Hacking, Security & Privacy News - Page 66

The Southern District of Texas offered a misdemeanor plea deal to hacker Fidel Salinas, 28, just a few months after the hacker was charged with 44 felony counts of computer fraud and cyberstalking. Each count had a maximum 10-year prison sentence, totaling a potential 440 years in prison.

Instead, the suspected Anonymous-linked hacker plead guilty to one misdemeanor count of computer fraud and abuse - and must also pay $10,000. He faces up to one year in prison when sentenced on February 2, 2015, and his attorney will argue the monetary restitution is enough.

Salinas reportedly tried to access the Hidalgo County administrative website, using a script that racked up more than 14,000 access attempts. The brute force attack led county IT administrators to be locked out of the system themselves.

Anonymous has continued its #OPKKK campaign against members of the Ku Klux Klan in Missouri, after the group brazenly challenged the hacker collective online. The @KuKluxKlanUSA Twitter account was compromised last week, and the hacking fun was only beginning for Anonymous.

I won't link directly to the dox page, but it doesn't take much imagination into how one would easily find the information posted online, courtesy of Anonymous. Frank Ancona, the "KKK Imperial Wizard," had his address, phone number, Social Security number, credit card information, and other personal information - with the dox also targeting his wife - posted online.

Anonymous also might target government websites and infrastructure in Missouri to respond for the Grand Jury failing to indict Officer Darren Wilson: "We find it disturbing that you, the grand jury, have chosen this patch as everyone will not choose to stand calm and let you choose to let him walk free. As you've seen all the riots and businesses, police cars, etc., being burned down while Anonymous shall target any Missouri government or bank sites now, so you better increase your security because we're here and we're not going to stand by and watch you let this man walk free."

Former NSA contractor Edward Snowden was disgusted by NSA and GCHQ mass surveillance activities, and disclosed the questionable actions of both agencies. However, multiple lawmakers and politicians have spoken out against his actions, saying he has put military personnel and intelligence agents at risk.

British lawmakers hope to push the Communications Data Bill, which would force ISPs and mobile service carriers to keep Internet browsing activity, social media, email correspondence, voice calls, Internet gaming activity, texting, and other records on file for a minimum of 12 months. Phone and email contact data is already retained due to the Data Retention Regulations 2014 bill.

"Consequently there are people dying who actually would now be alive," said Lord West, a former UK security minister and Navy admiral. "It is now critical that we move forward the Communications Data Bill that was paused so unreasonably because there is a very real danger that unless we do this, I think it is not exaggerating to say that people will die in this country who would have been safe if that had been in place."

The British government requested data on one journalist as part of Operation Elveden, focused on alleged bribes made to public officials for information, and "accidentally" received data on 1,000 News UK staff. Vodafone said there was some type of human error that led to the extra data being supplied, while police officials said they returned the information.

Police wanted information focused on one journalists that worked for News UK from 2005 to 2007, and used the Regulation of Investigatory Powers Act (RIPA) to receive the data - and the information was returned back to Vodafone after about four months.

"Unfortunately, there was a human error during the processing of this information - which was drawn manually from a legacy system - as a consequence of which the Met Police were supplied with a corrupted dataset containing a significantly higher volume of metadata than had been the focus of the warrant received by Vodafone. The metadata in question relates to call logs and other information, such as pricing data, not the content or location of any communications."

Many cybersecurity specialists working for the NSA and GCHQ tend to get burned out, and then head to the private sector. It provides a unique opportunity to hear more about some of the efforts the US government have employed to conduct organized cyberespionage against foreign governments.

For regular Internet users, it doesn't matter whether it's the government or a foreign cybercriminal, cybersecurity must be appreciated and not overlooked. As former government programmers and security experts abandon their government jobs in favor of the private sector, companies want to rely on technology advice from intelligence officials - providing valuable insight into how governments are conducting increased surveillance.

