Category: Security

NSA contractor nicked data over 20 years

spyAn NSA contractor nicked huge amounts of data from government computers over two decades, a court is expected to hear.

Harold Martin is also accused of stealing thousands of highly classified documents, computers, and other storage devices during his tenure at the agency.

It’s not known exactly what Martin allegedly stole, it appears that the recently-leaked hacking tools used by the agency to conduct surveillance were among stuff he pinched. .

Prosecutors will on Friday charge Martin with violating the Espionage Act. If convicted, he could face ten years in prison on each count which probably means he will never see daylight again.

Originally it was thought that the case was just a felony theft and a lesser misdemeanor charge of removal and retention of classified information but it looks like there was something a little more serious going on.

According to a memo penned by US Attorney Rod Rosenstein, the contractor presents a “high risk of flight, a risk to the nation, and to the physical safety of others.”

The memo says that if he is released from custody, he “may have access to… a substantial amount of highly classified information, which he has flagrantly mishandled and could easily disseminate to others.”


Trump is just as insecure as Hillary

Donald-Trump-funnyWhile US presidential comedy candidate Donald Trump keeps huffing and puffing about how “crooked Hillary” operated insecure email servers it seems his own security is not up to snuff either.

UK Security researcher Kevin Beaumont discovered the Trump organisation has a comedy level of security and uses a hopelessly outdated and insecure internet setup. servers are using outdated software, Windows Server 2003 and the built-in Internet Information Server 6 web server. Vole cut off support for this technology in July 2015, leaving the systems unpatched for the last 15 months.

Trump Organisation emails don’t support two-factor authentication and its web-based email access page relies on an outdated March 2015 build of Microsoft Exchange 2007.

“Windows Server 2003, IIS 6 and Exchange 2003 went end of life years ago. There are no security fixes. They don’t have basics down,” Beaumont said.

Trump’s supporters have decided to resolve the problem by reporting Beaumont to the Feds, however his research is based on looking at publicly available information rather than actively scanning for vulnerabilities.

The Trump Organisation responded to Beaumont’s criticism by putting out a statement to the media saying that its web setup is shielded behind a firewall.

When he stopped laughing Beaumont tweated: “That’s a bit like saying it’s okay to install WordPress and leave it unpatched forever because there’s a firewall.”

In otherwords, Trump’s reply suggests that IT security is not a glass house he should be biffing boulders in.  However, if hacking Trump were that easy then why doesn’t Wikileaks have hackers who have done it?  Oh that is right the Russians are only interested in providing Clinton leaks.

Assange falling out with Ecuadorian government

Julian AssangeLast week, Julian Assange claimed that a “state actor” had pulled the plug on his internet connection soon after he released some Russian-supplied dirt on Hillary Clinton.

Despite the implication that the US or UK had cut him off to prevent more embarrassing leaks it turns out that it was actually an ally of his – the Ecuadorian government.

For those who came in late, Assange is holed up in the London Ecuadorian embassy because he does not want to go to Sweden to face serious sex charges. Now it seems that the Ecuadorian government is getting a bit tetchy about its somewhat embarrassing guest.

The country’s Foreign Minister Guillaume Long made no comment on the claim, saying only: “The circumstances that led to the granting of asylum remain.”  But it appears that the government is not too happy about its embassy being used as ground zero for Wikileak’s pro- campaign.

Ecuador is not a big fan of Trump.  Ecuadorian President Rafael Correa has said that a Trump Presidency would be good for Latin America because it would increase support for the Left generally. In other words, Trump would be so bad everyone would rush to the left.  The concept that Assange is trying to get the right-wing Trump elected using Russian supplied documents is not something that is sitting well with the left-wing Ecuadorian government.

Wikileaks said that it is working around the problem, but it might mean that Assange’s presence on future leaks might be curtailed. As far as Assange is concerned that means that doing it would be pretty pointless.

Boffins build quantum bridge out of diamonds

Chinas-sky-bridgeBoffins have built a quantum bridge out of diamonds.

Sandia researchers have demonstrated for the first time on a single chip all the components needed to create a quantum bridge by forcefully embedding two silicon atoms in a diamond matrix.

Sandia researcher Ryan Camacho said it was possible that the first useful quantum computer may be a  connected cluster of small ones.

Distributing quantum information on a bridge, or network, could also enable novel forms of quantum sensing, since quantum correlations allow all the atoms in the network to behave as though they were one single atom.

The joint work with Harvard University used a focused ion beam implanter at Sandia’s Ion Beam Laboratory designed for blasting single ions into precise locations on a diamond substrate.

