Hacking, Security & Privacy News - Page 50

Barrett Brown, a writer and activist linked to the Anonymous hacker group, has been sentenced to five years in prison for sharing stolen data and threatening an FBI agent. Brown pleaded guilty to obstructing the execution of a search warrant, accessory to an unauthorized access of a protected computer and making Internet threats.

Brown's tweets and posted YouTube videos helped generate unwanted attention by federal investigators, and the 33-year-old was blamed for sharing data stolen from the Stratfor private defense contractor. He originally could have faced more than 100 years if convicted - and after time served in custody already - must serve three more years.

"If I criticize the government for breaking the law, but then break the law myself in an effort to reveal their wrongdoing, I should expect to be punished just as I've called for the criminals at government-linked firms to be punished," Brown said before he was sentenced. "When we start fighting crime by any means necessary, we become guilty of the same hypocrisy as law enforcement agencies throughout the history that break the rules to get the villains, and so become villains themselves."

Police in Israel have reportedly arrested a hacker accused of stealing unfinished songs from Madonna's latest album. Adi Lederman, a 38-year-old Israeli, will face charges related to intellectual property theft and aggravated fraud, and has allegedly stolen and sold other music online.

Madonna's album "Rebel Heart" is scheduled for release in March, but songs were leaked online in December. Not surprisingly, the musician asked fans not to listen to the stolen songs, pleading to music fans that the song theft was the equivalent of a personal and professional violation.

"I am profoundly grateful to the FBI, the Israeli Police investigators and anyone else who helped lead to the arrest of this hacker," Madonna wrote on her Facebook page. "I deeply appreciate my fans who have provided us with pertinent information and continue to do so regarding leaks of my music. Like any citizen, I have the right to privacy. This invasion into my life - creatively, professionally, and personally remains a deeply devastating and hurtful experience, as it must be for all artists who are victims of this type of crime."

A whopping 93 percent of organizations are vulnerable to insider threats, and the problem continues to be confusing for business leaders, according to Vormetric's "2015 Insider Threat Report." The threat report also discovered 59 percent of respondents believe privileged users pose the biggest threat to their organization, and preventing a data breach is a major priority for IT security spending.

Trying to keep companies secure from insider threat - both accidental and malicious - is a problem that only seems to be getting worse, as companies are unsure how to address evolving security problems. As such, experts are concerned the number of massive data breaches, which captured headlines in 2014, will continue in 2015 while companies remain flustered.

"As the past year demonstrates, these threats are real and need to be addressed," said Alan Kessler, CEO of Vormetric. "Organizations wishing to protect themselves must do more than take a data-centric approach; they must take a data-first approach. Although we are heartened that 92 percent of organizations plan to maintain or increase their security spending in the coming year, our larger concern is about how they plan to spend that money."

Just 56 percent of employees believe their password habits in the workplace are secure, according to Software Advice's "Password Use in the Workplace" report. Companies are struggling to teach their employees to hold more responsibility with security, and the problem will continue throughout 2015.

"Our findings suggest that users either remain unaware of the rules despite the hype, do not believe them to be good advice or simply find them too burdensome, and thus opt for less secure passwords," according to the report.

Proper cybersecurity must start from the top and trickle down to regular employees, though that doesn't seem to be happening, according to the survey. Only 54 percent of employees report their employers require them to create complex passwords.

US government departments are increasingly worried about high-profile data breaches, with cyberattacks targeting US infrastructure increasing, according to General Dynamics. US military spending has declined, but due to rising cybersecurity threats, spending to help defend networks has grown significantly in certain sectors.

Cybersecurity related to preventing insider threats has proven popular, with up to five government departments interested in insider threat protection over past few months. Trying to defend against threats from the inside can be extremely difficult, but cybersecurity experts tend to look for unusual employee behavior before information is compromised.

"Across the board, I see this as still being a growth area for us," said Nadia Short, VP and GM of cyber systems at General Dynamics, when speaking to Reuters. The contractor has merged its cyber and engineering departments, providing additional expertise and streamlined security developments.

It would appear China was able to steal details regarding F-35 fighter jets being sold to the Australian military, according to former NSA contractor Edward Snowden - but the US Pentagon said classified data on its F-35 fighter program remains safe.

"Classified F-35 information is protected and remains secure," according to a statement published by Reuters. US government departments and its contractors face a high volume of Internet-based attacks, with criminals interested in stealing information - which can be used or sold - as organized state-sponsored attacks continue to increase.

Meanwhile, the Chinese government said the accusations revealed by Snowden are "groundless," though China is known to conduct cyberespionage campaigns against military and political rivals.

Sixty-one percent of companies increased their cybersecurity budgets by an average of 34 percent in 2014, despite a number of high-profile data breaches still taking place, according to Identity Finder and the Ponemon Institute. Companies showed the most interest in the following security resources: Security incident and event management (SIEM), endpoint security, intrusion detection and prevention, encryption, and Web application firewalls.

Companies want to step up spending related to cybersecurity, but must ensure they are investing resources in the appropriate places. For companies breached, the information is rather frightening: 95 percent didn't discover a breach for at least three months, while 46 percent admitted they found a data incident on accident.

"This study shows that organizations are dedicating greater attention and financial resources towards managing sensitive information and preventing data breaches, which is certainly encouraging news," said Dr. Larry Ponemon, founder and chairman of the Ponemon Institute. "However, 2015 is predicted to be as bad or worse as 2014 as more sensitive and confidential data and transactions are targeted by attacks and collateral damage."

The US government has increased concerns related to cybersecurity, and a new report compiled by Michael Gilmore, director of operational test and evaluation (DOT&E), likely won't help alleviate concerns. In the published 366-page report, it was discovered that almost all U.S. weapons programs tested during 2014 faced "significant vulnerabilities" related to cyberattacks.

Problems included unpatched and aging software, misconfigured network protocols, and similar issues - opening the door to potential security concerns.

"Cyber adversaries have become as serious a threat to U.S. military forces as the air, land, sea and undersea threats represented in operational testing for decades," according to the report. "The continued development of advanced cyber intrusion techniques makes it likely that determined cyber adversaries can acquire a foothold in most (Department of Defense) networks, and could be in a position to degrade important DOD missions when and if they chose to."

The Microsoft Outlook.com email service reportedly was breached by Chinese authorities, using a "man-in-the-middle" type attack, according to the GreatFire watchdog group.

MITM attacks typically rely on hijacked online connections used to monitor and control communications through an online communication - with email users relying on IMAP and SMTP to access Outlook, Mozilla Thunderbird and other apps left vulnerable.

"We suspect that the Cyberspace Administration of China, which is directly in charge of censorship... is directly responsible for the MITM attack against Outlook, and the recent related MITM attacks in China," according to the report.

Cybercriminals are always-on the lookout for software bugs they can exploit, allowing them to hopefully compromise users. Keeping software updated, for example, helps close backdoors and make it harder to find access points - but many people fail to update software, and avoid potentially preventable security incidents.

Another aspect to good cybersecurity is understanding what types of software are being targeted - and why - with clues gathered from this type of information. Java, which has been a longtime favorite for exploits, has increased focus on security, so users have shifted attention to Microsoft Silverlight. As such, experts have seen a strong uptick in Silverlight-based attacks:

"We saw a 34 percent drop in exploits in Java," said Jason Brvenik, principal engineer of security business at Cisco, in a statement to SCMagazine.com. "Java has become more secure. Attackers have noted this, so we saw a rise in the exploit of Silverlight consequently."