Hacking, Security & Privacy - Page 24

The GreatFire free-speech group says the Chinese government is using its incredible Internet infrastructure to launch cyberattacks. Many national governments are modernizing their cyberattack capabilities, and China is notorious for targeting political opponents.

GreatFire itself suffered a major distributed denial-of-service (DDoS) attack, and now GitHub and other companies are facing sophisticated cyberattacks. Not surprisingly, the Chinese government didn't respond to GreatFire accusations, though officials previously accused the group of being "anti-China."

If true, this is a new strategy from the Chinese government, which has been long suspected of organized cyberespionage. "The last couple months, we've seen a real sea change in Chinese Internet policy, where they've become more assertive about blocking Western sites and pushing back on their citizens' ability to access information from outside the country," said James Lewis, senior fellow of the Center for Strategic and International Studies.

Researchers from Check Point Software Technologies in Israel have found a surprising computer spying operation that "likely" originated from a government agency or political group operating inside of Lebanon.

The spy software, once installed via hijacked public websites, could steal personal and corporate information from victims.

"They are not 'script kiddies,'" said Shahar Tal, a researcher at Check Point Software Technologies, in a statement published by Reuters. "But we have to say in terms of technical advancement, this is not NSA-grade. They are not replacing hard drive firmware."

It's getting more difficult to identify and track terror groups online, with the Dark Web and file encryption proving effective.

It's up to tech companies to think about the supposed damage facing police agencies and federal investigators, said Rob Wainwright, director of Europol, while speaking to 5 Live Investigates. Using forms of encrypted communications helps terrorists avoid detection while corresponding with one another.

"With the right resources and cooperation between the security agencies and technology companies, alongside a clear legal framework for that cooperation, we can ensure both national security and economic security are upheld," said a spokesperson with TechUK, a UK technology trade organization.

A single Command and Control server could be responsible for running a botnet using a number of different malware programs to infect users. It appears the cybercriminals are infecting as many machines as possible, and the botnet can be sold or rented to clients - spreading via manipulated Word documents attached to emails.

Security firm G DATA found a fake rail card invoice is one tactic criminals are using to help infect new victims. Instead of being an actual rail card invoice, however, the installed malware builds up a botnet, as criminals are able to remotely hijack infected PCs.

"The malware behaves like a matryoshka doll on the system," said Ralf Benzmuller, head of G DATA SecurityLabs. "It gradually reveals its potential and actual aim. We suspect that the infected systems are intended for use as zombie PCs in the Andromeda/Gamarue botnet."

Despite South Korea blaming North Korea for hacking its nuclear power operator, officials in Pyongyang have denied their involvement. In a data breach in late 2014, hackers were able to steal employee personal information, physical designs and manuals of the Korea Hydro and Nuclear Power Co.

The Korean Central News Agency said Seoul fabricated evidence saying Internet protocol addresses were linked to the north - even though the recent data breaches were "believed to have been caused by an [unidentified] group of North Korean hackers."

North Korea is believed to have a budding cyberespionage program, with most of its efforts targeted at South Korean banks and other critical infrastructure.

Ransomware attacks, relying on custom malware able to encrypt files, continues to pose a significant threat to business users.

New ransomware types are popping up, including Crypto Wall and Torrent Locker, being distributed via email spam, watering hole attacks, and malvertising. Due to the financial benefit of compromising victims, hackers are always on the lookout for new methods to infect victims.

"One researcher likens it to turning on the kitchen light and having the cockroaches scatter," said Andrew Conway, research analyst at Cloudmark, in a statement published by Baseline. "Now, instead of one ransomware package, there are three or four of them out there. Occasionally, there will be a bug on ransomware that will enable people to get their data back. But, if you don't have another copy of that data, pay the ransom if you need [the data]."

Web.com's Register.com was reportedly victimized by a coordinated cyberattack, and the Chinese military was reportedly responsible, according to a story published by the Financial Times. The hackers had access for around one year, though it doesn't appear client data was taken or there was a significant disruption to day-to-day activities.

However, Chinese officials deny being linked to the attack: "The relevant criticism that Chinese military participated in Internet hacking is to play the same old tune, and is totally baseless," according to a statement released to the Chinese Defense Ministry, submitted to Reuters.

The Chinese government has a sophisticated cyberattack program, and enjoys launching a number of cyberespionage campaigns against the United States and other western targets. Meanwhile, the Chinese government reports being a victim of international cyberattack, including many attacks that reportedly originate from the United States.

