Showing posts sorted by date for query Washington Post. Sort by relevance Show all posts
Showing posts sorted by date for query Washington Post. Sort by relevance Show all posts

What Risk We are Posing! Everyone Can Become Target of the Latest Cyber Security Threats

Posted by Avik Sarkar On 2/10/2014 07:31:00 pm

What Risk We are Posing! Everyone Can Become a Target of the Latest Cyber Security Threats
According to a report by the Washington Post, hackers may soon be setting up a plan to unfold in 2013 that will target 30 different U.S. banking institutions. McAfee Labs, who has compiled a new cyber security report, says that banks should be on the lookout for software that creates false online transactions or targets transfers tied to large dollar amounts.
Sources say that these threats can all be tied back to “Project Blitzkrieg”, which is a program that has been around since 2008. Within the past four years, it has already stolen $5 million and plans to continue for as long as possible. During the past few months, between 300 and 500 victims located within the U.S. have fallen victim to Project Blitzkrieg’s schemes. By the spring of 2013, McAfee says that things could get even worse for U.S. banks and their customers.
Experts note that this scheme may be tied to reports from back in October by security company RSA that mentioned how a hacker out of Russia named “vorVzakone” has been openly discussing his plan to recruit a team to plan the largest Trojan attack tied to banking. McAfee warns that these threats should be taken extremely seriously as the beginning of 2013 is soon to unfold. The software can become extremely dangerous to those doing their banking online because it can replicate transactions and even delete e-mail notifications about certain transfers.
While U.S. banks will no doubt be increasing their security protocols to protect themselves from any unnecessary attacks, most already know that they are continually being cited as targets from hacking groups around the globe. Back in September, both JP Morgan Chase and Bank of America saw their sites crash because of DDoS attacks.

Samsung Smart TV Dangers
The Register has recently reported that Samsung’s newest Smart TV is completely open and vulnerable to hacking because it gives hackers the ability to steal data very quickly. According to security company ReVuln, this vulnerability most notably affects consumers who own and use their Samsung 3D TVs for internet purposes.
Those who use their Smart TVs can rent movies, browse the web for a cheap line rental, go on Facebook, and more. ReVuln claims that they have found an exploit which allows hackers to see everything the user is doing while they are using their TV, retrieve and access information like web history, and hook up an external thumb drive to the TV to conveniently steal all of this information for future use. While ReVuln noticed this exploit while using a Samsung 3D TV, the true problem is that it seems to affect all of the latest Samsung TVs with internet capabilities, which includes many different makes and models.
As these TVs continue to act more as larger PCs, it is only a matter of time until we see even more security vulnerabilities tied to them in the very near future.

Gas Station Bluetooth Skimming
News site KRCA out of Sacramento notes that crooks are using Bluetooth devices in order to steal credit card information from those who are paying for gas at the pump. The biggest issue the cyber security experts noticed is that these thieves do not even have to be near the gas station in order to steal information.
Crooks are using skimming devices that utilize Bluetooth and contain a variety of common security keys that can be used to access gas pumps for maintenance. They don’t simply pull out their device and begin swiping information for oblivious consumers. Thieves will start by installing skimmers on the pumps to collect information from those pumping gas and then pick them back up. Detectives say that these types of devices are impossible to detect.
According to experts, thieves can be up to 100 yards away and continually collect credit card information from unsuspecting users. Because of this, these crooks are impossible to detect, and the problem may only grow larger in the near future.

Troublesome QR Codes

QR codes seem to be everywhere these days. They’re typically on everything from advertisements to products that we purchase on a daily basis. In the Netherlands, hackers are posting QR codes in heavily trafficked areas like airports and major streets. When these QR codes are scanned in by a user’s smart phone, they are taken to a malicious website that may attempt to phish information from the user or possibly infect their smartphone with malware.

Disclaimer:- Before perfection, on behalf of Team VOGH, I would like to personally thank Eve Halton  for sharing this magnificent article with our readers. Eve is a very much passionate Fleet Street, she  has done her graduation in International Business and Journalism. She gained decent experience in writing articles on several fields like global politics, economics, sustainability issues, cyber security & many more.


SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

BBC Server Compromised! Russian Hackers Broke Into FTP & Tried to Sell Unauthorized Access

