Hacking, Security & Privacy - Page 42

A new form of malware dubbed 'ScarePakage' is targeting U.S. smartphone owners and can render devices inoperable, according to security firm Lookout. The mobile ransomware tricks users by claiming it's from the FBI, saying phone owners are being investigated for alleged crimes. Once a device is compromised, the ransomware demands "several hundred dollars" or the device will remain under control of ScarePakage.

The ScarePakage ransomware doesn't need root administrator access, and has been designed to be overly intrusive. It runs a Java TimerTask every 10 milliseconds to prevent any other applications or processes to shut down, and stops hijacked devices from going into sleep mode.

"Mobile ransomware in and of itself is a fairly new tactic from malware authors and this is one of the first we've seen targeting the U.S. specifically," said Jeremy Linden, Lookout Senior Security Product Manager, in a statement to TweakTown. "That said, we are less concerned about ScarePakage distributes itself and more concerned about how difficult to remove it is. Once the application has device administrator permissions, it is very hard to regain control of the device."

Around 20,000 current and former students at the Orangeburg-Calhoun Technical College in South Carolina are at risk of data theft following a stolen laptop taken from a staff office. Data taken includes names, birthdates and Social Security numbers of both students and faculty going back at almost seven years.

The technical college will now use encryption software on all laptops and PCs, while those affected by the data breach are being contacted. The laptop was stolen on July 7 and an investigation is currently underway to try to identify those responsible.

"College officials were disappointed to learn that someone entered a staff member's office on campus and removed a computer," said Kim Huff, OC Tech VP of Business Affairs, in a statement. "We are evaluating our security controls to prevent further incidents."

A Chinese citizen living in Canada has been arrested and is accused of hacking into Boeing, Lockheed Martin, and other U.S. companies with government defense contracts. Su Bin, also known as Stephen Subin and Stephen Su, is accused of unlawfully accessing computers in the United States, according to the FBI, in an attempt to steal data on military projects.

Su allegedly worked with two other hackers to steal data between 2009 and 2013, with some stolen information offered for sale to Chinese companies. Specifically, they had an interest in F-22, F35, and C-17 U.S. military aircraft - along with weapons programs currently being developed.

"We remain deeply concerned about cyber-enabled theft or sensitive information, and we have repeatedly made it clear that the United States will continue using all the tools our government possesses to strengthen cyber security and confront cybercrime," said Marc Raimondi, U.S. Department of Justice spokesman, in a statement.

Google publicly announced its Project Zero, a new effort aimed at tracking software bugs, with a public vulnerability database also in the works. The company also recruited George Hotz, responsible for hacking the Sony PlayStation 3 and Apple iPhone, among other claims to fame, as an intern to help with the bug hunt.

The Project Zero team will focus solely on tracking down bugs - not just for Google software - to help try to keep the Internet more secure. In addition, Google wants to better understand the techniques, targets and motivations of cybercriminals, as state-sponsored hacking becomes extremely prevalent.

"Once the bug report becomes public (typically once a patch is available), you'll be able to monitor vendor time-to-fix performance, see any discussion about exploitability, and view historical exploits and crash traces," said Chris Evans, responsible for leading Project Zero.

It was only a year ago that the German government considered the Xbox One to be a monitoring device, and this was at the time of NSA whistleblower Edward Snowden coming out about the NSA spying on the entire world.

Well, the German government is now considering shifting back to the old-fashioned way of writing documents: using a typewriter. The use of a typewriter would be used to type up confidential documents, so that they don't get typed up on a PC, that has an operating system that can be hacked, which is connected to a network. A typewriter can have someone type up a confidential document, finish it, and file it away - without the prying eyes of the NSA getting to it.

Chair of the German Parliament, Patrick Sensburg, has an enquiry into the alleged spying by the NSA, saying that committee members are considering new security measures and are thinking about ditching e-mail in favor of a serious move back to using typewriters. He told the ARD Morning Show Monday: "As a matter of fact, we already have [a typewriter], and it's even a non-electronic typewriter".

Qendrim Dobruna, 27, has pleaded guilty to bank fraud in a case stemming back to 2011, and could face up to 30 years in prison. Operating under the names "cL0sEd" and "cL0z," he played a part in an operation that lasted 48 hours and led to $14 million stolen - with criminals withdrawing the funds via ATMs in 20 different countries.

