If you're a hacker, it's a good idea to stay away from Facebook and Gmail to communicate with your colleagues.Three men, who allegedly were part of a multi-year hacking campaign executed by the Syrian Electronic Army (SEA), left a long digital trail that didn't make them hard to identify, according to court documents.The U.S. Department of Justice unsealed charges on Tuesday against the men, who are accused of hacking companies and defacing websites.The SEA, which emerged around July 2011, claimed credit for prominent hacks that sought to support Syrian President Bashar al-Assad. The group targeted the White House, Harvard University, Reuters, the Associated Press, NASA and Microsoft, among others.To read this article in full or to leave a comment, please click here
The FBI today added two members of a Syrian hacker group to its Cyber Most Wanted list offering a reward of up to $100,000 each for information that leads to their arrest.+More on Network World: The FBI this week warned carmakers and owners that they need to pay much closer attention to automotive cybersecurity+According to the FBI, the new cybercriminals Amad Umar Agha22, known online as “The Pro,” and Firas Dardar,27, known online as “The Shadow,” engaged in a multi-year conspiracy that began in 2011 to collect usernames and passwords that gave them the ability to deface websites, redirect domains to sites controlled by the conspirators, steal e-mail, and hijack social media accounts. To obtain the login information they spear-phishing, where they tricked people who had privileged access to their organizations’ websites and social media channels into volunteering sensitive information by posing as a legitimate entity.To read this article in full or to leave a comment, please click here
Apple yesterday updated OS X El Capitan, patching a slew of security vulnerabilities, fixing other non-security bugs, and adding capabilities to some first-party apps.The Cupertino, Calif. company also issued less sweeping updates -- composed only of vulnerability fixes -- to OS X Yosemite and OS X Mavericks, the 2014 and 2013 editions, respectively.OS X 10.11.4, the fourth update to El Capitan since its September debut, addressed 56 vulnerabilities. Twenty-three applied to OS X Yosemite and 22 to Mavericks.+ MORE APPLE: Apple's latest announcements +To read this article in full or to leave a comment, please click here
Facebook activated its Safety Check service Tuesday for users living near Brussels after a series of terrorist attacks killed at least 34 people and wounded 200.Two explosions – one reportedly set off by a suicide bomber -- rocked the Belgian capital’s international airport, and a third detonated at a subway station.+ MORE: Paris terrorists resorted to using burner phones, not encryption, to avoid detection +To read this article in full or to leave a comment, please click here
Don't expect the U.S. government to back off its push for technology vendors to build encryption workarounds into their products, even though the FBI acknowledged it may have a way to crack into an iPhone used in the San Bernardino, California, mass shooting case.Some lawmakers and President Barack Obama's administration will continue to look for ways to compel tech vendors to help law enforcement agencies defeat encryption and other security controls on smartphones and other devices, security and legal experts said.Even if the FBI can break into the iPhone used by San Bernardino mass shooter Syed Rizwan Farook, it doesn't significantly change the larger discussion about encryption, said Ed Black, president and CEO of trade group the Computer and Communications Industry Association. "There is an ongoing effort by our government and every government around the world ... to want more information."To read this article in full or to leave a comment, please click here
It’s good if the FBI has found a way to crack into the iPhone used by the San Bernardino terrorist for two reasons.First, the FBI can find out what’s on it. Maybe it’s important to the investigation of the shootings and maybe it’s not, but cracking the phone is the only way to find out.And second, it’s giving Apple (and the tech industry in general), the FBI (and law enforcement in general), and Congress the breathing room to sort out the issues rationally.The latter is the more important of the two. Yes, it’s important to wring every bit of evidence out of the terrorism investigation, but it’s one incident. The course being set by the lawsuit between the FBI and Apple could have legal implications far beyond the one case.To read this article in full or to leave a comment, please click here
Oh the Paris terrorists must have used encryption to evade detection we’ve heard again and again since the attacks; come to find out, the attackers resorted to using burner phones.Having gotten its hands on a 55-page report prepared by French police and given to France’s Interior Ministry, The New York Times reported that disposable phones played a big part in how the Paris terrorist avoided detection. “They used only new phones that they would then discard, including several activated minutes before the attacks, or phones seized from their victims.”To read this article in full or to leave a comment, please click here
The IRS faces an uphill battle in fighting identity theft, but that doesn’t mean it isn’t trying. In fiscal year 2015, the IRS said it started 776 identity theft related investigations, which resulted in 774 sentencings through its Criminal Investigation enforcement efforts. The courts continue to impose significant jail time with the average penalty in 2015 at 38 months in jail— the longest sentencing being over 27 years.+More on Network World: IRS Scam: 5,000 victims cheated out of $26.5 million since 2013+To read this article in full or to leave a comment, please click here
If you have even a passing interest in security vulnerabilities, there’s no chance that you missed the news about the DROWN vulnerability. It’s one of the biggest vulnerabilities to hit since Heartbleed, potentially impacting a third of all HTTPS websites. By exploiting the obsolete SSLv2 protocol, this flaw makes it possible for an attacker to eavesdrop on a TLS session.Because we use SSL and TLS encryption to shop, send messages, and send emails online, DROWN potentially allows attackers to access our messages, passwords, credit card details, and other sensitive data.To read this article in full or to leave a comment, please click here
An application that allows users to gain full control -- root access -- over their Android devices is taking advantage of a security flaw in the Linux kernel that has remained unpatched in Android since its discovery two years ago.The bug was originally fixed in the Linux kernel in April 2014, but wasn't flagged as a vulnerability until February 2015 when its security implications were understood and it received the CVE-2015-1805 identifier. Even then, the fix did not get ported to Android, which is based on the Linux kernel.It wasn't until Feb. 19 that researchers from a security outfit called C0RE Team notified Google that the vulnerability could be exploited on Android in order to achieve privilege escalation -- the execution of code with the privileges of the root account.To read this article in full or to leave a comment, please click here
The FBI says it may have discovered a way to break into the iPhone used by one of the San Bernardino mass shooters, and an important court hearing in the case that was scheduled for Tuesday has been postponed.
