The long and winding road towards the 2016 U.S. Presidential election is poised to come to a merciful end this week. In turn, it won’t be long before we can finally close the books on what has unquestionably been the most outrageous, entertaining, depressing and downright confounding U.S. election in recent memory, and perhaps of all-time.
With just a few days before most Americans get out and vote, the drama surrounding this year’s election shows no sign of dying down. Over the weekend, U.S. intelligence sources told NBC that a number of government security agencies are ready to detect, defend against, and if need be, fight back against any Russian attempts to impact this week’s election. Now in any other year, this story might appear to be utter nonsense, but it’s really just par for the course for this current election cycle where sensationalist stories have become the norm.
Apple’s iPhones and iPads that run iOS 8 or later have sophisticated encryption systems in place, and law enforcement agencies aren’t too happy about that. Without access to a phone’s password, a device is almost impenetrable. But it’s not exactly hack proof, as the San Bernardino case from earlier this year proved. It’s not clear how the FBI cracked that device, but it looks like that might not be an isolated endeavor. India is seeking to acquire to crack any smartphone, including Apple’s encrypted iPhone.
Spy agencies like the NSA hack various targets on a regular basis, and they’ve probably been doing it ever since the world got online. However, these secret operations have often made the news in recent years, especially following the Snowden leaks that revealed the mass spying operations and sophisticated digital tools that the NSA and its partners used to collect data in bulk.
A new leak now reveals a list of web addresses that were compromised by the NSA over a period of ten years. Those addresses may have been used and could be still used, for certain spying operations. So if your organization has ever come in contact with these sites, then you may have been a target as well. More →
Last Friday, hackers successfully managed to unleash an absolutely massive DDoS attack that swiftly knocked a number of popular websites offline, including Twitter, Spotify and even Amazon. DDoS attacks are of course nothing new, but last Friday’s attack was unique insofar as it was incredibly massive and was carried out with a botnet not comprised of computers, but of Internet connected devices.
We’re now a few days removed from the attack and more information about how the attack was carried out is starting to emerge. Of particular interest is that last Friday’s botnet was carried out by compromised DVRs and webcam devices infected by a piece of malware called Mirai. The malware itself isn’t particularly sophisticated but it’s tremendously effective as Internet connected devices often have poor security and easy to guess default passwords.
Hackers yesterday attacked Dyn, a major DNS service, with an absolutely massive DDoS attack that swiftly took a number of popular services, including Twitter, PayPal and Spotify, offline. While DDoS attacks are nothing new in and of themselves, there are two aspects to yesterday’s widespread assault on the Internet that are particularly intriguing.
One, the scale and effectiveness of yesterday’s DDoS attack was impressive and brutal. All the more so because just when Dyn had seemingly addressed the issue, the actors behind the attack would launch another deluge of garbage requests.
Two, the malware behind yesterday’s DDoS attack was effectively a botnet comprised of millions of Internet connected devices, from DVRs and routers to CCTV cameras. In other words, yesterday’s attack saw our vaunted Internet of Things turned against us in an unprecedented way.
Late on Thursday, federal prosecutors signaled their intention to charge former NSA contractor Harold T. Martin with violating The Espionage Act after authorities discovered that he took upwards of 50 TB of classified data from the NSA to his home. While the precise details regarding the stolen data remain murky, the New York Times a few weeks ago claimed that it may have included “highly classified computer codes developed to hack into the networks of foreign governments” like China, North Korea and Iran.
Computer security legend John McAfee’s social accounts have been racking up the retweets, likes and shares in recent days after he posted an image of what appears to be Pornhub running on the display of a smart refrigerator. His tweet accompanying the image was ominous.
“The IoT … do you believe me now?” reads part of what he wrote about the porn fridge. More →
Former NSA hacker and NASA employee Patrick Wardle has discovered that it’s possible for Mac malware to piggyback off of an active Skype or FaceTime connection and effectively spy on both the transmitted audio and video.
While normal malware attempts to record private conversations surreptitiously can be thwarted by the green LED indicator light on the Mac, Wardle’s strategy of recording information only when the camera is already in use – and the aforementioned light already on – skirts around this roadblock.
Many tech companies including Apple, Google, Facebook, Microsoft and Twitter said they had not helped governmental agencies spy on their users like Yahoo did. Some said outright that they never received such orders and others insisted that they’d never comply if they did. Following Reuters’ initial discovery that Yahoo secretly spied on its Yahoo Mail users for the government, a new report reveals that it’s fairly easy for any of Yahoo’s rivals to do it, too. And you won’t even know it’s happening. More →
Two massive security scandals have hit Yahoo in a matter of days. First, the company acknowledged that hackers stole usernames and passwords for at least 500 million users, and the hack happened all the way back in 2014.
Then, a report from Reuters revealed that Yahoo built a software tool that could comb all the emails sent through its system and extract data for unnamed intelligence agencies. These are two good reasons to ditch your Yahoo account, which will only take you a couple of clicks. More →
The NSA was thrust into the limelight once again today following reports that yet another agency contractor was found to have illegally absconded with classified NSA materials.
According to a report originally published in the New York Times, an NSA contractor by the name of Harold T. Martin was recently arrested after authorities discovered that he had stolen classified materials that may have included “highly classified computer codes developed to hack into the networks of foreign governments” like China, North Korea and Iran.
It’s not like Yahoo needed a second major privacy scandal on top of the massive data breach it suffered back in 2014, and which it only confirmed a few weeks ago. Hackers stole usernames and passwords for at least 500 million accounts two years ago, and Yahoo took its time to come clean about it. But on top of hackers cracking its security, it looks like Yahoo was responsible for some mail hacking on its own. A Reuters report on Tuesday revealed that Yahoo created custom software that would grab data from emails in real time and feed the information to US spy agencies.
So if Yahoo did it, were others also involved in this massive data collection program? More →
