from Lawfare Uber’s former chief security officer (CSO), Joe Sullivan, was found guilty on Oct. 5 of obstruction of justice (18 U.S.C. § 1505) and misprision of a felony (18 U.S.C. § 4) based on what the Justice Department called his “attempted cover-up of a 2016 hack of Uber.” In 2016, while the Federal Trade Commission (FTC) was investigating Uber for an earlier incident, Sullivan learned of another hacking incident that affected the Uber accounts of more than 57 million riders and drivers. In its prosecution of Sullivan, the government alleged that, rather than disclose the incident to the FTC, […]
Continue readingTag Archives: Hacking
Hackers Using Fake Police Data Requests against Tech Companies
from Schneier on Security Brian Krebs has a detailed post about hackers using fake police data requests to trick companies into handing over data. Virtually all major technology companies serving large numbers of users online have departments that routinely review and process such requests, which are typically granted as long as the proper documents are provided and the request appears to come from an email address connected to an actual police department domain name. But in certain circumstances – such as a case involving imminent harm or death – an investigating authority may make what’s known as an Emergency Data […]
Continue readingFake Cops Scammed Apple and Meta to Get User Data
from Wired “Ipsa scientia potestas est,” 16th-century philosopher and statesman Sir Frances Bacon famously wrote in his 1597 work, Meditationes Sacrae. Knowledge itself is power. The aphorism, cliché as it may be, takes on a palpable truth in times of war. Just ask the people of Mariupol, a city in southeastern Ukraine, where Russia’s devastating attacks have cut off the flow of information in and out of the city. Meanwhile, in Russia, the government has banned Facebook and Instagram amid its crackdown on news without the state’s stamp of approval. But as we explained this week, building a full China-style […]
Continue readingFeds Allege Destructive Russian Hackers Targeted US Oil Refineries
from ars technica For years, the hackers behind the malware known as Triton or Trisis have stood out as a uniquely dangerous threat to critical infrastructure: a group of digital intruders who attempted to sabotage industrial safety systems, with physical, potentially catastrophic results. Now the US Department of Justice has put a name to one of the hackers in that group—and confirmed the hackers’ targets included a US company that owns multiple oil refineries. On Thursday, just days after the White House warned of potential cyberattacks on US critical infrastructure by the Russian government in retaliation for new sanctions against […]
Continue readingNorth Korea Hacked Him. So He Took Down Its Internet
from Wired FOR THE PAST two weeks, observers of North Korea’s strange and tightly restricted corner of the internet began to notice that the country seemed to be dealing with some serious connectivity problems. On several different days, practically all of its websites—the notoriously isolated nation only has a few dozen—intermittently dropped offline en masse, from the booking site for its Air Koryo airline to Naenara, a page that serves as the official portal for dictator Kim Jong-un’s government. At least one of the central routers that allow access to the country’s networks appeared at one point to be paralyzed, […]
Continue readingThe Next Cyberattack Is Already Under Way
from The New Yorker In the nightmare, sirens caterwaul as ambulances career down ice-slicked, car-crashed streets whose traffic lights flash all three colors at once (they’ve been hacked by North Korea) during a climate-catastrophic blizzard, bringing pandemic patients to hospitals without water or electricity—pitch-black, all vaccinations and medications spoiled (the power grid has been hacked by Iran)—racing past apartment buildings where people are freezing to death in their beds, families huddled together under quilts, while, outside the darkened, besieged halls of government, men wearing fur hats and Kevlar vests (social media has been hacked by Russia), flashlights strapped to their […]
Continue readingHackers Keep Targeting the US Water Supply
from Wired IN LIGHT OF all the Facebook news lately—although frankly, when isn’t there any—you may finally be thinking about jumping ship. If so, here’s how to delete your Facebook account. You’re welcome. That’s not all that happened this week, though! Google shed some new light on the Iranian hacking group known as APT35, or Charming Kitten, and how they use Telegram bots to let them know when a phishing lure has a nibble. Speaking of Telegram, a new report shows just how poor a job the messaging service has done keeping extremism off the platform. There was good news […]
Continue readingFCC Plans To Rein In “Gateway” Carriers That Bring Foreign Robocalls To Us
from are technica The Federal Communications Commission hopes to reduce the number of illegal robocalls from overseas with an expansion of rules that require phone companies to implement Caller ID authentication technology and block illegal calls. “Eliminating illegal robocalls that originate abroad is one of the most vexing challenges the commission faces because of the difficulty in reaching foreign-based robocallers and the foreign voice service providers that originate their traffic,” the FCC said. To make a dent in that problem, the FCC is proposing new requirements on domestic gateway providers that accept calls from outside the US. A Notice of Proposed Rulemaking […]
Continue readingTime To Clip The Wings Of NSO And Its Pegasus Spyware
from The Observer What’s the most problematic tech company in the world? Facebook? Google? Palantir? Nope. It’s a small, privately held Israeli company called NSO that most people have never heard of. On its website, it describes itself as “a world leader in precision cyberintelligence solutions”. Its software, sold only to “licensed government intelligence and law-enforcement agencies”, naturally, helps them to “lawfully address the most dangerous issues in today’s world. NSO’s technology has helped prevent terrorism, break up criminal operations, find missing people and assist search and rescue teams.” So what is this magical stuff? It’s called Pegasus and it […]
Continue readingThe White House Responded to the Chinese Hacks of the Microsoft Exchange Servers This Week. Is It Enough?
