Hacking, Security & Privacy - Page 18

With the Ashley Madison affair website being hacked recently, seeing user information leaked on the dark web, news has just come to light that some Australian Government officials and employee's have been using their email address' for more than just business meetings and proposals.

This pastebin list contains over 700 leaked Australian Government employee email address', ranging from members of the New South Wales Police force to the Australian Defense Force and even the Victorian Education Department. Reportedly "copied from a post on a forum on the darknet," these email addresses are just some among millions now readily available to the public.

Wondering if you or your friends have been exposed? You can enter your (or another persons email) into this website to see what comes up.

The argument surrounding the use of encryption has placed tech companies and Internet users against national governments desperately trying to find ways to access data. President Barack Obama reportedly wants an open discussion with Silicon Valley leaders, but it looks like both sides aren't even close to coming to terms about encryption.

"We support the privacy rights of individuals," according to law enforcement officials in the United States, UK, Spain, and France. "But in the absence of cooperation from Apple and Google, regulators and lawmakers in our nations must now find an appropriate balance between the marginal benefits of full-disk encryption and the need for local law enforcement to solve and prosecute crimes. The safety of our communities depends on it."

However Google, Yahoo, and other tech companies are ready to fight for the rights of Internet users - and that means preventing government intrusion - and built-in backdoors for government and law enforcement access.

Popular websites like Drudge Report and Weather.com posed a threat to visitors by serving poisoned Web ads, installing CryptoWall ransomware or ravaging victimized machines with adware. The problem spread to even more websites, with reports saying eBay, AOL.com, wunderground, and other popular sites also posed a threat to site visitors.

"The same cybercrime lowlifes that infected the Yahoo website a few weeks ago have struck again, and were serving poisoned Web ads which either dropped CryptoWall ransomware or infected the PC with adware," said Stu Sjouwerman, CEO of KnowBe4.

To block these types of infections, KnowBe4 recommends click-to-play mode for Adobe Flash - if not disabling it completely - and making sure anti-virus and anti-malware software is updated. Of course, educating employees on various forms of cybersecurity risks is an important step, which could at least alert them to potential problems.

Making good on their threat from last month, hacking collective The Impact Group has released nine gigabytes of Ashley Madison user data, which includes upwards of 37 million users details, onto the dark web

The hacker group was demanding that Avid Life Media, owner of Ashley Madison, as well as two other sites; Cougar Life and Established Men was to be taken offline or else the data would be released. Avid Life Media confirmed the leak, but kept the site online. Gizmodo have confirmed the availability of the dump, which includes email addresses, credit card transactions and profiles.

If you've ever use the site in the past, best to either fess up and get some flowers on the way home, or lawyer up.

We already know that most Americans are spied on in every facet of their lives, but it's now come out that AT&T has been working very, very closely with the NSA, sharing Americans' data with them on a scale that should scare most people.

The New York Times is behind the report, where the documents they've seen have said that the NSA has praised AT&T's "extreme willingness to help". The NSA has official instructions to its officials, where when they visit AT&T facilities, they're said to be very polite, with the US spy agency reminding agents that "This is a partnership, not a contractual relationship".

In 2010 alone, AT&T provided the NSA with 1.1 billion domestic cell phone records per day in a bid to stimulate its relationship with the US spy agency before the 10th anniversary of 9/11. In one document from 2013, it has been said that AT&T's "...corporate relationships provide unique accesses to other telecoms and I.S.P.s". This means that other companies that have been using AT&T's networks for transfers, are not safe from the eyes of the NSA, because AT&T has been handing over the information in bulk.

Just mentioning Edward Snowden tends to elicit a lot of emotion from Americans, and while many of you applaud what he did, it looks like many Americans would like to see the former NSA contractor prosecuted.

Fifty-three percent of Americans believe the federal government should prosecute Snowden, while 26 percent don't want to see the American face charges if he comes home, according to a poll from Morning Consult. Meanwhile, 29 percent would "strongly support a criminal case" if American authorities detain Snowden.

It doesn't look like politics are playing much of a roll, with 64 percent of Republicans, 56 percent of Democrats, and 44 percent of independents supporting charges.

The "Islamic State Hacking Division," a hacker group claiming to be affiliated with the extremist group operating in Syria and Iraq, took credit for posting the personal information of hundreds of US military and government personnel.

