The Hacker News

 

 

The Hacker News

The Hacker News has been internationally recognized as a leading news source dedicated to promoting awareness for security experts and hackers // via fulltextrssfeed.com

Google engineers over surveillance scandal: 'Fuck you NSA'
11/6/2013 6:48:00 PM

On Tuesday, the Washington Post revealed a few more NSA slides released by Edward Snowden, which revealed that the spy agency NSA was infiltrating the private data links between Google and Yahoo data centers as part of a program called MUSCULAR.

Chairman and former CEO of Google Eric Schmidt says the company's executives are shocked by allegations that the National Security Agency has been collecting data from the search engine's servers. "It's really outrageous that the NSA was looking between the Google data centers, if that's true," he said.

Overnight, Two Google's Security engineers - Mike Hearn and  Brandon Downey expressed reasonable anger about the news on Google+, said "Fuck these guys", where these represent NSA and GCHQ.

I've spent the last ten years of my life trying to keep Google's users safe and secure from the many diverse threats Google faces.

Fuck You to the people who made these slides. I am not American, I am a Brit, but it's no different - GCHQ turns out to be even worse than the NSA.

We designed this system to keep criminals out.

These are their own opinion, not an official statement from Google. According to them, NSA, in its efforts to protect freedom and democracy, has in short order wholly compromised freedom and democracy.

Nobody at GCHQ or the NSA will ever stand before a judge and answer for this industrial-scale subversion of the judicial process. In the absence of working law enforcement, we therefore do what internet engineers have always done – build more secure software. The traffic shown in the slides below is now all encrypted and the work the NSA/GCHQ staff did on understanding it, ruined.

He also says "Thank you Edward Snowden. For me personally, this is the most interesting revelation all summer."

 

FBI offering $100,000 reward for information on Most Wanted Cyber Criminals
11/6/2013 5:31:00 PM

The US Federal Bureau of Investigation has added five new hackers to its Cyber most wanted list and is seeking information from the public regarding their whereabouts.

The men are wanted in connection with hacking and fraud crimes both within the US as well as internationally. Rewards ranging from up to $50,000 to $100,000 are being offered for information that leads to their arrest.

Two of them are Pakistani, Farnhan Arshad and Noor Aziz Uddin, who caused the damage of over $50 million after hacking business telephone systems between 2008 and 2012. Arshad and Uddin are part of an international criminal ring that the FBI believes extends into Pakistan, the Philippines, Saudi Arabia, Switzerland, Spain, Singapore, Italy, Malaysia, and other locations.

Syrian national Andrey Nabilevich Taame, wanted for his alleged role in Operation Ghost Click, a malware scheme that compromised more than four million computers in more than 100 countries between 2007 and October 2011; there were at least 500,000 victims in the United States alone.

Alexsey Belan, a Russian national, is wanted for alleged hacking of three US-based companies between 2012 and 2013.

Carlos Perez-Melara is wanted for his alleged involvement in manufacturing software that was used to intercept the private communications of hundreds of victims around September 2003. As part of the scheme, Perez-Melara ran a website offering customers a way to "catch a cheating lover" by sending "spyware" disguised as an electronic greeting card.

The rewards are being offered for each of the five fugitives, all of whom are believed to be living outside the U.S.

"The expansion of the Cyber's Most Wanted list is a reflection of the FBI's increased efforts in this area," FBI officials said in a statement.

Wang Wei - Security consultant for the government, financial Securities & Banks. Malware Analyst, Penetration Tester, Security Researcher at 'The Hacker News'. (Google+ Profile)

Popular Stories

 

China: 'We are ready for International cooperation to deal with cyber security Challenges'
11/6/2013 3:38:00 PM

Yesterday at Stanford University in the United States, Cyber Security Experts and Leaders from more than 40 countries gathered to talk about the cyberspace security problems and cooperation among countries.

The need for international cooperation in cybersecurity is evident, due to the nature of cyberspace itself. Cyberspace or the Internet is "borderless" in nature.

Cai Mingzhao, Minister of the State Council Information Office of China said that China is keen to continue working with other countries to deal with cyber security Challenges.

"To maintain cyber security, we need to strengthen international cooperation," and "We are ready to expand our cooperation with other countries and relevant international organizations on the basis of equality and mutual benefit," he said.

He said that the China is a victim of cyber security breaches, where more than 80% of Chinese internet users have felt the effects of online hacking. The case for international cooperation is even stronger, when criminals take advantage of countries' inability to coordinate, due to legal reasons or because authorities do not have the necessary technical expertise or resources to address the issue. Cybercrimes are not always clearly illegal in some jurisdictions.

"Between January to August this year, more than 20 thousand websites based in China were modified by hackers and more than 8 million servers, 14 percent more during the same period last year, were compromised and controlled by overseas computers via zombie and Trojan programs. These activities have caused severe damage to our economy and the everyday life of the people," Cai said.

As cyber-threats and other information security and network security issues have become borderless, international cooperation should be based on partnership with organizations from other countries in areas such as information-sharing, early warning, monitoring and alert networks.