Posted by Avik Sarkar On 1/02/2014 11:09:00 pm

BBC Server Compromised! Russian Hackers Hacked Into FTP & Tried to Sell Unauthorized Access on The X-Mass Evening 
Earlier we have seen world renowned media houses like CNN, NBC, Fox News, Washington Post, NY Times, NDTV and so on have fallen victim to hackers and cyber criminals. Now it was the turn for world’s largest and oldest broadcaster -British Broadcasting Corporation, widely known to us as BBC. Sources revealed that cyber criminals have managed to breach the security system of BBC and secretly took over a computer server at the BBC and then launched a Christmas Day campaign to convince other cyber criminals to pay him for access to the system. The attack was first identified by a cyber security firm named Hold Security LLC, in Milwaukee that monitors underground cyber crime forums in search of stolen information. However, it is still not clear whether the hacker stole any information or data or caused any damage to the site. In conversation with press Alex Holden, founder and Chief Information Security Officer of Hold Security told -"So far Hold Security researchers have found no evidence the conversations led to a deal or that data was stolen from the BBC.” So far the identity of hacker has not been confirmed, but the firm researchers observed a notorious Russian hacker known by the monikers "HASH" and "Rev0lver," attempting to sell access to the BBC server on December 25. However, BBC's security team managed to secure the site on Saturday, claims a person close to clean up efforts. One of the BBC spokesman refused to comment on the issue, he said, “We do not comment on security issues.” On the other hand, Justin Clarke, a principal consultant for the cyber security firm Cylance, said that while "accessing that server establishes a foothold within BBC's network which may allow an attacker to pivot and gain further access to internal BBC resources.” So far Hold Security researchers have found no evidence the conversations led to a deal or that data was stolen from the BBC. But we all know that  ftp systems are typically used to manage the transfer of large data files over the Internet. That's why the chances of data breach cant not be denied at this time. For updates on this piece of news and other hot information of the cyber & tech world stay tuned with VOGH


SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

The Washington Post Server Breached! Chinese Hackers Apprehend For This Cyber Attack

Posted by Avik Sarkar On 12/20/2013 12:55:00 am

The Washington Post Server Hacked! Suspected That Chinese Hackers Are Behind This Cyber Attack 
Last week the story of Chinese eavesdropping on European ministries and diplomats at G20 summit draws the attention of the entire cyber world and made headlines. Yet again another breathtaking issue came in-front where also China found responsible for security breach that effected The Washington Post - the most widely circulated newspaper published in Washington, D.C. Sources reveled that hackers broke into The Washington Post’s servers and gained access to employee user names and passwordsMandiant, a cyber security contractor that monitors The Washington Post’s networks, said the intrusion was of relatively short duration. The extent of the loss of company data was not immediately clear, still the matter of relief is that the company passwords are stored in encrypted form, hackers in some cases have shown the ability to decode such information. although to avoid any further mishap Washington Post have planned to ask all employees to change their user names and passwords on the assumption that many or all of them may have been compromised. Officials at Washington Post said that they saw no evidence that subscriber information, such as credit cards or home addresses, was accessed by the hackers. Nor was there any sign that the hackers had gained access to The Post’s publishing system, e-mails or sensitive personal information of employees, such as their Social Security numbers. Post officials found that this hack is more-recent than the 2011 one. They also said, began with an intrusion into a server used by The Post’s foreign staff but eventually spread to other company servers before being discovered. “This is an ongoing investigation, but we believe it was a few days at most,” said Post spokeswoman Kris Coratti. 
China not only targeted Washington Post,  If you look at the story of major cyber attacks of this year we will find that the name of China has been involved several times for engaging cyber attacks against several high profile news organization of U.S. including New York TimesNBC and so on. So far Chinese Government have not responded to this issue, also none of Chinese hacker community take the responsibility of this breach. For upcoming updates on this story stay tuned with VOGH




SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Pentagon Assigning More Experts to Boost Cyber Security & Protect U.S. Computer Networks

Posted by Avik Sarkar On 2/06/2013 07:12:00 pm

Pentagon Assigning More Experts to Boost Cyber Security & Protect U.S. Computer Networks

Cyber security has become one of the most sophisticated area of National security and defense, and in order to implement that Pentagon has increased their estimated expense on cyber security. And this deceleration has been made while publishing the budget late in last year. Now that implementation is getting executed as the Pentagon is moving toward a major expansion of its cyber security force to counter increasing attacks on the nation’s computer networks, as well as to expand offensive computer operations on foreign adversaries. This confirmation has came from defense officials. The expansion would increase the Defense Department’s Cyber Command by more than 4,000 people, up from the current 900, an American official said. Defense officials acknowledged that a formidable challenge in the growth of the command would be finding, training and holding onto such a large number of qualified people. The Pentagon “is constantly looking to recruit, train and retain world class cyberpersonnel,” a defense official said Sunday.
As part of the expansion, officials said the Pentagon was planning three different forces under Cyber Command: “national mission forces” to protect computer systems that support the nation’s power grid and critical infrastructure; “combat mission forces” to plan and execute attacks on adversaries; and “cyber protection forces” to secure the Pentagon’s computer systems. Cyber Command’s connections to the NSA are also leading some officials to ask how much of the expansion will be focused domestically, especially considering the opening of the NSA’s new, $2 billion Utah Data Center, scheduled to go live later this year. An unnamed "senior defense official" said that the agency’s efforts would remain focused outside US networks, unless it were asked to assist "another agency with domestic authority, such as the FBI." There is significant overlap between Cyber Command and the NSA — until recently, some employees of the former had nsa.gov email addresses, for instance — and there is some doubt that the nascent offshoot of US Strategic Command will be able to achieve true independence under NSA Director Alexander.



