Monday, 29 July 2013

50 years old man arrested for high profile cyber attack

A Merseyside man has been arrested for a series of cyber attacks against bank and council websites.
Titan officers raided a house in Farmer Place in Bootle and arrested a 50-year-old man seizing his computer and other equipment.
He was taken to a police station in Merseyside where he has been questioned by detectives on suspicion of offences under Section 3 of the Computer Misuse Act.
On July 7 and 8, two separate ‘denial of service’ attacks were launched against the customer-facing websites of two multi-national banks.
The attacks disrupted the websites for around 40 minutes on each evening.
The previous month, a council website in the north of England had been disrupted for two hours one afternoon using the same tactic.
Two days earlier on June 7, a website provider for an advisory service providing advice about family court matters was attacked.
The server was flooded with hostile traffic which blocked genuine users of the site for four hours.
The organisations in all four cases have suffered as a result of customers or service-users being unable to access their websites, financial losses from getting IT specialists to rectify the problem, and reputational damage.
Detective Chief Inspector Janet Hudson, who leads the North-West’s e-crime unit, which is part of Titan, the regional organised crime unit, said: “Today’s arrest is the result of a highly complex but fast-developing investigation by specialist investigators both here in the North-west and elsewhere in the UK.
“Four large organisations have suffered as a result of these cyber-attacks with the services they provide badly affected for lengthy periods.
“These attacks caused worry and concern – no-one knew how long they would last or if the damage could be repaired. This is the impact of cyber-crime – it is not a victimless crime. It affects real people with real businesses and this arrest shows the police and other agencies can and will take action against suspected offenders.”
The warrant was executed in Bootle as part of an on-going investigation by Titan, the Serious Organised Crime Agency (SOCA) Cyber department and the Police Central e-Crime unit (PCeU).

Nato urges military to recruit white hat hacker army to boost defences

hacker1
Nato has called for military and private industry to recruit more ethical hackers, listing their skills as an essential weapon in its ongoing anti-black hat war.
Nato deputy assistant secretary general Jamie Shea issued the statement in video review exploring the ethical hacking community. He said: "In order to have a defence you need to have a much wider group of people with a much broader set of skills working for you than as in the old days when we were talking about the man from the ministry with a set identity. That's not the case anymore."
A Nato spokesman added in the video that the community is currently an under-tapped source that could help temporarily plug the global cyber skills gap.
"Traditionally, ethical hackers, known as white hats, have disclosed security bugs for free and many continue to do so just for the prestige. But with industry and governments around the world looking to beef up their cyber defences, ethical hackers can now have the pick of jobs in a booming industry."
The spokesman added that companies and governments must work to create an ethical disclosure culture making financially – as well as legally – advantageous for bug hunters to responsibly report vulnerabilities. The news was welcomed by private security expert Graham Cluley, who mirrored Nato's sentiment in a blog post.
"The risk associated with a security exploit being sold to the highest bidder, of course, is that the average user doesn't necessarily get protected. Instead, details of the flaw may never be exposed to the software vendor, giving others an opportunity to abuse it for their own financial or intelligence gain," he wrote.
"Clearly that is something the Nato video is concerned about, and it takes pains to interview hackers who believe in responsible disclosure of bugs to vendors, giving the manufacturer time to fix the problem before details of the bug are made public. With the stakes rising all the time, it's no wonder that more people are wondering whether a career in IT security might be a good choice for them – either as a defender, or as a bug hunter."
Nato's statements follow numerous warnings that governments are failing to train the next generation of cyber security experts. Most recently the UK National Audit Office (NAO) issued a report warning that the skills gap would last 20 years, costing the UK £27bn a year.
Despite the negative forecast the Nato spokesman highlighted the UK Cyber Strategy as a key positive addressing the gap. "There is a shortage of skilled IT security professionals around the world. The UK has recently launched a training and education initiative in schools and universities to address the skills gap."
The Cyber Strategy was announced in 2011, when the UK government pledged to invest £650 to train the next generation of security experts. The initiative has had a heavy focus on education, setting up numerous higher education centres and apprenticeship schemes for young people looking to enter the security industry. In May the UK government pledged to invest £7.5m to create new cyber security research centres at Oxford University and Royal Holloway University London.

Hackers using spoofed headers as malware runners


Digital security padlock red image
Hackers are using advanced header spoofing techniques to hide their tracks, according to security firm Trend Micro.
Trend Micro threat analyst Roddell Santos said the company had detected several attacks using the evolved technique to avoid detection in a blog post about the malware spoofing threat.
"Spoofing – whether in the form of DNS, legitimate email notification, IP, address bar – is a common part of web threats. We've seen its several incarnations in the past, but we recently found a technique known as header spoofing, which puts a different spin on evading detection," he wrote.
"Header spoofing is when a URL appears to be downloaded from a certain domain, but in reality it is downloaded from a different and (very likely) malicious one. Unlike other types of spoofing techniques, this action is done without any system or file modification. Instead, header spoofing is performed by modifying the network packet, in particular adding the new domain to the request header once malware has connected to server and right before it sends the data."
Santos highlighted an attack using the TROJ_RODECAP.SM malware as an example of how dangerous the technique is. The Trend analyst said the TROJ_RODECAP.SM attack hid the malware's true domain and network activity from network administrators using a bogus 'GET' command link and downloaded file header.
"From the network traffic, it can be seen that the reply came from the domain {BLOCKED}.104.93, which is located in Russia and is not connected to Google at all," he wrote
"Thus, network administrators might skip or regard the traffic as harmless because the purported requested link is a legitimate domain and merely leads to an image file. This spoofing provides a good way to cover up the communication between the malware and the remote server that ultimately avoid arousing any suspicion, without revealing itself to end users."
Santos said the technique is similar to that seen on the StealRat botnet. The StealRat botnet was uncovered by Trend Micro researcher Jessa De La Torre last week. At its height the botnet is believed to have turned 85,000 unique IPs into malware-spreading tools.
Santos highlighted the influx of detection-dodging attacks as proof that criminals are expanding their cyber arsenals. "These incidents highlight how threat actors are coming up with new tools and techniques to evade detection by security vendors," he said.

Volkswagen wins high court block on luxury car hack codes


volkswagen
Volkswagen has won a high court ruling blocking a university security lecturer from releasing research revealing the start codes for multiple manufacturers' cars.
Volkswagen won the case against University of Birmingham lecturer Flavio Garcia after he sought to publish a white paper revealing the codes used to start smart cars. The paper reportedly contains start codes for numerous big brands including Porsche, Audi, Bentley and Lamborghini.
"The University of Birmingham is disappointed with the judgment which did not uphold the defence of academic freedom and public interest, but respects the decision," the university said.
It has decided to defer publication of the academic paper in any form while additional technical and legal advice is obtained given the continuing litigation."
Volkswagen merely confirmed the ruling: "We can simply confirm that the UK High Court has issued an interim injunction in Volkswagen AG’s favour, against publication."
The news is highly relevant as it follows a pledge by renowned security expert Charlie Miller to release hack tools that will let researchers hijack control of moving cars. Miller confirmed plans to reveal and release the tools at the DefCon security conference in August.
The ethical hacker said the DefCon session will be co-hosted by director of security intelligence at IOActive Chris Valasek and will see them demonstrate the two-stage hack on two unnamed "modern" cars.
"Automotive computers, or Electronic Control Units (ECU), were originally introduced to help with fuel efficiency and emissions problems of the 1970s but evolved into integral parts of in-car entertainment, safety controls, and enhanced automotive functionality. This presentation will examine some controls in two modern automobiles from a security researcher's point of view," read the session description.
"We will first cover the requisite tools and software needed to analyse a Controller Area Network (CAN) bus. Secondly, we will demo software to show how data can be read and written to the CAN bus. Then we will show how certain proprietary messages can be replayed by a device hooked up to an ODB-II [sic] connection to perform critical car functionality, such as braking and steering. Finally, we'll discuss aspects of reading and modifying the firmware of ECUs installed in today's modern automobile."
Miller said the exploit will work on numerous car models, and joked that he accidentally crashed his own car while testing it on Twitter.
Charlie Miller initially rose to fame in the White Hat hacking community when he publicised a remote zero-day exploit for the iPhone. Apple infamously responded by blacklisting him from its developer community. He has since taken a role as at Twitter as a security researcher.

