12 February 2013

Software that tracks people on social media created by defence firm

A multinational security firm has secretly developed software capable of tracking people's movements and predicting future behaviour by mining data from social networking websites.
video obtained by the Guardian reveals how an "extreme-scale analytics" system created by Raytheon, the world's fifth largest defence contractor, can gather vast amounts of information about people from websites including Facebook, Twitter and Foursquare.
Raytheon says it has not sold the software – named Riot, or Rapid Information Overlay Technology – to any clients.
....


The sophisticated technology demonstrates how the same social networks that helped propel the Arab Spring revolutions can be transformed into a "Google for spies" and tapped as a means of monitoring and control.
Using Riot it is possible to gain an entire snapshot of a person's life – their friends, the places they visit charted on a map – in little more than a few clicks of a button.

.....
The power of Riot to harness popular websites for surveillance offers a rare insight into controversial techniques that have attracted interest from intelligence and national security agencies, at the same time prompting civil liberties and online privacy concerns.
....
n April, Riot was scheduled to be showcased at a US government and industry national security conference for secretive, classified innovations, where it was listed under the category "big data – analytics, algorithms."
According to records published by the US government's trade controls department, the technology has been designated an "EAR99" item under export regulations, which means it "can be shipped without a licence to most destinations under most circumstances".



Click here to read more ....


07 February 2013

Broad Powers Seen for Obama in Cyberstrikes

WASHINGTON — A secret legal review on the use of America’s growing arsenal of cyberweapons has concluded that President Obama has the broad power to order a pre-emptive strike if the United States detects credible evidence of a major digital attack looming from abroad, according to officials involved in the review. 

....
That decision is among several reached in recent months as the administration moves, in the next few weeks, to approve the nation’s first rules for how the military can defend, or retaliate, against a major cyberattack. New policies will also govern how the intelligence agencies can carry out searches of faraway computer networks for signs of potential attacks on the United States and, if the president approves, attack adversaries by injecting them with destructive code — even if there is no declared war.
....

Mr. Obama is known to have approved the use of cyberweapons only once, early in his presidency, when he ordered an escalating series of cyberattacks against Iran’s nuclear enrichment facilities. The operation was code-named Olympic Games, and while it began inside the Pentagon under President George W. Bush, it was quickly taken over by the National Security Agency, the largest of the intelligence agencies, under the president’s authority to conduct covert action.
As the process of defining the rules of engagement began more than a year ago, one senior administration official emphasized that the United States had restrained its use of cyberweapons. “There are levels of cyberwarfare that are far more aggressive than anything that has been used or recommended to be done,” the official said. 
....
While many potential targets are military, a country’s power grids, financial systems and communications networks can also be crippled. Even more complex, nonstate actors, like terrorists or criminal groups, can mount attacks, and it is often difficult to tell who is responsible. Some critics have said the cyberthreat is being exaggerated by contractors and consultants who see billions in potential earnings.
One senior American official said that officials quickly determined that the cyberweapons were so powerful that — like nuclear weapons — they should be unleashed only on the direct orders of the commander in chief. 
....
The Obama administration has urged stronger firewalls and other systems to provide a first line of defense, and then “resiliency” in the face of cyberattacks. It failed to get Congress to pass cybersecurity legislation that would have allowed the government to mandate standards. 


Click here to read more ....

Schmidt slams China as world's most prolific hacker


Google executive chairman Eric Schmidt has strongly criticised China, claiming the country is the world’s most prolific hacker of foreign firms and predicting that its actions will increasingly drive Western tech vendors closer to their governments.
The remarks came in a new book, The New Digital Age, which the Wall Street Journal has managed to get its hands on.

....

“The United States will not take the same path of digital corporate espionage, as its laws are much stricter (and better enforced) and because illicit competition violates the American sense of fair play,” the book states, according to the WSJ.

....

Most interestingly, the book apparently claims that Western tech firms may increasingly find themselves aligned with their governments in opposition to China and work to co-ordinate efforts “on both diplomatic and technical levels”.
....