-Source (NY Times, Washington Post)







SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

NSA Refused to Disclose Obama's Secret Cyber Security Directive

Posted by Avik Sarkar On 11/27/2012 12:33:00 am

NSA Refused to Disclose Obama's Secret Cyber Security Directive

The cyber security directive of United States President Barack Obama has been twisted a little as the National Security Agency (NSA) has refused to release details of a secret presidential directive document that would establish a broader set of standards that would guide federal agencies in confronting Cyber threats. Several experts are presuming that the cyber security directive could allow the military and intelligence agencies to operate on the networks of private companies, such as Google and Facebook. According to the last week report by Washington Post, cited several U.S. officials saying that Obama signed off on the secret cyber security order, believed to widely expand NSA’s spying authorities, in mid-October. “The new directive is the most extensive White House effort to date to wrestle with what constitutes an “offensive” and a “defensive” action in the rapidly evolving world of cyber war and cyber terrorism,” the report states.  
The Electronic Privacy and Information Center (EPIC), filed a Freedom of Information Act (FOIA) request to make the document public because it said the measure could expand NSA’s Cyber security authority. “Transparency is crucial to the public’s ability to monitor the government’s national security efforts and ensure that federal agencies respect privacy rights and comply with their obligations under the Privacy Act,” said EPIC’s request.
EPIC said that NSA denied the request on Nov. 21 arguing that it doesn’t have to release the document because it is a confidential presidential communication and contains information that is classified “Secret” and “Top Secret” by the agency. NSA said disclosure of the order could “reasonably be expected to cause exceptionally grave damage to the national security.” The agency said EPIC could file an appeal with the NSA/Central Security Service denial and EPIC said it plans to do so. The privacy group said it is litigating similar FOIA requests with NSA, including the release of NSPD 54, a 2008 presidential directive setting out the NSA’s cyber security authority. The group called NSA a “black hole for public information about cyber security” in an official statement to Congress earlier this year. National Security Agency whistle blower William Binney said in Mid July that the U.S. government is secretly gathering information “about virtually every U.S. citizen in the country”, in “a very dangerous process” that violates Americans’ privacy.
Former President George W. Bush signed a presidential order in 2002 allowing the National Security Agency (NSA) to monitor without a warrant the international (and sometimes domestic) telephone calls and e-mail messages of hundreds or thousands of citizens and legal residents inside the United States. The program eventually came to include some purely internal controls -- but no requirement that warrants be obtained from the Foreign Intelligence Surveillance Court as the 4th Amendment to the Constitution and the foreign intelligence surveillance laws require.



-Source (GSN Magazine & Press TV)





SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Spy Files By Wikileaks Said Government Using Malware For Surveillance

Posted by Avik Sarkar On 12/03/2011 07:50:00 pm



The latest round of documents published by Wikileaks offers a rare glimpse into the world of surveillance products. The collection—which Wikileaks calls the Spy Files—includes confidential brochures and slide presentations that companies use to market intrusive surveillance tools to governments and law enforcement agencies. The documents published by Wikileaks include 287 files that describe products from 160 companies. The group says that these files are only the first set of a larger collection and that more will be published in the future. The project is being carried out in collaboration with activist groups such as Privacy International and press organizations such as the Bureau of Investigative Journalism and the Washington Post.
"[The surveillance industry] is, in practice, unregulated. Intelligence agencies, military forces, and police authorities are able to silently, and on mass, and [sic] secretly intercept calls and take over computers without the help or knowledge of the telecommunication providers," wrote Wikileaks in its report.
 "In the last ten years systems for indiscriminate, mass surveillance have become the norm."
Surveillance products revealed in the Spy Files cover a wide range of different communication technologies. Many are designed to circumvent standard privacy and security safeguards in mainstream consumer technology products so that they can collect as much data as possible. Some are even deliberately programmed to operate like malware.
The software will capture the content of encrypted communications—including instant messaging conversations, e-mails, and the user's Web activity—and will relay the data to the party conducting surveillance. The software also includes key logging, remote file access, and has the ability to capture screenshots. The company cites "zero day exploits" and "social engineering" in a bulleted list of ways that its remote forensic software can be installed on the computer of a surveillance target.

For More Information Click Here



SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

U.S. Water Supply System Under Cyber Attack, FBI & DHS is Investigating

Posted by Avik Sarkar On 11/21/2011 10:50:00 pm


Hackers from Russia have has allegedly remotely intruded into the industrial control systems of a hydroelectric power plant in the US state of Illinois. Reports in the US media say that the hacker managed to repeatedly switch the pump on and off, destroying it in the process. This would be the first time that parts of a country's critical infrastructure have been successfully attacked and crippled via the internet.
Although the FBI and DHS started to investigate the incident, they initially downplayed the risk – this provoked the alleged hacker, "prof", who proceeded to intrude into a second water utility in Houston, Texas. To prove his intrusion, he released five screenshots of the utility's SCADA (Supervisory Control And Data Acquisition) system. 

After an investigation it was determined the system had been hacked into from a computer in Russia, the Washington Post reports.
An Illinois state fusion centre report on the attack said it is not known how many other systems might be affected.
The Department of Homeland Security confirmed that a water plant in Springfield, Illinois, had been damaged. He said: 'DHS and the FBI are gathering facts surrounding the report of a water pump failure in Springfield, Illinois.
'At this time there is no credible corroborated data that indicates a risk to critical infrastructure entities or a threat to public safety.'
A report from the Illinois terrorism and intelligence center said there had been problems with the system in Springfield for two to three months.
The system 'would power on and off, resulting in the burnout of a water pump,' the report said.
It added that cyber attackers broke into a software company’s database and got hold of user names and passwords of various control systems that run water plant computer equipment. The method used, hacking a security company to gain entry to another company, was employed earlier this year by cyber attackers in China.
They stole data from RSA, a division of EMC that provides secure remote computer access to government agencies. They then went on to get into the computer systems of companies, including Lockheed Martin.



SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

White House Orderd to Issue New Cyber Security Policies

Posted by Avik Sarkar On 10/11/2011 06:22:00 pm


The White House will issue Friday an executive order on computer security to prevent breaches of the sort that occurred with the release last year of hundreds of thousands of classified documents to the Web site WikiLeaks.
The order, coinciding with National Cybersecurity Month, replaces an outdated policy predating the Obama administration and caps a seven-month review of procedures for handling classified information.
The order directs agencies to designate a senior official to oversee classified information sharing and safeguarding for the agency and enshrines a number of measures the Pentagon and other agencies have announced, including the Pentagon’s disabling the “write” capability on most computers in the military’s secret-level classified network to prevent downloading classified data onto removable drives.
“Our nation’s security requires classified information to be shared immediately with authorized users around the world, but also requires sophisticated and vigilant means to ensure it is shared securely,” Obama’s order said.
The order, first reported by the New York Times on Thursday night, also creates an interagency task force headed by the attorney general and the director of national intelligence to detect and prevent leaks from government employees  what is known as the “insider threat.”
It also calls for a Senior Information Sharing and Safeguarding Steering Committee with responsibility for coordinating interagency efforts and ensuring that agencies are held accountable for carrying out the policies and standards.

The White House notes that agencies have made “significant progress” in shoring up security. The Pentagon, for instance, has begun to issue smart cards with special identity credentials required to log onto the secret-level classified network. The cards allow holders access to only those portions of the network that contain information relevant to their jobs.
The Pentagon is also piloting insider-threat technology developed by the National Security Agency and is developing an information-technology audit to identify suspicious behavior on all Department of Defense systems.

-News Source (Washington Post)


SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Microsoft Handover The Rustock Botnet Case to FBI

Posted by Avik Sarkar On 9/23/2011 01:25:00 am


Microsoft lawyers have sealed their victory over the operators of what was once the world's biggest source of spam after winning a court case giving them permanent control over the IP addresses and servers used to host the Rustock botnet. The seizure was completed earlier this month when a federal judge in Washington state awarded Microsoft summary judgement in its novel campaign against Rustock, which at its height enslaved about 1.6 million PCs and sent 30 billion spam messages per day. The complex legal action ensured that IP addresses and more than two dozen servers for Rustock were seized simultaneously to prevent the operators from regrouping.
Now the attorneys are turning over the evidence obtained in the case to the FBI in hopes that the Rustock operators can be tracked down and prosecuted. Microsoft has already offered a $250,000 bounty for information leading to their conviction. It has also turned up the pressure by placing ads in Moscow newspapers to satisfy legal requirements that defendants be given notice of the pending lawsuit.
According to court documents, the Rustock ringleader is a Russian citizen who used the online handle Cosma2k to buy IP addresses that hosted many of the Rustock command and control servers. Microsoft investigators claimed the individual distributed malware and was involved in illegal spam pitching pharmaceutical drugs.
“This suggests that 'Cosma2k' is directly responsible for the botnet as a whole, such that the botnet code itself bore part of this person’s online nickname,” the Microsoft motion stated. In a blog post published Thursday, Microsoft said the number of PCs still infected by Rustock malware continued to drop. As of last week, a fewer than 422,000 PCs reported to the seized IP addresses, almost a 74 percent decline from late March. It also represented significant progress since June, when almost 703,000 computers were observed.
The Rustock takedown has been a rare bright spot in the ongoing fight against computer crime. After it was initiated, federal authorities waged a similar campaign against Coreflood, another notorious botnet estimated to have infected 2 million PCs since 2002. In a step never before taken in the US, federal prosecutors obtained a court order allowing them to set up a substitute command and control server that forces infected machines to temporarily stop running the underlying malware. Taking down botnets is a good start, but it does little stop criminals from setting up new ones. Microsoft's determination in tracking down Cosma2k and his cronies could go a step further, by showing would-be botherders there are consequences to their crimes, no matter where in the world they may be located.

-News Source (Microsoft, Register & CNET)


SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

‘Unauthorized’ Autobiography of Julian Assange Released

Posted by Avik Sarkar On 9/22/2011 09:59:00 pm


The highly anticipated autobiography of WikiLeaks founder Julian Assange hit bookshelves here on Thursday — released without Assange’s consent and following a spectacular falling-out with his publisher. Three months ago, Assange tried to cancel the contract for the autobiography, for which he reportedly was paid more than $1 million. But as the 40-year-old Australian knows better than most, objecting to the release of information is no guarantee that it will be withheld.
Edinburgh, Scotland, publisher Canongate Books said it decided to publish an “unauthorized first draft” of the autobiography, noting that Assange has not repaid his advance, which is tied up in legal fees.
Assange has hit back at Canongate in a lengthy statement, accusing the publisher of “profiteering from an unfinished and erroneous draft.” The 244-page memoir traces Assange’s life from his early years in Queensland, Australia, through to the founding of the whistleblowing Web site that has embarrassed the U.S. government with its release of thousands of diplomatic cables.
Assange devotes an entire chapter to allegations of sexual misconduct with two Swedish women, which he staunchly denies. Perhaps the women were motivated by revenge, he says, or perhaps he was set up. He claims a Western intelligence agency warned him that the U.S. government was discussing ways to deal with him “illegally,” which could include an elaborate trap. Speaking at length about his version of events with women he calls “A” and “W,” Assange writes: “I may be a chauvinist pig of some sort but I am no rapist.”
According to extracts published Thursday in the Independent, he also writes: “The international situation had me in its grip, and although I had spent time with these women, I wasn’t paying enough attention to them, or ringing them back, or able to step out of the zone that came down with all these threats and statements against me in America. One of my mistakes was to expect them to understand this . . . I wasn’t a reliable boyfriend, or even a very courteous sleeping partner, and this began to figure. Unless, of course, the agenda had been rigged from the start.”
Assange didn’t respond to requests for an interview. But in his statement, he disputed the publisher’s version of events — saying that when he tried to cancel the contract, he was seeking a new one with an extended deadline in light of his legal battles. He said: “This book was meant to be about my life’s struggle for justice through access to knowledge. It has turned into something else. The events surrounding its unauthorized publication by Canongate are not about freedom of information — they are about old-fashioned opportunism and duplicity.”
On Twitter, WikiLeaks wrote that “Life is stranger than fiction,” and offered a helpful link to Amazon for anyone seeking to buy the book. When Canongate signed up Assange last December, it was seen as a fantastic coup for the relatively small publisher, who went on to sell the book rights to 38 publishing houses around the globe, including Alfred A. Knopf in the U.S. Canongate said in a statement that Assange sat for 50-plus hours of interviews with a ghost writer at the Georgian manor home northeast of London where Assange currently lives under partial house arrest as he fights an extradition warrant to Sweden. Canongate said that “Julian became increasingly troubled by the thought of publishing an autobiography.” While every word in the book is Assange’s, Canongate said, Assange came to feel it was too personal. Despite pulling the ghostwriter off the project and offering Assange more control, the publisher said, Assange didn’t offer a single edit or additional material while the book was being completed.
Knopf said in a statement that it had cancelled plans to publish the memoir in the United States. “The author did not complete his work on the manuscript or deliver a book to us in accordance with our agreement,” Knopf said. Assange told the Sunday Times last December that he was reluctant to write a memoir, but that he needed the money.
“I don’t want to write this book, but I have to,” he said. “I have already spent £200,000 for legal costs and I need to defend myself and to keep WikiLeaks afloat.”

-News Source (Washington Post)


SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

FBI Said: Anonymous is Not so Anonymous Anymore

Posted by Avik Sarkar On 9/13/2011 05:52:00 pm


Anonymous is not so anonymous anymore. The computer hackers, chat-room denizens and young people who make up the loosely affiliated Internet collective have drawn the attention of the FBI, the Department of Homeland Security and other federal investigators. What was once a small group of pranksters has become a potential national security threat, federal officials say. The FBI has carried out more than 75 raids and arrested 16 people this year in connection with illegal hacking claimed by Anonymous.
Since June, Homeland Security has issued three “bulletins” warning cybersecurity professionals of hacking successes and future threats by Anonymous and related groups — including a call in Manhattan to physically occupy Wall Street on Sept. 17 to protest various U.S. government policies.
San Francisco police arrested more than 40 protesters last month during a rowdy demonstration organized by Anonymous that disrupted the evening commute. The group called for the demonstration after the Bay Area Rapid Transit system blocked cellphone service in San Francisco stations to quell a planned protest over a police shooting on a subway platform.
“Anonymous’ activities increased throughout 2011 with a number of high-profile attacks targeting both public- and private-sector entities,” one of the bulletins issued last month said.
Some members of the group have called for shutting down Facebook in November over privacy issues, though other Anonymous followers are disavowing such an attack, underscoring just how loosely organized the group is and how problematic it is to police.

“Anonymous insist they have no centralized operational leadership, which has been a significant hurdle for government and law enforcement entities attempting to curb their actions,” an Aug. 1 Homeland Security bulletin noted. “With that being said, we assess with high confidence that Anonymous and associated groups will continue to exploit vulnerable publicly available Web servers, Web sites, computer networks and other digital information mediums for the foreseeable future.”
Followers posting to Twitter and conversing on Internet Relay Chat insist there are no defined leaders of Anonymous and that it’s more of a philosophy than a formal club, though a small group of members do the most organizing online.

“Anonymous is not a group, it does not have leaders, people can do ANYTHING under the flag of their country,” wrote one of the more vocal members who asked not to be identified.

“Anything can be a threat to National Security, really,” the member said in an e-mail interview. “Any hacker group can be.”