Dobruna initially decided to plead not guilty, but thought better of it before changing his plea to guilty - and will serve at least nine years. Dobruna and his accomplices chose to defraud "JPMorgan Chase, and to obtain moneys, funds, credits and other property owned by, and under the custody and control of said financial institution, by means of materially false and fraudulent pretenses, representations and promises," according to the federal government's indictment.

It took a growing number of cybercrime-related cases before the federal government jumped into action - but criminals conducting fraud and theft on a large scale are increasingly being targeted by police and federal agencies.

If you think that using the factory reset function on your smartphone will clear your data, you're in for a pleasant surprise! Czech-based security company Avast purchased several phones via eBay to evaluate if they can extract data from it, especially the ones that had a factory reset done by the previous owner.

The factory reset is supposed to be a one-touch feature which should secure erase all the data, settings and other user-related details from the photo and return it to a 'rolled out of the factory' state. But the experiment by Avast proved that this is not entirely true.

The company conducted this experiment by purchasing 20 smartphones from eBay. The experts at Avast were able to extract data from these smartphones, though the company didn't disclose if that was the case with all the smartphones. The experts were able to extract 40,000 photos, out of which 1,500 of those were family photos and others included selfies with their manhood.Other data included emails, text messages, Google search history and even browser history. Avast also added that the factory reset feature does not wipe out the data from the phone. Rather, it only erases the index information.

It looks like Edward Snowden might not be the only NSA whistleblower according to Glenn Greenwald, with the tease coming from Greenwald who tweeted over the weekend that the fact of a second US whistleblower "seems clear at this point".

Greenwald believes there is a second US whistleblower that is leaking information about the NSA to media around the world. Greenwald added: "The lack of sourcing to Snowden on this & that last article seems petty telling". The tweet was made after a German site published an analysis of the NSA's XKEYSCORE code, which doesn't seem to have some from Snowden.

It was only after this that speculation of a second US whistleblower began, with experts agreeing that it looks like Snowden isn't alone. ARD, a German public broadcaster, said in a report last week that the NSA is using its XKEYSCORE program to track Internet users who search the web on how to stay hidden when on the Internet. Greenwald added: "I've long thought one of the most significant and enduring consequences of Snowden's successful whistleblowing will be that he will inspire other leakers to come forward".

The German government remains upset that the NSA snooped on German Chancellor Angela Merkel and other government leaders, requesting the top U.S. intelligence official in Germany to leave the country. It was an unexpected move by the German government, as the CIA official works at the U.S. embassy in Berlin - as parliamentary inquiries continue in Germany.

The German government wants to speak with Snowden, but the American turned down an in-person meeting that would have taken place in Russia. Even if German investigators are unable to chat with Snowden in the near future, there are obvious political tensions between Germany and the United States at the moment.

"The representative of the U.S. intelligence services as the Embassy of the United States of America has been requested to leave Germany," said Steffen Seibert, a Germany government spokesperson, in a statement. "The Federal Government takes these incidents very seriously. It remains vital for Germany, in the interest of the security of its citizens and its forces abroad, to cooperate closely and trustfully with western partners, in particular with the USA. To do so, however, mutual trust and openness are necessary. The Federal Government continues to be ready for this and expects the same from its closest partners."

Security company Kaspersky Lab today announced its updated product lineup for home consumers, including the Kaspersky Anti-Virus 2015, Kaspersky Internet Security 2015 and Kaspersky Internet Security - Multiple-Device 2015. Designed to protect Microsoft Windows, Apple OS X and Google Android devices from current threats in a rather complex security world.

New features include Webcam protection aimed at keeping built-in Web cameras safe and secure from outside hacking. Kaspersky also included a Wi-Fi security notification module that ensures public Wi-Fi hotspots are secure, informing users of vulnerable network connections or unsecured password transmission. Ransomware which encrypts files also is a major threat to PC users, so the Kaspersky Lab System Watcher module verifies all running processes to prevent criminals from encrypting files.