According to Science magazine, Sandia researchers Ed Bielejec, Jose Pacheco and Daniel Perry used implantation to replace one carbon atom of the diamond with the larger silicon atom, which crowds out the two carbon atoms on either side of the silicon atom and forces them to escape.

Though the silicon atoms are embedded in a solid, they behave as though floating in a gas, and their electrons’ response to quantum stimuli are not clouded by unwanted interactions anything else.

Camacho said: “We can create thousands of implanted locations, which all yield working quantum devices, because we plant the atoms well below the surface of the substrate and anneal them in place. Before this, researchers had to search for emitter atoms among about 1,000 randomly occurring defects—that is, non-carbon atoms—in a diamond substrate of a few microns to find even one that emitted strongly enough to be useful at the single photon level.”

Once the silicon atoms settle in the diamond substrate, laser-generated photons bump silicon electrons into their next higher atomic energy state. When the electrons return to the lower energy state, because all things seek the lowest possible energy level, they spit out quantised photons that carry information through their frequency, intensity and the polarisation of their wave.

Sandia researcher John Abraham and other Sandia researchers developed special detectors—metal films atop the diamond substrate—that showed the ion beam implants were successful by measuring the ionization signal produced by single ions.

Apparently no cats needed to be harmed in the experiments.

Big Tech reacts in horror to Yahoo’s spying story

A shocked Baby (2)_fullAfter the news got out that Yahoo has been scanning its mail systems for the US spooks, the bigger US ISPs have reacted in horror and said they would never dream of such a thing.

Apple, Facebook, Google, Microsoft, and Twitter have all said they would never do such a thing.

According to Reuters, Yahoo built in 2015, at the US  government’s request, software that scans literally all emails for certain information provided by either the National Security Agency or the FBI. The software was never mentioned in Yahoo’s biannual transparency report. In the latter half of 2015, the company received 4,460 total government data requests, for 9,373 accounts, that it would classify as “Government Data Requests,” a category that includes National Security Letters from the FBI and Foreign Intelligence Surveillance Act requests.

According to the Reuters report, the Yahoo programme was known to only a handful of employees.

A Facebook representative said “Facebook has never received a request like the one described in these news reports from any government, and if we did we would fight it.”

Google said the same: “We’ve never received such a request, but if we did, our response would be simple: ‘no way.’”

A Microsoft spokesperson added: “We have never engaged in the secret scanning of email traffic like what has been reported today about Yahoo.”

A representative for Twitter replied that: “We’ve never received a request like this, and were we to receive it we’d challenge it in a court. Separately, while federal law prohibits companies from being able to share information about certain types of national security related requests, we are currently suing the Justice Department for the ability to disclose more information about government requests.”

While Apple declined to give a statement on the record it has previously said it would never do anything like that.

Yahoo is coming out looking like the bad guy. It is in talks to be acquired by Verizon, but also facing another scandal for suffering the largest known user data leak in history, with 500 million users’ information exposed. However it failed to mention it to its users.

Police complaints plummet because of body cameras

largeControversial moves to place cameras on coppers have reduced the number of police complaints dramatically.

A study from Cambridge University shows complaints against police officers dropped when departments began using body cameras. But even more surprising is that the data suggests everyone is on their best behaviour whether the cameras are present or not.

The study was reported in the journal Criminal Justice and Behavior, which we get for the spot the criminal competition. The data was collected in seven police departments in the UK and US, and represents over 1.4 million hours logged by 1,847 officers in 2014 and 2015; the researchers published their data last week.

Officers were randomly assigned to wear or not wear cameras week by week – about half would be wearing them at any given time – and had to keep them on during all encounters. The authors used complaints against police as a metric because they’re easy to measure, an established practice in most police forces and give a good ballpark of the frequency of problematic behaviour.

In the year before the study, 1,539 complaints in total were filed against officers; at the end of the body camera experiment, the year had only yielded 113 complaints.  But against all expectations, there was no significant difference in complaints between officers wearing cameras that week and those going without.

The study’s lead author, Barak Ariel said that it was possible that repeated exposure to the surveillance of the cameras meant that officers changed their reactive behaviour on the streets — changes that proved more effective and so stuck.

“With a complaints reduction of nearly 100 percent across the board, we find it difficult to consider alternatives, to be honest.”

Hi-Tech credit card kills off hackers

ot_motion_code_hd-100586257-primary.idgeA new bankcard created by French banks have just given hackers a huge headache.

At the moment, if hackers get their paws on your card it is payday until you register it has been stolen.  Normally by the time you get around to actually cancelling your card, it’s all too late.

The new cards being used by two French banks change the bankcard’s number every hour so that even if a fraudster copied them they are quickly out of date.  The three digits on the back of this card will change, every hour, for three years.  After they change the old numbers are worthless.

