Topic: HACKING

 

 

 

Source:  http://www.homelandsecuritynewswire.com/

National Intelligence Director James Clapper said that the campaigns of all the candidates for president are being spied on by foreign hackers with “a variety of motivations.” Clapper said that the acts of espionage against the campaigns may only just be getting started. “As the campaigns intensify we’ll probably have more of it,” Clapper noted.

National Intelligence Director James Clapper said that the campaigns of all the candidates for president are being spied on by foreign hackers with “a variety of motivations.”

Clapper revealed the hacking effort in a talk to a conference organized by the Bipartisan Policy Center, in Washington D.C.

NBC News quotes Clapper to say that the acts of espionage against the campaigns may only just be getting started. “As the campaigns intensify we’ll probably have more of it,” Clapper noted.

The hackers breaking into the candidates’ networks include foreign governments seeking early information on policy thinking, or hackers with sabotage in mind. Clapper’s office recently released information about intrusions by foreign intelligence services into the campaigns for president back in 2008.

Clapper’s office emphasized that the risk to the campaigns was real. “We’re aware that campaigns and related organizations and individuals are targeted by actors with a variety of motivations — from philosophical differences to espionage — and capabilities — from defacements to intrusions,” Clapper’s spokesman Brian Hale said in a statement.

One hacking group not hiding its intentions is the cyber-anarchist group Anonymous, which has urged its supporters to attack the Web operations of Donald Trump.

The group said it was launching a “total war” against Trump, and a masked figure appeared on YouTube and claiming to speak for Anonymous, said: “Dear Donald Trump, we have been watching you for a long time and what we see is deeply disturbing.”

The National Intelligence Agency recently said that in 2008 it helped the two nominees — Barack Obama and John McCain — track and deal with cyber-intrusions during their campaigns for president. A document describing the extent of those operations was issued by Mr Clapper’s officer earlier this month.

Eight years ago, foreign intelligence services “met with campaign contacts and staff, used human source networks for policy insights, exploited technology to get otherwise sensitive data, engaged in perception management to influence policy,” the document said. “This exceeded traditional lobbying and public diplomacy.”

 

 

 

SOURCE: Tom Spring for threatpost.com

For online casinos, business begins to peak as gamblers punch out of work and belly-up to virtual blackjack tables. But on this Tuesday in February at 5p.m., the odds were not in the house’s favor. That’s when this virtual casino—with tens of millions of dollars in virtual transaction data, thousands of user profiles and millions invested in computer infrastructure—was hit with ransomware that risked turning a thriving business into an encrypted crime scene. The criminals behind this attack couldn’t have picked a better target. This legal online casino, located outside the US, is one of the largest operators in the gambling and entertainment business. On the condition Threatpost would not identify the casino, we were given rare insight into a high-stakes ransomware attack that serves as a cautionary tale for any company.

Constant Target

“Yes, ransomware was on our radar. But in this business—where uptime is critical–daily denial-of-service and APT attacks had always been our chief concerns,” said the online casino’s chief security officer who Threatpost will identify as Robert. “To be clear, we had extensive security protocols in place and tools guarding our network,” he said. The casino, with 1,000 employees, has an infrastructure that consists of two massive physical data centers and a cloud infrastructure. As for security, the casino uses a firewall from a top-tier supplier, data center security from another leading vendor and its client AV protection was from a mix of leading providers as well. It also had contracted real-time network monitoring from an outside service provider. “It would be an understatement to say security was our top concern. It is our utmost concern,” Robert said. But nonetheless, there are no perfect security solutions. And on that Tuesday, as gamblers were logging on and servers whirled and whirred into overdrive, the casino learned the hard way nothing is bulletproof. The attack started at 5p.m. with the hook of a phishing email and a bogus invoice sent to an external consultant working in-house. Working behind the company’s firewall onsite, the consultant received an email with the subject line “Requested receipt ID:084C9F.” The consultant didn’t think anything was fishy with the email or attachment named “segreteriagenerale_request_084C9F.zip.js”. The “js” portion of the attachment’s extension was obfuscated by the attacker; it was of course a malicious JavaScript attachment. In this case, the payload was the TeslaCrypt 3 ransomware. Using the Windows 7 Sony laptop assigned to him by the casino, the consultant opened the email message and double-clicked on the attachment unleashing the ransomware. Unknown to the casino was the fact that this consultant’s Sony laptop had zero security software running on it. Making matters worse, the laptop was misconfigured with the “C:\Users\username\Public” folder wrongly set up to be shared on the company’s network. Within minutes, the ransomware attacked the notebook’s default My Folders directory and began encrypting files, Robert said. The casino consultant recalls noticing the documents he had