from Lawfare The Biden administration formally accused the Chinese government this week of carrying out the hacks of the Microsoft Exchange email server software, the details of which came to light in early March. In a joint statement with the European Union, NATO and several other U.S. allies, the White House placed blame for the hacks squarely on the shoulders of the contractors of China’s civilian intelligence agency, the Ministry of State Security (MSS), and accused the Chinese government of supporting “irresponsible and destabilizing behavior in cyberspace.” In conjunction with the White House’s statement, the Justice Department on July 19 […]
Continue readingZoom Finally Has End-to-End Encryption.
from Wired ZOOM HAS GONE from startup to verb in record time, by now the de facto video call service for work-from-home meetings and cross-country happy hours alike. But while there was already plenty you could do to keep your Zoom sessions private and secure, the startup has until now lacked the most important ingredient in a truly safe online interaction: end-to-end encryption. Here’s how to use it, now that you can, and why in many cases you may not actually want to. It’s been a long road to get here. This spring, as Zoom rode the pandemic to video […]
Continue readingStudy Shows Which Messengers Leak Your Data, Drain Your Battery, And More
from ars technica Link previews are a ubiquitous feature found in just about every chat and messaging app, and with good reason. They make online conversations easier by providing images and text associated with the file that’s being linked. Unfortunately, they can also leak our sensitive data, consume our limited bandwidth, drain our batteries, and, in one case, expose links in chats that are supposed to be end-to-end encrypted. Among the worst offenders, according to research published on Monday, were messengers from Facebook, Instagram, LinkedIn, and Line. More about that shortly. First a brief discussion of previews. More here.
Continue readingTaking Back Our Privacy
from The New Yorker Walking down Abbot Kinney Boulevard, the retail strip in Venice, California, can feel like scrolling through Instagram. One afternoon this July, people sat at outdoor tables beneath drooping strings of fairy lights, sipping cocktails and spearing colorful, modestly dressed salads. The line for Salt & Straw, a venture-funded, “chef-driven” ice-cream shop, stretched up the block, and athleisure-clad twentysomethings photographed themselves eating waffle cones, fabric masks pulled down around their chins like turkey wattles. A month earlier, Abbot Kinney had become a central gathering place for protesters during the mass demonstrations against police brutality and systemic racism. […]
Continue readingHow Internet-Connected Voter Check-In Devices Can Create Election Chaos
from ars technica A federal judge in Georgia has ordered election officials to print paper backups of voter data so that voting can proceed even if the digital system for checking in voters fails. This is a win for plaintiffs who have argued that flaws in Georgia’s electronic-poll-book (EPB) system hampered voting in the June primary and could do so again in November. Over the last 20 years, a lot of discussion has revolved around the risk that electronic voting machines pose to the security and integrity of elections. But there has been less attention paid to electronic poll books—another […]
Continue readingWhy Online Voting Is Harder Than Online Banking
from ars technica For a feature last week, I talked to a number of election experts and computer security researchers who argued that secure Internet voting isn’t feasible today and probably won’t be for many years to come. A common response to this argument—one that came up in comments to last week’s article—is to compare voting to banking. After all, we regularly use the Internet to move money around the world. Why can’t we use the same techniques to secure online votes? But voting has some unique requirements that make secure online voting a particularly challenging problem. Every electronic transaction in the […]
Continue readingThe Safest Ways to Log In to Your Computer
from Wired Whether your computer runs Windows, macOS, or Chrome OS, you have options for how you log in. And your choice doesn’t only affect how convenient it is for you to get into your laptop or desktop; it also affects how easily someone else can gain access. These are the different login options that are available and that you need to be aware of, so make sure you choose wisely. The right one for you will depend on how your computer is set up and just how cautious you’d like to be. More here.
Continue readingZoombombing Is A Crime, Not A Prank, Prosecutors Warn
from ars technica Coronavirus-related social distancing measures have given a big popularity boost to Zoom, a video conferencing platform that’s known for its ease of use but not necessarily strong security or privacy protections. Internet trolls and other troublemakers have responded with “Zoombombing”: joining Zoom meetings uninvited and disrupting them. Zoombombers have exposed themselves to schoolchildren and shouted racial slurs. In a Friday statement, federal prosecutors in Michigan warned the public that Zoombombing isn’t a harmless prank; it’s a crime. “Hackers are disrupting conferences and online classrooms with pornographic and/or hate images and threatening language,” wrote the US Attorney’s Office […]
Continue readingHacker Eva Galperin Has a Plan to Eradicate Stalkerware
from Wired Over the last year, Eva Galperin says she’s learned the signs: the survivors of domestic abuse who come to her describing how their tormentors seem to know everyone they’ve called, texted, and even what they discussed in their most private conversations. How their abusers seem to know where they’ve been and sometimes even turn up at those locations to menace them. How they flaunt photos mysteriously obtained from the victim’s phone, sometimes using them for harassment or blackmail. And how none of the usual remedies to suspected hacking—changing passwords, setting up two-factor authentication—seem to help. The reason those […]
Continue reading