Tag Archives: site

[ISN] No, the CIA isn’t stealing Apple’s secrets


http://blog.erratasec.com/2015/03/no-cia-isnt-stealing-apples-secrets.html By Robert Graham blog.erratasec.com March 10, 2015 The Intercept news site by Glenn Greenwald is activism rather than journalism. Their stories don’t reference experts knowledgeable about subjects, but only activists who are concerned about the subjects. This was demonstrated yet against in their piece claiming “The CIA Campaign to Steal Apple’s Secrets”. Yes, the Snowden documents are real, but pretty much everything else is made up. Here’s the deal. Terrorist leaders use iPhones. They are a status symbol, and status symbols are important to leaders. Moreover, since Apple’s security is actually pretty good, terrorists use the phones for good reason (most Android devices suck at security, even the Blackphone). Getting software onto terrorist’s phones, or basebands, is an important goal of intelligence. When CIA drones bomb a terrorist compound, iPhones will be found among the bodies. Or, when there is a terrorist suspect coming out of a dance club in Karachi, a CIA agent may punch them in the face and run away with their phone. However, it happens, the CIA gets phones and wants to decrypt them. Back in 2011 when this conference happened, the process of decrypting retrieved iPhones was time consuming (months), destructive, and didn’t always work. The context of the presentation wasn’t that they wanted to secretly spy on everyone’s phones. The context was that they wanted to decrypt the phones they were getting. […]

Tags: , , , , , , , , , , , , ,

[ISN] SCERT’s website allegedly hacked by ISIS

http://www.thehindu.com/news/cities/Delhi/scerts-website-allegedly-hacked-by-isis/article6977377.ece By ASHOK KUMAR The Hindu March 10, 2015 The official website of the State Council of Educational Research and Training (SCERT), Haryana, was allegedly hacked and a message posted on it saying it was done by terrorist organisation ISIS. SCERT director Sneh Lata told The Hindu that the department got to know about the hacking on Sunday afternoon. “We got to know about the hacking when ISIS flag was noticed with ‘Hacked by Islamic State (ISIS), We Are Everywhere :)’ written on website’s homepage,” said Ms. Lata. But as soon as the matter came to notice, the message was removed and the website is now running properly. Ms. Sneh Lata further said that the matter was reported to the police and a formal complaint was lodged with the Cyber Cell in this connection. […]

Tags: , , , , ,

[ISN] Isis — No, Not That One — Wins $7 Million Pentagon Cyber Contract

http://www.nextgov.com/defense/2015/03/isis-no-not-one-wins-7-million-pentagon-cyber-contract/106959/ By Aliya Sternstein Nextgov.com March 8, 2015 The Defense Department has hired a little-known Virginia startup company – with an unfortunate name – to pull together the military’s most cutting-edge computer and information assets. The “Threat Intelligence Platform” project will help Pentagon analysts sift through big data research to track threats – including presumably Islamic State extremists. So, the winning contractor, Isis Defense, might want to think about rebranding itself – or go with the free advertising. Right now, the company doesn’t have a major Web presence. There is no corporate website. Google searches for “Isis Defense” pull up a bunch of news stories about international efforts to stanch the Islamic State’s spread. Scroll down the list of results and you’ll find at least one relevant hit – an outdated bio for the firm’s chief executive officer, Jamie Dos Santos. She is the former CEO of Web services provider Terremark Federal Group. […]

Tags: , , , , , ,

[ISN] NISC to begin hiring ‘white hat’ hackers in fiscal 2015

http://www.japantimes.co.jp/news/2015/03/09/national/nisc-to-begin-hiring-white-hat-hackers-in-fiscal-2015/ The Japan Times March 9, 2015 To cope with cyberattacks, the government plans to hire so-called white hat hackers who use their sophisticated techniques and knowledge to protect rather than destroy. The government will hire several private-sector computer experts in fiscal 2015, which starts next month. The government accepted applications from candidates in January and is currently screening them. The number of white hat hackers on salary will rise to about 10 in stages. They will work for up to five years as civil servants, helping to combat their ideological opposites: “black hat” hackers. The National Center of Incident Readiness and Strategy for Cybersecurity (NISC), was launched in January at the Cabinet Secretariat to strengthen measures against computer attacks. Its staff is to surpass 100 within the next fiscal year. […]