Due to the global nature of information networks, no policy on cybersecurity can be effective, if efforts are confined to national borders.

Wang Wei - Security consultant for the government, financial Securities & Banks. Malware Analyst, Penetration Tester, Security Researcher at 'The Hacker News'. (Google+ Profile)

Popular Stories

 

Smartphones, A Perfect Cyber Espionage and Surveillance Weapon
11/6/2013 2:37:00 PM

The use of mobile devices in government environments concerns the secret service of any states, cyber espionage more often exploits the mobile platforms.

Mobile devices are reason of great concern for governments, they have a great computational capability, huge memories to store our personal data, GPS to follow our movements and are equipped with a camera and microphone to increase our experience in mobility. But all those features could be exploited by attackers for cyber espionage, the problem is well known to governments that are adopting necessary countermeasures especially following the recent revelations about the U.S. Surveillance program.

The UK Government has decided to ban iPads from the Cabinet over foreign eavesdropper fears, it has been requested Ministers to leave mobile in lead-lined boxes to avoid foreign governments to spy on top level government meetings.

The news is reported by the Mail on Sunday, after the Cabinet Office minister Francis Maude made a presentation using his iPads last week (about how the Government Digital Service might save the UK £2bn a year) the Downing Street security staff has dismissed the mobile device to prevent eavesdropping of ongoing discussions.

The measure was adopted to avoid that foreign security services infecting mobile devices are able to capture audio and data from victims, it is known that hostile actors like China, Russia and Iran have the ability to use mobiles in powerful spy tools.

Ministers belonging to sensitive government departments were recently issued with soundproof lead-lined boxes to guard and isolate their mobile devices during official meetings.

The precautions have been taken due the high concern caused by news that German Chancellor Angela Merkel's personal mobile has been spied by the NSA for years. My personal opinion it that it is not acceptable that the German Federal Intelligence Service has allowed everything, missing the adoption of appropriate protective measures like crypto mobile devices, protected landline and similar. Other governments already have approached the problem to adopt secure devices to prevent bugging and eavesdropping, the British foreign secretary William Hague confirmed his phone has been armored by GCHQ.

Just a week ago it was published the news that delegates at the G20 summit in Russia received malicious computer memory sticks used to serve a malware to spy on the participants and steal sensitive information, let's remember also that the information leaked on the NSA FoxAcid platform revealed the existence of spy tool kits RADON and DEWSPEEPER able to exploit victims via USB.

Herman Van Rompuy, the President of the European Council, ordered tests to be carried out on the memory sticks and the results are shocking:

'The USB pen drives and the recharging cables were able to covertly capture computer and mobile phone data,' a secret memo said.

Overseas, the situation does not change, even the US fear that the use of the mobile devices can cause them problems, The Department of Homeland Security and FBI warn public safety departments that their out-of-date Android devices are a security risk, but updating them is not always easy or simple.

The alert cited unspecified "industry reporting" that, "44 percent of Android users are still using versions 2.3.3 through 2.3.7 (Gingerbread) which were released in 2011 and have a number of security vulnerabilities that were fixed in later versions."

Google's own figures on its site for Android developers estimate that percentage at about a third less — 30.7 percent. But it also showed 21.7 percent using versions 4.0.3-4.0.4, called Ice Cream Sandwich, which is also out of date. Less than half – 45.1 percent – are using the latest OS, called Jelly Bean, and of that group, 36.6 percent are using 4.1, and only 8.5 percent are using 4.2, which is the latest OS.

The DHS/FBI document address principal cyber threats to out-of-date Android mobile devices, including SMS Trojans, Rootkits and fake Google Play Domains.

Despite the alert recommends regular updates, running an "Android security suite" and downloading apps only from the official Google Play Store, the update for Android devices can reveal several problems.

"There is a wide variety of Android OEM versions rolled out to a huge number of different handsets, and not all carriers and handset OEMs will allow you to upgrade to the latest version," "So, the Android versions that can run are restricted per device. Even now it is possible to buy Gingerbread devices that cannot be upgraded to Jelly Bean." said Mario de Boer, research director, Security and Risk Management Strategies at Gartner for Technical Professionals.

De Boer suggested that the only solution for now is to block the use of Android devices that are not running the latest OS.

"Apply admission control,""If your Smartphones or tablet is running a vulnerable OS, you cannot get access to the specific service or data." "this is hard to accomplish for voice and text, and easier for email and access to files."

The principal problem related to the use of mobile devices in government environment is that almost every Smartphone is not designed following severe requirements in term of corporate or government security, let's add that wrong user's habits aggravate the situation.

It needs a change or mobile devices should be excluded from sensitive contexts.

Pierluigi Paganini - Researcher, Security Evangelist, Security Analyst. Founder of 'Security Affairs' Author: The Deep Dark Web. (Google+ Profile)

Popular Stories

 

You are receiving this email because you subscribed to this feed at feedmyinbox.com

If you no longer wish to receive these emails, you can unsubscribe from this feed, or manage all your subscriptions