Russia to Reply to US Attorney General’s Snowden Letter

Russia’s Justice Ministry is preparing a reply to the US attorney general’s letter seeking the return of fugitive former intelligence contractor Edward Snowden to America to face espionage charges, the Justice Ministry’s press office said on Sunday.
“The Justice Ministry of Russia will prepare a reply to a letter by US Attorney General Eric Holder, which was received on July 24, 2013,” the ministry’s press office said, without specifying the nature of the reply or the time it would be ready.
In his letter, Holder assured Russian Justice Minister Alexander Konovalov that US prosecutors would not pursue the death penalty against Snowden in connection with espionage charges for leaking information about classified government surveillance programs.
“The charges he faces do not carry that possibility, and the United States would not seek the death penalty even if Mr. Snowden were charged with additional, death penalty-eligible crimes,” Holder said in the letter, adding that Snowden’s grounds for seeking temporary asylum in Russia are “entirely without merit.”
Holder said Snowden “will not be tortured” if Snowden is returned to the United States from Moscow’s Sheremetyevo Airport, where he has been reportedly living since arriving on a flight from Hong Kong on June 23.
“Torture is unlawful in the United States,” Holder said.
Snowden, who is wanted by the United States for leaking classified data about the US National Security Agency’s surveillance programs, formally requested temporary asylum in Russia on July 16.
Washington has repeatedly called on Moscow to reject Snowden’s request for asylum and send him back to the United States to stand trial on charges of espionage and theft.

Rat Cyber Attack Exposed Stored Visa&MasterCard Numbers

Federal investigators say a malware attack that targeted a select group of Kentucky and Southern Indiana merchants has been contained.But the software vulnerability, which exposed those merchants' point-of-sale networks to compromise, could still have farther-reaching effects.
This is still ongoing," says Marjorie Meadors, assistant vice president and head of card fraud prevention for Louisville-based Republic Bank & Trust.
"Even though the affected point-of-sale systems have been shut down, the hackers are still using the information, so fraud is continuing to come in. I know every bank in this area has been affected, and we've enhanced our detection systems to ensure we catch transactions that are suspected to be fraudulent."
The attack, which was traced back to a vulnerability in software used to remotely access POS devices and systems, likely began sometime in mid-February, says Craig Hutzell, a spokesman for the Kentucky Electronic Crimes Task Force, which is part of the Secret Service.
"The number of merchants infected with the malware is in the single digits right now," Hutzell says. But the Secret Service's investigation remains open, he adds.
So far, the compromised software, provided by a reseller in Louisville, has only been linked to local merchants. But any merchant using the software, unpatched, could be susceptible to attack, Meadors says.
"I'm sure there are merchants in other states using this same remote software, too," she says.
Tracing the Attack
Area card issuers tied fraudulent transactions back to a number of merchants that had one thing in common - the same POS-system remote-access software, Meadors says.
The attack, which is believed to have exposed hundreds of debit and credit accounts in Louisville, Ky., and surrounding areas, including Southern Indiana, has been linked to numerous overseas Internet protocol addresses, Hutzell says.
"We have imaged the POS devices and systems that were infected and have sent that to our headquarters in D.C. for future analysis," he adds. "Our experts there are reviewing that information now and will let us know if more is discovered."
"Merchants that were PCI [Payment Card Industry Data Security Standard] compliant only had the last four digits [of the debit and credit card numbers] in their systems, and that was all the malware could collect," he says. "But the merchants that were carrying the entire card numbers were exposed."
The Secret Service is not releasing the names of the affected merchants, nor is it yet naming the reseller who sold the vulnerable software to those merchants.
Hutzell also says investigators believe the compromised card numbers were sold in underground forums shortly after they were obtained. "Within five days of the breach, we started seeing fraudulent charges," he says.
So far, only signature-based MasterCard- and Visa-branded card transactions appear to have been breached, Meadors says. But fraudulent transactions are cropping up from all over the country; and within the last week, the number of fraudulent transactions from international markets has significantly increased, she says.
Retail Breaches Common
Malware attacks aimed at retailers are becoming increasingly common.
In March, the St. Louis-based Schnucks grocery store chain announced it was investigating a possible breach of debit and credit card data. The retailer in April said "malicious computer code" had captured details from some 2.4 million cards.
In February, Bashas' Family of Stores confirmed a breach of its corporate network, which connects 130 locations operating under the Bashas' supermarkets, AJ's and Food City brands. The retailer said it had discovered a never-seen-before malware on its network, which allowed attackers to gain access to internal systems and capture sensitive payment information.
And in January, the Zaxby's restaurant chain notified federal authorities of a computer system and point-of-sale breach that had affected 108 locations in Florida, Kentucky, Georgia, South Carolina, Alabama, Mississippi, Tennessee, North Carolina, Virginia and Arkansas. Zaxby's Franchising Inc. noted that malware and other suspicious files had been found on compromised computer systems at certain locations.

Hackers hijack a super yacht

About a year ago, Todd Humphreys and his team from the University of Texas called GPS navigation into serious question. Using just a few simple pieces of equipment, a roughly $3,000 investment dwarfed by what cyber-criminals often invest in hardware, they were able to steer a small drone badly off course.
It was a blunt instrument, just capable of messing with the drone’s sense of direction and, potentially, sending it careening into the ground.
The demonstration was so worrying that Humphreys soon found himself testifying before Congress, and sitting in meetings with everyone from the FAA to the Pentagon.
Still, how much harm would it really do? Military GPS devices use encrypted signals specifically to prevent attacks of this kind, and it’s not like the team could actually control these drones through global positioning. It was just a highly sophisticated form a vandalism, and exploited a loophole in GPS technology that, surely, would not remain open for long.
More than year later, not only does that loophole remain glaringly open, but Humphreys and team have refined their software significantly. This week, they boarded a 210-foot super-yacht by the name of White Rose of the Drachs and used the exact same technique to leave its captain and crew stunned and helpless.
With just a laptop, a small antenna, and a GPS “spoofing” device, the team fed a stronger signal to the yacht’s steering system than the genuine one, incoming from actual GPS satellites. By doing this, they essentially tricked the ship’s computer into believing it was somewhere it was not, causing it to adjust its heading to stay on course.
This is an insidious form of attack because the ship’s navigation technology will continue to report that the ship is both on course and precisely where it is supposed to be  even if neither of those things is true.
By slowly “sliding” the ship into a parallel course, they ensure that even a conventional compass will show the correct direction. Course changes have to be gradual, so time-of-flight calculations remain close to correct and the ship never totally loses its signal lock. But that seems to be the only restriction.
The team was able to steer the ship to port or starboard at will, and the crew was totally unaware that anything was wrong. Captain Andrew Schofield told Fox News he was “gobsmacked,” when he found out what had been done to his ship, as was the entire deck team. His $80 million baby could have easily been run into a sandbar or reef. Running it aground is unlikely the crew still have eyes  but maritime workers have come to rely on navigation technology to keep them from running afoul of all sorts of less obvious dangers.
This spoofing attack undermines the trust these professionals put in their navigation systems. Even slightly interfering with a large amount of sea traffic could hamper trading ports, and potentially throw a wrench into large-scale economies.
Planes, too
Never one to shy from scaring the living daylights out of the public, Humphreys has made the implications of his research very clear: even a commercial airliners are vulnerable to this spoofing attack, and can be steered far off course while instruments tell the pilots they are perfectly within their lanes. Midair collisions could be a threat, but those are most likely near airports, where GPS is not the main source of navigational data. Besides, pilots and skippers still have complete control of their craft, and will intervene to stop most of the truly devastating possible consequences.
This is likely most relevant to unmanned technology, like drones. Here’s a ploy: order a pizza by drone to a house down the street. When the drone arrives, use this spoofing technology to direct it over to your waiting car. Quickly remove its positioning system, and drive away. Voila: free drone (and pizza). Just paint over the Domino’s logo, and you’re good to go.
But we shouldn’t make light of the dangers involved here. As the world learned so powerfully with the wreck of the Costa Concordia, even a properly functioning vessel requires constant vigilance. Aircraft hang even more precariously, and can endure even less uncertainty. If you could manage to get a wirelessly controlled antenna and spoofing device on-board in the baggage area, anything from a laptop to a smartphone could be made to control them. Nerds generally scoff at strict prohibitions against electronic devices on planes — but with this advance we might just have gotten a real reason for the lockdown.
The solution here is as obvious as it is difficult: implement the P(Y)-code encryption used by military assets in a wider range of civilian technology. This would be expensive on the receiving end and put a heavy burden on the satellite networks, especially if expanded to more than just major commercial airliners and security-relevant ships. It may just be necessary, however. How long did we really think we could continue to lean ever more heavily on a 40-year-old technology without at least a few serious upgrades?

