Hacking, Security & Privacy - Page 33

The FBI wants skilled and qualified cybersecurity experts to help lend a hand in cyber-based investigations. Interested candidates must be skilled in computer science and similar fields, while also passing a fitness test, medical exam, extended background check and a polygraph test, according to the FBI.

A brief look at the FBI Cyber Careers page indicates a number jobs for cyber special agents, computer science specialists, information technology forensic examiners, and qualified candidates for cyber internships. The FBI is increasingly helping companies following major data breaches, cyberattacks from hacker groups and suspected foreign states, cyber forensics, and other roles following a major incident.

"Cyber agents will be integrated into all the different violations that we work," said Robert Anderson Jr., FBI cyber crimes branch executive assistant director, in a recruitment video. "So whether it's a counterterrorism or counterintelligence investigation, they could be the lead agent in the case."

Cybercriminals are having a field day targeting US companies, financial institutions and government agencies, with numerous campaigns in recent years. However, some frustrated victims, instead of solely focusing on improving cybersecurity defense, are interested in trying to get vigilante justice on hackers.

It doesn't matter the motives behind revenge hacking, it's still illegal - and the FBI is investigating a report by J.P. Morgan that target Iranian servers following a 2012 cyberattack. As the FBI improves its ability to determine what country or group could be responsible for attacks, they don't want banks and other victims to try their hand at launching attacks.

"Right now the situation is that companies are on defense," said Bloomberg News reporter Michael Riley. "They have to try and keep hackers out of their networks, and the hackers only have to win once. They are incredibly frustrated, they are incredibly vulnerable, and they are looking for other options, and some of those options may be going after the hackers."

South Korean Internet users interested in downloading copies of "The Interview" should be worried, as people are having their devices infected while trying to download the movie. Specifically, a Google Android mobile app, available for smartphones and tablets, has been circulating promising access to a pirated copy of the movie - but is instead stealing banking details, according to researchers from McAfee Labs, Center for Advanced Security Research Darmstadt, and Technische Universitate Darmstadt.

"It contains an Android Trojan detected by McAfee products as Android/Badaccents," according to cybersecurity expert Graham Cluley. "Android/Badaccents claims to download a copy of 'The Interview' but instead installs a two-stage banking Trojan onto victims' devices."

The malware targets Korean banks and Citi Bank, with stolen credentials then sent to a Chinese server. The app was reportedly hosted using the Amazon Web Service (AWS), but Amazon has denied the claim. Researchers say the malicious app has been downloaded more than 20,000 times.

Even with a growing number of cybersecurity experts thinking an insider attack is more likely in the demise of Sony Pictures earlier this year, the FBI continues to blame North Korea. US government officials said there are no alternate leads in who was behind attacking Sony, despite arriving at the conclusion North Korea was behind the attack.

The FBI issued the following statement: "The FBI has concluded the government of North Korea is responsible for the theft and destruction of data on the network of Sony Pictures Entertainment. Attribution to North Korea is based on intelligence from the FBI, the US intelligence community, DHS, foreign partners and the private sector. There is no credible information to indicate that any other individual is responsible for this cyber incident."

However, cybersecurity experts were amazed how quickly the FBI was able to point fingers towards North Korea, as noted by a Norse cybersecurity official: "When the FBI made the announcement so soon after the initial hack was unveiled, everyone in the [cyber] intelligence community kind of raised their eyebrows at it, because it's really hard to pin this on anyone within days of the attack."

Companies must learn from the mistakes made by Sony Pictures leading up to a data breach carried out by the Guardians of Peace - and that should translate to increased network security and better training for employees. In addition to the stolen movies and leaked employee personal information, embarrassing emails sent and received among executives at the company caused an additional layer of an expanding public relations nightmare.

"Now you have to operate under the mindset that my email is not confidential," said Frank Mong, GM of enterprise security solutions with Hewlett-Packard, in a recent interview published by the San Jose Mercury News. "We should all live with a little more paranoia when we do these things - ask, 'Is this really legitimate?' Should I really be clicking that?"

