Thursday, 11 July 2013

Estonia says Europe overreacted to US cyber spying

Europeans have overreacted to allegations that the United States had been snooping on them and vacuuming up huge amounts of phone and Internet data, cyber-savvy Estonia said in an interview published Thursday.
"I could understand such condemnation from European countries that are lily white virgins and not themselves involved in these kinds of activities," Estonian President Toomas Hendrik Ilves told Estonia's leading Postimees daily.
"But it is very hard to understand the criticism when you know how some big European states have acted in a similar way," he said, pointing to recent revelations of German, French and British surveillance programmes.
Ilves has flatly denied that Estonia is involved in any cyber snooping.
The ongoing spy row sparked by fugitive US intelligence leaker Edward Snowden cast a shadow over the Monday start of EU-US talks in Washington on what could be the world's largest free-trade deal.
A Baltic nation of 1.3 million people, Estonia is among the world's most wired countries, with citizens able to access virtually all public services online.
An EU and NATO member since 2004, it also hosts the Western defence alliance's cyber defence centre, which brings together IT security experts from Europe and the US.
Keith B. Alexander, chief of the US National Security Agency implicated in the cyber snooping scandal, opened a meeting of 400 global cyber experts at the centre in early June.

Dutch domain registrar hacked via SQLi

On Tuesday, it came to light that malicious files were present on a number of SIDN websites – files that should not have been there. In order to prevent abuse, SIDN immediately took a number of precautionary measures: the DRS web application was shut down and zone file publication was temporarily suspended. As a result of our precautionary action, some areas of the website that registrars use to download registrarship-related data have been unavailable since Tuesday evening. We believe that the attack began with an SQL injection on the website That site is therefore inaccessible for the time being. The precise nature of the vulnerability is currently being investigated. Further information about the security alert will continue to be made available on the site you are now viewing.

What is SIDN 

The Foundation for Internet Domain Registration in the Netherlands (SIDN) is a registry since 1996 and manages the domain names for the top level domains .NL (ie, all domain names ending in. Nl). For 1996 this function was delegated to the Centre for Mathematics and Computer Science (CWI).
SIDN is well respected in the fields of governance and administration, where it operates as an expert partner on technical, legal and policy matters relating to domain names and the domain name infrastructure. From that basis, SIDN is also closely involved with various wider community initiatives, with the emphasis on increasing the security, reliability, openness and accessibility of the internet.
SIDN represents the interests of .nl at the national and global levels and acts as a key discussion partner for the government. SIDN participates, for example, in international forums such as ICANN, CENTR, RIPE NCC, IETF and IGF. When developing policy for the .nl domain, SIDN works in consultation with its stakeholders, whose views are sought through on-line and off-line interaction, such as the domain name debates and discussion on the platform.
SIDN sponsors various organisations and projects that promote internet use or counter the internet's negative side-effects. Examples include the Platform for Internet Security, the Advertising Fraud Support Centre, the Reporting Hotline for Internet Child Pornography and Bits of Freedom. SIDN is also committed to making the internet more sustainable and reducing server-related carbon emissions.

Anonymous Hacked Several Egypt Government website

The Anonymous Jordan hacked several Egyptian government website  with a statement in support of deposed president Mohamed Morsi.Reported HackRead
The targeted websites belong to different high profile government ministries and departments, such as the website of Ministry of Electricity & Energy ( Egyptian Ministry of Planning and International Cooperation (, Presidency of the Council of Minister’s slums Development Fund (, Ministry of Supreme Council of Culture (, Egyptian Ministry of Culture ( & (, Ministry of Port and Shipping’s Red Sea Ports Authority ( and website of National Council for the Welfare of the families of martyrs and invalids Revolution (
The sites were hacked on 5th July and left with Anonymous official logo, a deface along and a message in Arabic language asking people of Egypt what they are really up to and what do they want? No Mubarak and now no Murso, so what else? The deface message was expressed in following words:
This website was hacked, because we want to pass a message to the Egyptian people” what do u want? u said u didn’t want Mubarak so he left. Your country got into a critical situation, u said u wanted a president, and after the elections, You said Mursi is your president, and Mursi did all he could, its enough that he was an Islamic ruler, (changed the filth that was in Egypt, tourists in Sharm al Sheikh and prostitution etc, bottom line is that I hope my message got to those who don’t want Mursi, cause you cant find a ruler like him in all Egypt. Important Note: what caught my attention is that Egypt will be divided in three countries, and u’ll see everything going to be a game I swear.
Links and mirrors of hacked sites are mentioned below:
At the time of publishing this article, all 8 websites were hacked and displaying deface page left by the hacker.

