The HVAC company, rumored to be Fazio Mechanical Services from Pennsylvania, confirmed it was recently visited by Secret Service investigators looking into the Target breach.
Target Chief Financial Officer John Mulligan recently appeared before a U.S. Senate Judiciary Committee, apologizing for the retailer's massive data breach.
Journalists and guests attending the 2014 Winter Olympics shouldn't expect privacy, as a journalist with NBC News reported he was immediately hacked. The Russian FSB and cyber criminal groups are expected to take advantage of electronics, snooping and trying to steal personal information from visitors.
"It doesn't take long here for someone to try to tap into your laptop, cellphone or tablet," said NBC News' Richard Engel, reporting from Sochi, Russia. "In a minute, hackers were snooping around. The same thing happened with my cellphone - it was very fast and very professional."
Engel said it took less than 24 hours before his laptops and mobile phone were invaded from outside sources. For American citizens attending the Olympics, the U.S. State Department warns travelers that they shouldn't expect privacy anywhere they are in Russia.
There is a high-level of security in Sochi, because the Russian government is concerned of threatened attacks by Islamic extremists. However, spying on journalists and foreign visitors is more for intelligence gathering than physical security, analysts said last month.
As the world prepares for the 2014 Winter Olympic Games in Sochi, Russia, security concerns are rightfully focused more on preventing any types of terrorism. However, cyber security experts are worried about the great potential for Russian federal authorities to snoop on athletes, journalists, and visitors to the country throughout Russia.
Both the Russian government, which gives wide-sweeping ability to spy on visitors, Russian cyber criminal groups also are expected to be active during the event.
"It's the same as during the Beijing Games - the host government, private enterprise and individuals pose a big threat to people traveling to the Sochi Games, in respect to monitoring conversations on cell phones and intercepting texts and e-mails," an Olympic security contractor recently noted.
The Russian Federal Security Service (FSB) will focus on snooping related to terrorist activity, mainly, but also can snoop on regular visitors - and the cyber criminals will focus on stealing personal data, passwords, and anything they can sell.
The United States Secret Service and Royal Canadian Mounted Police (RCMP) recently seized an offset printing press that has reportedly printed millions of dollars in fake currency. The counterfeit bills would have been impossible to detect with a quick glance, and ideal for regions of the world where a counterfeit detector pen or machine aren't used by cashiers.
During a previous raid in 2012 by the Secret Service and RCMP, $1 million in fake non-sequential numbered bills were seized.
Counterfeiting currency has become increasingly difficult with the Secret Service actively investigating counterfeiting cases - and due to technological security defenses - but occasionally people are able to successfully print fake funds. As home printers, toner technology and ink jet products become better, there is concern that counterfeiting will remain a lucrative underground effort.
For many years now, Malwarebytes has been a staple in many Windows users anti-virus / anti-malware toolbox. It gained this position not only because it works so well, but because it was a powerful solution that was completely free. Today the company announced that Malwarebytes 2.0 will
be moving away from its free to download model be moving away from a lifetime licence model, and will instead move to an annual subscription licensing model.
The company says that Malwarebytes 2.0 will cost users $24.95 per year with a licensing covering three separate PCs, a fee that is much cheaper than many of the big-name anti-virus programs on the market. "As more and more people have come to rely on us for malware protection and cleanup, our costs in bandwidth, hosting fees, infrastructure, salaries of our researchers, QA department, and more have grown immensely," explained Kleczynski, CEO of Malwarebytes. "Though our company is about more than just making money, we are a company and we do have to make money to pay our staff to continue doing what they love, which is fighting malware. The subscription model will help us to be sustainable for the future while staying true to our roots that we will always make malware cleanup free for everyone"
Malwarebytes says that its customers who have already purchased lifetime licenses will not need to pay the annual subscription fee, and the company will continue to offer lifetime licenses for a short period to ease the transition for those users who have wanted to take the lifetime plunge, but have yet to do so. What do you think about Malwarebytes moving to
a paid version only model to a annual subscription over lifetime license model, and will you be jumping in to grab one of the few lifetime licenses left?