Click here to read more ....

Twitter clients stay signed in with pre-breach passwords


OAuth means apps can connect despite reset of passwords made unsafe by breach

Twitter has detected a breach and suggested 250,000 users change their passwords. Yet users who heed that advice will still find that apps using the Twitter API, including the company's own, allow access to the service without asking users to enter the new password.
.....
A password change performed on the web did not, however, cause Twitter's own apps for iPad (under iOS 5.1.1 on an iPad 1) or iOS (under iOS 6 on an iPhone 5) to prompt us for the new password. Instead, it remained possible to post tweets from both.
....
Other users of Twitter's iOS app confirmed the same issue, one telling The Reg that only after he deleted and re-installed the app was he prompted for a new password.
......
Twitter spokesperson Jim Prosser did not deny that clients can continue to access the service even after passwords have been changed, and told The Reg, by email, that “TweetDeck and other clients use [open authentication standard] OAuth, so as long as you don't sign out, you don't have to re-input your credential every time you open the app.”
.....

Click here to read more ...... 

US Department of Energy hacked, employees' personal information stolen

by Graham Cluley on February 4, 2013

According to media reports, the US Department of Energy has been hit by a "sophisticated cyber attack" in the last few weeks, which resulted in the personal information of several hundred employees being compromised.
......
The FBI is said to be investigating the hack, which occurred two weeks ago at the Department of Energy's Washington-based HQ, and affected 14 servers and 20 desktop workstations.
A Fox News headline on the incident attempts to link the attack to Chinese hackers, but the original Free Beacon report admits that both the source and identity of the hackers is unknown.
......
But, once again, it's important to remember that it's very hard to prove who is behind an internet attack - especially as hackers can easily bounce their attacks between multiple compromised computers spread around the globe.
And there is a chance that China could become an all-too-convenient bogeyman, that can easily be blamed for any embarrassing security breach.
...... 


Click here to read more ....

Global credit card fraud: New malware behind fraud, suspect bankers

Bankers say that the spurt in credit card frauds is possibly caused by a new malware Dexter which has been used to commit digital fraud internationally.

Typically digital fraud involves hackers breaking into either a banking network or payment aggregator's server or what is being seen as more recent trend -installing a malware in the point of sale. Bankers feel this is likely because the pattern is unlike earlier cases of skimming where numbers are limited and are concentrated in some geographies.
.......
Scamsters buy individual information after sampling few card numbers. Bankers say that since cards are invariably blocked after an initial transaction, scamsters buy card information in bulk and these are sold at prices as low as $2 per card information. Once this information is available it can be used to clone cards. Theoretically, card information can be stolen from a retail chain in India, by a hacker in Russia and sold to scamsters in US.
......
Precautions to prevent cyber fraud 

Things to remember 

* Never access your banking account from a cyber cafe or a shared computer as you can never know how you are being monitored, or what spy software might be installed on those machines. 

* Always use your home computer 

* Be careful of any emails that ask you to update your bank account info. They could be an attempt at phishing, which could result in identity theft. 

* Never open any attachments from sources that you do not know 

* Do not give any confi dential information such as password, customer ID, credit/debit card number or PIN, CVV, DOB to any email request, even if the request appears to be coming from govt authorities like I-T dept or any associate company like VISA or Master Card 

* Don't click on any link that you receive in your email even if it appears to be from your bank. Instead, make it a point to remember the URL, and type it manually in the address bar before making any transactions. Scammers create websites that look and feel authentic 

* Always update your operating system for security patches. Also use a reputed anti-virus 

* When choosing a password for your banking accounts, choose something that is long and includes upper, lower case & special characters 

* Avoid using your birthdates or anniversaries as passwords as these can easily be guessed 

* Scammers use publicly available information on social networking sites to identify and lure potential victims 

* Check SSL (Secure Socket Layer)/ https security on login page of bank's website. The 's' after the 'http' denotes the site is secure 

Must do 

* Most banks recommend that you apply for a replacement credit card after returning back from a foreign trip. 