Fore More Info click Here
-News Source (Washington Post)

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Pentagon Is Expanding Cyber-Security Program

Posted by Avik Sarkar On 8/22/2011 01:07:00 pm


The Pentagon is exploring whether to expand a pilot program that protects the networks of defense contractors to include other companies, and even those in industries that serve mainly civilians. But some private sector officials are not sure that the Defense Department should lead the effort.
Speaking at a conference in Baltimore this week, Deputy Defense Secretary William J. Lynn III said that the Defense Industrial Base (DIB) Cyber Pilot, which currently involves 20 large defense companies, is already showing signs of success. It relies on classified threat “signatures” or data that can help detect malicious code before it penetrates a network.
The signatures and other data that help detect threats are provided by the National Security Agency, which collects electronic data on foreign adversaries and operates under the auspices of the Pentagon. The signatures are loaded into devices run by the Internet service providers, including AT&T and Verizon, which provide Internet services to the companies.
The voluntary 90-day pilot, which the Pentagon said should be completed by early fall, has already shown that “it stops hundreds of signatures that we wouldn’t previously have seen,” Lynn said. “It appears to be cost-effective.”

The Pentagon has declined to give details to back up Lynn’s assertions. In an email earlier this week, Pentagon spokeswoman April Cunningham said: “We do not yet have enough information regarding the pilot to make any decisions about the success or effectiveness of the pilot.” She added: “We are not yet in a position to discuss specific metrics.”
She declined to say whether the Pentagon tested NSA’s signatures and other data against other models for effectiveness. “It is the long-standing policy of the Department of Defense not to discuss matters of operational security.”
Speaking at a conference run by the Defense Information Systems Agency, Lynn expressed significant concern “that over the past decade we’ve lost terabytes of data to foreign intruders, foreign intelligence services, to attacks on corporate networks of defense companies.” A great deal of it, he said, “concerns our most sensitive systems-- aircraft avionics, surveillance technologies, satellite communication systems, and network security protocols.”
As a result, he said, the Pentagon is considering expanding the pilot to more defense companies, and discussing with other agencies whether to “apply this same concept to other sectors, whether it’s the power sector, nuclear energy, the transportation sector or the financial sector.’’
But some officials in other industries questioned whether the Pentagon is the right leader for the effort. One concern involves privacy. NSA participation — even if tangential-- raises fears that the spy agency may at some point gain access to private citizens’ data. Defense officials have addressed that worry for now by saying that the government will not directly filter the network traffic or receive any of the captured malicious code.
Then there is the issue of who leads the initiative. The Department of Homeland Security, which is involved in the Pentagon’s cyber pilot program, is also working with other critical sectors on cyber security.
A financial services industry official, who was not authorized to speak publicly, said his industry would prefer “one point” of collaboration. That point, he said, likely would be DHS. “Let’s not have 10, 20, 30 different bilateral arrangements with each government agency and each sector,” he said. “That would result in a web of confusion.”
A telecom industry official, who also was not authorized to speak publicly, agreed: “What we would like is one consolidated government effort that we can hitch our wagons to.” 

-News Source (Washington Post)

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Hackers Stole $217,000 From The Metropolitan Entertainment and Convention Authority (MECA)

Posted by Avik Sarkar On 8/21/2011 01:44:00 pm


Computer hackers broke into MECA's computer and payroll systems last month and stole $217,000, according to a computer security blogger who detailed the crime in an online post. The Metropolitan Entertainment and Convention Authority on Thursday acknowledged that it was a victim in July of what it called an "Eastern European based cyber scheme." But the agency that runs the CenturyLink Center Omaha and TD Ameritrade Park declined to discuss the case in detail.

Although $217,000 was stolen, MECA reportedly was able to reverse a $147,000 fraudulent transfer, leaving $70,000 unrecovered. In a statement Thursday to The World-Herald, MECA said it has cybercrime insurance that should cover the loss. However, the organization's chief financial officer told security blogger Brian Krebs that MECA faces a $25,000 deductible and the expense of a computer forensic investigation.
In its statement, MECA said it has been in close contact with the FBI, and the local FBI office said it is investigating.
"This was an important lesson to us about vulnerability in the online world," MECA said. "We have changed several online banking security procedures."

In a post this week on his Krebs on Security blog, Krebs, a former Washington Post reporter who tracks Internet and computer security issues, quotes Lea French, MECA's chief financial officer. She says the problems started when an employee opened an email attachment infected with a virus that steals passwords.
Kreb's post says MECA had refused many security protections offered by its bank.
French told the blogger that had those protections been in place, the theft wouldn't have happened. "We thought that would be administratively burdensome," French said in the post, "and I was more worried about internal stuff, not somebody hacking into our systems."
After gaining entry through the infected email, the hackers used MECA's own online banking credentials to add at least six people, so-called money mules, to the payroll, Krebs' post said. The hackers, who French said appeared to be familiar with the payroll system, "wasted no time" setting up fraudulent transfers, according to the blog post.
Said French, "They knew exactly what they were doing. ... They appear to be very good at what they do."
The money mules, who were recruited through fraudulent work-at-home offers, received the transfers and, knowingly or not, helped launder the money, according to the post. The article says $9,000 was sent to a Florida man, who then transferred the funds to three people in eastern Europe. The post says MECA has since added security features to its online banking account.

MECA, in its statement, said it retained a national security technology firm and ran an extensive forensic analysis that determined that the incident was isolated to one computer. No personal information about employees or guests was compromised, MECA said.

