How Hackers Plant False Flags to Hide Their Real Identities:
During the first half of 2015, a mysterious hacking group allegedly started attacking military and government organizations in Peru in what looked like a routine—even run-of-the-mill—espionage campaign.
The group used an old exploit and “clunky” malware, nothing particularly notable. What was unusual about this operation was that the malware was signed with a stolen digital certificate that had already been used by the hackers responsible for disrupting an Iranian nuclear power plant in the famous Stuxnet attack, according to security firm Kaspersky Lab.
All this made very little sense.
The use of the stolen certificate made it look like the hacking group was the same as the Stuxnet attack, or was it just a trick? Security experts often repeat a mantra: “attribution is hard.” Finding out who is responsible for a cyberattack is a complicated, often impossible task, and in some cases, hackers make it even harder by leaving misleading clues, like in the case of the Peruvian attacks.
Source: Vice Magazine
EVERY TIME A major hack becomes public—Target, Yahoo, take your pick—Mike Stabile is grateful it’s not an adult site. As the director of communications for the Free Speech Coalition, an adult entertainment industry trade group, he knows what the fallout could be, and that it’s potentially a lot worse than another password dump.
“It’s one thing if your credit card information is stolen from something like Nordstrom,” Stabile says. “When you’re dealing with an adult company, it says a lot about you. It’s tremendously exposing, especially if you’re closeted or in a community that’s going to frown upon that.”
Source: Wired
Time to Kill Security Questions—or Answer Them With Lies:
Last week Yahoo revealed that it had been massively hacked, with at least 500 million of its users’ data compromised by state sponsored intruders. And included in the company’s list of breached data weren’t just the usual hashed passwords and email addresses, but the security questions and answers that victims had chosen as a backup means of resetting their passwords—supposedly secret information like your favorite place to vacation or the street you grew up on. Yahoo’s data debacle highlights how those innocuous-seeming questions remain a weak link in our online authentication systems. Ask the security community about security questions, and they’ll tell you that they should be abolished—and that until they are, you should never answer them honestly.
The Feds Will Soon Be Able to Legally Hack Almost Anyone:
Digital devices and software programs are complicated. Behind the pointing and clicking on screen are thousands of processes and routines that make everything work. So when malicious software—malware—invades a system, even seemingly small changes to the system can have unpredictable impacts.
That’s why it’s so concerning that the Justice Department is planning a vast expansion of government hacking. Under a new set of rules, the FBI would have the authority to secretly use malware to hack into thousands or hundreds of thousands of computers that belong to innocent third parties and even crime victims. The unintended consequences could be staggering.
Source: Wired
And! it! begins! Yahoo! sued! over! ultra-hack! of! 500m! accounts!
Just two days after Yahoo! admitted hackers had raided its database of at least 500 million accounts, the Purple Palace is being dragged into court.
Two Yahoo! users in San Diego, California, filed on Friday a class-action claim [PDF] against the troubled web biz: Yahoo! is accused of failing to take due care of sensitive information under the Unfair Competition Act and the state’s Consumer Legal Remedies Act, plus negligence for its poor security, and breaking the Federal Stored Communications Act.
AS THE UNITED States barrels toward November elections, officials are still looking for last-minute fixes to ensure that the patchwork of voting technology used around the country can fend off the increasingly troubling prospect of hacker attacks. And in the latest of those efforts, Georgia representative Hank Johnson is set to introduce two bills today designed to shore up that fragile system’s security.
The Election Infrastructure and Security Promotion Act of 2016 would mandate that the Department of Homeland Security classify voting systems as critical infrastructure, and the Election Integrity Act would limit which voting machines states can buy and also create a plan for handling system failures. The bills reflect a growing debate about whether designating voting tech as critical infrastructure (like the public water supply, energy systems, transportation, communication grid, and the financial sector) would help to secure the U.S.’s highly decentralized voting setup. In the wake of the Democratic National Committee breach and increasingly brazen Russian cyberespionage attacks, concern is mounting about the potential for election hacking in the 2016 presidential race and beyond.
Source: Wired
The Feds Will Soon Be Able to Legally Hack Almost Anyone:
Digital devices and software programs are complicated. Behind the pointing and clicking on screen are thousands of processes and routines that make everything work. So when malicious software—malware—invades a system, even seemingly small changes to the system can have unpredictable impacts.
That’s why it’s so concerning that the Justice Department is planning a vast expansion of government hacking. Under a new set of rules, the FBI would have the authority to secretly use malware to hack into thousands or hundreds of thousands of computers that belong to innocent third parties and even crime victims. The unintended consequences could be staggering.
Source: Wired
AS THE UNITED States barrels toward November elections, officials are still looking for last-minute fixes to ensure that the patchwork of voting technology used around the country can fend off the increasingly troubling prospect of hacker attacks. And in the latest of those efforts, Georgia representative Hank Johnson is set to introduce two bills today designed to shore up that fragile system’s security.
The Election Infrastructure and Security Promotion Act of 2016 would mandate that the Department of Homeland Security classify voting systems as critical infrastructure, and the Election Integrity Act would limit which voting machines states can buy and also create a plan for handling system failures. The bills reflect a growing debate about whether designating voting tech as critical infrastructure (like the public water supply, energy systems, transportation, communication grid, and the financial sector) would help to secure the U.S.’s highly decentralized voting setup. In the wake of the Democratic National Committee breach and increasingly brazen Russian cyberespionage attacks, concern is mounting about the potential for election hacking in the 2016 presidential race and beyond.
Source: Wired
Critical to the success of the 911 emergency phone system, which has saved countless lives since it was first implemented in 1968, is its ability to quickly route calls to emergency responders closest to a caller.
But a group of researchers say they’ve found a way to effectively disable the 911 emergency system across an entire state for an extended period of time by simply launching what’s known as a TDoS attack, or telephony denial-of-service attack, against 911 call centers. The tactic involves infecting mobile phones to cause them to automatically make bogus 911 calls — without their owners’ knowledge — thereby clogging call-center queues and preventing legitimate callers from reaching operators.
The researchers say it would take just 6,000 infected smartphones in a geographical area — something hackers could easily accomplish — to launch an attack sufficient to disrupt the 911 system throughout the entire state of North Carolina, and just 200,000 infected phones distributed across the U.S. to significantly disrupt 911 services around the nation.
Source: Washington Post
We can’t let governments hack away our human rights
The pen may be mightier than the sword, but hacking is becoming mightier than the pen. Are you really okay with that?