Department of Homeland Security Ransomware Ask $300 fine

The Federal Bureau of Investigation’s Internet Crime Complaint Center (IC3) and the Department of Homeland Security (DHS) have recently received complaints regarding a ransomware campaign using the name of the DHS to extort money from unsuspecting victims.
In May 2012, the IC3 posted an alert about the Citadel malware platform used to deliver ransomware known as Reveton. The ransomware directs victims to a download website, at which time it is installed on their computers.
Ransomware is used to intimidate victims into paying a fine to ”unlock“ their computers. The ransomware has been called ”FBI Ransomware“ because it frequently uses the FBI’s name including the names of FBI programs such as InfraGard and IC3. Similar ransomware campaigns have used the names of other law enforcement agencies such as the DHS.
As in other variations, the ransomware using the name of the DHS produces a warning that accuses victims of violating various U.S. laws and locks their computers. To unlock their computers and avoid legal issues, victims are told they must pay a $300 fine via a prepaid money card.
This is not a legitimate communication from law enforcement, but rather is an attempt to extort money from the victim. If you have received this or something similar, do not follow the instructions in the warning and do not attempt to pay the fine.
It is suggested that you;
  • Contact a reputable computer expert to assist with removing the malware.
  • File a complaint at www.IC3.gov.
  • Keep operating systems and legitimate antivirus and antispyware software updated.

Battle line: Cyberspace

Cyber warfare refers to politically-motivated attacks to conduct espionage and hacking. A form of information warfare, cyber warfare is now considered to be a critical pillar of military operations along with land, sea, air and space.
Nation states that are formally or otherwise in a state of war with each other are often thought to be behind efforts to penetrate each other’s networks and cyber space to cause damage and disruption.
National cyber warfare strategy
Keeping in view the strategic and military importance of cyber security, many countries across the globe including Pakistan are working to make their digital front more secure.
In May 2010, Pentagon set up its new US Cyber Command (USCYBERCOM), headed by General Keith B. Alexander, director of the National Security Agency (NSA). The aim was to defend American military networks and to strike back in case of a national threat.
Similarly, the European Union has set up ENISA (European Network and Information Security Agency) who are now aiming to significantly expand ENISA's capabilities in order to safeguard its socio-economic interests in the region.United Kingdom has also set up an operations centre for cyber-security, based in the Government Communications Headquarters (GCHQ).
Similarly Pakistan, which has been the victim of cyber attacks by neighbouring India, has been working on an effective cyber security system as well. The program reportedly called "Cyber Secure Pakistan" was launched in April 2013 by the Pakistan Information Security Association, and aims not only to secure military and government spaces but has been expanded to the country's universities, which are often targeted by Indian hackers.
Cyber warfare methodologies
Unlike other politically-motivated attacks amongst nation states, cyber warfare has greater strategic value to it. These attacks often target civil, military and private institutions, including telecommunication, transport, finance and the energy sector.
Different methodologies are adopted to carry out these attacks. DDoS (Dedicated Denial of Service) attacks are carried out to make a machine or service unavailable for intended users. Although, denial of service attacks are often deemed computer generated, they can target high profile servers like government sites, banks, credit card payment gateways etcetera.
Cutting off electronic installments such as undersea communication cables also comes under the category of cyber attacks.
With the growing dependence on digital infrastructure, network breaches and cyber espionage are the shiny new tools of cyber warfare. Attackers hack into targeted systems by various means and often sabotage and modify industrial infrastructure.
Such methods not only disrupt the digital infrastructure, but also temper with the existing functionalities of the systems and networks. Stuxnet, along with its many variants, is a fine example of espionage and national security sabotage.
Stuxnet, the game changer
In 2010, Iranian nuclear facilities were infected by a unique computer virus, which pushed back the Iranian nuclear program by about three years. Stuxnet, reportedly the first malware with an ability to mask itself over a network, spies on and critically destabilises industrial systems, and is probably the first malware to include a programmable logic controller (PLC) rootkit (such software has a malicious nature, and is designed to hide certain processes from normal detection methods).
Israel and the United States were reportedly behind the cyber attack targeting the Iranian nuclear infrastructure.
Stuxnet computer malware is undeniably a work of genius, and once you learn about its functionality, you can start picturing the atmosphere of the next generation’s cyber warfare capabilities. The malware spread indiscriminately into the Iranian nuclear facilities network, but included a specialised malware payload that was designed to target specifically Siemens supervisory control and data acquisition systems (aka SCADA). These industrial systems monitor and control high-valued industrial processes.
Spread initially via USB, the malware took over the network by working silently in the background without being detected by normal processes. Stuxnet in this case was programmed to target SCADA configurations that met specific criteria; once the criterion was met it changed the rotational frequency of the attached motors, hence disrupting industrial equipment and causing heavy losses. Although there was no official statement from any side, in May 2011, Gary Samore, White House Coordinator for Arms Control and Weapons of Mass Destruction, in his television interview exclaimed,
"We're glad they [the Iranians] are having trouble with their centrifuge machine and that we – the US and its allies – are doing everything we can to make sure that we complicate matters for them."
Similarly, according to The Daily Telegraph, at the retirement party for the chief of staff of the Israeli Defence Forces (IDF), Gabi Ashkenazi, references to Stuxnet were made, as one of the operational successes of the retiring IDF chief of staff.
Stuxnet, along with its various variants, does exist in the black market and will remain a threat to all countries that are running critical industrial facilities of a similar nature.
Pakistan vs. India
Pakistan and India are often in conflict with each other over the disputed territory of Kashmir, among many other issues. Cyber attacks are the latest way to dismantle each country’s infrastructure and operations. There are two such notable cases, where India and Pakistan meddled in serious cyberspace conflicts, initiated back in the late 90’s. Initially the cyber attacks started to show their face in 1999, at a time when India and Pakistan were engaged in the Kargil conflict.
Historical facts indicate that hackers from both countries have been repeatedly involved in attacking private and government websites. The number of attacks has considerably grown with the passage of time. In 2010, at least 36 Pakistani government database websites were hacked by a group who go by the name of "Indian Cyber Army".
The official website of the Election Commission of Pakistan was attacked in 2013 by the same group in an attempt to retrieve sensitive database information. In response, Pakistani hackers, also known as "True Cyber Army", hacked and defaced around 1,059 websites of Indian election bodies.
In a similar incident in December 2010, a group of Pakistani hackers attacked and took down the website of India's top investigating agency, the Central Bureau of Investigation (CBI). This was also in response to the attack by Indian hackers who attacked websites belonging to the Pakistani Army and government websites including Ministry of Foreign Affairs, Ministry of Education, Ministry of Finance, Pakistan Computer Bureau, Council of Islamic Ideology etcetera.
Cyber war in the Middle East
Similar to the situation on ground, the actors of the Palestinian crisis are often found clashing in the virtual world. In late 2000, Israeli hackers launched a DDoS attack on the websites of both Hezbollah and Hamas. In retaliation, Palestinian hackers chocked down the access to several Israeli websites. Interestingly, in 2007 Israel carried out an airstrike on Syria. The fighter planes managed to enter the Syrian airspace undetected. This security breach is considered as a cyber attack targeting Syrian radar and air defence network.
China vs. USA
Along with the conventional enemies that engage each other on various fronts, China is considered to be a strategic enemy by many nations including the United States. Both countries view each other as a cyber threat and equip their hackers with the latest tools to deal with a possible cyber attack. This virtual cold war is evident from the fact that top American websites are unwelcome in China, including Facebook and Google. China even has its own version of Twitter.
The Internet, along with other technological advancements has proven to be a great medium of learning and global unity, where netizens, irrespective of their nationality, work hand in hand for the progress of technology, art, medicine and economy. It’s about time that stakeholders of the Internet develop a consensus to keep the internet free and secure from politically-motivated attacks by any state or individual actors.

Apple Hack Reasons?!

Three Chinese factories making Apple products impose excessive overtime and employ minors, a US-based advocacy group said Monday, in the latest allegations of labour violations against the US tech giant's suppliers.
The iPhone and iPad maker has faced pressure to better oversee often-poor manufacturing conditions in China since 13 workers for one of its suppliers committed suicide in 2010.
US-based China Labor Watch said in a report that three plants run by Pegatron Group violated standards set by Apple.
Apple's website says that these include no underage labour, overtime to be voluntary, and a maximum 60-hour workweek.
China Labor Watch said the 70,000 employees at the three Pegatron sites averaged 66, 67 and 69 hours per week, and that "many workers" were under 18, some of them interns from vocational schools.
Overtime was mandatory during busy periods, it said, adding that employees at one site who refused to work extra hours once would lose the chance to do so for the rest of the month.
The report also described crowded dormitory rooms housing up to 12 people, insufficient fire escape routes and fines for behaviour such as "failing to tuck in one's chair after eating" and "absence from unpaid meetings".
It also said managers screened out job applicants who were pregnant or older than 35, and rushed through safety training.
Apple said in a statement it had audited Pegatron facilities 15 times since 2007 and found last month that their workweek averaged 46 hours.
It said it had acted on previous complaints raised by China Labor Watch and would "immediately" investigate claims in the latest report "that are new to us".
"We are proud of the work we do with our suppliers to uncover problems and improve conditions for workers," it said.
"Apple is committed to providing safe and fair working conditions throughout our supply chain."
The company, which relies primarily on about 200 suppliers, came under the spotlight after a spate of incidents among workers for the Taiwan-owned firm Foxconn, one of its major manufacturers.
A strike last October at a Foxconn plant making iPhone5 parts involved up to 4,000 employees, who were forced to work through a national holiday.
After at least 13 employees apparently took their lives in 2010 -- not all at plants making Apple products -- Foxconn pledged to improve working conditions and raise salaries.
China Labor Watch said it sent undercover investigators to the three Pegatron factories and conducted nearly 200 worker interviews between March and July this year.
Pegatron, a Taiwanese company, could not immediately be reached for comment.