Kremlin Turns Back to Typewriters to Avoid Information Leaks

MOSCOW- A Russian state service in charge of safeguarding Kremlin communications is looking to purchase an array of old-fashioned typewriters to prevent leaks from computer hardware, sources said Thursday.
The throwback to the paper-strewn days of Soviet bureaucracy has reportedly been prompted by the publication of secret documents by anti-secrecy website WikiLeaks and the revelations leaked by former US intelligence contractor Edward Snowden.
The Federal Guard Service, which is also in charge of protecting President Vladimir Putin, is looking to spend just over 486,000 rubles ($14,800) to buy a number of electric typewriters, according to the site of state procurement agency,
"This purchase has been planned for more than a year now," a source at the service, known by its Russian acronym FSO, told AFP on Thursday.
The notice on the site was posted last week. A spokeswoman for the service declined comment.
Pro-Kremlin newspaper Izvestia said the state service was looking to purchase 20 typerwriters because using computers to prepare top-secret documents may no longer be safe.
"After scandals with the distribution of secret documents by WikiLeaks, the exposes by Edward Snowden, reports about Dmitry Medvedev being listened in on during his visit to the G20 summit in London, it has been decided to expand the practice of creating paper documents," the newspaper quoted a FSO source as saying.
Unlike printers, every typewriter has its own indivdual pattern of type so it is possible to link every document to a machine used to type it, Izvestia said.
Documents leaked by Snowden appeared to show that Britain spied on foreign delegates including then president Dmitry Medvedev at the 2009 London G20 meetings, said British newspaper The Guardian last month.
Russia was outraged by the revelations but said it had the means to protect itself.
Snowden has been stuck in legal limbo at the transit zone of a Moscow airport for a third week after arriving from Hong Kong on June 23.

Nintendo site breached after month-long brute force assault

A sustained brute force cyber attack battered Nintendo’s sites for a month this summer – and allowed cybercriminals access to private data such as names, addresses and phone numbers for up to 24,000 Club Nintendo accounts.
The “brute force” attack carried on from 9 June to 2 July this year – involving 15.5 million attempted logins, according to the Japan Times. Nearly 24,000 accounts were successfully breached, and personal information accessed. The attack went undetected until 2 July, Nintendo has admitted.
The Japanese games company has since initiated a password reset. A company representative said that only Japanese site users had been affected, in an interview with gaming site C&VG.
Club Nintendo is a “reward points” scheme for gamers, with four million members in Japan. The news follows a data breach at gaming company Ubisoft last week, also targeting a system used to distribute “rewards” to gamers.
Users of Ubisoft’s Uplay received an email last week, saying that personal data including email addresses, user names and encrypted passwords had been compromised. Uplay works across platforms such as PC, Xbox 360, iOS and Facebook. The Uplay system requires users to log in with an email or password, and offers digital extras such as screensavers for PC games, but also works as a Digital Rights Management system (DRM) to prevent copying.

U.S. Government destroys $170,000 of PCS in malware scare – even mice and keyboards