Internet service providers (ISPs) are being criticized for distributing routers that are known for having security vulnerabilities that leave users vulnerable. A whopping 14 supplier provided ADSL routers that have firmware released in 2007 or newer, so hackers are able to gain overwhelming control of home networks.

Up to 80 million devices that are used in households and small offices can be compromised simply because new users don't bother to change default passwords - and it's even easier to find Internet-exposed routers. In addition to Internet scans, some websites are known for publishing which devices are vulnerable to outside tampering.

"Wide swathes of IP space are being made vulnerable through ISPs in developing countries distributing routers with default passwords that can be easily found on the Internet," said Kyle Lovett, Cisco consultant, while speaking at CrestCon & IISP Congress 2015.

A rise in cyberattacks can be attributed as an attack by people, as companies spend even more on boosting endpoint security. Many IT experts and business leaders see cyberattacks as a technology issue, but it's really a focus on people.

Cybersecurity experts are increasingly focused on educating employees on spotting phishing attempts, and fighting against attacks that rely on employees being rather naive and reckless.

"When you do think of it that way, then you tend to do a bunch of bad things," said Dave Merkel, CTO of FireEye, in a statement to ZDNET. "Such as ask bad questions to your security team like, 'What product can I buy to make this go away?' The answer is you can't just buy a product that is going make the bad guys go away forever."

NYPD auxiliary police officer Yehuda Katz was charged with allegedly hacking into NYPD and FBI databases as part of his fraud scheme. Katz even installed a hidden camera in the traffic safety office, which was eventually discovered by precinct officers.

Katz used 15 compromised usernames and passwords, searching for more than 6,000 license plates stemming from auto accidents. Once he had personal information, he contacted victims and posed as an attorney who would be able to collect on their behalf.

"The threat posed by those who abuse positions of trust to engage in insider attacks is serious, and we will continue to work closely with our law enforcement partners to vigorously prosecute such attacks," said US Attorney Loretta Lynch, in a public statement.

Eighty-two percent of IT professionals are concerned that using mobile apps in the office "significantly" or "very significantly" increase cybersecurity concerns - but more than half of companies still lack mobile app use policy rules.

Millions are being spent on mobile app development, but a fraction of those overall investments are related to security. Companies are increasingly testing mobile apps, including security vulnerabilities, and 30 percent of apps are found to have at least a single vulnerability.

"It's just an indicator that we [the security community] have a problem, [or] a risk issue that isn't necessarily being met, at least not with respect to training and awareness," said Larry Ponemon, chairman and founder of the Ponemon Institute, in a statement to SCMagazine.com

The Apple Watch will be released on April 24 and should bring immediate attention to the wearables market - but that has some cybersecurity experts concerned. More users will rely on their smartwatches to make payments, conduct business communications, and save sensitive information for easier access.

Even though this will make it easier to incorporate wearables into our daily lives, it opens the door to hackers looking for new cybercriminal opportunities.

"The more ways we make data more convenient, the more risk there is to access the data and access things without your knowledge," said Kevin Mahaffey, chief technology officer of the Lookout cybersecurity firm, in a statement published by CNBC. "Just like adding another door to your house, it's just adding another way for bad guys to get in."

Following its massive 2013 data breach, which led to customer payment data being stolen, Target will pay $10 million in a class-action lawsuit settlement. The attack took place between Nov. 27 and Dec. 15 2013, with up to 40 million credit and debit cards compromised.

If approved by a federal district court judge, individual victims would be paid up to $10,000 - but is just one of 15 lawsuits that were filed against Target within a short period following the data breach.

"We are pleased to see the process moving forward and look forward to its resolution," said Molly Snyder, Target spokesperson, in a statement to CBS News.

Microsoft plans to offer the Windows Hello biometric sign-in feature for its upcoming Windows 10 operating system. Users will have the chance to scan their face, fingerprint or iris, which can be used to unlock PCs, laptops, or smartphones.

Windows Hello can be used to access protected content, authenticate apps, and other "online experiences," Microsoft says.

Meanwhile, Intel said all systems that utilize its RealSense F200 sensor can support Windows Hello. All data will be stored locally on each PC or device, and will remain anonymous in case hackers compromise it.

The Premera Blue Cross health insurer has confirmed it suffered a data breach, putting 11 million customers at risk. Compromised data includes financial information and medical information, including names, bank account data, Social Security numbers, and clinical information.

