Hacking, Security & Privacy - Page 51

If you still thought you had privacy after all of the news you've been reading about the NSA PRISM system, or the GCHQ, then you'd be wrong. Very wrong. The Wall Street Journal is now reporting that the FBI has the power to remotely activate microphones in Android smartphones and laptops to record conversations.

This is all coming from a single anonymous former US official, who says that remotely forcing a cellular microphone to listen in on a conversation isn't something new. The FBI used something they called "roving bugs" to spy on alleged mobsters back in 2004, and further back in 2002 they used the roving bugs to keep tabs on supposed criminals using the microphone in a vehicle's emergency call system.

The anonymous US official said that there is a dedicated FBI group that regularly hacks into computers, where they use a mix of custom and off-the-shelf surveillance software which they purchase from private companies. One of the Journal's sources said that the "Remote Operations Unit" will sometimes install software by physically plugging in a USB device, but they can also do it through the Internet by "using a document or link that loads software when the person clicks or views it."

Yesterday, I covered a story about the big chip manufacturers allegedly installing hardware level backdoors into the processors used in all of our PCs. The allegations came from two security industry experts who both claim to have proof of concept demonstrations already. Earlier today, AMD's Michael Silverman contacted me with an official statement on the matter in which he called the allegations "unfounded."

With the Black Hat conference wrapping up today, we will be keeping our eyes open for any whitepapers or proof of concept demos that prove the backdoors exist. I have reached out to both of the security experts for statements as well, but have yet to receive a response. If and when that response comes in, I will be sure to post an update.

The Australian Finance Review has just published a new story that suggests that the NSA may have hardware level backdoors built into current generation AMD and Intel processors. Leading security expert Steve Blank says that he first caught on to the practice when he noticed that the NSA had access to Microsoft emails before they were encrypted. He says that he would be extremely surprised if the NSA did not have access to a processor microcode level backdoor on every PC in America.

His reasoning behind the theory is quite simple. The sheer power needed to brute force crack AES 256-bit encryption on a single file would be equivalent to "the power of 10 million suns" and that a hardware backdoor would require almost no effort to enter and would allow agents access inside your PC in a matter of minutes. Jonathan Brossard, another expert in the security field, demonstrated this as a proof of concept at last year's Black Hat conference. These backdoors are made possible because they are placed inside the microcode which is stored on the chip itself and gets updated every time Microsoft, Apple, or any other OS pushes out an update.

According to a new study, the world's GPS system is open to hackers who could hack virtually any and all GPS units and take control of commercial airliners, for example.

The tools required are simple: a laptop, a small antenna, and an electronic GPS "spoofer" which would cost $3,000. The report comes from GPS expert Todd Humphreys and his team at the University of Texas who took control of a sophisticated navigation system that was built into an $80 million, 210-foot super-yacht in the Mediterranean Sea.

Humphreys told Fox News: "We injected our spoofing signals into its GPS antennas and we're basically able to control its navigation system with our spoofing signals." The team hacked into the yacht's navigation system by sending it counterfeit radio signals and were able to navigate the ship off course, steering it in any direction they wanted.

Over the weekend, the Ubuntu forums went down after a massive security breach resulted in over 1.8 million user credentials being stolen. Canonical made a decision to put the forums in maintenance mode in an attempt to ward off any further attacks. The company says that the attackers managed to get away with every user's local username, password, and email address that was stored in the Ubuntu forum's database.

The company says in the passwords were stored as salted hashes instead of plaintext, but they still recommend that you change any and all passwords that were used on other services such as email, Facebook, or other forum accounts in which you might have use the same password. Canonical says that Ubuntu One, Launchpad, and other related services were not affected by the breach and users of those services need not worry.

Today, the popular version control code repository GitHub issued a statement to the media announcing that it has been fending off a massive attack on its system which managed to knock it servers off-line early Friday morning. The company said that around 10:40 UTC the site was struck with a massive DDoS attack from unknown sources.

Roughly an hour and a half later, the company had implemented processes that began to alleviate the load on their servers but things were not yet back to full functionality. "We've put mitigation in place that should deflect the attack, and services are recovering. We're continuing to monitor closely," GitHub said in a statement.

This is the second large DDoS attack against GitHub this year with the first happening back in March. Before that, the site experienced another massive attack in September 2012 and one before that during February 2012 that lasted for a whole week. It is unclear who keeps attacking the site or what motivates them to try and bring down the service.

After the last month or so with the unveiling of the NSA PRISM system from Edward Snowden, as well as GCHQ, you'd think people would be up in arms over their security. How deep does the rabbit hole go, you ask?