"All of this is a day late and a dollar short, I guess," French says in the blog post. "Why isn't someone shouting on the rooftops about this fraud?"

-News Source (Omaha)

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

NSA (National Security Agency) is Searching For Good Hackers

Posted by Avik Sarkar On 8/03/2011 05:31:00 pm

 
The National Security Agency has a challenge for hackers who think they’re hot stuff: Prove it by working on the “hardest problems on Earth.”
Computer hacker skills are in great demand in the U.S. government to fight the cyberwars that pose a growing national security threat — and they are in short supply.

For that reason an alphabet soup of federal agencies — DOD, DHS, NASA, NSA — are descending on Las Vegas this week for Defcon, an annual hacker convention where the $150 entrance fee is cash only — no registration, no credit cards, no names taken. Attendance is expected to top 10,000.
The NSA is among the keen suitors. The spy agency plays offence and defence in the cyberwars. It conducts electronic eavesdropping on adversaries, and it protects U.S. computer networks that hold super-secret material — a prime target for America’s enemies.

“Today it’s cyberwarriors that we’re looking for, not rocket scientists,” said Richard “Dickie” George, technical director of the NSA’s Information Assurance Directorate, the agency’s cyber-defense side.

“That’s the race that we’re in today. And we need the best and brightest to be ready to take on this cyberwarrior status,” he told Reuters in an interview.
The NSA is hiring about 1,500 people in the fiscal year, which ends Sept. 30, and another 1,500 next year, most of them cybersecurity experts. With a workforce of about 30,000, the Fort Meade-based NSA dwarfs other intelligence agencies, including the CIA.
It also engages in cyber-spying and other offensive operations, something it rarely, if ever, discusses publicly.
But at Defcon, the NSA and other “Feds” will be competing with corporations looking for hacking talent.
The NSA needs cybersecurity experts to harden networks, defend them with updates, do “penetration testing” to find security holes and watch for signs of cyberattacks.
The NSA is expanding its fold of hackers, but George said there is a shortage of those skills. “We are straining to hire the people that we need.”

It might seem to be an odd-couple fit — strait-laced government types with their rules and missions trying to recruit hackers who by definition want to defy authorities.
George said the NSA is an environment where the hacker mind-set fits with “a critical mass of people that are just like them.”
But what about culture rifts?
“When I walk down the hall there are people that I see every day and I never know what color their hair’s going to be,” George said. “And it’s a bonus if they’re wearing shoes. We’ve been in some sense a collection of geeks for a long, long time.”
The agency has long been known for its brilliant, but sometimes eccentric, mathematicians and linguists.
Jeff Moss, a hacker known as Dark Tangent, knows something about bridging the two worlds. He founded Defcon and the companion Black Hat conference for security professionals and is now a member of the Department of Homeland Security’s Advisory Council, which advises the government on cybersecurity.
“They need people with the hacker skill set, hacker mind-set. It’s not like you go to a hacker university and get blessed with a badge that says you’re a hacker. It’s a self-appointed label — you think like one or you don’t,” Moss told Reuters.

-News Source (Washington Post)

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Al-Qaida Online Magazine Defaced by UK Intelligence

Posted by Avik Sarkar On 6/03/2011 01:25:00 am


British intelligence officials reportedly vandalized an issue of Inspire, the English-language online magazine of al-Qaida, according to a Washington Post article. The Post reports that "British government cyber-warriors" corrupted Inspire's first issue, on June 30, 2010, changing pages 4 through 67 to an unreadable mess of illegible code, or "binary garbage," as Mikko Hypponen wrote in a blog for the security firm F-Secure. The pages of the jihadist publication were supposed to include an article on how to "Make a Bomb in the Kitchen of Your Mom" as well as an interview with Sheik Abu Basir al-Wahishi, a former aide to Osama bin Laden. It took nearly two weeks for al-Qaida to post a corrected version following the British intelligence hack, the Post said. News of the British government's covert cyberoperation comes amid strategizing from the White House and the Pentagon about what constitutes cyberwar, what cyberweapons are allowable, and how the U.S. military is to respond to online threats from foreign countries.

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Thousands of E-Mails, Résumés at Risk After Eidos Hacking

Posted by Avik Sarkar On 5/14/2011 03:25:00 pm


Hackers might have accessed up to 25,000 e-mail addresses and 350 résumés during an attack on game developer Eidos Interactive’s websites, parent company Square Enix said Friday.
The security breach, which Square Enix said occurred Wednesday, could have given hackers access to user data for the Deus Ex: Human Revolution website, as well as résumés submitted by job applicants to Eidos.
“Square Enix can confirm a group of hackers gained access to parts of our Eidosmontreal.com websiteas well as two of our product sites,” the company told Joystiq. “We immediately took the sites offline to assess how this had happened and what had been accessed, then took further measures to increase the security of these and all of our websites, before allowing the sites to go live again.”
Square Enix added that it would be contacting all parties that might have been affected by the breach, emphasizing that no credit card information was compromised.
According to a report by former Washington Post writer Brian Krebs, the official Deus Ex: Human Revolution and Eidos websites were inaccessible Thursday morning. During this period, hackers reportedly put up a banner that read “Owned by Chippy1337.”
The hackers, Krebs wrote, said they plan to distribute the stolen information on file sharing networks. His report pegs the volume of information stolen, according to the hackers, to be the personal information of more than 80,000 users and 9,000 ésumés.
A recent Ars Technica report suggests there might be discord among members of hacking collective Anonymous, centering on a 17-year-old British hacker named Ryan. According to a chat log uncovered by Krebs, the Eidos hackers attempted to frame Ryan for the attack.
It’s unclear whether this is related to the crippling hack on Sony’s PlayStation Network several weeks ago that left millions of users’ personal information at risk. Anonymous has disavowed responsibility for that attack.
Neither Square Enix nor Eidos Interactive responded to Wired.com’s requests for comment Friday.