A U.S. Government department threw away IT components worth $170,000 including printers, computer mice and keyboards, in an effort to root out a “sophisticated” and “persistent” malware threat which did not exist.
The destruction only stopped because of budgetary restrictions – staff had planned “destruction of its remaining IT components, valued at over $3 million,” an official report into the incident concluded.
The Economic Development Administration believed that it was facing “a sophisticated cyber attack” using “extremely persistent malware” – after miscommunication between departments led staff to believe that 146 components were infected by malware. The correct figure was two.  An email listing the total number of components in the department was misconstrued as listing the number of infected components, a report said.
A series of miscommunications between the EDA and the Department of Commerce Computer Incident Response Team led to EDA staff vastly overestimating the scope of the threat, a U.S. Government report into the incident concluded. The EDA report into the incident described the organization’s response as “unwarranted.”
“EDA’s CIO concluded that the risk, or potential risk, of extremely persistent malware and nation-state activity (which did not exist) was great enough to necessitate the physical destruction of all of EDA’s IT components,” the report says.
“EDA initially destroyed more than $170,000 worth of its IT components,including desktops, printers, TVs, cameras, computer mice, andkeyboards. By August 1, 2012, EDA had exhausted funds for this effort and therefore halted the destruction of its remaining IT components, valued at over $3 million.”
An outside contractor found “common malware but no nation-state activity or extremely persistent malware,” the report said. The incident cost $2.747 million in lost equipment, and fees for recovery solutions – half the department’s IT budget. EDA systems, including email, were also offline for two months in early 2012.
“On January 24, 2012—believing it had a widespread malware infection—EDA requested the Department isolate its IT systems from the HCHB network,” the report says. “This action resulted in the termination of EDA’s operational capabilities for enterprise e-mail and Web site access, and regional office access to database applications and information residing on servers connected to the HCHB network,” the report says.

Feds asked to avoid Def Con hacking conference after PRISM scandal

The organisers of the US hacking conference Def Con have asked federal agents to stay away from this year's event given the revelations about the PRISM hacking scandal that broke earlier this year, generating huge levels of mistrust among the hacking community.

Writing under his alias The Dark Tangent on the event’s website, organiser Jeff Moss said in the past the open nature of Def Con had been its greatest asset and a reason why the event had proved so popular.

“For over two decades Def Con has been an open nexus of hacker culture, a place where seasoned pros, hackers, academics, and feds can meet, share ideas and party on neutral territory,” he wrote.

“Our community operates in the spirit of openness, verified trust, and mutual respect.”

However, he said that this year it would be sensible if a line was drawn and agents did not attend, as emotions would be running high about the extent of surveillance carried out by the government under the PRISM data collection scheme.

“When it comes to sharing and socialising with feds, recent revelations have made many in the community uncomfortable about this relationship,” Moss added.

“Therefore, I think it would be best for everyone involved if the feds call a ‘time-out’ and not attend DEF CON this year.”

He added that this would give everybody “time to think about how we got here, and what comes next."
Earlier this week the European Commission (EC) approved an investigation into the PRISM spying scandal, which also led to claims that government offices had been bugged in order to pry into conversations between world leaders.

Hackers hitting Microsoft Windows flaw revealed by Google researcher

Hackers are exploiting a bug in Microsoft Windows that was originally disclosed by a Google researcher two months ago.
Microsoft issued the warning in its latest security advisory, saying that without the patch fix hackers could theoretically use the flaw to increase their privileges, thus wrestling control of the device from the end user.
The flaw was originally discovered and posted publicly online by Google security engineer Tavis Ormandy on the full disclosure blog in May. Ormandy said the bug relates to a "silly" piece of code from Microsoft, used in Windows 7 and Windows 8.
It was unclear whether the flaw had been actively exploited by criminals prior to Ormandy's post, though Microsoft's has since confirmed detecting numerous targeted attacks aimed at it. The details of the attacks and the potential damage caused remain unknown and at the time of publishing Microsoft had not responded to V3's request for comment.
The post has since caused a heated debate about the nature of full disclosure within the security community. Experts that practice a full disclosure policy believe posting any security flaws they discover online to the public helps improve the world's security, forcing the parties involved to fix the flaws sooner rather than later. Others believe the practice is irresponsible as it alerts cyber criminals and black hats about the flaw before the company has had time to react.
Ormandy is one of many Google engineers to support the full disclosure philosophy. Prior to his release Google security engineers Chris Evans and Drew Hintz threw down a gauntlet to companies saying they will give them just seven days to come clean on any zero day vulnerabilities they discover before making them public.

