Hacking, Security & Privacy - Page 45

After learning he's the target of a $32 million lawsuit from the Ultimate Fighting Championship (UFC), accused pirate Steven Messina says he suffers from mental illness and can't afford the significant civil lawsuit. The parent company of the UFC, Zuffa, is now seeking $150,000 for every act of infringement, $110,000 for using UFC content without permission, and $60,000 for intercepting UFC content, plus legal fees.

The UFC says Messina made money from the pirated streams, though he refutes the accusation: "Most of the time I barely had enough to cover an event's cost after donations and would use my own money saved from medication and doctors. In total, I've probably made no more in a year than $450-$550 in donations. But that just helped me pay for a few months of medical expenses, as well as maybe four or five fight cards. I always ended up paying out of my own pocket though, as I've had money from my previous job saved in my checking account."

Zuffa will continue to fight against organized piracy that streams its events, especially pay-per-view fight cards, and is currently interested in targeting websites that host the events. Regardless of what happens from this outcome, there are numerous ways to illegally stream content.

The overall number of Microsoft Windows vulnerabilities has increased 12.6 percent year-over-year, according to the Microsoft Security Intelligence Report (SIR), covering July to December 2013. During Q3 2013, 5.8 of every 1,000 Windows computers reportedly suffered from malware infection - and jumped to a whopping 17 computers per 1,000 during Q4.

However, severe Windows vulnerabilities reportedly declined 70 percent between 2010 and 2013 - as Microsoft continues to increase security - but the sophistication of current threats are giving computer security companies fits. Cybercriminals are using social engineering to get users to click on malicious links, or install malware bundled with legitimate software, the report also indicates.

Malware authors are finding a great market, in which they can launch mass attacks for a low price and little risk of being prosecuted. To make matters worse, next-generation malware is able to easily circumvent anti-virus software that traditionally kept PCs more secure.

Google remains an outspoken critic of mass surveillance operations by the National Security Agency (NSA), but it appears both sides were exchanging a large amount of emails. NSA Director Gen. Keith Alexander and Google executives Sergey Brin and Eric Schmidt exchanged emails - including personal meetings and invitations to briefings and meetings.

At least one meeting, between U.S. government departments and Silicon Valley tech leaders, was focused on Enduring Security Framework - with a focus on mobile security.

Despite the emails, Google gave the Huffington Post this statement: "We work really hard to protect our users from cyberattacks and we talk to outside experts, including occasionally in the US government, to ensure we stay ahead of the game."

The average cost of a data breach to U.S. companies averaged $3.5 million and is a 15 percent increase year-over-year, according to a new study conducted by the Ponemon Institute and sponsored by IBM. Each lost record reportedly cost $201 each, an increase from $188 per record in 2013, as cybercriminals find success targeting select industries.

Not only are companies finding data breaches to be more costly, but retailers need to worry about customers possibly leaving if a security issue occurs. Everything from university and medical records to debit and credit card information have value among criminals, trying to steal information which can later be exploited, sold, or traded in underground forums.

From the Ponemon press release: "As a preventive measure, companies should consider having an incident response and crisis management plan in place. Efficient response to the breach and containment of the damage has been shown to reduce the cost of breach significantly. Other measures include having a CISO in charge and involving the company's business continuity management team in dealing with the breach."

Microsoft is again warning Internet users of a sophisticated scam, with the company most notably discussing tech support scams. In this particular type of scam, a caller will be informed of an infected laptop or PC, which can be cleaned up if the user pays a "hefty fee" for service.

A scammer that ran this type of Microsoft tech support scam operation in the UK and received a four-month suspended sentence - a lenient sentence that he likely wouldn't have received in the United States - with many scammers going unchecked by law enforcement.

"What's really alarming is that this type of scam shows no signs of slowing down," Microsoft said in a blog post. "Increasingly, we hear via our frontline support team, and even from friends and family, that these scammers are getting bolder, targeting not only individuals but also businesses. It is appalling that they're taking advantage of your trust in Microsoft in an attempt to steal your money. It's immoral, it's disrespectful and it's certainly illegal."

The Ultimate Fighting Championship (UFC), currently the No. 1 mixed martial arts (MMA) promotion in the world, has sued an alleged Internet pirate, seeking $32 million in damages. Steven Messina, 27, is accused of uploading 141 UFC pay-per-view (PPV) events to The Pirate Bay and other online websites - and even included a PayPal donation link for his troubles.

Messina was able to operate below the radar until he started claiming to be the "Provider of Best MMA & Boxing rips online!," which is when the UFC began to take notice.