Compromised data included names, email addresses, passwords, phone numbers and other information of personnel of the Air Force, Marine Corps, Port Authority of New York and New Jersey, and NASA.

Leaked data also reportedly included credit card information from US State Department officials, along with Facebook message screenshots between military personnel. The group previously targeted Canadian military cadets, and hacked websites to share images from Syria.

There are plenty of folks in Washington, D.C. unhappy with former NSA contractor Edward Snowden, and you can count retired Sen. Saxby Chambliss (R-GA) as one of those people. Snowden remains holed up in Moscow, Russia, with very few options considering the severity of charges he faces in the United States.

Chambliss believes there could be only one way to punish Snowden for his actions:

"We need to hang him on the courthouse square as soon as we get our hands on him," Chambliss recently told students at the University of Georgia's Terry College of Business. "I hope none of you have any sympathy for him."

The Obama Administration desperately seeks changes to encryption, hoping technology companies will install hidden backdoors just for them. Former NSA analyst Edward Snowden is defending the argument supported by companies such as Google and Apple, as politicians in Washington demand better access.

"The central problem with insecurity mandates has never been addressed by its proponents: if one government can demand access to private communications, all governments can," Snowden said in an email published by The Intercept. "No matter how good the reason, if the US sets the precedent that Apple has to compromise the security of a customer in response to a piece of government paper, what can they do when the government is China and the customer is the Dalai Lama?"

"Technologists and companies working to protect ordinary citizens should be applauded, not sued or prosecuted," Snowden also said in the email.

The Chinese government and suspected hacker groups with ties to Beijing are enjoying their attacks against the United States economy, according to a secret map compiled by the National Security Agency (NSA). Each red dot signifies a major corporate, private or government cyberattack victim from suspected Chinese sources:

When it comes to cybersecurity, the United States clearly hasn't taken the threat seriously enough, and it's glaringly obvious to organized hackers and foreign governments. Although the folks in Washington absolutely love to spy on others, they haven't done a very good job trying to prevent these attacks.

If the map is accurate, the NSA has a pretty good idea on which companies, government networks, and critical infrastructure the Chinese hackers are interested in compromising.

WikiLeaks has published "Target Tokyo," listing 35 "Top Secret NSA targets" located in Japan, including intercepts from US-Japan relations, trade negotiations and sensitive climate change strategy.

The United States spied on companies such as Mitsubishi and Matsui, Japanese government officials, ministries and senior advisers to Prime Minister Shinzo Abe's administration. Other targets included the Japanese Cabinet Office switchboard, Japanese Central Bank officials, governors, and other high-ranking officials.

"In these documents we see the Japanese government worrying in private about how much or how little to tell the United States, in order to prevent undermining of its climate change proposal or its diplomatic relationship," said Julian Assange, Editor-in-Chief of WikiLeaks. "And yet we now know that the United States heard everything and read everything, and was passing around the deliberations of Japanese leadership to Australia, Canada, New Zealand and the UK."

Cybercriminals known as "ratters," responsible for hijacking webcams and other electronic devices to spy on unsuspecting users, are finding new ways to launch attacks. Specifically, the groups use remote access tools (RATs) to steal images and photos from webcams, and have lately started charging others for this stolen data.

"Ratters are disturbingly comfortable with spreading misery and fear," said Adam Benson, deputy executive director for the Digital Citizens Alliance. "It's like a game for them. We saw them chat about it on Hack Forums and then share videos showing off how they scare young people, spy on people in private moments, and steal pictures from victims' accounts."

It's not uncommon to find RATs available for download on Internet forums and through file-sharing services. One such forum offered access to compromised devices for $1 for guys and $5 for women - showing there a modest financial incentive.

White hat hacker Samy Kamkar recently posted a video discussing how he found a way to "locate, unlock and remote-start" General Motors vehicles by compromising the OnStar vehicle communications system.

Using the gadget, which cost around $100 to make, the system makes it possible to locate, unlock, and start the engine. Once a small wireless device has been placed near a GM car with OnStar, Kamkar was able to gain unauthorized access to the vehicle.

Dubbed the "OwnStar" system, Kamkar showed he was able to intercept communication from the OnStar service and OnStar RemoteLink mobile app. Technical details will be revealed during Def Con next week.