Google plugs 'Master Key' security flaw afflicting 99 percent of Android users

Google logo
Google has released an emergency fix plugging a security vulnerability that was affecting 99 percent of all Android devices.
A Google spokesman confirmed to V3 the company has released the patch to core partners and OEMs, but added the firm is yet to see any evidence suggesting the flaw has been actively exploited by cyber criminals.
Even with the patch fix released, it will still remain up to manufacturers and partner companies to roll it out to the general public. In the past companies have been slow to release updates to Android.
The vulnerability was originally reported by security firm Bluebox and reportedly affects every version of Android since 1.6. and could be used to target any Google phone or tablet released in the last four years.
Bluebox security chief technology officer Jeff Forristal said the flaw relates to the cryptographic signature of Android apps. Theoretically if exploited the flaw could allow hackers to turn legitimate applications into defence-dodging Trojans.
This is largely due to the fact most companies, like Samsung, Sony and HTC have chosen to customise the Android version used on their devices which need to be optimised for each new version of the OS released by Google.
The slow update cycle means that in the past older versions of Android, like Gingerbread have been the most commonly used. It was only this month that Google's latest Jelly Bean Android version overtook Gingerbread to become the most common version of the OS.
Security experts have highlighted the slow update cycle as causing numerous problems outside of the Master Key issue reported by Bluebox. Most recently experts from Trend Micro and Kaspersky said even with the release Android's fragmented nature makes it difficult to fully secure the operating system, making it laborious and costly for security firms to fully support all Android versions.

MoD silent on cyber attack that stole data from its systems

Soldiers train on land in Cumbria which is also used to offset businesses' carbon emissions
The Ministry of Defence (MoD) has refused to reveal any more information on a cyber espionage attack that led to the theft of key data from its systems.
The attack was revealed on Wednesday in a report by the Intelligence and Security Committee (ISC) in its annual briefing to parliament.
In the document the ISC revealed that the MoD confirmed the loss when giving evidence earlier this year to the committee.

The report said: “Government departments are also targeted via attacks on industry suppliers, which may hold government information on their own systems. We have been told that cyber espionage ‘[has] resulted in MOD data being stolen'."

In response, when contacted by V3, the MoD said it would not disclose any more information on the attack, such as when it happened or what type of data was stolen, although it did acknowledge that such attacks are commonplace.
"MoD networks and systems are probed on a regular basis. For operational reasons we do not comment on the number or nature of these attacks," a statement read.
The attack on the MoD was not the only threat revealed by the ISC as it informed parliament that numerous government departments were hit by a attack in the summer of 2012, with 200 email accounts within 30 departments targeted.

“In recent years, many government departments have come under cyber attack: often, this has involved websites being disrupted by denial-of-service attacks, and last summer over 200 email accounts across 30 government departments were targeted in an attempt to steal confidential information,” it said.
The ISC said the government systems to protect against such attacks are “reasonably well developed” but there are still concerns over whether updates to key security tools and software are applied quickly enough to protect networks.

Overall the ISC said such attacks underline the scale of the threat facing the UK and the need for the government to do all it can to protect against cybercrime.

“The threat the UK is facing from cyber attacks is disturbing in its scale and complexity. The theft of intellectual property, personal details and classified information causes significant harm, both financial and non-financial,” it said.

“It is incumbent on everyone – individuals, companies and the Government – to take responsibility for their own cyber security. We support the Government’s efforts to raise awareness and, more importantly, our nation’s defences.”
As such it said that, while spending cuts in the defence budget were accepted, cyber security must remain a key priority for future resources.

“Planning must begin now to ensure that resources will be made available to combat cyber attacks in the latter half of this decade, bearing in mind the resources our allies are putting into this area in recognition of the seriousness of the threat," it said.
"The government must ensure that real progress is made as part of the wider National Cyber Security Strategy: the UK cannot afford not to keep pace with the cyber threat."

Whistleblowers that got hunted down by the government

hese whistle blowers; Edward Snowden, Bradley Manning, Thomas Drake, John Kiriakou, Stephen Jin-Woo Kim, Shamai Leibowitz and Jeffrey Sterling have all seen the force the United States will apply to catch and punish whistle blowers.