"On Sunday, March 20, 2016, an outside party demonstrated to the FBI a possible method for unlocking Farook’s iPhone," lawyers for the government said in a court filing Monday afternoon, referring to the shooter Syed Farook.
"Testing is required to determine whether it is a viable method that will not compromise data on Farook’s iPhone. If the method is viable, it should eliminate the need for the assistance from Apple set forth in the All Writs Act Order in this case," the government lawyers wrote.To read this article in full or to leave a comment, please click here
The Tor Project is fortifying its software so that it can quickly detect if its network is tampered with for surveillance purposes, a top developer for the volunteer project wrote on Monday.There are worries that Tor could either be technically subverted or subject to court orders, which could force the project to turn over critical information that would undermine its security, similar to the standoff between Apple and the U.S. Department of Justice.Tor developers are now designing the system in such a way that many people can verify if code has been changed and "eliminate single points of failure," wrote Mike Perry, lead developer of the Tor Browser, on Monday.To read this article in full or to leave a comment, please click here
Cisco, which kicked off 2016 with news that the leader of its engineering troops would soon be leaving the company, has now undertaken a major reorganization of that same group and disclosed another high-profile departure.The company announced internally that the moves, designed to better align engineering with Cisco business priorities under new-ish CEO Chuck Robbins, include the exit of 18-year veteran and Service Provider leader Kelly Ahuja. Cisco did not say where Ahuja might be headed, but did say he will be replaced by Yvette Kanouff, who will lead an expanded Service Provider organization. Kanouff joined Cisco in 2014 from Cablevision and has been Cisco's SVP and GM, Cloud Solutions.To read this article in full or to leave a comment, please click here
This sounds like an ugly thing for a ham radio operator and director of a community radio station to say but: Clip your car’s antenna. Or stuff a wad of chewing gum into your car’s USB port, and perhaps its ODB2 port. Enough is enough.As Andy Greenberg of WIRED wrote of a US DOT Public Service Announcement, “it is important that consumers and manufacturers maintain awareness of potential cyber security threats” to their now hyper-connected cars.There are likely two antennas, one for radio and one that connects your car to a third-party monitoring system. On-Star, if you have it, is tracking your every move. Do they give information to the NSA? Consider that the NSA probably already gets such cell-phone transmitted information anyway. GM cards have it, and many other cars have their own in-vehicle two-way monitoring systems.To read this article in full or to leave a comment, please click here
Apple and the FBI meet in court on Tuesday for the first hearing in the showdown over iPhone encryption, but this fight has been brewing since Apple introduced iOS 8 in June 2014.A new Bloomberg report reveals that the FBI and Apple both expected the White House to take their side before the fight went public.It all started with iOS 8
According to Bloomberg’s sources, Apple’s top lawyer, Bruce Sewell, met with officials in President Barack Obama’s administration shortly after the Worldwide Developers Conference in 2014 to discuss iOS 8’s security and privacy changes.To read this article in full or to leave a comment, please click here
Apple and the U.S. Department of Justice will argue in court Tuesday about whether a judge should require the tech giant help the FBI unlock an iPhone used by the San Bernardino, California, mass shooter.The hearing, before Magistrate Judge Sher Pym of U.S. District Court for the Central District of California, is the end result of weeks of court filings, media coverage, and often contentious debate. The case has pitted advocates of encryption and other security measures on electronic devices against law enforcement agencies trying to fight crime and terrorism.Here are five things to remember about the hearing, scheduled to begin at 1 p.m. PDT in California.To read this article in full or to leave a comment, please click here
Apple won't shrink from its responsibility to safeguard the privacy of its users, CEO Tim Cook said Monday, a day before Apple lawyers are due to face off with the Department of Justice in a California courtroom.Cook's comments confirm the company's continued defiance against a request from the FBI to develop software that will allow it to make multiple guesses of an iPhone passcode without triggering the phone's self-destruct feature."I've been humbled and deeply grateful for the outpouring of support that we've received from Americans across the country from all walks of life," said Cook at an event in Cupertino held to announce new products. "We believe strongly that we have a responsibility to help you protect your data and your privacy."To read this article in full or to leave a comment, please click here
Engineers from some of the world's largest email service providers have banded together to improve the security of email traffic traversing the Internet.Devised by engineers from Google, Microsoft, Yahoo, Comcast, LinkedIn and 1&1 Mail & Media Development & Technology, the SMTP Strict Transport Security is a new mechanism that allows email providers to define policies and rules for establishing encrypted email communications.The new mechanism is defined in a draft that was published late last week for consideration as an Internet Engineering Task Force (IETF) standard.To read this article in full or to leave a comment, please click here
Last week WikiLeaks launched the Hillary Clinton email archive; it’s described as “a searchable archive for 30,322 emails & email attachments sent to and from Hillary Clinton's private email server while she was Secretary of State. The 50,547 pages of documents span from 30 June 2010 to 12 August 2014. 7,570 of the documents were sent by Hillary Clinton.”The Washington Examiner honed in on an email from 2012 that was forwarded to Clinton after her deputy chief of staff noted that it was a “pretty good idea.” It is supposedly proof that Google wanted to help insurgents overthrow Syrian President Bashar Assad. It seems like the State Department, Google and Al Jazeera were all in cahoots.To read this article in full or to leave a comment, please click here