Hacking, Security & Privacy News - Page 74

Former NSA contractor Edward Snowden has revealed widespread spying and surveillance, but there has been a large amount of other revelations made by the American. Snowden recently said it's not uncommon for NSA workers to share "intimate nude photos of someone in a sexually compromising situation," including intercepted sexts sent among phone users.

"You've got enlisted guys 18-22 years old," Snowden said. They've suddenly been thrust into a position of extraordinary responsibility where they now have access to all your private records. During the course of their work, they stumble across something that is completely unrelated to their work in any sort of necessary sense, for example, an intimate nude photo of someone in a sexually compromising situation. But they're extremely attractive. So what do they do? They turn around in their char and show a coworker who says, 'Hey that's great. Send that to Bill down the way.' Then Bill sends it to George, who sends it to Tom."

An NSA official didn't deny the activities occurs, but said the organization "has zero tolerance for willful violations" of professional conduct and would address "credible allegations of misconduct." If true, it's not necessarily surprising to hear that this type of behavior happens, though certainly is inappropriate.

The highest ranking official of the United Nations humans rights department says former NSA contractor Edward Snowden should be celebrated and not hunted. The U.S. and British governments relying on mass surveillance is a "dangerous habit" with very little oversight, even following Snowden's whistleblowing activities.

Snowden is facing espionage charges in the United States, accused of theft of government property, wilful communication of classified communications and unauthorized communication of national defese information. If Snowden did return to the United States, he noted he's not necessarily afraid of a possible trip to Guantanamo Bay - but wants to face a jury trial - something that the federal government probably wouldn't agree to.

"Those who disclose human rights violations should be protected: we need them," said Navi Pillay, UN high commissioner for human rights, during a recent press conference. "I see some of it here in the case of Snowden, because his revelations go to the core of what we are saying about the need for transparency, the need for consultation. We owe a great deal to him for revealing this kind of information."

Former NSA contractor Edward Snowden wants professionals to utilize data protection and encryption to communicate, and is reportedly working on some type of "encryption tools" to help protect sources. Remaining in Russia, with his asylum status extended, it's mainly unknown what the American has been doing with his spare time.

Snowden also is working on funding for the project, which will be used to keep communications between journalists and their anonymous sources secure from government spying.

"Journalists have to be particularly conscious about any sort of network signaling, any sort of connection, any sort of license-plate reading device that they pass on their way to a meeting point, any place they use their credit card, any place they take their phone, any email contact they have with the source because that very first contact, before encrypted communications are established, is enough to give it all away," Snowden recently said in an interview.

A new form of malware dubbed 'ScarePakage' is targeting U.S. smartphone owners and can render devices inoperable, according to security firm Lookout. The mobile ransomware tricks users by claiming it's from the FBI, saying phone owners are being investigated for alleged crimes. Once a device is compromised, the ransomware demands "several hundred dollars" or the device will remain under control of ScarePakage.

The ScarePakage ransomware doesn't need root administrator access, and has been designed to be overly intrusive. It runs a Java TimerTask every 10 milliseconds to prevent any other applications or processes to shut down, and stops hijacked devices from going into sleep mode.

"Mobile ransomware in and of itself is a fairly new tactic from malware authors and this is one of the first we've seen targeting the U.S. specifically," said Jeremy Linden, Lookout Senior Security Product Manager, in a statement to TweakTown. "That said, we are less concerned about ScarePakage distributes itself and more concerned about how difficult to remove it is. Once the application has device administrator permissions, it is very hard to regain control of the device."

Around 20,000 current and former students at the Orangeburg-Calhoun Technical College in South Carolina are at risk of data theft following a stolen laptop taken from a staff office. Data taken includes names, birthdates and Social Security numbers of both students and faculty going back at almost seven years.

The technical college will now use encryption software on all laptops and PCs, while those affected by the data breach are being contacted. The laptop was stolen on July 7 and an investigation is currently underway to try to identify those responsible.

"College officials were disappointed to learn that someone entered a staff member's office on campus and removed a computer," said Kim Huff, OC Tech VP of Business Affairs, in a statement. "We are evaluating our security controls to prevent further incidents."

