Hacking, Security & Privacy - Page 23

Russian intelligence agents are now sharing sophisticated malware created for cybercriminals and organized crime to use in their efforts to conduct cyberespionage.

"Russian nationalism and organized crime are being assisted by Russian state security," said Ray Boisvert, former assistant director and the head of intelligence for the Canadian Security Intelligence Service (CSIS), in a statement to The Register. "The red lines have gone because of Ukraine. Organized crime is being told they can disrupt Western interests."

Russia has been accused on multiple occasions of providing support to organized crime and hacker groups, willing to conduct cyberattacks against foreign targets. However, trying to catch perpetrators and hold them responsible for data breaches, cyberespionage, and other similar crimes is extremely difficult for US authorities.

Cybercriminals had an extremely successful year in 2014, and are constantly looking for new ways to compromise businesses and users. Last year saw "far-reaching vulnerabilities, faster attacks, files held for ransom and far more malicious code than in previous years," according to the Symantec 2015 Internet Security Threat Report - and information security is becoming more important for companies.

There were 317 million new pieces of malware written in 2014, while ransomware attacks aimed at breaching user files increased 113 percent. Data breaches remained a major problem, with millions of US consumers compromised, as the total number of incidents increased 23 percent.

"The criminals are getting better," said Kevin Haley, director of security response at Symantec, in a statement published on NBC News. "Success breeds success and other criminals want to get into the game, so we need to step up our game in terms of protecting our information and keeping it safe."

The Government Accountability Office (GAO) is showing increased concern that hundreds of commercial aircraft are vulnerable to possible cyberattack from remote operators. If done successfully, hackers would be able to possibly install malware on flight control computers, take over control of the aircraft, compromise navigation systems and warning systems.

Air traffic control also is increasing to support Internet-based solutions, giving criminals another pipeline to tamper with flights. The House Transportation and Infrastructure Committee and several senators wish to read over the full GAO report - and expect the Federal Aviation Administration (FAA) to make necessary security protocols mandatory.

"Modern communications technologies, including IP connectivity, are increasingly used in aircraft systems, creating the possibility that unauthorized individuals might access and compromise aircraft avionics systems," the GAO report says. That level of IP connectivity, however, is what could create a link between aircraft and cybercriminals - posing a threat to the aircraft, its crew and passengers.

Victims of the CoinVault ransomware have another option when trying to retrieve information - and not paying a ransom to hackers. Cybersecurity company Kaspersky Lab has partnered with the National High Tech Crime Unit (NHTCU) of the Netherlands' police, providing decryption keys and a decryption application online.

Using information collected from a CoinVault command & control server, Kaspersky Lab, NHTCU and the Netherlands' National Prosecutors Office hope victims will be able to retrieve files without paying a ransom.

"If you get infected with the CoinVault ransomware, please check noransom.kaspersky.com," urged Jornt van der Wiel, security researcher for the global research and analysis team at Kaspersky Lab. "We have uploaded a huge number of keys onto the site. If we do not currently have records for a particular Bitcoin wallet, you can check again in the near future, because together with the National High Tech Crime Unit of the Netherlands' police we are continuously updating the information."

Phishing remains a successful social engineering tactic used by cybercriminals, taking just 82 seconds to catch the first victim, according to a new report compiled by Verizon. An unfortunately alarming number of 25 percent of phishing email recipients are likely to open the fraudulent email - and trying to educate employees remains difficult for companies.

Instead of worrying about using a complicated software exploit, it's easier - and extremely effective - for hackers to just phish a victim and get them to turn over usernames and passwords. Companies that properly teach their employees to identify and avoid phishing emails reduce their likelihood of falling victim from one in four down to one in 20, according to researchers.

"They should be treating employees as tools in the fight rather than as lambs to the slaughter," said Bob Rudis, lead author of the Verizon report, in a statement published by BBC.

Pedophiles are adapting their habits and using the so-called "dark net" to find children to exploit, while creating new business opportunities.

Even though most people use the dark net to avoid government detection, 80 percent of traffic to dark net sites were believed to be related to child pornography, according to a recent British research study. There is an increased effort to prevent this type of dark net use, but cybersecurity experts believe the problem is just getting worse.

"It was just an awful realization, discovering there were tens of thousands of people who are not only trading child pornography, but planning to exploit children," said Greg Virgin, a cybersecurity consultant, in a statement published by CBS News. "We found one site where users openly advertised the ages of the children they were interested in. The average youngest age they were seeking for girls was zero years old. And the average age for boys was one."

As part of the US Defense Department's "Better Buying Power 3.0" initiative, the government wants to see closer relationships forged with the private sector. The main goal of the program is to make sure the US doesn't lose a technological edge over foreign adversaries, as the DoD dumps money into new R&D efforts.

A major effort will focus on keeping next-generation weapons technology and defense systems secure from cyberattacks - something that is of major concern, especially from China, Russia, and other countries with sophisticated cyber militaries.