"Whether they're cybercriminals or state sponsored actors, I think a lot of times they can get into a network using a less sophisticated approach or a variant of a known piece of malware... it's a lower risk operationally for them," said Jim Penrose, former NSA employee and part of the department's Tailored Access Operations (TAO) group. "They don't want to fire silver bullets unless it's absolutely necessary; like a zero day or something like that, or a previously unseen piece of malware. Those are really high quality and you want to save those for a time when it's absolutely critical."

The CoinValut ransomware victimizes businesses, encrypting critical work files - but there is an added twist with this particular piece of software. The criminals provide one free decrypt, providing access to a file, trying to provide additional faith in victims.

CoinVault uses 256-bit AES encryption, and the decryption keys are stored on remote servers - and Windows files cannot be recovered unless the bitcoin payment is submitted to cybercriminals. Victims are ordered to pay 0.5 bitcoins, around $200 at current market prices, with the price increasing every 24 hours.

Ransomware attacks typically rely on employees falling prey to social engineering techniques, designed to trick users into clicking suspicious links or downloading unknown files.

The future of passwords could be under pressure if Intel-owned McAfee can develop new biometric authentication technology that can be supported. The average user has around 18 passwords, so using some type of biometrics would be able to help reduce that chaos.

"Your biometrics basically eliminate the need for you to enter passwords for Windows log in and eventually all your websites ever again," said Kirk Skaugen, Intel SVP and GM of the PC Client Group.

Despite passwords being under threat to be eliminated - for several years now - it still remains the most common security procedure for email, online banking, and other user accounts. However, passwords paired with other security procedures prove to be significantly more secure, though consumers are still waiting to learn more before abandoning all of their passwords.

Sony Pictures Entertainment was forced to warn employees not to access corporate networks or check their email, because the company is under cyberattack and being blackmailed to prevent "secrets" from being released. It's unknown what information, if any, the hackers were able to steal from the Sony network.

An image that says SPE was "Hacked by #GOP" was published on the company's computers - and issued the following message: "Warning: We've already warned you, and this is just the beginning... We have obtained all your internal data including secrets and top secrets."

"Sony deserves praise for going offline while they figure out what is happening rather than allow further damage," said Hemanshu Nigam, Internet cybersecurity expert. "Hackers are always-on the hunt for holes in a network, which can happen when a system isn't updated properly or a feature change is made. It is critical for companies to conduct self-hacking exercises on a continuous basis to find and patch these vulnerabilities before the hackers find them."

The sophisticated Regin stealth malware, which has been in operation since at least 2008, was likely created by the US and UK governments to spy on other governments and businesses. Specifically, the NSA and GCHQ most likely spearheaded the project, with the malware's first target against the European Union (EU).

"Having analyzed this malware and look at the [previously published] Snowden documents," said Ronald Prins, security expert. "I'm convinced Regin is used by British and American intelligence services."

Russia was the most heavily infected nation, racking up 28 percent of Regin's wrath, while 24 percent was in Saudi Arabia, Ireland (9 percent), Belgium (5 percent), and Austria (5 percent) rounded out the list of most infected nations.

Numerous data breaches throughout 2014 forced American consumers to be more vigilant and proactive of their own personal accounts. As shoppers head online and into local stores to purchase Christmas gifts, more security experts are providing a friendly reminder to look after their own financial safety.

A recent survey found 55 percent of shoppers will head to a local store or mall to purchase items, while 36 percent will be searching for and purchasing gifts online. Specifically, 55 percent of consumers will use their credit cards, and 24 percent will use debit cards, checks, mobile payments, and other forms of payments to make purchases.

"Unfortunately, the threat of fraud is a reality, but it doesn't mean you're helpless," said Phil Hatfield, Capital One Vice President of Fraud. "Ensuring that you're monitoring your accounts and getting alerts to make you aware of unauthorized activity are simple steps and things you should do year-round and especially during the hectic holiday shopping season."