3 White House staffers have had their personal Gmail accounts breached

Three White House staffers have had their personal Gmail accounts breached in what appears to be a malicious operation directed at the team responsible for the Obama administration's social media outreach, according to individuals familiar with the incident.
The penetrated accounts have been sending other White House digital media employees bogus emails containing fraudulent links that can extract their personal email logins and Twitter credentials. More than a dozen current and former staffers were targeted, the individuals said. The scheme was ongoing as of Sunday night.
The goal of the intruders might be to glean sensitive government information, some cyber researchers said. White House personnel are prohibited by law from using personal Webmail accounts for business communications, but not all employees comply with the rules. The Twitter scam could be aimed at spreading misinformation through seemingly-official channels to citizens.
The “phishing” links -- labeled to look like legitimate BBC or CNN articles -- direct users to an authentic-looking Gmail or Twitter login screen to access the news content. At this point, the users have unwittingly been rerouted to fake login forms that enable hackers to capture their sign-on information.
White House social media employees might be relatively easy game within the administration, since their role is to make the executive branch more open to the public. "I imagine that the names and email addresses of people at the White House in digital media or anything related to media are easy to find since their job involves public access. A list of targets would be created from open sources and that's who the phishing email would be delivered to," said Jeffrey Carr, a cybersecurity analyst with consultancy Taia Global.
The objective for harvesting Gmail account information might be to capture administration-related email messages and contacts, he speculated.
The Presidential Records Act bars work communication outside of official email accounts. However, a 2012 House committee report showed that former White House Deputy Chief of Staff Jim Messina used his personal email account to conduct official business involving a deal between the pharmaceutical industry and the Senate Finance Committee. And in 2010, the Washington Post reported that administration officials reprimanded then White House Deputy Chief Technology Officer Andrew McLaughlin, a former Google official, after document requests revealed technology policy-related emails from Google employees in his personal Gmail account.
The purpose of assembling Twitter sign-on information might be to disseminate disruptive messages, Carr postulated. This spring, a hacked Associated Press Twitter account informed the public that explosions at the White House had harmed the president. The Dow tumbled in response.
Sources familiar with the Gmail hack say the ploy is unique in the White House. In the past, one or two staffers who used two-step authentication to protect their Gmail accounts would receive text messages, indicating someone had entered the correct password to trigger the text authentication code.

16 Years of Black Hat: The Changing Face of Cyberattacks

Image via Flickr user pinguino 
This year marks the 16th anniversary of Black Hat, and to celebrate the security company Venafi released a report chronicling nearly two decades of cyberattacks. More than just a parade of malicious accomplishment, the Venafi report tells a remarkable story about the changing motivations and techniques of cyberattacks, and what it means for the future.
From Basement Hobby to CybercrimeVenafi says that around the time the first Black Hat conference was held in 1997, hackers were looking for fame by compromising computer systems with worms and viruses. That changed quickly.
Black Hat 2013 Bug
"The mid-to-late 2000s saw the emergence of spyware and bots launched by cybercriminals in search of financial gain," writes Venafi. This signaled an important change, as potential profits brought new players to the table. 
"The most recent era of the evolving cyberattack landscape has proven to be the most dangerous yet, as it is no longer being driven by the lone wolves of the world but rather by heavily-backed cybercriminals and state- backed actors with political and financial objectives," writes Venafi. The report also gives a nod to the rice of hacktivism in recent years, where political motivations outweigh financial gain.
Venafi writes that a consequence of this evolution has been the proliferation of advanced tools and techniques. "Because the most advanced attack techniques are available to everyone, any attack could be launched with the heaviest and most decisive cyberartillery available," reads the report. This means a high-level attack could come from anywhere, like "a facility identified by the likes of Mandiant or from grandma's basement."
New Weapons and WeaknessesAlong with changing actors behind the attacks, the attacks themselves have grown and evolved to take advantage of different vulnerabilities and technologies. To demonstrate, Venafi takes a little walk down cybersecurity memory lane, looking at famous attacks from 1997 on. 
Remember the CIH computer virus? Venafi calls it one of the most damaging viruses to date, that infected 60 million computers. Allegedly, it was created by a Taiwanese student, Chen Ing-hau, to "challenge the bold claims of the antivirus community.
While Anonymous and LulzSec have made extensive use of DDOS attacks in recent years, Venafi says that the first DOS attack took place in 1998. Then as now, it's targets were political organizations: the Mexican government and the Pentagon in the U.S.
Just a year later, Venafi says the general public got a taste of malware in 1999 with the Melissa virus. This was quickly followed by 2000's ILOVEYOU computer worm that marked the beginning of spam attacks.
By 2004, the roots of modern APTs can be seen in worms like Mydoom, which Venafi says "added a back door to victims' machines to be used for future compromises. Three years later, the ZeuS Trojan changed the game. "This is one of the first examples of an attack that takes advantage of technologies used to ensure trusted digital communications," writes Venafi--a tactic which would come to define modern attacks, but not before ZeuS "infected millions of computers and helped steal hundreds of millions of dollars."
Stolen certificates became more and more important over the years. The ZeuS SpyEye upgrades, for instance, were retooled in 2010 to steal digital certificates and cryptographic keys. Just a year later, DigiNotar took digital certificate theft to a new level. "For the first time," writes Venafi, "a trust technology provider […] force customers, including a national government, to warn the world that they could not be trusted."
Flame, sometimes seen as a follow-up to Stuxnet, hit in 2012 and  passed itself off as a Microsoft software update using rogue certificates. "When infected computers updated, Flame intercepted the request and instead of downloading the update, it delivered a malicious executable that appeared to Windows as valid and digitally signed software," writes Venafi.
Looking to the FutureThe list of attacks in Venafi's report goes on, demonstrating how attacks informed future intrusions and what they inherited from previous attacks. "Heavily-backed cybercriminals have reaped the fruits of early attack forms," reads the report. "In the same way that military weapons have made their way into physical criminal communities, advanced cyberattack techniques that leverage cryptographic keys and digital certificates have made their way into all levels of cyberciminal community. 
It seems clear that Venafi believes that this is phony digital certification is so valuable an asset to attackers that it will continue for the foreseeable future. "By turning our greatest IT security strengths against us," writes Venafi, "cybercriminals are able to compromise systems, trick people, and gain access to sensitive data no matter how well protected it is and regardless of where it resides and travels."
While we don't know what the future will hold, this years' Black Hat conference will surely give us a glimpse. Follow SecurityWatch for more coverage from Black Hat.

Apple Developer Portal Back Online, Partially

Sad Mac
Good news for Apple developers: The Apple Developer Portal is partially back online.
Apple took the portal, used by developers who write applications for iPhones, iPads, and Macs, offline on July 18 without any explanation. A few days later, Apple said an intruder had "attempted to secure personal information" from the site. To "prevent a security threat like this from happening again," the company said it would be "completely overhauling our developer systems."
While the main website site was restored late Friday afternoon, as of Saturday afternoon, eight of the 15 sections remain offline, according to the portal's system status page. The iOS, Mac and Safari developer centers, iTunes Connect, and the bug reporting system were restored. Others, including documentation, technical support, developer discussion forums and the member center, remained offline.
"Certificates, Identifiers & Profiles, software downloads, and other developer services are now available," Apple said in an email to developers and on the developer update page.
With software downloads back online, developers have access to the latest betas of iOS 7, Xcode 5, and OS X Mavericks again. The portal is used by Apple's community of developers—nearly 6 million in all—to develop software for Apple's platforms.
Data Exposed
Apple took the site down immediately after detecting the intrusion, and assured its developer community that sensitive personal information had been encrypted and could not be accessed. However, names, mailing addresses and email addresses may have been accessed, Apple warned.
Hours after the company announced the breach, penetration tester Ibrahim Balic said he'd uncovered multiple vulnerabilities in the portal which led to the breach. Rather than being an intruder, he claimed he had reported the bugs he'd found to Apple. The portal went offline shortly after he made his last submission, Balic said.
Apple has not commented on Balic's claims, nor provided additional information about the incident.
Was is Really Balic?
A Guardian report cast doubt on whether or not Balic was actually responsible for the outage. Balic had provided the publication with email addresses of 19 individuals he had obtained from the Apple site. Guardian also obtained information for 10 additional individuals from a YouTube video Balic had originally created to show how he had breached the site. (The video is no longer publicly available).
The Guardian was unable to contact any of the 29 people. Seven email addresses bounced, and none of the remaining recipients responded to the Guardian's queries as to whether they were registered with Apple. "It's almost as though these are long-discarded ghost email addresses from year ago or have been used by Balic in his video for reasons best known to himself," Graham Cluley, an independent security consultant, told the Guardian.
Regardless of whether the hack was carried out by Balic or some other unknown intruder, this is a significant breach. Apple is clearly taking the incident seriously, by rebuilding the portal one service at a time. The site looks pretty much the same as it did before it went offline, so any major changes and updates would be on the back-end systems. The remaining systems will likely come back online over the next few days as the team finishes rebuilding them.