A Chinese citizen living in Canada has been arrested and is accused of hacking into Boeing, Lockheed Martin, and other U.S. companies with government defense contracts. Su Bin, also known as Stephen Subin and Stephen Su, is accused of unlawfully accessing computers in the United States, according to the FBI, in an attempt to steal data on military projects.

Su allegedly worked with two other hackers to steal data between 2009 and 2013, with some stolen information offered for sale to Chinese companies. Specifically, they had an interest in F-22, F35, and C-17 U.S. military aircraft - along with weapons programs currently being developed.

"We remain deeply concerned about cyber-enabled theft or sensitive information, and we have repeatedly made it clear that the United States will continue using all the tools our government possesses to strengthen cyber security and confront cybercrime," said Marc Raimondi, U.S. Department of Justice spokesman, in a statement.

Google publicly announced its Project Zero, a new effort aimed at tracking software bugs, with a public vulnerability database also in the works. The company also recruited George Hotz, responsible for hacking the Sony PlayStation 3 and Apple iPhone, among other claims to fame, as an intern to help with the bug hunt.

The Project Zero team will focus solely on tracking down bugs - not just for Google software - to help try to keep the Internet more secure. In addition, Google wants to better understand the techniques, targets and motivations of cybercriminals, as state-sponsored hacking becomes extremely prevalent.

"Once the bug report becomes public (typically once a patch is available), you'll be able to monitor vendor time-to-fix performance, see any discussion about exploitability, and view historical exploits and crash traces," said Chris Evans, responsible for leading Project Zero.

It was only a year ago that the German government considered the Xbox One to be a monitoring device, and this was at the time of NSA whistleblower Edward Snowden coming out about the NSA spying on the entire world.

Well, the German government is now considering shifting back to the old-fashioned way of writing documents: using a typewriter. The use of a typewriter would be used to type up confidential documents, so that they don't get typed up on a PC, that has an operating system that can be hacked, which is connected to a network. A typewriter can have someone type up a confidential document, finish it, and file it away - without the prying eyes of the NSA getting to it.

Chair of the German Parliament, Patrick Sensburg, has an enquiry into the alleged spying by the NSA, saying that committee members are considering new security measures and are thinking about ditching e-mail in favor of a serious move back to using typewriters. He told the ARD Morning Show Monday: "As a matter of fact, we already have [a typewriter], and it's even a non-electronic typewriter".

Qendrim Dobruna, 27, has pleaded guilty to bank fraud in a case stemming back to 2011, and could face up to 30 years in prison. Operating under the names "cL0sEd" and "cL0z," he played a part in an operation that lasted 48 hours and led to $14 million stolen - with criminals withdrawing the funds via ATMs in 20 different countries.

Dobruna initially decided to plead not guilty, but thought better of it before changing his plea to guilty - and will serve at least nine years. Dobruna and his accomplices chose to defraud "JPMorgan Chase, and to obtain moneys, funds, credits and other property owned by, and under the custody and control of said financial institution, by means of materially false and fraudulent pretenses, representations and promises," according to the federal government's indictment.

It took a growing number of cybercrime-related cases before the federal government jumped into action - but criminals conducting fraud and theft on a large scale are increasingly being targeted by police and federal agencies.

If you think that using the factory reset function on your smartphone will clear your data, you're in for a pleasant surprise! Czech-based security company Avast purchased several phones via eBay to evaluate if they can extract data from it, especially the ones that had a factory reset done by the previous owner.

The factory reset is supposed to be a one-touch feature which should secure erase all the data, settings and other user-related details from the photo and return it to a 'rolled out of the factory' state. But the experiment by Avast proved that this is not entirely true.

The company conducted this experiment by purchasing 20 smartphones from eBay. The experts at Avast were able to extract data from these smartphones, though the company didn't disclose if that was the case with all the smartphones. The experts were able to extract 40,000 photos, out of which 1,500 of those were family photos and others included selfies with their manhood.Other data included emails, text messages, Google search history and even browser history. Avast also added that the factory reset feature does not wipe out the data from the phone. Rather, it only erases the index information.