While the SPE breach is an ideal learning opportunity, many companies will refuse to make adjustments and could be next in line to suffer an incident. Companies need to create guidelines that force employees to use more complicated passwords, and hire third-party cybersecurity firms to educate employees on identifying phishing and spear-phishing attacks.

The Guardians of Peace, the cybercriminal group behind crippling Sony Pictures, reportedly sent threats to a U.S.-based news organization. The FBI bulletin refers to the company as "USPER2," so it remains unknown which company was targeted.

The posted threat was published on Pastebin, taunting the FBI and the unnamed media organization "for the 'quality' of their investigations," according to the GOP statement. Unfortunately, many ad servers don't support newer encryption technologies, so media outlets are vulnerable to potential hijacking - and it's something that clever cybercriminals are clearly aware of.

"As part of our ongoing public-private partnerships, the FBI and DHS routinely share information with the private sector and law enforcement community," according to an unnamed military source, speaking to journalists. "The FBI and DHS are not aware of any specific credible information indicating a threat to entertainment or news organizations, however, out of an abundance of caution, we will continue to disseminate relevant information observed during the course of our investigations."

Third-party WordPress plugins, extremely popular among millions of WordPress users, leave the door open for cybercriminals to exploit threats. Unfortunately, many people install new plugins and simply leave them be - without installing updates or ensuring security protocols are met - and that makes it even easier to compromise websites, databases, and users.

"WordPress is extremely powerful, and while the popularity creates a lot of opportunities for development, it also attracts hackers,"said Tony Baker, Internet Assure director, in a press statement. "There are thousands of extremely popular plugins that create vulnerabilities within these sites, and quite frankly, most WordPress self-hosted websites are set up without any thought to security."

As security becomes significantly more important for WordPress websites, vulnerabilities and code exploits will remain major security concerns. It's recommended for inexperienced website owners to rely on GoDaddy, BlueHost, Site5, and established hosting services to help host the site, as they have internal security protocols in place to keep track of security threats.

A member of the Lizard Squad hacker group, saying his name was "Ryan Cleary," told the Washington Post that his group played a role in handing over usernames and credentials used by Sony Pictures.

"Well, we didn't play a large part in that. We handed over some Sony employee logins to them. For the initial hack. We came by them ourselves. It was a couple."

Unfortunately, the interviewer didn't press the Lizard Squad member any more regarding the breach, which the FBI and cybersecurity experts can't seem to agree upon who is truly behind the attack.

The Lizard Squad hacker group had a member arrested by the South East Regional Organized Crime Unit (SEROCU), with additional reports indicating the member is 22-year-old Vinnie Omari. His house was raided on Monday and police searched for "email addresses, usernames, passwords, documents containing names associated with PayPal fraud."

Police also want to tie him to recent Lizard Squad attacks, including distributed denial of service (DDoS) attacks suffered by Microsoft's Xbox Live and Sony's PlayStation Network. His laptops, Xbox One game console, smartphone, and USB memory drives were confiscated.

"The South East Regional Organised Crime Unit has arrested a 22-year-old man from Twickenham on suspicion of fraud by false representation and Computer Miseuse Act offences," according a press release. "The arrest yesterday is in connection with an ongoing investigation in to cyber fraud offenses which took place between 2013 and August 2014 during which victims reported funds being stolen from their PayPal accounts."

It took a number of data breaches and cybersecurity incidents throughout 2014, many of them suspected of being funded and supported by foreign government states, for American Internet users to realize the great threat of cyberattacks. Looking ahead to 2015, however, cybersecurity experts believe so-called cyberwars will accelerate as additional nations begin to flex their digital muscle.

"Experts have been calling it a 'cyber Cold War' for some time, and that's only ramping up quickly," said Chris Peterson, co-founder and CTO of the LogRhtym security intelligence company, in a statement published by NBC News. "Nation-states both weak and strong see cyberattacks as a weapon to counter the global influence of the U.S."

Cyberespionage attacks will surge in 2015, especially becoming smaller nation states and terror groups, according to McAfee. Smaller countries with less-established military power hope to use cyberattacks to help try to level the playing field, while stealing data and interrupting operations of political rivals.