Tags: , , , , , , , , , ,

[ISN] The Drug Cartels’ IT Guy

http://motherboard.vice.com/read/radio-silence By Brian Anderson motherboard.vice.com March 3, 2015 It could have been any other morning. Felipe del Jesús Peréz García got dressed, said goodbye to his wife and kids, and drove off to work. It would be a two hour commute from their home in Monterrey, in Northeastern Mexico’s Nuevo León state, to Reynosa, in neighboring Tamaulipas state, where Felipe, an architect, would scout possible installation sites for cell phone towers for a telecommunications company before returning that evening. That was the last time anyone saw him. Felipe’s wife, Tanya, is haunted by his disappearance. “All this time I’ve spent searching for his whereabouts,” she told me. Felipe was 26, with clear hazel eyes and a wide mouth, when he disappeared on March 19, 2013, just under two years ago. It’s a story, or lack thereof, that’s common across Mexico. People vanish, and the vast majority of cases aren’t solved for years, if they’re ever closed at all. Tanya is just one of the bereaved in an expanding web of loved ones and friends left with more questions than answers, and a collective resolve to seek justice for los desaparecidos. They’re waiting for the phone to ring. Only this story is, perhaps, not just another kidnapping. What happened to Feli​pe Peréz? One theory suggests he was abducted by a sophisticated organized crime syndicate, and then forced into a hacker brigade that builds and services the cartel’s hidden, backcountry communications infrastructure. They’re the Geek Squads to some of the biggest mafia-style organizations in the world. That’s how Tanya sees it, at least. She looks at the rash of kidnapping cases across Mexico, many of which have taken place in Tamaulipas, targeted specifically at architects, engineers, and other information technology types, and can’t help but think Felipe was one of them. Nearly 40 information technology specialists have disappeared in Mexico s​ince 2008, allegedly nabbed by one of the two dominant gangs in the region, the Cartel del Golfo or Los Zetas. […]

Tags: , , , , , , , , , , ,

[ISN] This Article Was Written With the Help of a ‘Cyber’ Machine

http://www.wsj.com/articles/is-the-prefix-cyber-overused-1425427767 By DANNY YADRON and JENNIFER VALENTINO-DEVRIES The Wall Street Journal March 4, 2015 These days, CyberPatriots go to CyberCamps. Washington wonks ponder a Cyber Red Cross. Last week, the Director of National Intelligence told Congress a “cyber Armageddon” is unlikely. This week, CBS Corp. will premiere the latest iteration of its long-running cops and crime franchise, “CSI: Cyber,” whose protagonist describes herself as cybercop and is based, the network says, on a real-life cyberpsychologist. For some, it is cyber-overload. Stop using the word,” Alex Stamos, the chief information security officer at Yahoo Inc. told a “Cybersecurity for a New America” conference in Washington last week. Earlier, Mr. Stamos quipped on Twitter that he had won “CyberBingo” at his table after a conference speaker warned of a “Cyber Pearl Harbor,” a term popularized by former Defense Secretary Leon Panetta in 2012. Mr. Stamos isn’t brushing off computer intrusions in his quest to hack away at “cyber” usage. As the guy in charge of keeping prying eyes out of one of the world’s most popular websites, you could say he is obsessed with them. […]

Tags: , , , , , , , , , , , ,

[ISN] Australian politicians are reportedly using top-secret messaging app Wickr

http://mashable.com/2015/03/01/australia-politicians-wickr/ By Jenni Ryall mashable.com March 1, 2015 Australian politicians are reportedly using the secret messenging app Wickr to communicate with each other on the sly. According to The Australian, Communications Minister Malcolm Turnbull and Minister for Social Services Scott ­Morrison have been using the service to communicate about their dissatisfaction with Prime Minister Tony Abbott and the ongoing leadership crisis. It follows months of speculation regarding instability within the Liberal-National Coalition Government, which culminated in a vote on whether to declare Abbott’s position vacant. That motion was defeated, but it has not quelled the rumours that members of his government are secretly pushing for a change of leadership. Wickr has a secure file-shredding feature that destroys all communication on your device and claims it has “military-grade encryption.” On the app’s website, the company claims that no conversations can be tracked or monitored using the app, which may mean that The Australian received a tip regarding the top-secret communications between the two politicians. […]

Tags: , , , , , , ,

[ISN] Attackers protesting Superfish debacle hijack Lenovo e-mail, spoof website

http://arstechnica.com/security/2015/02/attackers-take-control-of-lenovo-com-hijacking-e-mail-and-web-servers/ By Dan Goodin Ars Technica Feb 25, 2015 Almost a week after revelations surfaced that Lenovo preinstalled dangerous ad-injecting software on consumer laptops, attackers took complete control of the company’s valuable Lenovo.com domain name, a coup that allowed them to intercept the PC maker’s e-mail and impersonate its Web pages. The hijacking was the result of someone compromising a Lenovo account at domain registrar Web Commerce Communications, and changing the IP address that gets called when people typed Lenovo.com into their Web browsers or e-mail applications. As a result, the legitimate Lenovo servers were bypassed and replaced with one that was controlled by the attackers. Marc Rogers, a principal security researcher at content delivery network CloudFlare, told Ars the new IP address pointed to a site hosted behind his company’s name servers. CloudFlare has seized the customer’s account, and at the time this post was being prepared, company engineers were working to help Lenovo restore normal e-mail and website operations. “We took control as soon as we found out (minutes after it happened) and are now working with Lenovo to restore service,” Rogers said. “All we saw was the domain come in to us, at which point we took immediate action to protect them and their service.” Rogers went on to say the unknown attackers posted MX mail server records that allowed them to read e-mail sent to Lenovo employees. The fraudulent records have since been removed. Rogers’ account is consistent with an image posted by the LizardCircle Twitter account. The image showed an e-mail sent by an outside PR person to several people inside Lenovo’s PR department. […]

Tags: , , , , , , , , , , , ,