Hackers that got killed

The information security world is a dark world where a lot of connections are made. These dark worlds often operate in the day light. You do not see them – but they do see you. In the years of hacking some hackers could have been forced to leave the earth.
In this article we will show you some hackers and whistleblower that may have been killed because they were doing something right.

Barnaby Jack famous for prompting firms to rectify problems uncovered by his hacking

Barnaby Jack
A prominent hacker who discovered a way to have automatic teller machines spit out cash and was set to deliver a talk about hacking pacemakers and other wireless implantable medical devices died in San Francisco.
Barnaby Jack died at his home in San Francisco Thursday, although the cause of death is still under investigation, San Francisco deputy coroner Kris Barbrich said.
Jack, who was in his mid-30s, was scheduled to speak on Wednesday at a security conference in Las Vegas. The headline of his talk was, "Implantable Medical Devices: Hacking Humans," according to a synopsis on the Black Hat conference website. Jack had planned to demonstrate his techniques to hack into pacemakers and implanted defibrillators. He said last week that he could kill a man from nine metres away by attacking an implanted heart device.

Gareth Williams: Codebreaker

Gareth Williams
The body of Gareth Williams, a codebreaker with MI6, was discovered stuffed into a sports bag in his bathtub on 23 August 2010, though he's believed to have been killed on 15 August.
 Williams had just returned to London on 11 August after spending six weeks in the United States, where he attended the annual Black Hat security conference in Las Vegas as part of a contingent of British spies, according to witnesses who spoke at the inquest. He attended Black Hat in 2008 as well.

Anton Sinclair: Harvard hacker


Mr. Anton Sinclair's body was found early morning on Saturday, July 21st in a 'by-the-hour' hotel in the lower Bronx area.
The coroner estimates the actual time of death to have been between Thursday mid-day and Thursday midnight. The cause of death has been identified as instantaneous via a self-inflicted gunshot with a sawed-off shotgun.
Mr. Sinclair, who was recently identified in this newspaper as being the alleged leader responsible behind the failed hack attempt on Harvard university has been battling depression for a significant time, it may now be revealed.
As part of his treatment, he was given the drug Rylkacyl. Rylkacyl, a product of Haven Pharmaceuticals, has been in the news repeatedly since its introduction in the early 1990's - not least of which as being blamed for the tragic suicide of Seatle-based musician Kurt Cobain, lead singer of the grunge-band Nirvana.

To all these people we wish them rest and to the family of these persons we wish you all a lot of strength. R.I.P.

Demand soars for insurance against cyber attacks

When Brian Rosebaum started pitching cyber insurance to companies in 2006, he was met with blank stares from risk managers and resistance from information technology experts, who insisted their networks were impenetrable.
All of that has changed in the past year and a half said Rosebaum, who heads the cyber insurance division of Aon Corp.’s Canadian brokerage arm.
“We’ve reached a threshold where people are now coming to us instead of us going to them,” said the vice president.
Insurance brokers say the frequency of high-profile data breaches is causing a surge in demand for insurance products that protect against losses stemming from cyber attacks.
On Thursday, U.S. prosecutors charged five people with stealing 160 million credit and debit card numbers from companies including 7-Eleven Inc., JC Penney and French retailer Carrefour, calling it the largest data breach in the country’s history.
Other victims of data breaches in the past few years include Sony’s PlayStation Network, financial institution Citigroup and a number of Canadian government departments.
A breach can be costly. Companies face notifying clients that their personal information has been compromised, offering credit protection services, hiring a crisis management firm and defending against lawsuits.
Aon has placed more cyber insurance policies in just the last 18 months than it did in the previous five years, said Rosebaum.
“People are beginning to understand that this is a risk that can affect any business.”
Financial institutions, online retailers, hotels and restaurants, health-care companies and educational institutions are driving the demand because of the volume of personal and financial data they collect, said Rosebaum.
Global insurance broker Marsh Inc. said the number of organizations that purchased cyber insurance in the U.S. shot up by 33 per cent from 2011 to 2012.
“This is the fastest growing area of commercial insurance in the world right now,” said Michael Peterson, a managing director at Marsh Canada Limited.
“Organizations are realizing that the risk is real, that they’re not quite as secure as they thought and, therefore, they’re taking steps to transfer that exposure to insurance companies.”
Brokers, like Aon and Marsh, estimate there are about two dozen Canadian insurers who provide stand-alone cyber network policies. Most of these underwriters provide cafeteria-style policies, in which clients can pick which losses they want to protect against.
Others, such as Encon Group Inc., offer it as an add-on to errors and omissions coverage that can protect companies against claims of negligence.
“There’s definitely an increasing percentage of our errors and omissions clients that are becoming aware of the cyber liability exposure,” said Stefanie McKay, a senior vice president at Encon.
But Canada’s cyber insurance market lags several years behind Europe and the U.S.
McKay attributes this to the fact that Canadian companies aren’t required to report data breaches like their U.S. counterparts.
“It’s growing, it’s just maybe not growing as fast as in some jurisdictions, like the United States,” said McKay.
Brokers say the lack of mandatory reporting is also one of the reasons why actuarial data in the cyber insurance field is so spare.
This can make it tricky for underwriters to know how much risk there is, how much a breach can cost and how to price their policies.
Although cyber insurance has been available in Canada since the late 1990s, it has only become popular in the last few years.
So far, claims have all been settled out of court, so they’re not a matter of public record, said Peterson.
But that’s likely to change.
“There are six or seven class action lawsuits that are working their way through the system right now that will, we believe, actually set benchmarks for cyber claims going forward,” said Peterson.
Brokers say it’s possible that cyber insurance will become a mainstay of every risk manager’s tool kit.
But the insurance products will have to evolve to keep pace with technology.
As new tools — such as mobile banking and cloud computing — create new security issues, insurers will have to reevaluate which risks they are willing to insure their clients against.
“As we continue to develop technology to make life easier, and quicker, for corporations and individuals, we’re going to create new risks and it’s just going to be a ping pong ball going back and forth trying to deal with it,” said Rosebaum.