The FBI is now working with Premera to gauge the seriousness of the data breach, with compromised records dating back as far as 2002. The company is now offering two years of free credit monitoring and identity theft protection services, Premera said on a special website designed to discuss the issue.

"All of us here at Premera have been by affected by this attack and we understand and share your concerns," said Jeff Roe, President and CEO of Premera. "Please know that we're committed to making sure you get the tools and assistance you need to help protect you."

Improving cybersecurity is a major effort by government agencies and the private sector, with security incidents still occurring at a frightening rate. Financial institutions have focused more on keeping attackers out of their networks, while trying to defend against a large number of attacks.

Most bank-related fraud tends to occur because of the use of false or anonymous identities. However, there is more focus on trying to keep malware from being installed, and to prevent distributed denial of service (DDoS) attacks from being so successful.

"It is no longer acceptable to simply apologize for a security breach and send a letter out to affected customers," said Dorean Kass, VP at Neustar. "Customers expect businesses, especially banks, to identify fraud and maintain cybersecurity, all while ensuring a convenient experience for its clients."

The United States faces a "pervasive" issue regarding cyberattacks against physical weapons systems and private defense contractors - and cybersecurity to help protect assets is gaining more traction. The Department of Defense Instruction 5000.02, the Pentagon's guidelines for military acquisitions, will include a category focused specifically on cybersecurity.

"It's about the security of our weapons systems themselves and everything that touches them," said Frank Kendall, Defense Undersecretary, speaking to Reuters. "It's a pervasive problem and I think we have to pay a lot more attention to it."

The US government deciding to embrace cybersecurity, especially for the military, will likely generate more revenue for Lockheed Martin, General Dynamics and other contractors tasked with creating defensive cybersecurity programs.

Countries interested in conducting cyberespionage campaigns are using increasingly sophisticated methods, carefully targeting users with modular tools, according to Kaspersky Lab.

To increase stealth and reduce their visibility from cybersecurity experts, hackers are diversifying the components used in their malicious programs. One specific platform has at least 116 different plugins that can be customized depending on expected victim and what type of information they have access to.

"Nation-state attackers are looking to create more stable, invisible, reliable and universal cyberespionage tools," said Costin Raiu, director of global research and analysis at Kaspersky Lab. "They are focused on creating frameworks for wrapping such code into something that can be customized on live systems and provide a reliable way to store all components and data in encrypted form, inaccessible to regular users."

We all know that the NSA has stepped over some pretty serious privacy boundaries, but now Wikipedia is suing the US spy agency over the constitutionality of its mass surveillance program.

Wikipedia has slapped the NSA with a lawsuit with the Justice Department, claiming that its mass surveillance regine threatens the freedom of speech under the First Amendment and the Fourth Amendment's protection against the unreasonable search and seizures. Executive Director of the Wikipedia Foundation, Lila Tretikov, explains: "By tapping the backbone of the Internet, the NSA is straining the backbone of democracy. Wikipedia is founded on the freedoms of expression, inquiry, and information. By violating our users' privacy, the NSA is threatening the intellectual freedom that is central to people's ability to create and understand knowledge".

Wikipedia's founder Jimmy Wales, along with Tretikov, argued in a op-ed in The New York Times on Tuesday that "pervasive surveillance" of Wikipedia's hundreds of millions of users had a scary effect that "stifles freedom of expression and the free exchange of knowledge". The duo continued, writing: "Whenever someone overseas views or edits a Wikipedia page, it's likely that the N.S.A. is tracking that activity-including the content of what was read or typed, as well as other information that can be linked to the person's physical location and possible identity. These activities are sensitive and private: They can reveal everything from a person's political and religious beliefs to sexual orientation and medical conditions".

Former NSA contractor Edward Snowden, currently residing in Russia, says he would like if the Swiss government granted him asylum. Snowden once lived in Geneva while working undercover for the CIA, and enjoyed his time in the European country.

In addition to Switzerland preferring a neutral stance on current military wars and other issues, the country also boasts a high quality of life and treatment of citizens. Unfortunately, current Swiss laws dictate someone applying for asylum must already be in Switzerland - and it's unknown if the government is willing to make an exception for Snowden.

"I would love to return to Switzerland, some of my favorite memories are from Geneva," Snowden recently said during the International Film Festival and Forum on Human Rights. "It's a wonderful place. I do think Switzerland would be a sort of great political option because it has a history of neutrality."