A point-of-sale malware designed to steal debit and credit card information has been found on systems in 11 different countries, according to security company RSA. Dubbed ChewBacca, the malware was first discovered in late October, and has been found on in-store POS, directly blamed for stealing at least 49,000 account numbers to date.
The Tor-based malware threat communicates with the Command and Control (C&C) server using the anonymous Internet network - protecting the IP addresses of controllers. ChewBacca has proven successful in encrypting traffic and slipping through network-level detection, despite being a relatively simple piece of malware.
In-store POS threats, typically malware to steal customer information, typically go unnoticed, but consumers are becoming more aware of current threats. Criminals want to do whatever is necessary to steal data that they can either use, trade, or sell to other criminals - at the expense of retailers and consumers.
U.S. officials are still trying to come to terms with former NSA analyst Edward Snowden's spying disclosures, with James Clapper, the Director of the National Intelligence, demanding his journalist "accomplices" return leaked documents.
Clapper didn't place blame on specific "accomplices," but reporters at The Guardian, for example, would likely be an obvious choice.
Clapper's spokespeople later clarified and said the U.S. official "was referring to anyone who is assisting Edward Snowden to further threaten our national security through the unauthorized disclosure of stolen documents related to lawful foreign intelligence collection programs."
Snowden may have recently been nominated for a Nobel Peace Prize, but government officials would still like to see him face espionage-related charges. Trying to equate journalists to accomplices clearly is a long stretch for a government administration desperate to make sure similar whistle blower actions don't take place in the future.
The founder of the SpyEye malware, Aleksandr Andreevich Panin, recently pleaded guilty to federal conspiracy and bank fraud charges. The Russian citizen was extradited to the United States early last year, and will be sentenced on April 29, where he will almost certainly receive a prison sentence.
SpyEye was reportedly created in 2009 and remotely infected PCs so cyber criminals could access personal information, including bank accounts, usernames and passwords. Panin sold licenses to the software from $1,000 up to $8,500, with more than 150 global clients using the malware to steal information.
"As several recent and widely reported data breaches have shown, cyber attacks pose a critical threat to our nation's economic security," said Sally Yates, U.S. Attorney of the Northern District of Georgia, in a statement. "Today's plea is a great leap forward in our campaign against those attacks."
Developing malware and other malicious software for profit has become big business for savvy cyber criminals, and will continue to be a lucrative underground business.
A new proof-of-concept malware targeting touchscreen devices shows a potential security threat in which user finger swipes could be used to see exactly how consumers interact with their devices, according to security firm Trustwave.
Specifically, the malware is able to log the X and Y coordinates of touch swipes on a device, along with capturing screenshots to help record touch coordinates. The proof-of-concept also allows the cyber criminal to only capture screenshots when a user enters a specific app, and a full demonstration and disclosure will be made at the RSA security conference next month.
"The more interesting thing is, if you get a screenshot and then overlay the touch events, you're looking at a screenshot of what the user is seeing, combined with dots, sequentially, where the user is touching the screen," according to Neal Hindocha, Trustwave senior security consultant.
It seems if this security threat hit the wild, it would be used against specific targeted users and companies, and won't end up becoming a widespread threat to the average smartphone or tablet user.
Edward Snowden, the former National Security Agency (NSA) IT contractor now hiding in Russia, is worried about the U.S. government trying to retaliate against him. Following his initial revelations starting last May, a number of rather shady NSA-related spying tactics have popped up, including efforts to snoop on foreign citizens and government leaders.
"There are clear threats, but I'm not losing any sleep over them," Snowden recently told foreign journalists.
If Snowden remains under the protection of the Russian government, it seems less likely the U.S. government would try to launch a covert operation to silence him. However, if he ends up seeking amnesty in a Central or South American nation, personal security must be a significant concern to the U.S. citizen.
Meanwhile, Russia isn't in a big hurry to try and send Snowden out of the country, with officials noting he's welcome to stay as long as he feels comfortable. The 30-year-old also said he wouldn't receive a fair trial in the U.S., and his lawyer wants a guarantee of amnesty before he tries to head home again.