Medical Device Hackers Find Government Ally to Pressure Industry

Two years ago, Jay Radcliffe discovered a software bug in his insulin pump that could allow hackers to take remote control of the device. The diabetic and computer security researcher went public with his findings at a hacker conference after the manufacturer, Medtronic Inc., didn't respond to him.
His actions led some diabetics to accuse him of endangering their lives by providing a blueprint for an attack. He said all he wanted to do was put pressure on the company and help fix an important safety issue.
Now, Radcliffe has a new pump, a potentially new safety issue to disclose, and what he said is a powerful new ally in forcing medical device makers to address his concerns: the U.S. Food and Drug Administration, which is encouraging hackers to submit security bugs to the agency.
"We've come a long way in two years," said Radcliffe, who will be speaking at the Black Hat security conference in Las Vegas next week. "Everything that's occurred in the last two years, as painful as it's been at times, has really gotten us to a position where we can make these devices safer."
Radcliffe claims his new pump, made by Animas Corp., has a flaw that can cause incorrect dosage levels of insulin. The company, which is a division of Johnson & Johnson, disagrees strongly with the severity of the issue he uncovered and doesn't think the device needs to be fixed. Nevertheless, Radcliffe said going through the FDA forced a high-level discussion with the company that may not have been possible before.
Although there are no known incidents of patients being harmed from hacking attacks against their medical devices, the potential for that is growing as more medical products feature wireless connections, according to Bill Maisel, deputy director for science at the FDA's Center for Devices and Radiological Health.
"It's not hard to see where the technology is going," he said. "It's not just about the vulnerability in the one implantable device the researcher was able to get into. We're headed to interconnectedness, to connected health care."
The agency doesn't force device makers to respond directly to complainants, but it does require that companies reply to the FDA within 45 days of being notified of a complaint, Maisel said. That often means the companies will contact the complainants first to gather information.
To mitigate security threats, medical device makers such as Medtronic and Animas have hired hackers to probe their products. Medtronic did not immediately respond to a request for comment.
Few hackers have worked with the FDA because until recently, few were looking at the security of medical devices.
Last year, Barnaby Jack, a security researcher with IOActive, showed he could force some Medtronic pumps to dispense fatal insulin doses from up to 300 feet away.
He also has a Black Hat talk planned this year on a new vulnerability in wireless pacemakers and defibrillators. Jack said he notified the FDA in both cases.
"It's been primarily positive," he said. "They don't have the expertise on board to be able to make a thorough check, but they're certainly open to hearing about vulnerabilities. They certainly open the right doors for us."
Radcliffe, a senior security analyst with InGuardians, said he did not know in 2011 how to alert the FDA about his findings. A meeting earlier this year with agency officials convinced him to try disclosing his latest finding to the government.
In his complaint to the FDA, Radcliffe claims his Animas pump inaccurately calculates the amount of insulin to dispense after the battery is changed. The pump does not automatically factor in the amount of insulin it dispensed immediately before the battery was removed, he said.
That issue led to dosing errors that caused him to experience two low-blood-sugar episodes, which can be fatal, Radcliffe said.
The pump is designed to reset insulin levels following a battery change, said Brian Levy, medical director at Animas. The patient's insulin history is still stored on the device, and instructions for recalibrating the machine are in the owner's manual, he said. The company does not plan to make any changes.
Radcliffe said he's unsatisfied with the response and intends to push the company in public and private to fix the issue.
Regardless of the outcome, Radcliffe said having the FDA complaint strengthens his case and creates a paper trail of his attempts to get the issue addressed. He said he wants other hackers to learn from his experience.
"The FDA is very well-equipped for this now," he said. "I think two years ago, researchers would have had the same difficulties that I ran into. It was just not on anybody's radar."

Google Chromecast hack & POC video

Give it time." It's something many mums have uttered to their frustrated youth, and it's something that's also uttered amongst the hacker crowd each time a new device emerges. In the case of Google's $35 Chromecast, it took but a couple of days for the HDMI streaming stick to be exploited. Granted, Google's never been one to keep its biggest software projects under lock and key, but for those looking to tinker a bit with their new toy, GTVHacker has the goods.

The exploit package has thus far been used to confirm that the software within is not Chrome OS -- it's described by the aforesaid site as "a modified Google TV release, but with all of the Bionic / Dalvik stripped out and replaced with a single binary for Chromecast." Those interested in giving it a go themselves can test their luck here, while the timid among us can hop on past the break for a video.

Blue chip hacking Scandal

What has become known as the blue-chip hacking scandal was first investigated by the Serious Organised Crime Agency six years ago but the report in to it only emerged, via a leak, this year.
The techniques used to obtain information are said to include phone and computer hacking, live phone interceptions, use of corrupt police officers and blagging.
Soca has been accused of doing next to nothing to end apparent unlawful activities by private investigators hired by corporations and individuals.
The report was even submitted to the Leveson Inquiry in to media ethics but it was not raised in public sessions or the final report.
It is alleged businesses and others would hire private detectives to obtain sensitive information.
The investigators would either glean the information themselves or contract out to additional private eyes.
It remains unclear how many of the “clients” were aware that information was being obtained illegally.
Methods are said to include phone and computer hacking, live phone interceptions, use of corrupt police officers and blagging.
One private detective, who was involved in hacking and blagging for well known companies said the practice had been well established for decades.
The retired police officer, who asked not to be named, said: "I mainly worked for insurance companies and law firms and the information they were asking for varied from financial data to personal information. If someone had made a large insurance claim then I would receive instructions to find out information in order to establish if the claim was fraudulent. Sometimes this would involve obtaining information unlawfully, but there was a sort of justification.”

One in four US hackers 'is an FBI informer

The FBI and US secret service have used the threat of prison to create an army of informers among online criminals
The underground world of computer hackers has been so thoroughly infiltrated in the US by the FBI and secret service that it is now riddled with paranoia and mistrust, with an estimated one in four hackers secretly informing on their peers, a Guardian investigation has established.
Cyber policing units have had such success in forcing online criminals to co-operate with their investigations through the threat of long prison sentences that they have managed to create an army of informants deep inside the hacking community.
In some cases, popular illegal forums used by cyber criminals as marketplaces for stolen identities and credit card numbers have been run by hacker turncoats acting as FBI moles. In others, undercover FBI agents posing as "carders" – hackers specialising in ID theft – have themselves taken over the management of crime forums, using the intelligence gathered to put dozens of people behind bars.
So ubiquitous has the FBI informant network become that Eric Corley, who publishes the hacker quarterly, 2600, has estimated that 25% of hackers in the US may have been recruited by the federal authorities to be their eyes and ears. "Owing to the harsh penalties involved and the relative inexperience with the law that many hackers have, they are rather susceptible to intimidation," Corley told the Guardian.
"It makes for very tense relationships," said John Young, who runs Cryptome, a website depository for secret documents along the lines of WikiLeaks. "There are dozens and dozens of hackers who have been shopped by people they thought they trusted."
The best-known example of the phenomenon is Adrian Lamo, a convicted hacker who turned informant on Bradley Manning, who is suspected of passing secret documents to WikiLeaks. Manning had entered into a prolonged instant messaging conversation with Lamo, whom he trusted and asked for advice. Lamo repaid that trust by promptly handing over the 23-year-old intelligence specialist to the military authorities. Manning has now been in custody for more than a year.
For acting as he did, Lamo has earned himself the sobriquet of Judas and the "world's most hated hacker", though he has insisted that he acted out of concern for those he believed could be harmed or even killed by the WikiLeaks publication of thousands of US diplomatic cables.
"Obviously it's been much worse for him but it's certainly been no picnic for me," Lamo has said. "He followed his conscience, and I followed mine."
The latest challenge for the FBI in terms of domestic US breaches are the anarchistic co-operatives of "hacktivists" that have launched several high-profile cyber-attacks in recent months designed to make a statement. In the most recent case a group calling itself Lulz Securitylaunched an audacious raid on the FBI's own linked organisation InfraGard. The raid, which was a blatant two fingers up at the agency, was said to have been a response to news that the Pentagon was poised to declare foreign cyber-attacks an act of war.
Lulz Security shares qualities with the hacktivist group Anonymous that has launched attacks against companies including Visa and MasterCard as a protest against their decision to block donations to WikiLeaks. While Lulz Security is so recent a phenomenon that the FBI has yet to get a handle on it, Anonymous is already under pressure from the agency. There were raids on 40 addresses in the US and five in the UK in January, and a grand jury has been hearing evidence against the group in California at the start of a possible federal prosecution.
Kevin Poulsen, senior editor at Wired magazine, believes the collective is classically vulnerable to infiltration and disruption. "We have already begun to see Anonymous members attack each other and out each other's IP addresses. That's the first step towards being susceptible to the FBI."
Barrett Brown, who has acted as a spokesman for the otherwise secretive Anonymous, says it is fully aware of the FBI's interest. "The FBI are always there. They are always watching, always in the chatrooms. You don't know who is an informant and who isn't, and to that extent you are vulnerable."

Five Eyes Intelligence Community AUSCANNZUKUS

Five Eyes is a naval Command, Control, Communications and Computers (C4) interoperability organization involving the Anglosphere nations of Australia, Canada, New Zealand, the United Kingdom, and the United States,the most exclusive intelligence sharing club in the world.
Five Eyes grew from UK-US intelligence cooperation in the Second World War, matured during the Cold War, and continues to protect the national interests of all members today. The evolving international security environment indicates a need for enhanced Five Eyes intelligence cooperation in the future.
The five nations have agreed not to spy on each other, and in many outposts around the world, Five Eyes agencies work side-by-side, allowing for information to be shared quickly.
In Five Eyes, the U.S. boasts the most advanced technical abilities and the biggest budget. Britain is a leader in traditional spying, thanks in part to its reach into countries that were once part of it colonial empire.
Australia has excelled in gathering regional signals and intelligence, providing a window into the growing might of Asia.
Canadians, Australians and New Zealanders can sometimes prove useful spies because they don’t come under the same scrutiny as their British and American counterparts.
Britain is home to one of the world’s largest eavesdropping centers, located about 300 km northwest of London at Menwith Hill. It’s run by the NSA but hundreds of British employees work there, including analysts from Britain’s eavesdropping agency, the Government Communications Headquarters.
Australia is home to Pine Gap, a sprawling satellite tracking station located in the remote center of the country, where NSA officials work side-by-side with scores of locals. The U.S. also posts three or four analysts at a time in New Zealand, home to the small Waihopai and Tangimoana spy stations.
The Guardian cited British intelligence memos leaked by former National Security Agency contractor Edward Snowden to claim that UK spies were tapping into the world's network of fibre optic cables to deliver the "biggest internet access" of any member of the Five Eyes