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

'Wardriving' Hackers Cracked Wi-Fi Networks From Black Mercedes

Posted by Avik Sarkar On 4/25/2011 10:37:00 pm

A map of Seattle Wi-Fi nodes made by wardriving students at the University of Washington. Credit: www.wifimaps.com.
Seattle police are investigating a criminal ring they believe used a specially outfitted Mercedes to hack into the Wi-Fi networks of area businesses, a practice called "wardriving."
After police arrested Joshua Witt and Brad Lowe in January for nine burglaries, alleging they stole $750,000 worth of computer servers in a 10-month period, authorities began looking into their criminal past, the Seattle Post-Intelligencer reports.
Authorities said a black Mercedes was the lynchpin in their cybercrime spree, which dates back to May 2006.
The accused pair are suspected of using the 1988 sedan as a hacking lab on wheels; when they seized it, police found a laptop with a mount enabling it to be used while driving, tools to create networks and a long-range antenna, all shielded behind the car's darkly tinted windows.
Seattle Police Detective Chris Hansen said Witt and Lowe and others used the cars' hacking capabilities to crack Wi-Fi networks' Wired Equivalent Privacy (WEP) security encryption, an outdated level of network securitythat has since been replaced.
"Wardriving" comes from the 1983 Matthew Broderick film "WarGames," in which his hacker character "wardials" hundreds of phone numbers to find a modem.
Once the wardrivers cracked into a business's Wi-Fi network, Hansen told the court the hackers could use the tools in the car to "run programs such as port-scanning software and password recovery software," allowing them to steal personal and financial data from that company's clients, customers or employees.
The Secret Service has seized the wardriving car, and its owner has been arrested, although he has not yet been charged with a crime.

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Minn. man accused of hacking Facebook accounts

Posted by Avik Sarkar On 4/25/2011 01:35:00 pm


Prosecutors have accused a Minnesota man of hacking into other people's Facebook and other computer accounts and stealing photos of women to post on adult websites.
Prosecutors charged Timothy Peter Noirjean, 26, of Woodbury, with 13 counts of identity theft, alleging that from February 2010 through March 2010 he contacted women online and duped them into providing him with personal information that allowed him to hack their Facebook and other accounts. After hacking a Facebook account, prosecutors say Noirjean would pose as the owner to make contact with that person's friends and try to gain access to more computer accounts.
"My advice would be to stay very, very aware of anyone asking you for personal information, either on a telephone or via a computer, or any other electronic means," Washington County Attorney Pete Orput said Wednesday. "You need to hold on to that information with the utmost care."
Prosecutors allege Noirjean was able to get answers to security questions that allowed him to access his victims' Facebook and email accounts. He allegedly stole photographs of eight women -- ranging in age from 17 to 24 -- and posted those pictures on adult websites. In one case, an 18-year-old women said the pictures were stolen from her email account.
Authorities also identified nine other victims whose accounts were accessed so Noirjean could get to other accounts.
It was not immediately clear whether Noirjean had an attorney. A phone message left at his home was not returned. Authorities said when they questioned him at his home he admitted he had been hacking into accounts, and stealing and posting photos, but denied knowing that he did anything wrong.
The criminal complaint said his computer contained 92 separate folders with photos of women, and 235 email addresses with what appeared to be the answers to security questions for those accounts.
His first court appearance is set for May 26.
Orput said he doesn't know Noirjean's motive, but said it wasn't money. He said all of the pictures posted online were "compromising" in nature.
According to the criminal complaint, which identifies the victims only by their initials and birthdates, the 18-year-old woman who originally went to police had been chatting with someone she thought was a friend on Feb. 5, 2010. She gave up some personal information, and the next day found her password had been reset and pictures had been stolen from her email account and posted online, the complaint says.
She later realized that person was using her Facebook account to try to do the same thing to one of her friends. One of those women told police she "friended" a man named "Steve Mills" who described a picture that had been taken from her computer and said it was posted on his website, according to the complaint.
"'Steve Mills' stated that he would take down the posted photo, if (the victim) sent him a fully nude photograph of herself, which she declined to do," the complaint said.
Orput said a detective sent an email to an address connected to the website, asking that the photos be taken down, but received no response.
"We can hold the perpetrator accountable, but we are unable to remove their photos from the worldwide web, so they are out there, along with identifying information," Orput said.

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Related Posts Plugin for WordPress, Blogger...

Site search