Edward Snowden

Edward Snowden
Edward Joseph Snowden (born June 21, 1983)is a former technical contractor and Central Intelligence Agency (CIA) employee who worked for Booz Allen Hamilton, a contractor for the National Security Agency (NSA), before leaking details of classified NSA mass surveillance programs to the press. Snowden shared classified material on a variety of top-secret NSA programs, including the interception of US telephone metadata and the PRISM surveillance program, primarily with Glenn Greenwald of The Guardian, which published a series of exposés based on Snowden's disclosures in June 2013. Snowden said the leaks were an effort "to inform the public as to that which is done in their name and that which is done against them."
Snowden's alleged leaks are said to rank among the most significant breaches in the history of the NSA.Matthew M. Aid, an intelligence historian in Washington, said disclosures linked to Snowden have "confirmed longstanding suspicions that NSA's surveillance in this country is far more intrusive than we knew." On June 14, 2013, US federal prosecutors filed a sealed complaint, made public on June 21, charging Snowden with theft of government property, unauthorized communication of national defense information and willful communication of classified intelligence with an unauthorized person; the latter two allegations are under the Espionage Act
The United States revoked his passport and demanded that he got deported back to the U.S. The United States even bargained with China about intelligence and Snowden.

Bradley Manning

Bradley Manning
Bradley Edward Manning (born December 17, 1987) is a United States Army soldier who was arrested in May 2010 in Iraq on suspicion of having passed classified material to the website WikiLeaks. He was ultimately charged with 22 offenses, including communicating national defense information to an unauthorized source and aiding the enemy.
Assigned to an army unit based near Baghdad, Manning had access to databases used by the United States government to transmit classified information. He was arrested after Adrian Lamo, a computer hacker, told the FBI that Manning had confided during online chats that he had downloaded material from these databases and passed it to WikiLeaks. The material included videos of the July 12, 2007 Baghdad airstrike and the 2009 Granai airstrike in Afghanistan; 250,000 United States diplomatic cables; and 500,000 army reports that came to be known as the Iraq War logs and Afghan War logs. It was the largest set of restricted documents ever leaked to the public. Much of it was published by WikiLeaks or its media partners between April and November 2010

Tho​mas Drake

Thomas Andrew Drake
Thomas Andrews Drake (born 1957) is a former senior executive of the U.S. National Security Agency (NSA), a decorated United States Air Force and United States Navy veteran, and a whistleblower. In 2010 the government alleged that Drake 'mishandled' documents, one of the few such Espionage Act cases in U.S. history. Drake's defenders claim that he was instead being persecuted for challenging the Trailblazer Project. He is the 2011 recipient of the Ridenhour Prize for Truth-Telling and co-recipient of the Sam Adams Associates for Integrity in Intelligence (SAAII) award.
On June 9, 2011, all 10 original charges against him were dropped. Drake rejected several deals because he refused to "plea bargain with the truth". He eventually pled to one misdemeanor count for exceeding authorized use of a computer; Jesselyn Radack of the Government Accountability Project, who helped represent him, called it an act of "civil disobedience.

John Kiriakou

John Kiriakou
John Kiriakou (born August 9, 1964) is a former CIA analyst and case officer, former senior investigator for the Senate Foreign Relations Committee, and former counter-terrorism consultant for ABC Newsblogger for Huffington Post, and author.
He is notable as the first official within the U.S. government to confirm the use of waterboarding of al-Qaeda prisoners as an interrogation technique, which he described as torture.
On October 22, 2012, Kiriakou pled guilty to disclosing classified information about a fellow CIA officer that connected the covert operative to a specific operation. Kiriakou thus became the second C.I.A. officer convicted of violation of the Intelligence Identities Protection Act and the first for passing along classified information to a reporter, although the reporter did not publish the name of the operative.He was sentenced to 30 months in prison on January 25, 2013 and reported to the low-security Federal correctional facility in Loretto, Pennsylvania to begin serving his term on February 28, 2013. Bruce Riedel, a former intelligence adviser to Barack Obama who turned down an offer to be considered for CIA director in 2009, has sent the President a letter signed by eighteen other CIA veterans urging that the sentence be commuted.
Kiriakou received a prison "send-off" party at an exclusive Washington, D.C. hotel hosted by political peace activists dressed in orange jumpsuits and mock prison costumes. In 2012, Kiriakou received the Joe A. Callaway Award for Civic Courage for standing up for constitutional rights