South Korean security officials have removed a "low-risk" worm that was installed on devices linked to the country's nuclear plant control systems. Nothing harmful was discovered on reactor controls, according to officials, despite the recent data breach.

"We will prepare fundamental improvement measures by enhancing nuclear power's safe operation and hiking information security systems to the highest level following this cyber attack case," the Korea Hydro and Nuclear Power company said in a statement.

Korean officials want cooperation from the Chinese government during its investigation of the cyberattacks - with China or North Korea on the short list of foreign states that could be involved. A hacker threatened to close three reactors via Twitter, though only non-critical data was stolen as part of the breach.

The FBI is now investigating the Lizard Squad for its participation in bringing down Microsoft Xbox Live and Sony PlayStation Network via distributed denial of service (DDoS) attacks over Christmas. Published media statements say "Ryanc," a Finnish teenager identified as Julius Kivimaki, as one reported member of the Lizard Squad group - but identifying other members has proven difficult.

"The FBI is investigating the matter," according to a bureau spokesperson when speaking to GamesBeat. "Given the pending nature of the case, we cannot comment further."

Sony Pictures was having a decent year until the crippling cyberattack that made the company's operations go sideways to end the year. To help keep things operating, Sony embraced its old stash of BlackBerry smartphones to support day-to-day operations moving ahead. It's possible, following the breach, some executives will begin embracing BlackBerry smartphones because of the enhanced security protocols.

Despite losing steam among consumers - and in the business workplace - BlackBerry smartphones still rely on a secure infrastructure, making it a popular device for government employees, even with the domination of Apple iPhone and Google Android devices.

"CEO Michael Lynton routinely received copies of his passwords in unsecure emails for his family and his family's mail, banking, travel, and shopping accounts," according to the Associated Press. "Experts say such haphazard practices are common across corporate America." Using a BlackBerry device, however, could help alleviate some of the poor cybersecurity practices suffered by many company executives.

The FBI believes North Korea played a major role in the breach of Sony Pictures, while the reclusive North Korean government not surprisingly denied any involvement. The Norse cybersecurity firm spoke with the FBI at the start of the week, and believe a piracy group and disgruntled insiders, at least one laid-off Sony Pictures employee, were more likely the cause of the data breach.

"We are very confident that this was not an attack master-minded by North Korea and that insiders were key to the implementation of one of the most devastating attacks in history," said Kurt Stammberger, Norse senior vice president, in a statement to CBS News.

In a statement meant to Reuters, the FBI offered the following statement: "The FBI has concluded the government of North Korea is responsible for the theft and destruction of data on the network of Sony Pictures Entertainment."

The NSA responded to an ACLU FOIA request by releasing a bunch of documents to the public, but waited until the cover of Christmas Eve when everyone was busy with their families, admitting it had spied on normal, ordinary American citizens.

Considering the NSA has stood before Congress, claiming more than once that it was not abusing its very broad intelligence gathering operations and technologies, but now we know, for a fact, they did, and probably still are. The reports state "The heavily-redacted reports include examples of data on Americans being e-mailed to unauthorized recipients, stored in unsecured computers and retained after it was supposed to be destroyed, according to the documents. They were posted on the NSA's website at around 1:30 p.m. on Christmas Eve."

In a case back in 2012, an NSA analyst "searched her spouse's personal telephone directory without his knowledge to obtain names and telephone numbers for targeting," but don't worry, the NSA analyst in question "has been advised to cease her activities." Then there's this: "In 2012, an analyst conducted surveillance "on a U.S. organization in a raw traffic database without formal authorization because the analyst incorrectly believed that he was authorized to query due to a potential threat," according to the fourth-quarter report from 2012. The surveillance yielded nothing."

Biometric security just took a big blow to the chin. Fingerprint scanners are increasingly used for security in Apple and Samsung devices, along with many others, and are even used for voter identification in some countries. At a recent conference in Hamburg, the Chaos Computer Club (CCC) hacker network revealed they had copied German Defense minister Ursula von der Leyens' fingerprint from publically available photos of a press conference she held.

