Hacking, Security & Privacy News - Page 84

Edward Snowden's latest leak is quite interesting, with the NSA whistleblower talking about the US spy agency's MYSTIC voice interception program, which is capable of collecting the entire nation's "every single" phone call, storing the voice recordings for a month.

MYSTIC began back in 2009, with the NSA developing a RETRO tool that is capable of accessing any voice call from the selected nation, for a period of 30 days. The first nation to have their phone calls recorded by MYSTIC and RETRO started in 2011, with as many as six more countries possibly being spied upon. The Washington Post was asked by US officials to note reveal which countries MYSTIC was operating on.

The program was quite successful, with the NSA bringing in "high-stakes intelligence that would not have existed under traditional surveillance programs in which subjects were identified for targeting in advance," according to The Washington Post. "Unlike most of the government's public claims about the value of controversial programs, [highly classified] briefings supply names, dates, locations and fragments of intercepted calls in convincing detail."

Mobile phone metadata is more valuable than the National Security Agency (NSA) tries to imply, and it's possible to find sensitive information with phone metadata, using social media, and pattern matching, according to Stanford University researchers.

Computer science graduate students learned, using 546 volunteers, that 57 percent of volunteers made at least one medical-related call, with 40 percent calling financial services. In total, the callers made 33,688 unique numbers and were able to make corroborations related to medical conditions and firearm ownership.

"At the outset of this study, we shared the same hypothesis as our computer science colleagues - we thought phone metadata could be very sensitive," the researchers found.

Both consumers and business users face a tremendous amount of security threats, despite next-generation security solutions trying to keep PCs and mobile devices protected.

Malware is increasingly sophisticated and slipping by traditional anti-virus software, with software creators finding low risk and high reward for their behaviors.

"As often as not, malware gets into your systems become you invited it by clicking a link without thinking," said Bruce Campbell, VP of Marketing at Clare Computer Solutions, in a statement to TweakTown. "Take the dreaded CryptoLocker ransomware... most commonly, it was introduced as an attachment to an e-mail that said it was from UPS. The attachment looked like a PDF file and the e-mail said - Track Information, see attached."

A data breach suffered by the Archdiocese of Seattle is now being investigated by the FBI and IRS, as personal information stolen has reportedly been used for false tax returns, so criminals can take the refunds.

Students from the Seattle Bishop Blanchet High School were released early on Friday, with school administrators hoping to give faculty and volunteers the ability to go home and check their IRS and credit reports. Students at the O'Dea High School had Friday off so administrators could try to further evaluate the data breach.

The Archdiocese of Seattle has created an online portal for those concerned following the data breach. Also, they recommend calling the IRS Identity Protection Specialized Unit: 1-800-908-4490, ext. 245 to learn if tax identity theft has occurred.

President Vladimir Putin's government has reportedly banned four websites operated by Kremlin opponents and critics. Opponent Alexei Navalny had his website blocked for Russian Internet users, along with online newspaper Grani, an opposition information website, and a radio station website (despite it being state-operated).

The Russian government defended its actions by saying the websites helped organize "illegal" protests, according to reports in the region. Navalny is serving a two-month house arrest punishment because he violated five-year probation for an embezzlement-related charge.

Over the past two years, Putin has continually put the squeeze on media outlets located in his country - most recently, the editor of Lenta.ru, a major Russian independent news site, resigned due to increased pressure from Moscow.

Intel-owned McAfee wants to keep mobile users more secure by offering its Antivirus & Security suite available to Apple iOS and Google Android users.

There are plenty of free software products available designed for smartphones and tablets, but paid versions provide a more complete suite. The McAfee Labs collected 2.47 million Android malware samples in 2013, with 744,000 in Q4 alone.

"With India placed on the tip of mobile device explosion, there is an overwhelming need of adoption of security and privacy protection in our digital lives," said Jagdish Mahapatra, McAfee Managing Director in India, in a statement. "With free access to our award-winning mobile security product, Indian consumers will be empowered to access all the benefits of this connected world and enjoy a safe mobile life."

Popular retailer Target had multiple warnings that a credit and debit card breach was underway, but still didn't do enough to try and stop the problem.

A recent series of interviews with more than 10 former Target employees, and a handful of people familiar with the attack indicate the company was aware of a data breach underway - and the alert system worked - signaling malware was installed before being publicly disclosed.

"I don't think it is about not paying attention to the technologies as much as fine tuning for actionable, relevant information from the technology," said Joe Schumacher, Neohapsis security consultant, in a statement to SCMagazine. "Many security systems (e.g. Web application firewall, log monitoring, intrusion Detection/Prevention Systems, etc.) correlate large amounts of data into a single repository. Unfortunately, a lot of companies and professional services stop here."

Colleges and universities are popular targets for cybercriminals trying to compromise a large amount of users, stealing as much personal information as possible. However, university officials, after learning of a breach, often are unsure what to do - and struggle to alert students and faculty members in a streamlined manner.

Most recently, hackers compromised North Dakota University and Johns Hopkins University, with hackers stealing personal information.

In the Johns Hopkins University breach, hackers stole information on 850 current and former students, though no Social Security Numbers or highly sensitive information was taken. The breach reportedly took place sometime towards the end of 2013, but university officials didn't publicly report the incident until early March.

Security experts are keen to try and help traditional anti-virus software evolve into a layer of added defense for breach detection systems (BDS), though the industry is having trouble finding its way there.

If hackers are unable to gain access to PCs, they are finding success targeting voice over Internet protocol (VoIP) phones in the office - which sometimes leads to direct access to computer networks.

Red Balloon, founded by researchers from Columbia University, are interested in developing security for embedded devices, helps companies keep devices more secure.

The National Security Agency (NSA) reportedly wants to infect millions of computers with malware, and the TURBINE program is based on hacking routers, impersonating Facebook, and other shady practices. Not surprisingly, the information was made public based on revelations released by former NSA contractor Edward Snowden.

The NSA posed as a fake Facebook server, and successfully infected a user's computer to gain access to stored files on a HDD, according to a report posted on The Intercept. Previously, the NSA would use this tactic for a small number of select targets that couldn't be tracked with regular wiretaps, but greatly expanded use over the past 10 years.

Security experts are disheartened by yet another data snooping case from the NSA, potentially opening up additional security issues by intentionally infecting computers with malware.