Stephen Jin-Woo K​im

Stephen Jin-Woo Kim
Stephen Jin-Woo Kim is a Senior Analyst at the Office of National Security at Lawrence Livermore National Laboratory. He previously had a career in academia and government service.He lives in McLean, Virginia.
Kim was charged him the Espionage Act for allegedly disclosing to a reporter that North Korea might test a nuclear bomb. His defenders argue that such disclosure is both harmless and commonplace in Washington, and that the charge against him is excessive and unprecedented.
He was born on August 15, 1967 in SeoulSouth Korea. His family moved to New York in 1976. He attended Fordham Preparatory School, a Jesuit school. For college he went to the Georgetown University School of Foreign Service (1989). He tried out Wall Street but found the work did not suit him. Following that, he attended Harvard for a master's degree in national security (1992), and then Yale for a Ph.D. in diplomatic and military history (1999). He authored a book based on his dissertation. He has also extensively studied philosophy and literature.
After graduation, he went to work at the Center for Naval Analyses, where he analyzed U.S. operations in Kosovo, Afghanistan, and Iraq. After the September 11 attacks, he moved to the Lawrence Livermore National Laboratory where he focused on North Korea. He briefed the Defense Policy Board on his work, as well as KissingerHadley, and Cheney. He also worked at the Office of Net Assessment under the Secretary of Defense, analyzing Chinese nuclear issues.
In 2008, he went to work as a contractor at the State Department at the Bureau of Arms Control, Verification and Compliance. There he was Senior Advisor for Intelligence to the Assistant Secretary of State for Verification, Compliance, and Implementation. He studied North Korea's nuclear program, especially its claims of dismantling its equipment. He also participated in nuclear war games at the Naval War College

Shamai​ Leibowitz

Shamai Leibowitz
Shamai Kedem Leibowitz is a lawyer and blogger who was convicted under the Espionage Act of 1917 for leaking information to a blogger.
Leibowitz worked as a contract Hebrew linguist for the Federal Bureau of Investigations (FBI) monitoring wiretaps of the Israeli embassy in Washington, D.C..Leibowitz said, “During the course of my work I came across wrongdoings that led me to conclude this is an abuse of power and a violation of the law. I reported these violations to my superiors at the FBI who did nothing about them. Thereafter, to my great regret, I disclosed the violations to a member of the media.”He became concerned about communications he heard indicating a potential attack on Iran by Israel and illegal influence-peddling by the Israeli embassy, and leaked information to Richard Silverstein who runs a blog, Tikun Olam: Make the World a Better Place. He was sentenced to 20 months in prison, although the proceedings were so secret at the time that not even the judge knew specifically what he had leaked.
His grandfather was Israeli intellectual Yeshayahu Leibowitz.

Jeffrey Sterl​ing

Jeffrey Alexander Sterling
Jeffrey Alexander Sterling is a former CIA employee, who was indicted and subsequently arrested under the Espionage Act for allegedly revealing details about Operation Merlin to journalist James Risen
Jeffrey Alexander Sterling joined the CIA on 14 May 1993, and in 1995 became Operations Officer in the Iran Task force of CIA's Near East and South Asia division. He held a Top Secret security clearance and had access to Sensitive Compartmented Information, including classified cables, CIA informants and operations. After training in Persian in 1997 he was sent first to Bonn, Germany, and two years later to New York City to recruit Iranian nationals as agents for the CIA, as part of a secret intelligence operation related to the weapons capabilities of Iran. In April 2000, Sterling filed a complaint about racial discrimination practices by CIA management with CIA's Equal Employment Office. The CIA subsequently revoked Sterling's authorization to receive or possess classified documents concerning the secret operation, and placed him on administrative leave in March 2001. After the failure of two settlement attempts, his contract with the CIA was terminated on 31 January 2002

Iranian PRISM revealed

Yes - you are reading it right. Iran has its own PRISM program that allows the Iranian government to track each step that is made in the Iranian domain but it is not limited to the Iranian domain.

Iranian PRISM

The Iranian PRISM device is able to monitor internet connections, phone calls and text messages - it does not matter where you are, you can be with your friends, family or colleagues - you will get spied on.

Iranian elections 2013 

Resources tell that during the Iranian elections of 2013 - the Iranian PRISM program was used. Over 200 international journalists applied to report on the Iranian elections - they all got examined and they had to pass the Zionist spy test.

United Kingdom providing the Iranian PRISM program?