* Dealing on foreign websites could be riskier as the 2-factor authentication mandated by the RBI (besides login and PIN) is for web businesses in India only 

* Scratch out the three digit CVV number at the back of your card. Also sign the strip on your credit/debit card as it makes it tougher for anyone else to use 

* Notify your credit-card provider/bank immediately of any illegal use of your card from an online transaction. The longer you wait, the more diffi cult it can be to resolve the situation, especially if you've become a victim of identity theft


Click here to read more ...... 

Credit card fraud higher in Southeast Asia, say banks, travel agents

CHENNAI: Credit cards may be the most convenient way to pay on a trip abroad, but in some countries it is unsafe to use them. It is riskier to swipe credit cards in Sri LankaThailand, the Philippines, Malaysia, and Indonesia than in Europe, warn travel agents. 

Many travel agents have an informal list of countries where it is risky to use credit cards because information can be stolen and misused. Credit card information thieves often target tourists who buy electronics, or visit pubs and clubs. 

"We tell travelers not to use credit cards at clubs, pubs, casinos, department stores or small shops when they travel abroad. It is a risk to use ATM machines in Malaysia. There is no advisory or black list available, but we get a lot of feedback from other travel agents about customer experiences abroad," said Basheer Ahmed, an office-bearer of Travel Agents' Federation of India.

.........

Click here to read more ....

Global credit card fraud: 5 Indians among 18 charged in New York

NEWARK: At least five Indian-origin men are among 18 people charged in New York for running a whopping $200 million global credit card fraud under which they used thousands of fake identities to dupe businesses and financial firms and wired millions of dollars to Pakistan and India. 
....
Law enforcement officers from the FBI arrested 13 men and searched locations in New Jersey, New York, Pennsylvania and Connecticut. Among those charged are Babar Quereshi (59), Ijaz Butt (53), Raghbir Singh (57), Mohammad Khan (48), Sat Verma (60), Vijay Verma (45), Tarsem Lal (74) and Vinod Dadlani (49). Each of them faces a maximum penalty of 30 years in jail and a $1 million fine. 

"The criminal activity highlights an extensive, sophisticated, organized scheme, executed against US financial institutions, which, in turn, affects every US citizen," acting special agent in charge David Velazquez said. 
.......

Click here to read more ....

01 February 2013

Hackers in China Attacked The Times for Last 4 Months

SAN FRANCISCO — For the last four months, Chinese hackers have persistently attacked The New York Times, infiltrating its computer systems and getting passwords for its reporters and other employees.

.......
The timing of the attacks coincided with the reporting for a Times investigation, published online on Oct. 25, that found that the relatives of Wen Jiabao, China’s prime minister, had accumulated a fortune worth several billion dollars through business dealings.
.........
The hackers tried to cloak the source of the attacks on The Times by first penetrating computers at United States universities and routing the attacks through them, said computer security experts at Mandiant, the company hired by The Times. This matches the subterfuge used in many other attacks that Mandiant has tracked to China.
...........

Security experts found evidence that the hackers stole the corporate passwords for every Times employee and used those to gain access to the personal computers of 53 employees, most of them outside The Times’s newsroom. Experts found no evidence that the intruders used the passwords to seek information that was not related to the reporting on the Wen family.
.............

Click here to read more ....

Hack Attack On 'New York Times' Looks Like Part Of Chinese Campaign


This news ...
"For the last four months, Chinese hackers have persistently attacked The New York Times, infiltrating its computer systems and getting passwords for its reporters and other employees."
... appears to be "part of a broader campaign against American media reporting on Chinese leaders," NPR's Louisa Lim reports from Beijing.

......