The photos were taken from standard cameras, and several images were used to stitch together the copied thumbprint. One fingerprint may have taken a bit of work to accomplish, but now that the proof-of-concept experiment has succeeded it would be relatively easy to refine the process. This isn't the best news for politicians and others who are regularly photographed, and it might be wise to move to other technologies to secure access to devices.

Biometric scanning isn't considered the safest of identification verification technologies, chiefly because most systems can be fooled with replicas. There are new technologies emerging that provide better verification techniques, such as vein scanning. New finger scanners actually look for the unique vein patterns inside the finger, which would be impossible to replicate through photos. This also has the great side-benefit of requiring a living human to work, so copies are not a feasible approach to defeating these systems.

Roll up Lizard Squad and Anonymous members, it's time to put your skills to the test. MasterCard has just announced through a press release that they will be running massive hacker collective competition across 10 cities with the ultimate prize being $100,000 in cold, hard cash.

Conducted through the use of MasterCard-supplies APIs, the entrants will compete to "create innovative prototypes that demonstrate artful coding and design skills while also articulating clear business use cases - all focused on driving the next generation of commerce applications" as according to their release.

If you fancy yourself as a computer security expert and think you have what it take to get to round two - the winning team from each region will be sent to Silicon Valley to compete in the Grand Finale Masters of Code 'hackathon'. This event features the $100k grand-prize and a few extras up for grabs:

The compilation of sensitive data secreted out of the NSA by Edward Snowden continues to be a big thorn in the side of spying agencies. Recent disclosures in Der Spiegel, the newspaper that has leaked the majority of the Snowden information, reveals several programs that the NSA has found to be very difficult, or totally impossible, to decipher. The information is complete as of late 2012, so the NSA may have already overcome these limitations, but the information is interesting.

Some emails are still indecipherable, notably the Zoho encrypted email service. The NSA has also noted that following targets across the Tor network is difficult to impossible, which means it works as advertised. The NSA has been very proactive in their dealings with encryption programs, primarily by working with vendors and committee's to have backdoors installed into the major encryption programs before they are even released to the public. One of the most surprising findings is that TrueCrypt, an open-source program, is largely safe for encrypting data. The NSA apparently didn't have as much luck penetrating an open-source project, which isn't entirely surprising considering the peer-reviewed nature of open source programs. It would be hard to insert a secret back door into a program that is actively worked on by a large group of people without company/government affiliations. PGR encryption tools and OTR chat encryption were also notable exceptions to the NSA's decryption schemes.

The revelations also contained some information on services that are easy prey for the NSA. VPN's are of little help, and the agency has already outwitted the HTTPS system. The NSA was grappling with AES encryption in late 2012, but were yet to make a breakthrough. The NSA's focus on AES means it is likely they have since cracked it, so users beware.

Military targets in Europe and Israel have been hit by cyberespionage attacks that could have been aided by commercial security-testing software released by Core Security, according to a report from the Computer Emergency Response Team (CERT). Israeli officials are unsure who launched the attack, but Iran is on the short list of suspects - as the Iranian government routinely tries to conduct surveillance and steal information from Israel.

"The most likely answer is they didn't have the capability to do it on their own," said Tilmann Werner, CrowdStrike analyst, in a statement, also adding "there is no risk of leaving tool-marks."

Cybercriminals trying to compromise government and military departments, corporations, and other major targets are greatly improving their attack capabilities. Iran has invested a large amount of resources in developing internal cyberespionage efforts, with Israel a popular target for new attacks.

South Korea reported cyberattacks against its nuclear power operator are still underway, with non-critical operations being targeted - but the Korean nuclear power plants are safe and secure. The company faced a cyberattack and data breach last week, but hackers were able to only steal non-critical data, while reactors and other critical infrastructure were untouched.

"We cannot let cyberattacks stop nuclear power operation," said Cho Seok, Korea Hydro & Nuclear Power Co. President and CEO, during a press conference. "We will continue operating nuclear plants safely against any attempted foul play, including cyberattacks. Cyberattacks on KHNP's (headquarters) operations and administration are still continuing now."

The Korean government currently has an investigation underway, and is asking for cooperation from China, as it's possible North Korea was responsible for the incident.