 

 

SOURCE:  Kim Zetter for wired.com

STINGRAYS, A SECRETIVE law enforcement surveillance tool, are one of the most controversial technologies in the government’s spy kit. But prosecutors and law enforcement agencies around the country have exerted such great effort to deceive courts and the public about stingrays that learning how and when the technology is used is difficult. 

This week, the government even went so far as to assert in a court filing (.pdf) that articles published by WIRED and other media outlets that expose the deception “are full of unproven claims by defense attorneys and advocates [and] are not proper proof of anything.”

So what do we know? “Stingray” is the generic commercial term for a device otherwise known as an IMSI catcher. The stingray impersonates a legitimate cell tower to trick nearby mobile phones and other wireless communication devices, like air cards, into connecting to them and revealing their international mobile subscriber identity (IMSI) number. More importantly, though, the device also collects information that can point to a mobile device’s location.

By moving the stingray around a geographical area and gathering a wireless device’s signal strength from various locations in a neighborhood, authorities can pinpoint where the device is being used with more precision than with data obtained from a mobile network provider’s fixed tower location.

Although use of the spy technology goes back at least 20 years—the FBI used a primitive version of a stingray to track former hacker Kevin Mitnick in 1994—their use of it has grown in the last decade as mobile phones and devices have become ubiquitous. Today, they’re used by the military and CIA in conflict zones—to prevent adversaries from using a mobile phone to detonate roadside bombs, for example—as well as domestically by federal agencies like the FBI, DEA and US Marshals Service, and by local law enforcement agencies.

Stingrays have the ability to also capture call record data—such as the numbers being dialed from a phone—and some also have the ability to record the content of phone calls, as

SOURCE:  Kris Holt for technewsworld.com

In our pitcher this week are an elegant pen for recording your doodles, a spin on the smart light switch, and a new home for Amazon's Alexa personal assistant.

As always, the ratings denote only how much I'd like to check out each item in meatspace -- these are not reviews.

Sketching Pretty

This column very recently highlighted the latest physical note-capturing systemfrom Evernote. Orée's Stylograph (pictured above) does something very similar, although much more stylishly.

The Stylograph pen, which is made of copper, can transmit your scrawls and doodles to an iOS or Android device. It houses an accelerometer and a camera on the tip to capture what you're noting.

You can get two days of use from an hour's charge, and if you're away from your smartphone or tablet as you're sketching or writing, you can store the data and transfer it later. You can export your handiwork to PDF so you can mold it further digitally.

There are some limitations, in that you must use stone mineral paper with almost-invisible markings, which is available only in A5 size. Additional paper costs US$25 per 190 pages.

The Stylograph retails at $300, which is $100 more than Evernote's Smart Writing Set sells for, but you can refill it with standard D1 ballpoint capsules. Also, the paper blocks are $5 cheaper than Evernote's.

It doesn't seem to me that the Stylograph is a tool anyone needs to survive, but it sure is pretty and, dare I say it, more than a touch classier than furiously typing out notes on a smartphone in class or at a meeting. That is, if you care about keeping up appearances. For a reporter, it'd sure beat scribbling in shorthand using a cheap gel pen.

Smart Switches for Newbies

Confession time: I'm not the handiest person in the world. A couple of years back, I bought a dimmer switch for my living room, but my wiring didn't match that given in the