"It includes the industrial base that supports us and their databases and their information," said Frank Kendall, undersecretary of defense for acquisition, technology and logistics, in a statement. "It includes what we hold in government. It includes the logistics support information, the sustainment information, the design information, the tactical information. Everything associated with the product is a potential point of attack. And we are under attack in the cyber world, and we've got to do a better job protecting our things."

The Europol Cybercrime Centre and the FBI teamed up to bring down the Beebone botnet, a custom operation that installed malware on unknowing victims. At least 12,000 machines were infected - with an estimate up to 100,000 zombie PCs - hijacked by cybercriminals. The malware was used to collect stolen passwords and download third-party applications onto victim PCs, officials noted.

"The fact that it [the malware] is complicated suggests that it could be used for more targeted attacks," said Paul Docherty, director of Portcullis Security, recently told the BBC. "If those responsible were able to harness similar difficult-to-detect code they could potentially move the point of attack from home users to corporate users or other entities which typically hold large amounts of sensitive, valuable data."

The polymorphous malware utilized its unique ability to change its "shape" so it was better able to evade cybersecurity defenses - and continue hijacking new users.

The NSA has virtually got unrestricted access to most users data, but that doesn't stop the US spy agency from wanting more. NSA chief Michael Rogers has now called for a "front door" encryption key that would provide the NSA with access to your data, but the key would be broken into multiple parts so that no one agency or person could easily get in.

This method would theoretically stop thieves from getting in and taking your data, but it would let government officials access your data at any time, if they have 'permission'. The White House is considering the move, along with others like letting courts order the creation of mirror accounts, so that US agencies can access any and all messages as they arrive, or so that they can back up the data as it's unencrypted. President Obama is considering these new policies, where he should receive a report by the end of the month, with the possibility of a new policy revealed shortly after.

Rogers' solution isn't a one key fits all scenario, with fellow institutions like the National Institute of Standards and Technology against the idea. They note that any door that is introduced would arrive with security holes, even if a split key is created. US agencies like the FBI and NSA don't like widespread encryption because it works so well, but it only works as long as there are key holders that won't just provide the key when asked, or requested.

An investigation that CSO Online conducted has found that if you do not have your network-connected HDDs configured correctly, your files could be ending up in the wrong hands.

Their report stated that some personal cloud devices with external HDDs connected to routers with FTP enabled have been indexed by Google, which has seen personal files found on the Internet, and on search results. This includes very personal data such as emails, journal entries, passports, tax records, financial statements, mortgage documents, passwords, private photos and more.

The organization was able to map a family's personal and financial history all the way back to 2009 just by searching their name as their data was archived on a Western Digital HDD that they had connected through a Linksys WRT1900AC router. But when the family was warned about this, it was too late. The family noted: "I simply could not figure out how someone got the [card] info minutes after I'd activate them. My system was clean and secured more than the average person," said one member of the family. Now I know. [It's not] difficult when my backups were public and being indexed on Google".

TV5Monde in France suffered a major cyberattack that led to hijacked websites and social media accounts, along with causing a three-hour broadcast blackout. The Cyber Caliphate, a pro-ISIS hacker group, didn't take public responsibility for the attack - but pro-ISIS images and "hacked by an Islamist group" markings were left on compromised accounts.

"We are no longer able to broadcast any of our channels. Our websites and social media sites are no longer under our control and are all displaying claims of responsibility by Islamic State," said Yves Bigot, TV5Monde director general, told the AFP.

France's culture minister will host an emergency meeting with major French media groups so they are able to study their cybersecurity protocols. A terrorism investigation has been opened by the Paris prosecutor's office following the cyberattack, which is the most sophisticated shown by the Islamic State.

Ransomware infections tend to be a frightening scenario for businesses often caught off-guard when an employee mistakenly compromises a workplace machine.

Cybersecurity experts are increasingly worried about ransomware, one of the fastest rising hacker-related crimes, which demands a ransom payment in exchange for files held hostage. The traditional method of infection is a malicious file attached to an email, but criminals are finding ways to point victims to hijacked websites.

Unless home users or companies have data backed up, and are careful of emails opened and websites visited, ransomware can prove especially catastrophic. Even though US government and private sector cybersecurity experts warn against paying ransoms, many companies choose to pay the ransom and move on.

The Russian government is being blamed for hacking into a computer system used by the White House, and the hackers were able to view classified information. It's possible the cyber intrusion, with alleged ties to the US State Department breach, was in retaliation for sanctions against Russia.

However, White House officials didn't specifically single out Russia for launching the cyberattack - but there is an active investigation by the Secret Service, FBI and US intelligence agencies. "In this case, as we made clear at the time, we took immediate measures to evaluate and mitigate the activity," said Mark Stroh, National Security Council spokesman. "As has been our position, we are not going to comment on [this] article's attribution to specific actors."

Not surprisingly, the Kremlin has issued a statement saying Russia is a constant scapegoat for organized cyberattacks: "In regard to CNN's sources, I don't know who their sources are," said Dmitry Peskov, spokesman for Russian President Vladimir Putin, in a statement published by RT. "We know that blaming everything on Russia has already turned into some sort of sport."