The FBI isn't finding it very easy to beef up its cybersecurity ranks, largely due to lower salaries, according to a report from the US Department of Justice.

In addition to higher salaries in the private sector, trying to get a government position related to cybersecurity involves multiple hoops that people won't have to jump through if they simply go to Silicon Valley. Applicants have to undergo extensive background checks, drug screenings, and other hurdles that private sector companies typically don't bother with.

Under the Justice Department's Next Generation Cyber Initiative, which went live in 2012, the FBI has successfully recruited just 52 of the 134 computer scientists it was granted permission to hire.

United Airlines, the No. 2 largest airline company in the world, was apparently attacked by Chinese hackers in May or June.

If true, it looks like hackers could have been able to collect movement data on millions of American travelers. Passengers, flight origins and destinations, and other data was likely taken by the hackers, according to unnamed officials speaking with Bloomberg.

"Speculation that China is responsible for the United Airlines breach is interesting but at this point, irrelevant," said Jason Polanich, founder and chief architect of SurfWatch Labs. " Too many companies have a false sense of security, thinking it won't happen to them. Pair that with the fact that hacking tools are available to virtually everyone today via illicit trade on the Dark Web and in other places and you've got a recipe for disaster.

The United States faces an overwhelming number of foreign-based cyberattacks, and there is no clear strategy on how to defend - and retaliate - against these attacks.

"We have known for a long time that there are significant vulnerabilities and that these vulnerabilities are gonna accelerate as time goes by, both in systems within government and within the private sector," Obama noted during an international summit last month.

Even though it's important to be able to conduct surveillance - the United States, which arguable has more to lose in the cybersecurity space than other nations - should have worked more diligently to improve its security infrastructure.

As part of its "Operation Anon Down," the Anonymous hacker collective promises to continue leaking documents from the Canadian Security Intelligence Service (CSIS). In its first data release, Anonymous shared a 2014 Treasury Board memo regarding funding of the Canadian spy agency's operational ability overseas.

During a protest of a dam project, the Royal Canadian Mounted Police (RCMP) shot and killed James McIntyre, a protester wearing a Guy Fawkes mask. The police said McIntyre ignored their commands while approaching in an "aggressive manner." Here is what Independent Investigations Office said:

"According to the police, officers were responding to a report of a male causing a disturbance at a public information session. Upon arrival, police encountered a masked individual outside, believed to be connected to the complaint. A confrontation occurred and the male affected person was shot."

Edward Snowden doesn't have very many fans when it comes to people in the US government and the National Surveillance Agency (NSA).

"It is hard to quantify this harm, such as it is, but I think the inflammatory nature of the way the Snowden affair played out really set back our collective discussion on cybersecurity," said Rajesh De, former general counsel for the NSA, when asked about Snowden's data leaks during the Big Law Business Summit.

The White House recently responded to a petition to the White House that sought an official pardon for Snowden. Of course, that's not going to happen:

Alaska Airlines has teamed up with the airport security firm CLEAR to test a biometrics platform that could one day replace traditional boarding passes. The biometrics system should make it even easier to check-in, and save passengers a bit of time before boarding a flight.

A kiosk machine at the Mineta San Jose International Airport scans a traveler's eye, or checks fingerprints, before hopping on a plane. It's a groundbreaking effort that costs members $179 per year, and is currently being tested in 12 US airports.

"We have no specific timeline, but we look forward to working with Alaska Airlines to expand our relationship to other cities in their network," said Ken Cornick, president and CFO of CLEAR, in a statement published by the San Jose Mercury News. "Having direct access to a boarding pass and not needing to print it or download it into their phone is both a significant customer advantage and security advantage."

The White House has responded to an online petition to pardon Edward Snowden, which generated more than 167,000 signatures since going live in June 2013.

The petition had the following description: "Edward Snowden is a national hero and should be immediately issued a full, free, and absolute pardon for any crimes he has committed or may have committed related to blowing the whistle on secret NSA surveillance programs."

"Instead of constructively addressing these issues, Mr. Snowden's dangerous decision to steal and disclose classified information had severe consequences for the security of our country and the people who work day in and day out to protect it," said Lisa Monaco, President Obama's Advisor on Homeland Security and Counterterrorism.