Hacking, Security & Privacy News - Page 73

An unnamed 19-year-old software engineering student, identified only as "Li," was arrested just 17 hours after his "Heart App" Google Android malware infected more than 100,000 phones. The malware was able to spread so quickly by relying on the contact lists of compromised devices, with users downloading the fake app, which then sent out a text urging users to download the app as well.

Chinese wireless carriers were quick to block more than 20 million infected messages from being sent out to new users. The 19-year-old will be identified following completion of the investigation by Shenzhen police, where the student went for vacation. It seems the custom malware was designed just as proof of his ability to write code.

To uninstall the malware, Sophos recommends the following: head to Settings | Apps | Downloaded and uninstall XXshenqi app.

The Blackphone was announced as a way for security conscious consumers to use their device in peace, without the fear of their communications being compromised - and it has now been 'hacked' at the Black Hat event in under five minutes.

@TeamAndIRC managed to gain root access to the Blackphone at the DefCon hacking conference within five minutes by going through the Android Debugging Bridge, and without using a bootloader to boot. Blackphone still seems to be solidly secure on the surface nonetheless, and now the company has responded to the discovery.

Blackphone said it is perhaps not as big of a disaster as it sounds: the company underplayed getting access through ADB, claiming it is just a part of the Android OS that the firm opted to turn off, and that a patch is on the way. But another vulnerability uncovered by TeamAndIRC, the company said in a blog post, is "accurate" - and a patch was released in three days of its initial discovery. Blackphone went on to congratulate the hacker for finding the bug.

Criminals that compromise networks and steal large amounts of information are finding easier and more organized methods to quickly get rid of the data. Data dumps are one of the most popular products found on these underground forums, where buyers and sellers communicate in an organized fashion similar to an official business from the legitimate world.

Many cybercriminal groups are trying to steal bulk data, such as the Target and eBay breach, looking to offload the information as quickly as possible. Using organized underground hacker forums, many based in Eastern Europe and China, they are able to sell and trade the data.

"When we think about the markets themselves they are organized in a unique fashion," said Tom Hold, Michigan State University associated professor specializing in cybercrime. "At the individual level, we're talking about a process where we're seeing peers and colleagues; at the formal forum level, we're seeing a more formal organization that takes place."

Cybersecurity experts Jakob Lell and Karsten Nohl have demonstrated a new vulnerability that makes it extremely difficult for users to defend against USB-based attacks. The current USB standard's vulnerability makes it hard to defend against attacks, even if manufacturers should begin developing additional security layers.

Specifically, empty USB flash drives can contain malware even if formatted - a troubling sign for many of the companies that rely on flash drives to transfer data.

"USB is ubiquitous across all devices," said Mike McLaughlin, First Base Technologies, in a statement to BBC. "It comes down to the same old saying - don't plug things in that you don't trust. Any business should always have policies in place regarding USB devices and USB drives. Businesses should stop using them if needed."

The Mozilla Foundation has made a mistake that left the credentials of about 76,000 developers using its Mozilla Developer Network vulnerable to hackers. During a sanitation process on the server where the data was stored, some sort of error cause an emergency dump of the data on that server to be sent to a backup server.

That emergency dump is something that many servers do to prevent data loss. The catch is that the backup server where the data was dumped was unencrypted. That means that the details of those 76,000 developers were available to be copied by anyone along with 4,000 encrypted passwords.

Mozilla has removed the data now, but the information sat there for a month before developers noticed the issue. Mozilla says that the passwords would not work and that it hasn't seen any sort of breach using the data.

The federal government might have disrupted Cryptolocker ransomware operations, but the Benjamin F. Edwards & Co. brokerage house recently suffered an attack by the CryptoWall, the DOJ.NH website recently reported. The incident took place in late May, with the unauthorized third party compromising their computer systems - informing customers of the data breach.

Many companies are rolling out new security and try to educate users about safely and properly interacting with emails, online accounts, and other cloud-based services proves to be difficult. As users are compromised, critical work documents become unusable until a payment has been made to operators of the ransomware - and educating users to spot these social engineering techniques should be a first great step.

"We are seeing a new wave of ransomware created by Russian cybercriminals, and our recent survey shows that IT pros expect it to get worse the rest of the year," said Stu Sjouwerman, KnowBe4 CEO, in a press statement. "To add insult to injury, apart from the confidential files being encrypted and ransom extorted, the ransomware sends unidentified data out of the victim's network. That means the malware infection needs to be treated as a data breach with accompanying very high costs."

The lure of easy pickings in online cybercrime has drawn many criminals to the Internet, where they look to compromise users, steal debit and credit card information along with other personal data. The use of social engineering to manipulate victims remains popular, but many Internet users provide information to criminals too easily.

The basic tips apply: don't provide personal information when you don't have to, such Social Security numbers; always monitor bank accounts; avoid clicking links in unsolicited emails, or other suspicious messages; and choosing a secure password are important.

"Con artists are going online to steal your hard-earned money," said Bob Gallo, AARP Illinois State Director, in a press statement. "Common sense should tell us that if it sounds too good to be true, chances are it is. But AARP's nationwide Fraud Watch Network can also help you beat con artists at their own game and get critical information to fight back and protect your money."

The continued political unrest in Iraq has led to armed conflict, but has led to a rise in something a bit more surprising: a cyberwar that has used social media and coordinated malware and other cyberattacks against rival political factions.

The use of the "Njrat" malware, to compromise PCs and create a rudimentary botnet, has drawn interest among cybersecurity experts - and other similar tactics are being deployed. The criminals are interested in stealing data and using hijacked microphones and cameras to see what is happening in select regions.

"The key parties are local groups within Iraq using malware for targeted intelligence on each other," said Andrew Komarov, Intel Crawler chief of security, in a statement. "It is very hard to confirm who is the author, as some of the malware is used from public sources, but it is very visible that it is used within Iraq, and not outside against foreign countries, which may explain the beginning of internal local cyberwar."

The owner of ConnectZone.com, Daniel Oberholtzer, has been sentenced for participating in conspiracy to traffic in counterfeit goods, receiving 37 months in federal prison. The company must forfeit $716,778 that was collected for selling counterfeit products, advertising the sale of network products that were promoted as Cisco products.

"Innovation and our economy demand that the intellectual property of businesses be protected," said Jenny Durkan, U.S. Attorney, in a statement. "Here, the defendants used the hard earned brands of others and slapped it on inferior products."

Business owners and law enforcement have stepped up civil and criminal complaints against Internet pirates and counterfeiters. Leaders of organized rings conducting illegal business are being indicted and face prison time if found guilty.

Former NSA contractor Edward Snowden wants hackers to help develop new technologies that will help users access the Internet without government snooping. His plea for assistance was via video chat from Moscow, where he is becoming more vocal about snooping.

"You in this room, right now have both the means and the capability to improve the future by encoding our rights into programs and protocols by which we rely every day," Snowden recently told the Hackers On Planet Earth (HOPE) attendees. "That is what a lot of my future work is going to be involved in."

SecureDrop, a service so whistleblowers can leak documents to the media, is one new technology that is being discussed at the conference. There is a great opportunity for software development after Snowden gave a much better picture of some of the surveillance programs currently underway.