The idea dubbed MotionCode was dreamed up by Oberthur Technologies is the French digital security company that has developed the tech.

“MotionCode is exactly what you’re doing today – copying the three digits from the back of your card – but with a huge additional level of security.”

The only downside is that if you have memorised all your card numbers you will need to check them against the card every time. But since that only applies to one person we know, we are sure she will not be greatly inconvienced and will find other things to memorise instead.

Yahoo called out on “state sponsored hack”

13.-Hacker-1-696x464Troubled search outfit Yahoo has been called out over its claim that it was the victim of a state sponsored hacker in 2014.

Yahoo got into all sorts of hot water after it was revealed that it had been hacked a while ago and forgot to tell anyone It appeared to make matters worse by implying that it was not a regular common garden hack that bought its security to its knees but one of those government hacks which are impossible to stop.

According to InfoArmor, which claims to have some of the stolen information the hack was carried out by a bunch of hackers whose main clients are spammers.  “Group E,” a team of five professional hackers believed to be from Eastern Europe and are not backed by any government at all.

Andrew Komarov, InfoArmor’s chief intelligence officer claimed that Group E was behind high-profile breaches at LinkedIn, Dropbox and Tumblr. To sell that information, the team has used other hackers, such as Tessa88 and peace_of_mind, to offer the stolen goods on the digital black market.

“The group is really unique,” Komarov said. “They’re responsible for the largest hacks in history, in term of users affected.”

InfoArmor’s claims dispute Yahoo’s contention that a “state-sponsored actor” was behind the data breach, in which information from 500 million user accounts was stolen. Some security experts have been skeptical of Yahoo’s claim and wonder why the company isn’t offering more details.

The database that InfoArmor has contains only “millions” of accounts, but it includes the users’ login IDs, hashed passwords, mobile phone numbers and zip codes, Komarov said.

The security firm says it obtained the data from “operative sources” about a week ago and has verified that the account information is real. Komarov wouldn’t say more about how InfoArmor got the data.

Group E has sold the stolen Yahoo database in three private deals, Komarov said. At one point, the Yahoo database was sold for at least $300,000, he said. His firm has been monitoring the group’s activities for more than three years.


Democrat hacker certainly Russian backed

russian-villagersUS government officials are almost 100 per cent certain that the hacker responsible for the recent Democratic email leaks is connected to a network of groups and individuals who are being shielded by the Russian government.

The hacker, who goes by Guccifer 2.0, is thought to be working with the hacking groups Fancy Bear and Cozy Bear. Though Guccifer 2.0 denies Russian involvement in the hack, both of those groups have known ties to the Russian government.

Guccifer 2.0 reached out to the Journal via direct messages on Twitter to explain his reasons for his actions. He hopes to expose political corruption and the ways that corporations influence policy. He also seeks to shed light on “global electronisation.”

But the Director of National Intelligence James Clapper said it “shouldn’t come as a big shock to people” that Russia was behind the hacks.

Matthew Rojansky, who director the Kennan Institute at the Woodrow Wilson International Center for Scholars, told the Journal agreed saying that this was a continuity of spy games and trolling and phishing for what the Russians call kompromat — compromising information — that has gone on for decades.

Hackers outsourcing their services to terrorists

Mr RobotCybercriminals are contracting themselves out to militant groups the means to attack Europe EU police agency Europol said on Wednesday.

So far such groups have yet to employ such techniques in major attacks, but there is nothing to stop them.  In fact, Europol said that there was little evidence to suggest that their cyber-attack capability extends beyond common website defacement.

In Europol’s annual cybercrime threat assessment coppers said that the Darknet had potential to be exploited by militants taking advantage of computer experts offering “crime as a service.”

“The availability of cybercrime tools and services, and illicit commodities (including firearms) on the Darknet, provide ample opportunities for this situation to change.”

Overall, the report found, existing trends in cybercrime continued to grow, with some of the European Union’s member states reporting more cyber crimes than the traditional variety.

“Europol is concerned about how an expanding cybercriminal community has been able to further exploit our increasing dependence on technology and the internet,” its director, Rob Wainwright, said in a statement. “We have also seen a marked shift in cyber-facilitated activities relating to trafficking in human beings, terrorism and other threats.”

“Ransomware” – programs which break into databases and demand payment for unlocking codes via virtual currencies such as Bitcoin – continued to expand as a problem, as did highly targeted “phishing” attacks to extract security data from senior figures – “CEO fraud” – and video streaming of child abuse.

Attacks on bank cash-machine networks were also increasing, the report found, as were frauds exploiting new contactless payment card transactions, while traditional scams involving the physical presence of a card had been successfully reduced.