Hacking, Security & Privacy - Page 19

The Obama Administration and law enforcement officials want access to encrypted data, arguing the government and law enforcement need to be able to retrieve information. Ideally, the government would receive warrants and conduct a legal and transparent operation, but companies are willing to stand their ground regardless.

Here is what cryptologist Matt Blaze said during a recent event in Washington, DC (per Washington Times):

"I don't think [FBI] Director [James] Comey wants the world that he's asking for," said .... "I think the world in which we build systems with this added constraint of ensuring law enforcement access is going to cause such an increase in the kinds of digital crimes that are going to become more serious that - even if we take all of the things that we disagree about about values and put them aside - we are going to have the things that we agree about get a lot worse, and that really scares me as we rely on those systems more and more."

It turns out 92 percent of Americans think the US government should take some form of action in retaliation for cyberattacks and data breaches, according to a survey from the Vormetric cybersecurity company. The US government is under attack by cybercriminals, and they are proving to be successful in their efforts to steal data and compromise networks.

The survey found 45 percent of Americans believe the Obama Administration should initiate talks with the suspected country's leaders to stop future breaches. Thirty-six percent say trade sanctions should be created, and 31 percent believe diplomatic sanctions on a nation's representatives located in the United States should take place.

A surprising number of people think there should be more stringent measures, including 25 percent of respondents saying all ties should be cut off with the responsible country - and 10 percent even think a retaliatory cyberattack might help.

Israel understands the importance of building a strong cybersecurity defense, as attacks on its critical infrastructure greatly increased over the past few years.

Israel Electric, responsible for more than 80 percent of Israel's power production and infrastructure, saw cyberattacks increase from a few hundred per hour in 2013 - up to 20,000 per hour in 2014, according to reports. The Israeli government and major businesses are on a cybersecurity hiring spree, trying to help defend against evolving threats.

"You can't be a good defender unless you understand the offense," said Amos Yadlin, former military chief and head of the Tel Aviv University Institute for National Security Studies, in a statement to Bloomberg News. "Therefore, defensive efforts must overlap to some degree with offensive efforts, including those of intelligence collection."

Edward Snowden may have support from a lot of American citizens, but don't count New Jersey Governor Chris Christie as a fan of the former NSA worker.

Recently, Christie described Snowden as a "piece of garbage," and said he "wouldn't send the SEALs in to pick up that piece of garbage," when asked he would send in the special ops unit to retrieve the American.

Just a few months ago, Christie described Snowden's whistleblowing behavior as "treasonous" and that he "should be forced to come home... and face prosecution."

After Anonymous took credit for a data breach targeting the US Census Bureau, the agency is now investigating the incident. The Federal Audit Clearinghouse is responsible for collecting and storing audit information from local and state governments, Indian tribes and non-profit groups.

The Federal Audit Clearinghouse stores non-confidential information, including names, site user names, and organization addresses and phone numbers.

Don't worry, as all internal confidential information remains secure: "That information remains safe, secure and on an internal network segmented apart from the external site and the affected database," said John Thompson, director of the Census Bureau, in a blog post.

As there is a big push for consumers and retailers to adopt contactless payments, there are plenty of cybersecurity headaches that must be addressed.

The Which? Consumer group noted that data from contactless debit and credit cards can be intercepted - and while not all data is taken - it's enough to make fraudulent purchases.

"Using an easily obtainable reader and free software to decode data, we were able to read the card number and expiry date from all 10 cards," said a spokesperson from Which?, in a statement published by Sky News. "We were also able to read limited details of the last 10 transactions, although no cards revealed the CVV security code."

BlackBerry is looking for new business opportunities away from just smartphone handsets, and recently showed off a new line of security products. The company wants to continue its evolution from just a smartphone maker, and has focused more on software and cloud-based offerings.

The full turnaround may take a bit longer than what the company previously predicted, and instead of it taking six months, could take an additional 12 to 18 months.

"I'm pretty satisfied with the progress on the turnaround so far," said John Chen, CEO of BlackBerry, in a statement to Reuters. "I laid out the $500 million software revenue target and I'm still comfortable with that commitment for this fiscal year, it looks good."

It looks like terrorists are communicating about different attack strategies to launch cyberattacks against the United States, according to FBI director James Comey.

"We are picking up signs of increasing content," Comey said during the Aspen Security Forum. "It's a small but potentially growing problem." Comey didn't publicly discuss what types of attacks could take place - and any initial plans are relatively rudimentary - but shows increased concern from the US government.