Senator Rand Paul has announced that he is intending to run for the position of the President of the United States in 2016, but the video of his announcement has been removed from YouTube because it contained a song that had a copyright claim filed on it.

Between now and then, Rand supporters can get behind the Senator with the usual yard signs, bumper stickers and more, but he has something that has never been seen before: an "NSA spy cam blocker". The NSA spy cam blocker is a $15 device with a huge "RAND" logo on it, with the listing on it explaining it as "That little front-facing camera on your laptop or tablet can be a window for the world to see you-whether you know it or not!"

The NSA spy cam blocker is 1.5mm thick, and is "made with high-grade plastic" and is designed for anything with a front-facing camera on it such as a laptop, smart TV and Xbox Kinect. It sports a plastic slider that will block the camera from working on your laptop for example, and then when you need it back, you slide the NSA spy cam blocker to the right to use your webcam once again.

In a discussion on Last Week Tonight, Edward Snowden told comedian John Oliver about how we can think about the governments surveillance of citizens in a more relatable manner.

It is often discussed that the general population isn't up in arms about breaches of sensitive data as they can't closely relate with exactly whats going on. In an attempt to educate some, Oliver took a new approach as spotted on News.com.au.

Talking to Americans on the street, Oliver showed us that there was quite a number of people who weren't exactly sure who Snowden was - often confusing him for Wikileaks founder Julian Assange. He then asked how people would feel if their naughty 'nudes' were available for the taking.

There is a technology arms race currently underway between the US and UK governments trying to compete against cybercriminals and terrorists using the Internet effectively. Cybercriminals are increasingly organized, some of them state-funded, and able to launch sophisticated attacks easily.

During a recent speech, MI6 officials said agents are trying to battle against opponents "unconstrained by consideration of ethics and law," able to more easily put the UK at risk. Although espionage can be easier to track due to technological footprints, it also opens the door to cyber mercenaries able to share and launch coordinated attacks.

"Using data appropriate and proportionately offers us a priceless opportunity to be even more deliberate and targeted in what we do, and so be better at protecting our agents and this country," said Alex Younger, chief of the Secret Intelligence Service (MI6).

A well-organized Eastern European cybercriminal group is using social engineering that includes phishing and phone calls paired with malware to steal money from US businesses. IBM, which discovered the surprisingly sophisticated operation, call it "The Dyre Wolf" - and while the group has netted just $1 million so far - the organization of the group is rather alarming.

Once victims click on a fraudulent link or attachment, the malware is installed and waits for users to access a bank website. Instead of going to the bank's website, a fake screen says the bank website is down, so victims have to call a phone number. Once dialed, victims turn over bank information and a large money wire transfer is initiated by the criminals.

"What's very different in this case, is we saw a pivot of the attackers to use a set of social engineering techniques that I think are unprecedented," said Caleb Barlow, VP of IBM Security, in a statement to Reuters. "The focus on wire transfers of large sums of money really got our attention."

The National Security Agency (NSA) should be able to find itself 1,600 new recruits in 2015, with a heavy focus in computer science and math, but the task is getting harder. A combination of rising Silicon Valley tech employment/salaries mixed with Edward Snowden's intelligence leaks have damaged trust in the NSA from the public - and possible job recruits.

The NSA has around 35,000 employees across the country, and trying to compete against tech companies to recruit employees from leading universities is proving difficult. A lack of trust is a major issue that is making some people think-twice before trying to land a job with a security clearance.

"Before the Snowden leaks we looked at the NSA as being a spy agency, and they did what they were supposed to do," said Matthew Green, assistant research professor at the Johns Hopkins Information Security Institute, in a statement to NPR. "But we've learned that they've been collecting this incredible amount of information. And they're not shy about doing whatever they have to do to get access to that information."

Following an international manhunt dating back two-and-a-half years, the FBI's most wanted cybercriminal was captured in Pakistan earlier this year. Noor Aziz Uddin, a 52-year-old responsible for spearheading a global phone fraud ring, was one of the FBI's most wanted cybercriminals.

Despite traveling between the United Arab Emirates, Malaysia, Pakistan, Italy and New Jersey, Uddin's ability to hide began to unravel after federal Pakistani authorities received a phone number reportedly linked to him. The Federal Investigation Agency in Pakistan was able to use the phone's GPS coordinates, with help from Uddin's wireless service carrier, to pinpoint his exact location.

The arrest occurred successfully without any violence.

Employees infected with ransomware often panic and paying a ransom to the cybercriminals typically is easier than trying to restore files. The problem is a tad bit more complicated, because criminals are hacking files and forcing companies to choose between paying or suffering a data breach. Thirty percent of organizations would pay or negotiate a release of encrypted data, according to ThreatTrack.

Interestingly, that number goes up to 55 percent for companies that have suffered a similar incident in the past - revealing the need for proper employee education.

It's unknown how many companies actually suffer an extortion scheme, with many companies likely not reporting issues to the public or to law enforcement, said Stuart Itkin, SVP of ThreatTrack. Cyber extortionists are becoming better skilled, so trying to figure out how to negotiate with them is a struggle.