[ISN] Hacker Claims Feds Hit Him With 44 Felonies When He Refused to Be an FBI Spy

http://www.wired.com/2015/02/hacker-claims-feds-hit-44-felonies-refused-fbi-spy/ By Andy Greenberg Threat Level Wired.com 02.18.15 A year ago, the Department of Justice threatened to put Fidel Salinas in prison for the rest of his life for hacking crimes. But before the federal government brought those charges against him, Salinas now says, it tried a different tactic: recruiting him. A Southern District of Texas judge sentenced Salinas earlier this month to six months in prison and a $10,600 fine after he pleaded guilty to a misdemeanor count of computer fraud and abuse. The charge stemmed from his repeatedly scanning the local Hidalgo County website for vulnerabilities in early 2012. But just months before he took that plea, the 28-year-old with ties to the hacktivist group Anonymous instead faced 44 felony hacking and cyberstalking charges, all of which were later dismissed. And now that his case is over, Salinas is willing to say why he believes he faced that overwhelming list of empty charges. As he tells it, two FBI agents asked him to hack targets on the bureau’s behalf, and he refused. Over the course of a six-hour FBI interrogation in May, 2013, months after his arrest, Salinas says two agents from the FBI’s Southern District of Texas office asked him to use his skills to gather information on Mexican drug cartels and local government figures accepting bribes from drug traffickers. “They asked me to gather information on elected officials, cartel members, anyone I could get data from that would help them out,” Salinas told WIRED in a phone interview before his sentencing. “I told them no.” “Fundamentally this represents the FBI trying to recruit by indictment,” says Salinas’ lawyer Tor Ekeland, who took the case pro bono last year. “The message was clear: If he had agreed to help them, they would have dropped the charges in a second.” […]




Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] Three Months Later, State Department Hasn’t Rooted Out Hackers

http://www.wsj.com/articles/three-months-later-state-department-hasnt-rooted-out-hackers-1424391453 By DANNY YADRON The Wall Street Journal Feb. 19, 2015 Three months after the State Department confirmed hackers breached its unclassified email system, the government still hasn’t been able to evict them from the department’s network, according to three people familiar with the investigation. Government officials, assisted by outside contractors and the National Security Agency, have repeatedly scanned the network and taken some systems offline. But investigators still see signs of the hackers on State Department computers, the people familiar with the matter said. Each time investigators find a hacker tool and block it, these people said, the intruders tweak it slightly to attempt to sneak past defenses. It isn’t clear how much data the hackers have taken, the people said. They reaffirmed what the State Department said in November: that the hackers appear to have access only to unclassified email. Still, unclassified material can contain sensitive intelligence. The episode illustrates the two-way nature of high-technology sleuthing. For all of the U.S. government’s prowess at getting into people’s computers through the NSA and the military’s Cyber Command, the government faces challenges keeping hackers out of its own networks. The discrepancy points to a commonly cited problem with defending computers: Playing offense almost is always easier than playing defense. […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] Low tech ‘visual hacking’ successful nine times out of ten

http://www.csoonline.com/article/2886385/social-engineering/low-tech-visual-hacking-successful-nine-times-out-of-ten.html By Maria Korolov CSO Feb 19, 2015 Researchers were able to get sensitive corporate information just by looking around corporate offices in 88 percent of attempts, according to a new study. Traverse City-based Ponemon Institute sent researchers to 43 offices belonging to seven large corporations who had previously agreed to participate in benchmarking research. The researchers had valid identification as temporary employees, and management knew they were coming


Facebooktwittergoogle_plusredditpinterestlinkedinmail