In 2011 a article provided information about how the Iranians are obtaining tools from foreign countries that are able to track people down.
Lord Alton has tabled six questions in the House of Lords for the UK government, which are due to be answered by 21 November.
He has asked why there is no existing export ban on UK-made software and equipment that "has been used to track down protesters and democracy activists in Iran". He has also asked the government if it has investigated "the alleged use of intercepts by mobile telephone monitoring devices manufactured in the UK in the interrogation and torture of Iranian democracy activists".

Gmail hacked by Iran

Google reports it has stopped a series of attempts to hack the email accounts of tens of thousands of Iranian users in what the company believes is an attempt to influence the country's upcoming election.
"For almost three weeks, we have detected and disrupted multiple email-based phishing campaigns," Eric Grosse, the vice-president for security engineering, wrote in a post on Google's blog on Wednesday. The phishing campaigns are originating in Iran, targeting users there and representing a big surge in the region's hacking activity before Iran's presidential election" - Google

Verizon 2013 Data Breach Investigations Report ,Download

The 'Verizon 2013 Data Breach Investigations Report' reveals that large-scale financial cybercrime and state-affiliated espionage dominated the security landscape in 2012.
Taking the top spot for all breaches in the 2013 report is financially motived cybercrime (75 percent), with state-affiliated espionage campaigns claiming the No. 2 spot (20 percent). Breaches in the No. 2 spot include cyberthreats aimed at stealing intellectual property -- such as classified information, trade secrets and technical resources -- to further national and economic interests.
The 2013 DBIR also found that the proportion of incidents involving hacktivists -- who act out of ideological motivations or even just for fun -- held steady; but the amount of data stolen decreased, as many hacktivists shifted to other methods such as distributed denial of service (DDoS) attacks. These attacks, aimed at paralyzing or disrupting systems, also have significant costs because they impair business and operations.

Luxembourg spying scandal breaks government

Luxembourg's parliament on Wednesday reviewed a report it commissioned on the securityagency's illegal bugging of politicians, purchase of cars for private use and allegations it took payments and favors in exchange for access to local officials.
The report concluded that Juncker had limited control over the agency despite being the responsible minister and that he failed to inform either the parliamentary committee of control or justice authorities about its operations.
"We invite the prime minister to take full political responsibility in this context and ask the government to intervene with the head of state to clear the path for new elections," Alex Bodry, the president of the socialist coalition partner, told the Luxembourg parliament.
Juncker, who became prime minister in 1995 and is the European Union's longest serving head of government, denied having done anything wrong.
"If you think that you will have to vote," an angry Juncker said earlier on Wednesday after citing a newspaper article that accused him of abusing the secret service for his personal gains and those of his party.
It was not immediately clear whether Juncker would participate in the new elections, which have to take place within three months.
The center-right CSV and its socialist coalition partner hold 39 of the 60 seats in parliament.
Wealthy Luxembourg, a major financial hub, is one of Europe's most politically stable countries. The CSV has led all but one government since World War Two.

Cyber Insurance a Gold Mine

Europe's biggest insurer Allianz is expecting to cash in on growing corporate demand for insurance against computer hacking and Internet breakdowns, it said yesterday.
"We see cyber insurance as a big growth market," said Hartmut Mai, board member at Allianz's AGCS unit for global corporate and special insurance risks.
Insuring against cyber threats is seen as a potentially lucrative market for Europe's insurers, particularly now that lawmakers are promising bigger fines for companies that lose data.
"If my production lines are silent because my cloud [computing] provider cannot make the data I have stored there available, then that could threaten the company's existence," Mai told a press briefing.
While cyber insurance products in the US are already well developed, generating premiums of around $1.3 billion per year, they are drawing premiums of only around €150 million in continental Europe, including between €50 million and €70 million in Germany, Mai said.
That leaves room for the market outside the United States to grow by double-digit rates.
"We see the overall market in Europe at between €700 million and €900 million in 2018," Mai said, adding that Allianz aimed to grow with the market and hold a share of around a fifth.
Allianz has brought several types of risk cover, including some existing insurance products, into a single package for its cyber offering, which it expects will be of interest to telecoms companies, software houses, online retailers and banks.
Annual premiums would range from roughly €50 000 to €90 000 and would offer between €10 million and €50 million of protection, Mai said. The insurer is rolling out the package in western Europe, Australia and New Zealand this year, and will target several Asian countries in 2014. It does not plan to offer it to US-based customers, where the liability rules make the market