Cybercriminals have found numerous ways to target US interests online, but there is specific concern of attacks against critical infrastructure. It would seem like organized foreign states, or state-sponsored hackers pose a greater concern, but terrorists could coordinate with hacker mercenaries.

Oops! It looks like a Universal Pictures studio in France may have been responsible for seeding a pirated version of Jurassic World from its office.

Universal submitted a US Digital Millennium Copyright Act (DMCA) takedown notice to Google, asking it to block requests to hosted and linked copies of Jurassic World. One link was https://127.0.0.1:4001/#/fr, indicating it was a "localhost" machine. Movie studios typically use automated scanners to identify sources of their pirated content, and it would seem chaotic that the scanner identified a Universal machine.

It's not surprising that movie pirates have been all over Jurassic World, as it smashed box office records after its release on June 12. A Jurassic World sequel is planned for 2018, as the movie generated so much international box office revenue. In case you missed it, here is the TweakTown review of the film.

Following news that cybersecurity researchers were able to remotely hack an operational Jeep, it looks like Fiat Chrysler has issued a 1.4 million vehicle voluntary safety recall. This is the first time any automaker in the United States has issued a recall because of a cybersecurity threat - after hackers used the infotainment system to gain access to the vehicle.

The security recall will include upgraded vehicle software that has enhanced security features able to resolve the problem. However, it looks like political leaders in Washington want a more proactive response, as more connected vehicles hit the road:

"There are no assurances that these vehicles are the only ones that are this unprotected from cyberattack," said Sen. Ed Markey (D-Mass), as he called upon the National Highway Traffic Safety Administration (NHTSA) to launch a full investigation. "A safe and fully-equipped vehicle should be one that is equipped to protect drivers from hackers and thieves. Both automakers and NHTSA should immediately take steps to verify that other similar vulnerabilities do not exist in other models that are on the road."

Edward Snowden remains in Moscow, Russia, unable to find a new temporary home - and afraid of serious charges awaiting him in the United States. However, Snowden has said on multiple occasions that he would like to return home in the future, but only if he's treated fairly.

"Edward loves America and he would definitely like to return home," said Anatoly Kucherena, Snowden's attorney in Russia, in a statement to the media. "But it is our position, and a very simple one, that as long as his case is politicized and commented on as it is by politicians of all levels, that his return to his motherland is impossible."

Snowden is holed up in Russia, and while he didn't disclose information to the Russian government, he also didn't defect to the country. Instead, Snowden released damning data to the public "as an act of conscience," Kucherena said.

Auto manufacturers are anxious to pack as much infotainment as they can into new vehicles, but that is opening the door to potential security risks. The NCC Group recently informed the BBC they were able to use digital audio broadcasting (DAB) radio signals to launch attacks - a tactic that could be utilized to interfere with how a vehicle's brakes operate.

Chrysler had to release a patch to resolve an issue reported by security researchers, able to demonstrate remote takeover of a vehicle - by sending data to the infotainment and navigation system. Not surprisingly, Chrysler was quick to offer a statement regarding connected vehicle security:

"[Fiat Chrysler Automobiles] has a program in place to continuously test vehicle systems to identify vulnerabilities and develop solutions," a Chrysler spokesperson told Wired. "FCA is committed to providing customers with the latest software updates to secure vehicles against any potential vulnerability."

Anonymous has posted a list of accounts suspected of aiding the Islamic State, typically by spreading propaganda and opening up dialogue with possible recruits. Some members are being spammed, while others have been suspended or removed from Twitter.

In addition to Twitter, Anonymous wants to identify Facebook pages, websites, blogs, and the Web proxies used by the Islamic State. One such tactic is using images of the "ISIS-Chan" anime character and using search engine optimization to influence how the accounts are found.

The United States has struggled against the Islamic State's massive social media campaign, with Google and other companies pledging to step up. However, trying to clamp down on 50,000 accounts sending out around 100,000 daily Islamic State-themed tweets will be no easy task.

Ashley Madison has been hacked, with some 37 million accounts hacked, including financial records, private details of the users, and more. Noel Biderman, the CEO of Avid Life Media, the company which runs Ashley Madison, has confirmed the site has been hacked. Biderman said: "We're not denying this happened".

A hacker group going by the name of The Impact Team has taken responsibility behind the back, with the team holding ALM ransom with the information it has. The hacking group sayd that it will release "all customer records, including profiles with all the customers' secret sexual fantasies and matching credit card transactions, real names and addresses, and employee documents and emails". The Impact Team will keep the information it has in its possession, if ALM and the other sites it runs - Cougar Life and Established Men - is taken offline in all forms.