UFC President Dana White has talked sternly against Internet piracy, and seems ready to share the same Draconian approach that music and movie copyright holders held years ago. However, people trying to monetize on pirated PPV events should expect to be busted eventually, especially if their operation continues to grow at a rapid pace.

Research indicates a whopping 90 percent of the top 30 most visited Internet piracy websites in the United Kingdom contained some form of malware or "Potentially Unwanted Programs" (PUPs) to compromise user systems.

The piracy sites often rely on social engineering techniques to trick users into clicking fraudulent links: "These fake play buttons, and that sort of thing, are very much driven by the desire of people to download content," said according to the group. "We view it as a kind of social engineering attack on the users who are tricked into downloading stuff."

In an ongoing effort to combat piracy, copyright holders might have more success trying to inform users of the security threats they open themselves up to when downloading content - it would be a unique twist on sometimes rudimentary scare tactics.

United States security officials are concerned that Russian-based hackers could retaliate for stricter sanctions, launching cyberattacks against the U.S. government and large corporations. Whether directly from the Russian government, or splinter support groups, there will continue to be an increased urgency to defend US infrastructure from foreign attack.

"A cyberattack is a real concern that we all need to have," said Paul Smocer, head of the industry Financial Services Roundtable, in a statement to the press. "Nation states' ability to launch the cyberattacks is certainly real nowadays, and so in any conflict, I think that the possibility exists as we worry about escalation."

The political situation between Russia and Ukraine already has led to cyberattacks, with the Kremlin being attacked in retaliation for targeted attacks against Ukrainian infrastructure. Unfortunately, the U.S. Department of Homeland Security has greatly struggled to try and recruit cybersecurity experts, while other government branches have voiced similar concerns.

An increase in the popularity of online gambling has created a successful underground market for money laundering, according to a new McAfee study.

To make matters worse, Internet anonymity and such a wide variety of payment options gives criminals the chance to exchange stolen funds, bitcoins, and currency.

"As a result, illegal proceeds can be laundered by wagering them on one end of a transaction and receiving the payouts as gambling wins on the other end," according to the McAfee report. "Gambling wins can also be exchanged as payment for illegal goods or services changing hands elsewhere."

The Boston Children's Hospital was recently targeted in a wave of cyberattacks trying to bring down its website, though cybercriminals were unsuccessful, and no patient data was taken in the attempted breach.

"Over the weekend and through today, Boston Children's Hospital's website has been the target of multiple attacks designed to bring down the site by overwhelming capacity," said Rob Graham, hospital spokesperson, in a statement.

Hospital officials have reported police authorities and an investigation is currently underway - no hacker or hacker groups have stepped forward to take credit for the attempted breach.

Medical professionals have become victims of identity theft, with Social Security Numbers and other personal information used to help process fraudulent tax returns, according to recent reports. The victims, less than 1,000 total so far, didn't know about the breach until they tried to file their returns and found that someone else already had beaten them to the punch.

Victims were found in the following states: Colorado, Connecticut, Vermont, Massachusetts, Iowa, North Carolina, South Dakota, Maine, Indiana, and New Hampshire. The Indiana State Medical Association (ISMA) sent a memo to healthcare professionals in the state to be aware of the tax scam.

"The DOR is viewing this as a large problem and officials are very concerned," said Julie Reed, ISMA general council, during a recent conversation. "While their investigation has not yet identified the source of the presumed breach, they are tracking all the cases, looking for patterns, and actively investigating and pursuing leads."

NEC Hong Kong is currently developing a new facial recognition technology that can be used by stores, hotels, and other retail establishments to quickly identify customers. Retailers have tried to use smartphones to help monitor customer activity, especially if guests log onto free, open Wi-Fi hotspots, though customers found ways to disable such features.

When most people think of facial recognition, it's in regards to security and possible privacy issues - but NEC and companies have a more unique reasoning behind why stores, hotels, and other establishments might want to adopt the technology:

"Everyone loves to feel special. That's why any organization that can greet a customer by name and start helping them the minute they walk in to a shop, bank or hotel will have a tremendous advantage over one that relies on ID cards or other impersonal procedures," said Elsa Wong, NEC Hong Kong Managing Director, in a press statement.

More than one-quarter of Avast's current Microsoft Windows XP customers don't plan to leave behind the OS that is now no longer supported by Microsoft, according to a recent survey conducted by the security company.

Prior to the end of support date on April 8, XP users were already under increased threat of cyberattacks, and that trend is only expected to continue.

"XP users were not planning on doing anything," said Ondrej Vlcek, Avast Chief Operating Officer, in a blog post. "As Avast users they are protecting themselves since we will continue to support Windows XP users for at least the next three years."

