TweakTown NewsRefine News by Category:
In a discussion on Last Week Tonight, Edward Snowden told comedian John Oliver about how we can think about the governments surveillance of citizens in a more relatable manner.
It is often discussed that the general population isn't up in arms about breaches of sensitive data as they can't closely relate with exactly whats going on. In an attempt to educate some, Oliver took a new approach as spotted on News.com.au.
Talking to Americans on the street, Oliver showed us that there was quite a number of people who weren't exactly sure who Snowden was - often confusing him for Wikileaks founder Julian Assange. He then asked how people would feel if their naughty 'nudes' were available for the taking.
One angry person stated "if I had knowledge that the US government had a picture of my d*ck, I would be very pissed off," with Snowden adding "well, the good news is there's no program named 'The D*ck Pic Program'. The bad news is [the government's] still collecting everybody's information - including your d*ck pics."
A Linux Australia server hosting a conference attendee database was compromised after cybercriminals were able to gain root level access. Information taken related to the Linux Aus Conference for 2013, 2014 and 2015, along with PyCon Australia 2013 and 2014 - stolen data included names, email addresses, physical mailing addresses, phone numbers, and passwords.
Hackers were able to trigger a remote buffer overflow after installing a remote access tool, and then rebooted the server so software was loaded into memory. From there, a command & control center was installed and began operation - and system administrators note that it doesn't look like personal information was taken, but an investigation continues.
"In accordance with our values of transparency and openness, we wish to inform you of a security breach of Linux Australia's servers," said Joshua Hesketh, organization president of Linux Australia. "This incident has resulted in the possible, but not confirmed, release of personal information."
There is a technology arms race currently underway between the US and UK governments trying to compete against cybercriminals and terrorists using the Internet effectively. Cybercriminals are increasingly organized, some of them state-funded, and able to launch sophisticated attacks easily.
During a recent speech, MI6 officials said agents are trying to battle against opponents "unconstrained by consideration of ethics and law," able to more easily put the UK at risk. Although espionage can be easier to track due to technological footprints, it also opens the door to cyber mercenaries able to share and launch coordinated attacks.
"Using data appropriate and proportionately offers us a priceless opportunity to be even more deliberate and targeted in what we do, and so be better at protecting our agents and this country," said Alex Younger, chief of the Secret Intelligence Service (MI6).
A well-organized Eastern European cybercriminal group is using social engineering that includes phishing and phone calls paired with malware to steal money from US businesses. IBM, which discovered the surprisingly sophisticated operation, call it "The Dyre Wolf" - and while the group has netted just $1 million so far - the organization of the group is rather alarming.
Once victims click on a fraudulent link or attachment, the malware is installed and waits for users to access a bank website. Instead of going to the bank's website, a fake screen says the bank website is down, so victims have to call a phone number. Once dialed, victims turn over bank information and a large money wire transfer is initiated by the criminals.
"What's very different in this case, is we saw a pivot of the attackers to use a set of social engineering techniques that I think are unprecedented," said Caleb Barlow, VP of IBM Security, in a statement to Reuters. "The focus on wire transfers of large sums of money really got our attention."
The National Security Agency (NSA) should be able to find itself 1,600 new recruits in 2015, with a heavy focus in computer science and math, but the task is getting harder. A combination of rising Silicon Valley tech employment/salaries mixed with Edward Snowden's intelligence leaks have damaged trust in the NSA from the public - and possible job recruits.
The NSA has around 35,000 employees across the country, and trying to compete against tech companies to recruit employees from leading universities is proving difficult. A lack of trust is a major issue that is making some people think-twice before trying to land a job with a security clearance.
"Before the Snowden leaks we looked at the NSA as being a spy agency, and they did what they were supposed to do," said Matthew Green, assistant research professor at the Johns Hopkins Information Security Institute, in a statement to NPR. "But we've learned that they've been collecting this incredible amount of information. And they're not shy about doing whatever they have to do to get access to that information."
Following an international manhunt dating back two-and-a-half years, the FBI's most wanted cybercriminal was captured in Pakistan earlier this year. Noor Aziz Uddin, a 52-year-old responsible for spearheading a global phone fraud ring, was one of the FBI's most wanted cybercriminals.
Despite traveling between the United Arab Emirates, Malaysia, Pakistan, Italy and New Jersey, Uddin's ability to hide began to unravel after federal Pakistani authorities received a phone number reportedly linked to him. The Federal Investigation Agency in Pakistan was able to use the phone's GPS coordinates, with help from Uddin's wireless service carrier, to pinpoint his exact location.
The arrest occurred successfully without any violence.
Employees infected with ransomware often panic and paying a ransom to the cybercriminals typically is easier than trying to restore files. The problem is a tad bit more complicated, because criminals are hacking files and forcing companies to choose between paying or suffering a data breach. Thirty percent of organizations would pay or negotiate a release of encrypted data, according to ThreatTrack.
Interestingly, that number goes up to 55 percent for companies that have suffered a similar incident in the past - revealing the need for proper employee education.
It's unknown how many companies actually suffer an extortion scheme, with many companies likely not reporting issues to the public or to law enforcement, said Stuart Itkin, SVP of ThreatTrack. Cyber extortionists are becoming better skilled, so trying to figure out how to negotiate with them is a struggle.
The Obama Administration wants to hit individuals and groups located outside the United States with financial sanctions if they launch cyberattacks taking aim at US economic stability, national security or the country's foreign policy.
The United States has a lot more to lose when compared to other countries in the current cyberwar landscape, and trying to find adequate defensive strategies has been difficult. However, Obama hopes its latest executive order, giving the US Treasury Department the ability to freeze assets, will make some cybercriminals think twice.
Anything from attacking critical infrastructure and using trade secrets for an advantage in the cyber landscape to disrupting computer networks and causing mass data breaches could lead to sanctions.
The GreatFire free-speech group says the Chinese government is using its incredible Internet infrastructure to launch cyberattacks. Many national governments are modernizing their cyberattack capabilities, and China is notorious for targeting political opponents.
GreatFire itself suffered a major distributed denial-of-service (DDoS) attack, and now GitHub and other companies are facing sophisticated cyberattacks. Not surprisingly, the Chinese government didn't respond to GreatFire accusations, though officials previously accused the group of being "anti-China."
If true, this is a new strategy from the Chinese government, which has been long suspected of organized cyberespionage. "The last couple months, we've seen a real sea change in Chinese Internet policy, where they've become more assertive about blocking Western sites and pushing back on their citizens' ability to access information from outside the country," said James Lewis, senior fellow of the Center for Strategic and International Studies.
Researchers from Check Point Software Technologies in Israel have found a surprising computer spying operation that "likely" originated from a government agency or political group operating inside of Lebanon.
The spy software, once installed via hijacked public websites, could steal personal and corporate information from victims.
"They are not 'script kiddies,'" said Shahar Tal, a researcher at Check Point Software Technologies, in a statement published by Reuters. "But we have to say in terms of technical advancement, this is not NSA-grade. They are not replacing hard drive firmware."