The Impact Team has said it's taken a high moral stance, taking a stab at ALM's business practices, and the users that are on these sites by cheating on their partners. Where things get interesting, is that The Impact Team says that the "full delete" option that Ashley Madison offers for $19 - which reportedly deletes your payment and address details from their records - is a "complete lie". The hacking group says: "Full Delete netted ALM $1.7mm in revenue in 2014. It's also a complete lie. Users almost always pay with credit card; their purchase details are not removed as promised, and include real name and address, which is of course the most important information the users want removed".

FBI Director James Comey recently spoke in front of lawmakers, again saying encryption is making things difficult for law enforcement. Silicon Valley wants to keep user data secure, and many services provide encryption and enhanced security measures - but it hasn't made the FBI and other agencies happy.

"Our job is to look at a haystack the size of this country to find needles that are increasingly invisible to us because of end-to-end encryption," Comey told the US Senate Committee on the Judiciary. "People watch TV and think the FBI as a way to break that encryption... we do not."

Of course, the federal government wants a backdoor to access private user data, while tech companies and privacy advocates argue about security and privacy issues.

Julian Assange, founder of WikiLeaks, won't be leaving the Ecuadorian embassy in London to head to France, after President Francois Hollande refused to give him asylum. Assange's attorneys say he never requested official asylum, but was asked to visit the country by Justice Minister Chistiane Taubira and members of a French civil rights group.

"France cannot act on his request. The situation of Mr. Assange does not present an immediate danger," President Hollande's office said in an official statement. "Furthermore, he is subject to a European arrest warrant."

Assange will remain in the embassy in London, where he has been for three years, as he tries to avoid extradition to Sweden. Although he maintains his innocence in alleged rape and sexual assault cases, he fears the possibility Sweden will extradite him to the United States.

French Justice Minister Christiane Taubira said it's not up to her, but she "wouldn't be surprised" if WikiLeaks founder Julian Assange and former NSA contractor Edward Snowden were offered asylum in France. Ultimately, it'd be up to French Prime Minister Manuel Valls and President Francois Hollande to make a final determination - however, trying to get both men to France would be a rather unique logistical challenge.

"If France decides to offer asylum to Edward Snowden and Julian Assange, I wouldn't be surprised. It's a possibility," Taubira recently told BFMTV.

Snowden is wanted by US authorities for espionage and numerous other charges after leaking NSA documents to the public. Meanwhile, Assange has taken up residence in the Ecuadorian consulate in London, in an effort to avoid extradition to Sweden on alleged sexual assault charges. He's afraid if he's extradited back to Sweden, he'd be sent to the United States.

Former NSA contractor Edward Snowden has said multiple times he would like to return home to the United States, but has become comfortable living in Russia. Over the past two years, Snowden has adapted to his temporary home as best as he could, learning to live his life away from political scrutiny and intense media attention.

"Edward and all of us hope that, sooner or later, all absurd charges against him will be lifted and the questions for him put on the legal track, without insults and name-calling. This is when he can return home," said Anatoly Kucherena, Snowden's attorney, in a statement to Interfax.

The idea that Snowden will one day be able to return to his homeland seems like nothing more than a fantasy at this point - it seems highly doubtful the Obama Administration, and other members of the government would be able to leave him alone.

Political tensions between the United States and China have been strained for a number of reasons in recent months, and things won't suddenly get better. US intelligence chief James Clapper believes China is the leading suspect in the US Office of Personnel Management (OPM) data breach, which left millions of government workers at risk of identity theft.

Here is what Clapper said while speaking at a recent Washington intelligence conference: "You have to kind of salute the Chinese for what they did," based on the sophistication of the data theft. The first two attacks stole more than 4 million records, and it's been reported that up to 18 million files could have been affected.

"It's something that we agreed needs to be addressed and hopefully it can be addressed soon," said John Kirby, US State Department spokesman, during a recent press conference.

Cybersecurity software company Malwarebytes has launched a new amnesty program that offers a free replacement key for Malwarebytes Anti-Malware Premium customers - people using pirated copies or customers tricked into purchasing a counterfeit copy.

To help keep your PCs and systems secure, Malwarebytes has a variety of different anti-virus and anti-malware software solutions. Malwarebytes Anti-Malware Premium costs $24.95 for one year and can be installed on three different PCs.

"The Internet is full of pioneers and cowboys. It's also got its fair share of pirates and trolls," Malwarebytes said in a public statement. "Some of those bad guys may have duped you into purchasing a counterfeit version of Malwarebytes Anti-Malware. Or perhaps we've simply detected a problem with your key. Not to worry. We're here to help."