Well, it's now coming to the point where Hewlett-Packard have had to admit, for the second time in a month, that they've built secret backdoors into their enterprise storage products. Technion, a blogger, is the one who has blown the whistle on this one, who saw the security issue in one of HP's StoreOnce systems last month, but then found more backdoors in HP's storage and SAN products.

HP's statement, after Technion blew the whistle, admitted that "all HP StoreVirtual Storage systems are equipped with a mechanism that allows HP support to access the underlying operating system if permission and access is provided by the customer."

When it was first founded over 20 years ago, Defcon was been known as the gathering place where anarchist, geeks, hackers, and the feds could all hang out, talk security and get along on neutral ground. Unfortunately for the feds, the NSA has managed to break a bond of trust that lasted over two decades.

This morning, we learned that the organizers of the Defcon Hacker Conference, held in Las Vegas Nevada, have asked that all federal employees planning to attend the show to please sit out this year as they are not welcome. This may seem like a drastic move to some, but others see it as a way to express the loss of trust many in the online community are feeling at the moment.

"For over two decades DEF CON has been an open nexus of hacker culture, a place where seasoned pros, hackers, academics, and feds can meet, share ideas and party on neutral territory," Jeff Moss, aka The Dark Tangent, wrote in a blog post published Wednesday night. "Our community operates in the spirit of openness, verified trust, and mutual respect."

Ubisoft has announced that one of their sites was hacked and allowed unauthorized access to user account data. Ubisoft has not revealed the number of affected users, though it potentially could be the entire Ubisoft customer base as most of Ubisoft's games require a user account to play. The company has recommended that users change their passwords and passwords on any site that makes use of the same password.

The hackers will have to decrypt the passwords before they are useful, though this shouldn't take too long. Ubisoft stresses that the hackers did not obtain any payment data as it is not stored by the gaming studio. We're hoping to find out just how many of Ubisoft's customers were affected by the hacking, but we're not sure Ubisoft will be forthcoming with that data.

Are you a good bug finder? You might be able to collect a nice paycheck from Microsoft. Microsoft has offered up $100,000 as a top prize for finding an exploit that allows you to bypass the protections built into Windows 8.1. The time frame for this bounty program is ongoing and requires a truly novel exploitation technique.

Microsoft has offered up an additional $50,000 if you provide defensive ideas along with the Mitigation Bypass bug, bringing your grand total to $150,000. This time frame is also ongoing.

Microsoft isn't just concerned with Windows 8.1 security. They have also offered up 30 days to submit critical vulnerabilities found in Internet Explorer 11 Preview on Windows 8.1 Preview. This period will go from June 26 to July 26, 2013. Qualifying bugs are worth up to $11,000.

Kaspersky Labs has announced the discovery of what it is calling the "most sophisticated" Android trojan yet. Kaspersky identifies the trojan as "Backdoor.AndroidOS.Obad.a" and notes that the trojan is capable of many different functions with the added ability to be extremely hard to remove.

Obad.a is capable of sending SMS to premium-rate numbers, downloading other malware, sending malware over Bluetooth, and remote console commands. Obad.a makes use of code obfuscation and several previously undiscovered security holes in Android to make itself hard to remove or analyze.

Once it gains Device Administrator privileges, it's nearly impossible to remove:

If you want to read an 84-page report from the Commission on the Theft of American Intellectual Property, then check it out here. There's something that is quite shocking in this report, which is the proposal to legalize the use of malware for the goal of punishing people believed to be copying illegally.

The 84-page report also proposes that software would be installed into the systems of people that would somehow (feel free to tell us) tell if you were a pirate, and if it found out that you were, lock your system up and take your files hostage until you call the police and confess your crimes. This is actually used right now by shifty people online, when they deploy ransomware. If this even gets considered by Congress, it could be a scary future for the US and the world, if the below quote was to happen:

Tim Clemente, a former FBI counterterrorism agent claims that there is a 'Person of Interest'-type surveillance network used by the US government to monitors their citizens. Clemente talked about this when he appeared on CNN Wednesday night.

The discussion turned to the Boston Marathon attack, and past telephone calls with Katherine Russell and her deceased husband, suspect Tamerlan Tsarnaev. The former FBI agent said those conversations would be available to investigators. Clemente discussed the issue in an exchange, below, with host Erin Burnett:

Everyone's favorite iOS hacker, Jay Freeman, or saurik, has discovered an exploit for Google Glass. The exploit is rather scary due to just how easy it is to implement. The exploit can be loaded onto Google Glass using any Android device, theoretically allowing people to quickly exploit devices while out and about.