NSA spy agencies eavesdrop on Kiwi

The New Zealand military received help from US spy agencies to monitor the phone calls of Kiwi journalist Jon Stephenson and his associates while he was in Afghanistan reporting on the war.
Stephenson has described the revelation as a serious violation of his privacy, and the intrusion into New Zealand media freedom has been slammed as an abuse of human rights.
The spying came at a time when the New Zealand Defence Force was unhappy at Stephenson's reporting of its handling of Afghan prisoners and was trying to find out who was giving him confidential information.
The monitoring occurred in the second half of last year when Stephenson was working as Kabul correspondent for the US McClatchy news service and for various New Zealand news organisations.
The Sunday Star-Times has learned that New Zealand Defence Force personnel had copies of intercepted phone "metadata" for Stephenson, the type of intelligence publicised by US intelligence whistleblower Edward Snowden. The intelligence reports showed who Stephenson had phoned and then who those people had phoned, creating what the sources called a "tree" of the journalist's associates.
New Zealand SAS troops in Kabul had access to the reports and were using them in active investigations into Stephenson.
The sources believed the phone monitoring was being done to try to identify Stephenson's journalistic contacts and sources. They drew a picture of a metadata tree the Defence Force had obtained, which included Stephenson and named contacts in the Afghan government and military.
The sources who described the monitoring of Stephenson's phone calls in Afghanistan said that the NZSIS has an officer based in Kabul who was known to be involved in the Stephenson investigations.
And since early in the Afghanistan war, the GCSB has secretly posted staff to the main US intelligence centre at Bagram, north of Kabul. They work in a special "signals intelligence" unit that co-ordinates electronic surveillance to assist military targeting. It is likely to be this organisation that monitored Stephenson.
Stephenson and the Defence Force clashed in the Wellington High Court two weeks ago after it claimed Stephonson had invented a story about visiting an Afghan base.
The Human Rights Foundation says Defence Force involvement in monitoring a journalist is an abuse of fundamental human rights.
"Don't they understand the vital importance of freedom of the press?" spokesman Tim McBride said. "Independent journalism is especially important in a controversial war zone where the public has a right to know what really happens and not just get military public relations," he said.
The news has emerged as the Government prepares to pass legislation which will allow the Defence Force to use the GCSB to spy on New Zealanders.
The Stephenson surveillance suggests the Defence Force may be seeking the GCSB assistance, in part, for investigating leaks and whistleblowers.
Stephenson said monitoring a journalist's communications could also threaten the safety of their sources "by enabling security authorities to track down and intimidate people disclosing information to that journalist".
He said there was "a world of difference between investigating a genuine security threat and monitoring a journalist because his reporting is inconvenient or embarrassing to politicians and defence officials".
The Star-Times asked Chief of Defence Force Rhys Jones and Defence Minister Jonathan Coleman if they were aware of the surveillance of Stephenson, if they approved of it and whether they authorised the investigation of Stephenson (including the phone monitoring).
They were also asked if they thought journalists should be classified as threats. Neither answered the questions.
Defence Force spokesman Geoff Davies said: "As your request relates to a legal matter involving Jon Stephenson which is still before the court, it would not be appropriate for the Chief of Defence Force to comment."
In fact, none of the issues before that court relate to the surveillance or security manual.
Coleman's press secretary said the minister was not available for comment and to try again next week.
Green Party co-leader Russel Norman said the monitoring of Stephenson demonstrates that the security services see the media and journalists as a legitimate target.
"Democracy totally relies on a free and independent press," he said. "Current attempts to strengthen the security apparatus for monitoring New Zealanders is deeply disturbing and menacing for democracy."
An internal Defence document leaked to the Star-Times reveals that defence security staff viewed investigative journalists as "hostile" threats requiring "counteraction". The classified security manual lists security threats, including "certain investigative journalists" who may attempt to obtain "politically sensitive information".
The manual says Chief of Defence Force approval is required before any NZDF participation in "counter intelligence activity" is undertaken. (See separate story)
Stephenson took defamation action against the Defence Force after Jones claimed that Stephenson had invented a story about visiting an Afghan base as part of an article about mishandling of prisoners.
Although the case ended with a hung jury two weeks ago, Jones conceded during the hearing that he now accepted Stephenson had visited the base and interviewed its Afghan commander.
Victoria University lecturer in media studies Peter Thompson said the Afghanistan monitoring and the security manual's view of investigative journalists confirmed the concerns raised in the High Court case.
There was "a concerted and deliberate effort to denigrate that journalist's reputation for political ends".
There is currently controversy in the United States over government monitoring of journalists. In May the Associated Press reported that the Justice Department had secretly obtained two months' worth of phone records of its reporters and editors.
The media organisation said it was a "massive and unprecedented intrusion" into its news gathering process.
PROBING JOURNALISTS DEEMED THREAT
A leaked New Zealand Defence Force security manual reveals it sees three main "subversion" threats it needs to protect itself against: foreign intelligence services, organisations with extreme ideologies and "certain investigative journalists".
In the minds of the defence chiefs, probing journalists apparently belong on the same list as the KGB and al Qaeda.
The manual's first chapter is called "Basic Principles of Defence Security". It says a key part of protecting classified information is investigating the "capabilities and intentions of hostile organisations and individuals" and taking counteraction against them.
The manual, which was issued as an order by the Chief of Defence Force, places journalists among the hostile individuals. It defines "The Threat" as espionage, sabotage, subversion and terrorism, and includes investigative journalists under the heading "subversion".
Subversion, it says, is action designed to "weaken the military, economic or political strength of a nation by undermining the morale, loyalty or reliability of its citizens."
It highlights people acquiring classified information to "bring the Government into disrepute".
This threat came from hostile intelligence services and extreme organisations, and "there is also a threat from certain investigative journalists who may seek to acquire and exploit official information for similar reasons", it says.
Viewing journalism as a security threat has serious implications. The manual states that "plans to counter the activities of hostile intelligence services and subversive organisations and individuals must be based on accurate and timely intelligence concerning the identity, capabilities and intentions of the hostile elements".
It says "one means of obtaining security intelligence is the investigation of breaches of security".
This is where the security manual may be relevant to the monitoring of Jon Stephenson's phone calls. The Defence Force was unhappy at Stephenson's access to confidential information about prisoner handling in Afghanistan and began investigating to discover his sources.
The manual continues that "counter intelligence" means "activities which are concerned with identifying and counteracting the threat to security", including by individuals engaged in "subversion".
It notes: "The New Zealand Security Intelligence Service is the only organisation sanctioned to conduct Counter Intelligence activities in New Zealand. [Chief of Defence Force] approval is required before any NZDF participation in any CI activity is undertaken."
Under the NZSIS Act, subversion is a legal justification for surveillance of an individual.
The sources who described the monitoring of Stephenson's phone calls in Afghanistan said the NZSIS has an officer based in Kabul who was known to be involved in the Stephenson investigations.
To reinforce its concern, the defence security manual raises investigative journalists a second time under a category called "non-traditional threats". The threat of investigative journalists, it says, is that they may attempt to obtain "politically sensitive information".
Politically sensitive information, such as the kind of stories that Stephenson was writing, is however about politics and political accountability, not security. Metro magazine editor Simon Wilson, who has published a number of Jon Stephenson's prisoner stories, said the Defence Force seemed to see Stephenson as the "enemy", as a threat to the Defence Force.
"But that's not how Jon works and how journalism works," he said. "Jon is just going about his business as a journalist."
The New Zealand Defence Force "seems to be confusing national security with its own desire not to be embarrassed by disclosures that reveal it has broken the rules", he said.

Hackers to publish blueprint for taking over Toyota,Ford

Two well-known computer software hackers plan to publicly release this week a veritable how-to guide for driving two widely owned automobiles haywire.
According to Reuters, Charlie Miller and Chris Valasek will release the findings - as well as related software - at the Def Con hacking convention in Las Vegas, showing how to manipulate a Toyota Prius and Ford Escape.
The research, conducted with the aid of a grant from the US government, can alternately force a Prius to brake at 80 mph, veer quickly and dramatically, or accelerate, all without the driver’s prompting.
The two hackers have also reportedly figured out a way to disable a Ford Escape’s brakes while the vehicle is traveling at “very low speeds,” no matter how hard the driver attempts to stop.
In both cases, the would-be hacker would have to be inside the car in order to tamper with its computer, according to Reuters.
“Imagine what would happen if you were near a crowd,” said Valasek, a software consultant who claims his – and Miller’s – research exposes weaknesses in automobile security systems so patches can be applied and criminals thwarted.
Miller and Valasek told Reuters they hope their 100-page white paper will encourage other hackers to uncover additional automobile security flaws before they can be potentially exposed by malicious parties.
“I trust the eyes of 100 security researchers more than the eyes that are in Ford and Toyota,” Miller, a Twitter security engineer, told Reuters.
A Toyota Motor Corp. spokesman said the company was reviewing Miller and Valasek’s work.
“It’s entirely possible to do,” John Hanson reportedly said of the potentials hacks. “Absolutely, we take it seriously.”
Meanwhile, Craig Daitch, a Ford Motor Corp. spokesman, added, “This particular attack was not performed remotely over the air, but as a highly aggressive direct physical manipulation of one vehicle over an elongated period of time, which would not be a risk to customers and any mass level.”