"Today's threat landscape is persistently evolving and at Kaspersky Lab we're continuously staying one step ahead of the cybercriminals," said Justin Priestley, Kaspersky Lab consumer sales SVP, in a statement. "We provide our customers with the most advanced protection tools available, like the innovative Webcam Protection and System Watcher features. Our 2015 suite of products, especially Kaspersky Lab Internet Security, is equipped with technologies that have proven to be effective not only in independent tests, but in the real-world, protection 300 million people across the globe."

A team of researchers at CrowdStrike is claiming China's "Deep Panda" cyber offensive group has begun targeting, and has now compromised, US national security think tanks. In an alarming statement, co-founder Dmitri Alperovitch asserted that the attacks seem to be tied into monitoring activity from the newly founded Islamic State of Iraq and the Levant (ISIS).

In a blog post, CrowdStrike's co-found Dmitri Alperovitch outlined the company's work with human rights groups and security think tanks. Former senior government officials frequently work in organizations like these, and so are a natural target of hostile intelligence services, Alperovitch said, adding that he has "great confidence" the Deep Panda group is affiliated with the Chinese government. It's one of 30 CrowdStrike closely follows in China, but the company points out it is also one of the most sophisticated.

As the armed ISIS faction launched an attack on an oil refinery, Alperovitch claims Deep Panda began a hunt for files from US thinktank employees. He pointed out that China is the top foreign investor in Iraq's oil infrastructure, and so espionage fits in with the country's national interests. "It wouldn't be surprising if the Chinese government is highly interested in getting a better sense of the possibility of deeper US military involvement that could help protect the Chinese oil infrastructure in Iraq," Alperovitch wrote. "In fact, the shift in targeting of Iraq policy individuals occurred on June 18, the day that ISIS began its attack on the Baiji oil refinery."

The popular video website Dailymotion was compromised by cybercriminals able to inject malicious code, redirecting visitors and secretly installing malware. The iframe first appeared on June 28 and installed the Sweet Orange Exploit Kit, targeting Oracle Java, Microsoft Internet Explorer and the Adobe Flash Player.

It seems only a small number of users were compromised, and Dailymotion quickly restored videos and ensured they were safe again.

"If the kit successfully exploited any of these vulnerabilities, then Trojan.Adclicker was downloaded onto the victim's computer," according to Symantec researchers. "This malware forces the compromised computer to artificially generate traffic to pay-per-click Web advertisements in order to generate revenue for the attackers."

May spam email traffic averaged 69.8 percent, a 1.3 percent drop from April, but security experts continue to tell Internet users to be weary of sometimes rather clever spam. There was a large amount of mass mailings for schools and universities, along with "offers" for student loan repayment plans also popular phishing techniques.

Email search sites were the most popular targets (32.2 percent) ahead of social media websites (23.9 percent), and financial and payment organizations were in the No. 3 spot (12.8 percent). Spammers rely on unsuspecting and gullible Internet users to click compromising links that install malware - or otherwise steal credentials.

"Spammers are constantly thinking up new tricks or turning to old favorites to catch out their victims," said Tatyana Shcherbakova, Kaspersky Lab Senior Spam Analyst, in a statement. "It's not just about advertising: this month we came across a number of mass mailings imitating official notifications from various services and companies. The attachments in these emails contained malware from the Andromeda family. This family consist of backdoors that allow attackers to silently control infected computers, which often become part of a botnet."

The rise of hackers and cybercrime are problematic, but national governments maintaining security and political control on the Internet will remain the biggest threat. Specifically, there will be a rise in blocking, filtering, segmentation and balkanization of the Internet, according to a study published by the Pew Research group.

Thirty-five percent of those surveyed said they expected significant changes "for the worse" in regards to accessing and sharing online content by 20125 - a troubling concern as more people begin to access the Internet.

"Governments worldwide are looking for more power over the Net, especially within their own countries," said Dave Burstein, Fast Net News editor, in a statement. "Britain, for example, has just determined the ISPs block sites the government considers 'terrorist' or otherwise dangerous. There will usually be ways to circumvent the obstruction but most people won't bother."

When Edward Snowden blew the lid on the NSA's spying last year, everything changed. The NSA has asid that even though it intercepts pretty much every single person's communications, it only "targets" a very small number of these people.