More importantly, the exploit allows the hacker full access to the camera and microphone. All a hacker has to do is load a couple of files, which is simple due to Google Glass not having any sort of security protection. Glass has no pin lock, gesture lock, or other method of keeping it secure when not being worn.

If a hacker has full access to a camera and microphone, the device could easily be used to spy on a user's life, collect bank pins, or conduct industrial espionage. Of course, Google Glass Explorer Edition is a bit removed from what we will see in the final consumer version next year. One thing is clear, Google needs to make sure to add some sort of security to the device.

Cyberthreats are the new way of slowly removing citizens' privacy, and now the Department of Homeland Security (DHS) is preparing to deploy a very powerful new version of their EINSTEIN intrusion-detection system that is built to detect attacks and malware, especially when it comes to e-mail.

But because this new version of EINSTEIN is able to read electronic content, it is raising privacy concerns. DHS has recognized this, and have just issued a "privacy impact assessment" on what they're calling EINSTEIN 3 Accelerated, the intrusion detection and prevention system that is expected to be made available as a managed security service from ISPs to monitor the ".gov" traffic to and from civilian agencies and Executive Branch departments.

The DHS has said that EINSTEIN 3 might be able to collect "personally identifiable information" (PII) in some instances where this network security system will not just monitor but also prevent threats by clocking traffic in order to detect a cyberthreat or potential cyberthreat.

Android looks like its the OS of choice for malware developers, with mobile security vendor NQ finding that Android devices infected with malware grew exponentially last year alone.

NQ found that Android devices with malware infections grew from 10.8 million in 2011 to 32.8 million, meaning a triple of infections year-over-year. They also found that nearly 95% of malware detected in 2012 was designed specifically for Google's mobile OS, which means that Android is the main target for cybercriminals.

Most Android malware infections happen in China, India and Russia - so while this might seem like some frightening numbers at first, InfoWorld's Brian Katz does make us feel all a little better. Katz also writes that most mobile malware can be avoided if Android users "download apps only from known sources", such as the Google Play Store. My advice? Don't click ads, don't open suspicious links, don't join random or weird Facebook groups that want all of your info.

A new malware has been discovered by Kaspersky labs. The new malware spreads through Skype and turns the victim's computer into a Bitcoin miner. The victim's machine is then fully loaded to mine Bitcoins which is how the malware author makes money from the software.

The malware currently has a low detection rate. Kaspersky now identifies the malware as Trojan.Win32.Jorik.IRCbot.xkt. The malware is downloaded from a server in India. Once on the victim's machine, it pulls down more files from Hotfile, one of which is a Bitcoin mining application.

Bitcoin mining, explained more in-depth by Bitcoin, is a processor intensive task. The victim's CPU will be fully loaded mining Bitcoins, which are then given to the author of the malware. These Bitcoins are then used to turn a profit.

Crowd funding website Indiegogo was hit by a DDOS attack by an unknown source after YourAnonNews posted up a fundraising campaign. YourAnonNews (YAN) is attempting to raise funds to develop and host a new website that is similar to a newswire for Anonymous news. Apparently someone didn't like the idea.

It's not clear where the DDOS attack originated from and Indiegogo hasn't been exactly forthcoming about the attack. Slava Rubin, founder of Indiegogo, apologized for the outage and offered an extension to any campaigns ending this week: "Any campaigns scheduled to conclude this week will have the option of extending until Sunday by contacting our 24-7 Customer Happiness team."

Activist in Tibet might want to reconsider spreading the word about their next rally through their Android based smartphones. Researchers at Kaspersky Labs have just discovered a new Trojan virus that is designed to target Tibetan and Uyghur Activist.

The malware is specifically designed for Android Phones and is injected into the device when the unsuspecting user opens an email that references the recent World Uyghur Conference. Kaspersky says that this is the first documented attack that targets Android smartphones but it will most certainly not be the last.

In an interview with Mashable, Kurt Baumgartner, a senior security researcher at Kaspersky, said:

A new virus specific to Mac has been discovered by Russian security firm Doctor Web. Named Trojan.Yontoo.1, the virus injects ads into webpages on the infected machine.

The malware works by installing an adware plugin into any of the popular browsers then overlays an advertisement in key locations on webpages. Doctor Web says that this trojan is just another piece of a large adware puzzle that has been infecting OS X for some time now.

The virus can be caught in several different ways, with the most popular method being the use of movie trailer pages in which users must install a plugin to view the content. Other methods of injection have been media player enhancement programs and download accelerators. One indication of infection is that when launched, Trojan.Yontoo.1 will prompt users to install a program called "Free Twit Tube" or something similar.