Update at 4:45 p.m. ET. Wall Street Journal Hacked, Too:
The Wall Street Journal reports that it, too, "had been infiltrated by Chinese hackers."
The Journal reports:
"'Evidence shows that infiltration efforts target the monitoring of the Journal's coverage of China and are not an attempt to gain commercial advantage or to misappropriate customer information,' Paula Keve, chief spokeswoman for the Journal's parent company, Dow Jones & Co., said in a written statement Thursday. Dow Jones is a unit of News Corp.
"The infiltration of networks related to coverage of China is an "ongoing issue," Ms. Keve said. 'We continue to work closely with the authorities and outside security specialists, taking extensive measures to protect our customers, employees, journalists and sources.'"

.......

Click here to read more ....

Security Flaws in Universal Plug and Play: Unplug, Don't Play

Posted by HD Moore in Information Security on Jan 29, 2013 1:05:19 AM on  Street Security


This morning we released a whitepaper entitled Security Flaws in Universal Plug and Play. This paper is the result of a research project spanning the second half of 2012 that measured the global exposure of UPnP-enabled network devices. The results were shocking to the say the least. Over 80 million unique IPs were identified that responded to UPnP discovery requests from the internet. Somewhere between 40 and 50 million IPs are vulnerable to at least one of three attacks outlined in this paper. The two most commonly used UPnP software libraries both contained remotely exploitable vulnerabilities. In the case of the Portable UPnP SDK, over 23 million IPs are vulnerable to remote code execution through a single UDP packet. All told, we were able to identify over 6,900 product versions that were vulnerable through UPnP. This list encompasses over 1,500 vendors and only took into account devices that exposed the UPnP SOAP service to the internet, a serious vulnerability in of itself.
...

stats.png



Click here to read more ....

Web smut sites are SAFER than search engines, declares Cisco

Cisco proclaimed that it is more dangerous to click on a web ad than a porn site these days as it unveiled the latest version of its security threat report.
......

Chris Young, senior veep for Cisco's Security and Government Group, said the nature of IT security threats were changing in the same way as the industry as a whole, meaning "the cloud" and "mobility" are trends for the cybercrime community too. This means that security managers should worry less about securing the perimeter and consider the "any-to-any" problem (any user, on any device, on any connection).
Cyber criminals and other miscreants were hitting their targets where they were most likely to gather, he said, and were increasingly launching "combinational" attacks.
This throws up some, arguably counterintuitive, conclusions. Malicious content is 27 times more likely to be encountered via search engines than counterfeit software, the vendor's 2012 Annual Security Report claims.
.......



Click here to read more ....

Hacker faces 105 years inside after FBI 'sexploitation' arrest


The FBI has announced the arrest of a 27-year-old man over charges that he hacked into the data of over 350 female victims and blackmailed them into providing him with nude photographs and video calls.
Karen "Gary" Kazaryan, 27, was arrested in Glendale, California on Tuesday after being indicted on 15 counts of computer intrusion and 15 counts of aggravated identity theft, and faces a possible 105 years in the Big House if convicted. Police found over 3,000 images of women he is claimed to have targeted on his computer.
According to the FBI – which dubbed the case one of "sextortion" – between 2009 and 2010, Kazaryan hacked into women's computers and email accounts in search for images of the victim unclothed, as well as any passwords and details on their female friends. He would then contact these friends, pretending to be the victim, and persuade them to disrobe so he could take pictures of them.

..........


Police say over 350 women have been traced from Kazaryan's records so far, but others are still unidentified. Anyone thought to have been affected by this should contact the FBI’s Los Angeles Field Office at +1 (310) 477-6565.
.......


Click here to read more ....

Apple blocks Java on the Mac over security concerns

......

Apple, along with browser manufacturers, started blocking Java when a major security hole was discovered in the code earlier in the month. Oracle downplayed its significance, but then was forced to admit that it had a problem and rushed out a code patch (with the obligatory offers to install crapware at the same time).
Now Apple has blocked it again, and other players are starting to make moves to get rid of Java as far as possible. On Tuesday, Mozilla announced it was ending the auto-loading of plug-ins for Firefox – while not actually mentioning Java by name – and Apple has already stopped bundling it with OS X by default.
Apple's block on Java
'No Java for you!', says Apple (source: MacGeneration)


.......

Click here to read more ....