This smaller percentage of traffic is flagged as a pattern, or suspicious by the NSA, which then starts their data retention. These targets don't see their data flushed from NSA databases on a 48-hour or 30-day basis like the rest of the world, instead their data is kept forever. This news comes from German site Tagesschau, where Lena Kampf, Jacob Appelbaum and John Goetz reported the NSA's rules on what is deemed a "target" to the US spy agency.

They report that the NSA targets anyone who searches for online articles about Tails, or Tor. Anyone who even uses Tor becomes an instantly target for long-term surveillance and data rentention. Both Tor and Tails have been part of the mainstream discussion for online security, surveillance and privacy for quite sometime. For the NSA to just instantly put surveillance and retention on these people is yet another step of unbelievable, in an already unbelievable breach of users' privacy and rights.

Malware linked back to cybercriminals in Algeria and Kuwait was disrupted when Microsoft named several parties in a civil suit accused of creating malicious code that infected millions of victims. The strategy is a unique new method by Microsoft, attempting to disrupt communication channels used by cybercriminals and the infected PCs they've compromised.

The foreign nationals, Naser Al Mutairi and Mohamed Benabdellah, along with the Vitalwerks Internet Solutions domain hosting company - almost 94 percent of compromised machines used Vitalwerks servers so the criminals were able to control the machines - in a rather clever method to try to stay under the radar.

Meanwhile, Vitalwerks claims millions of Internet users have suffered disrupted service because of the legal proceedings. Microsoft didn't directly say Vitalwerks was involved in the cybercriminal activities, but said the company didn't do enough to prevent it.

Allen Lockser, 21, faces 11 felony computer fraud charges after allegedly accessing student accounts, though didn't compromise any personal information. However, he reportedly submitted quizzes and deleted submitted homework assignments from the school network, first gaining access by trying random passwords until he was successful.

Lockser is accused of hacking into 20 student accounts on Canvas, the Pasco-Hernando State College online portal, which is used for submitting homework assignments and assessments. He was easy to track because he used the static IP address at his home, so sheriff's deputies were able to quickly identify him.

The school boosted security and students must now use passwords with a combination of letters, numbers and special characters. In addition to criminal charges, Lockser will also face a school disciplinary inquiry. After being arrested for his charges, Lockser was booked and later released on $1,100 bail.

The Pony Loader malware has been updated to v2.0 and has nasty new tricks to help compromise users and steal bitcoins. The updated version is able to compromise a large group of different cryptocurrency wallets, including Litecoin, Namecoin, Terracoin, Goldcoin, Junkcoin, and Anoncoin.

To counter this new malware threat, it's recommend users update to the newest bitcoin client, which gives users a way to encrypt private keys with passphrases.

"Given the capability to steal stored credentials from a wide variety of software, users should consider storing their passwords and bitcoin private keys using these programs risky," said Isaac Palmer, Damballa malware reserve engineer, in a blog post.

Businesses struggle to keep their data secure, but find it even harder to deal with data breaches once they already happen. Companies that try to bury their heads in the sand and keep breaches secret could be harming themselves more than anything else, and should be more transparent.

Some companies try hiding data breaches or only confirm the news after security incident details are released. That can lead to major problems from shareholders, customers, and law enforcement officials.

"It's brought it to a point now where businesses have to pay attention," said Al Pascual, Javelin Strategy & Research senior analyst, in an interview with journalists. "Before, it was more of a concern for folks in the back office. They may have had some minor concerns about regulators or government officials, but now they have to worry about being punished by their shareholders, being punished by consumers who are pretty likely not to come back or to reduce their patronage."

Medical company Medtronic said it was breached by cyberattacks in separate incidents last year, with some patient records compromised. A number of medical records in the diabetes business unit was taken, but the company didn't disclose how many patients were affected, or what information was at risk.

Medtronic is the biggest standalone medical device maker in the world, and is a significant problem that rivals should pay attention to.

"Medtronic, along with two other large medical device manufacturers, discovered an unauthorized intrusion to our systems that was believed to originate from hackers in Asia," Medtronic confirmed in a filing to the Securities and Exchange Commission (SEC).