Hackers to publish blueprint for taking over Toyota,Ford

Two well-known computer software hackers plan to publicly release this week a veritable how-to guide for driving two widely owned automobiles haywire.
According to Reuters, Charlie Miller and Chris Valasek will release the findings - as well as related software - at the Def Con hacking convention in Las Vegas, showing how to manipulate a Toyota Prius and Ford Escape.
The research, conducted with the aid of a grant from the US government, can alternately force a Prius to brake at 80 mph, veer quickly and dramatically, or accelerate, all without the driver’s prompting.
The two hackers have also reportedly figured out a way to disable a Ford Escape’s brakes while the vehicle is traveling at “very low speeds,” no matter how hard the driver attempts to stop.
In both cases, the would-be hacker would have to be inside the car in order to tamper with its computer, according to Reuters.
“Imagine what would happen if you were near a crowd,” said Valasek, a software consultant who claims his – and Miller’s – research exposes weaknesses in automobile security systems so patches can be applied and criminals thwarted.
Miller and Valasek told Reuters they hope their 100-page white paper will encourage other hackers to uncover additional automobile security flaws before they can be potentially exposed by malicious parties.
“I trust the eyes of 100 security researchers more than the eyes that are in Ford and Toyota,” Miller, a Twitter security engineer, told Reuters.
A Toyota Motor Corp. spokesman said the company was reviewing Miller and Valasek’s work.
“It’s entirely possible to do,” John Hanson reportedly said of the potentials hacks. “Absolutely, we take it seriously.”
Meanwhile, Craig Daitch, a Ford Motor Corp. spokesman, added, “This particular attack was not performed remotely over the air, but as a highly aggressive direct physical manipulation of one vehicle over an elongated period of time, which would not be a risk to customers and any mass level.”

Israeli bird spies on Turkey: Turkey captures bird

Wow - just imagine how tense it is - if a bird is being accused of spying for an government. Just one way to find out if the bird is doing so. X-RAY the bird!
This is what happened in Turkey last Friday.
Turkish authorities detained a bird on suspicion it was spying for Israel, but freed it after X-rays showed it was not embedded with surveillance equipment, newspapers said on Friday.
The kestrel aroused suspicion because of a metal ring on its foot carrying the words "24311 Tel Avivunia Israel", prompting residents in the village of Altinayva to hand it over to the local governor.
Robot Bird
The bird was put in an X-ray machine at a university hospital to check for microchips or bugging devices, according to the Milliyet newspaper, which carried a front-page image of the radiogram with the title "Israeli agent".
Ties between Turkey and Israel, long military allies, have been tense since May 2010 when Israeli commandoes killed nine Turkish activists aboard the Mavi Marmara, a ship in a Turkish-led convoy seeking to break a naval blockade of the Gaza Strip.

No one is safe: Taxpayer's ID used in fraud

A multi-pronged identity fraud attack on the Australian Taxation Office early this year has led to the establishment of a new team of identity crime busters in the organisation.
The ATO has cautioned social media users that the criminals had perpetrated the scam using data stolen from a taxpayer's online activities.
The ATO client identity unit in Canberra is modelled on a similar outfit in the United States' Internal Revenue Service that was established after the September 2001 attacks on the country.
The new unit will provide support as the ATO expands its online services.
One of the ATO's second commissioners, Geoff Leeper, said the attack had been detected and stopped, and the loss of money was minimal.
"We had to manage something early in the year, around January and February, which was a multi-pronged attempt on the tax revenue system," Mr Leeper said.
"As far as we're concerned it's closed. We identified the vector of attack and we dealt with it and we managed to stop nearly all the money they were trying to get out of us. We didn't get 100 per cent but we got the majority of it once we identified the form of attack.
"All I'll say is that it started with the theft of an identity."
Mr Leeper said the attack showed how identities could be stolen using information that social media users posted online.
"The issue here is that people need to be incredibly cautious with their online identities. What we learned from that particular case was that there appears to be enough around on social media sites these days for it to be possible for someone who is not that careful to make it easier for someone to steal their identity,'' he said.
The six-strong unit, which will be based in the ATO's corporate affairs division in Canberra and operate throughout the country, was established as a direct result of the cyber attack.
"We need to be as light on our feet as the criminals are because they will just sit outside there and just ping different parts of the government system until they find a weak door," Mr Leeper said.
"It might be individual cases of identity theft, or individual identity theft, or it might be much more structured attempts on the tax system.''
Deepti Paton, a counsel with the Tax Institute of Australia, said the establishment of the new unit was a "welcome move".
"Over the past few years there's been an increase, year on year, in identity fraud so certainly it's a very sensible initiative,'' Ms Paton said.
"Because of the high level of cash transactions that go on around lodgment of tax returns, it's quite important to stay ahead of these things rather than wait and see."

Zimbabwe's Election Cyberwar

Zimbabwe's government has blocked mass SMS text-message bursts ahead of next week's election, hobbling a powerful source of non-official information in the tightly controlled southern African state, activists and a phone company source said on Friday.
With the clock ticking down to the July 31 poll in which President Robert Mugabe is looking to add to his 33 years in power, web portal Kubatana.net said it had noticed this week that its mass text messages were mysteriously getting lost.
Its provider, Econet Wireless, Zimbabwe's largest mobile phone firm with 8 million subscribers out of a population of 13 million, declined to comment.
A senior company source confirmed the firm had bowed to government pressure, however, to block mass SMS services around the election “in the interest of peace, national security and stability."
“We have just been told we cannot be facilitating bulk SMSs during the elections, roughly for the next two or so weeks,” the source said. “Our understanding is that they will take our network down or cancel our license if there is any violation.”
A spokeswoman for the regulator, part of the telecoms ministry, declined to comment.
Although Internet penetration rates have soared since the end of a long economic meltdown in 2008, many Zimbabweans only have simple phone handsets, making the plain old SMS a more effective way to disseminate news and views to a mass audience.
Kubatana, whose messages contained headlines, quotations, proverbs and political questions, said the shutdown was an infringement of the freedom of expression enshrined in a constitution only ratified in May.
“Kubatana.net views the interference in our work as obstructive, repressive and hostile,” it said in a statement.
Online freedom
With Africa's oldest leader in no mood to ride off into the political sunset, there are likely to be more disputes over control of technology and the Internet, the breeding ground of people-power uprisings against oppressive governments in the Middle East and North Africa.
Faced with a daily diet of pro-Mugabe propaganda in newspapers controlled by his ZANU-PF party and on state television and radio, many Zimbabweans have turned to cyberspace for an alternative view.
Top of the list is purported ZANU-PF “Deep Throat” Baba Jukwa, whose Facebook page has attracted nearly 300,000 followers of his salacious tales of scandal and intrigue at the heart of the ruling party.
Internet giant Google has lent its weight, launching a 'Zimbabwe election hub' to bring all stories and issues under one web address.
Fearing a rigged vote or result skewed by threats or violence - as happened in the last election in 2008 - Zimbabweans have also set up sites to monitor the progress of the election and conduct of security forces.
Prominent among these is votewatch263.org, a 'crowd-sourcing' website that lets people report incidents - positive or negative - that are then plotted on an interactive map, a concept first used in Kenya after violent elections in 2007.
“News and information is circulating faster now than at any other time. We don't need to listen to the ZBC bulletins or rely on a copy of the Daily News to know what's going on,” said votewatch263 spokeswoman Koliwe Nyoni Majama.
Even though the atmosphere on the ground has been relatively peaceful compared with 2008, online tensions are high.
Hackers took out the website of the Zimbabwe Ministry of Defense last month and the SMS blockade suggests Mugabe's cyber-police - believed to be trained by China and Russia - will be keeping a close eye on sites such as votewatch263.
The prospects of retaliation are especially high since, as recipients of foreign donor funding, they are open to accusations of being a front for hostile Western governments, a common Mugabe refrain.
“The people who set up the software put some security settings in place,” Majama said. “We've tried our level best to get it on for as long as possible - but everything is possible.”