The US Internal Revenue Service (IRS) didn't migrate from Microsoft Windows XP before the April 8 end of support deadline, and will pay millions to Microsoft for extended support.

Microsoft pulled the plug on its popular 13-year-old operating system, urging users to migrate to Windows 7 or 8/8.1. However, millions of PCs are still running XP and haven't been migrated, including many business PCs.

"Now we find out that you've been struggling to come up with $30 million to finish migrating to Windows 7, even though Microsoft announced in 2008 that it would stop supporting Windows XP past 2014," said Rep. Ander Crenshaw (R-Fla), chairman of the House Financial Services and General Government subcommittee, in a statement. "I know you probably wish you'd already done that."

A major global website was recently hit by cybercriminals, with the hacked website turning visitors into "zombies" that in turn launched distributed denial of service (DDoS) attacks. A Persistent XSS vulnerability gave cybercriminals the chance to embed malicious JavaScript code, according to enterprise security company Incapsula.

Each user that views a compromised profile image with the malicious code then ends up sending a GET request to targeted websites. The group responsible also posted comments on large quantities of other videos, to ensure the profile image was viewed as many times as possible.

"As a result, each time a legitimate visitor landed on that page, his browser automatically executed the injected JavaScript, which in turn injected a hidden according to Incapsula. "Obviously one request per second is not a lot. However, when dealing with video content of 10, 20 and 30 minutes in length, and with thousands views every minute, the attack can quickly become very large and extremely dangerous."

Smartphone users face a growing list of security problems, and many of them are simply ignoring the risks, according to a recent study completed by security company Avast.

Men are more likely than women to face vulnerabilities on their smartphones, 36 percent compared to 32 percent, with more than one-third surveyed saying they don't use any type of anti-theft or security software.

"The findings suggest an ongoing disconnect people have with their phone and computer when it comes to security protection," Avast said in a blog post. "Many smartphone users have not yet grown accustomed to thinking of their devices as small computers that store valuable, sensitive, and often priceless data. One can now perform the same functions on their phone as the trust PC or laptop, but the majority of people are still learning about the necessary to protect their phones from viruses and hacking."

Ransomware is becoming a major business for cybercriminals, and users can expect sophisticated attacks that go beyond just Cryptolocker, according to Web security company KnowBe4.

Cybercriminals are developing next-generation malware designed to infect users and steal information, or hijack the computer with ransom demands to unlock affected machines.

"There is furious competition between cybergangs," said Stu Sjouwerman, KnowBe4 CEO, in a press statement. "They did their test-marketing in countries like the UK, Canada and Australia and are now targeting the US. CryptoDefense doesn't seem to be a derivative of CryptoLocker as the code is completely different, confirming this is a competing criminal gang."

Not enough websites and Internet browsers utilize the HTTP Strict Transport Security (HSTS) policy to keep Internet users secure, according to the Electronic Frontier Foundation (EFF).

HSTS forces encryption by opening HTTPS sessions instead of just HTTP, so information to and from the website is encrypted. Using HSTS, websites never allow Internet users to interact with an HTTP session, with everything automatically converted.

The EFF believes not enough web developers know about HSTS, while browser support has also only increased slowly but surely. Google Chrome, Mozilla Firefox, and Opera have long-supported HSTS, while Microsoft said it will use the Web standard with Internet Explorer 12.

The top social media network in Russia is now being sued by Sony Music, Warner Music and Universal Music, with vKontakte accused of "deliberately facilitating piracy on a large scale."

Each of the top three music labels filed individual suits against vKontakte, spearheaded by the International Federation of the Phonographic Industry (IFPI). In 2012, the social media site made $172 million in advertising revenue, but didn't pay the IFPI for copyrighted music shared through the site.

vKontakte says it allows copyright holders to submit removal requests of any content that violates copyright rules, but IFPI officials noted the process is too cumbersome. Both the US government and copyright holders have believed vKontakte provides large-scale music piracy - originally launched in 2006, vKontakte has 143 million global users, and 88 million Russian members.

Two members of an international cybercrime, identity theft and credit card fraud ring pleaded guilty to one count of wire fraud conspiracy and one count of conspiracy to commit access device fraud and identity theft, the Department of Justice announced.

Robert Dubuc, 40, from Massachusetts along with Oleg Pidtergerya, 49, of New York, used information stolen from more than 12 banks, payroll processing companies, brokerage firms and government agencies - in their effort, more than $15 million in funds have been reportedly stolen.

"Both Dubuc and Pidtergerya were asked by leaders of the conspiracy to participate in a scheme to 'cash out' bank accounts and pre-paid debit cards opened in the names of others," according to the DoJ press release.