US Director of National Intelligence (James Clapper) - HACKED

ꕤ Article SOURCE https://archive.is/K75wv#selection-1376.0-1501.196 HACKED James Clapper US Director of National Intelligence Hacked by:  CWA / Crackas With Attitude Series of accounts redirect calls to:  Fee Palestine Movement confirmed by Office of DNI spox: Brian Hale FBI has not responded to request for comment Teen Who Hacked CIA Email Is Back to Prank US Spy Chief Written by Lorenzo Franceschi-Bicchierai January 12, 2016 // 12:34 PM EST One of the “teenage hackers” who broke into the CIA director’s AOL email account last year hasn’t given up targeting government intelligence officials. His latest victim is the Director of National Intelligence James Clapper, Motherboard has learned. A group of hackers calling themselves “Crackas With Attitude” or CWA made headlines in October, hacking into CIA Director John Brennan’s email account and apparently getting access to several online tools and portals used by US law enforcement agencies. The hackers' exploits prompted the FBI to issue an alert warning government officials of their attacks. One of the group’s hackers, who’s known as “Cracka,” contacted me on Monday, claiming to have broken into a series of accounts connected to Clapper, including his home telephone and internet, his personal email, and his wife’s Yahoo email. While in control of Clapper’s Verizon FiOS account, Cracka claimed to have changed the settings so that every call to his house number would get forwarded to the Free Palestine Movement. When they gained notoriety last year, Cracka and CWA claimed their actions were all in support of the Palestine cause. “I’m pretty sure they don’t even know they've been hacked,” Cracka told me in an online chat. But Brian Hale, a spokesperson for the Office of the Director of National Intelligence, confirmed the hack to Motherboard on Tuesday. “We’re aware of the matter and we reported it to the appropriate authorities,” Hale said, declining to answer any other questions on the record. (The FBI did not respond to a request for comment.) [ARTICLE CONTINUES ...] https://archive.is/K75wv ---------------------- ꕤ ---------------------- COMMENT Thought this was funny. But it's not so funny when you consider the amount of prison time the pranksters will get if they're caught. The redirect to 'Free Palestine Movement' is cool.  A redirect to Hezbollah or someone like that would be even funnier. Suspected social engineering hack, according to the article.  Article also said that all hacks, even the big ones, begin with a social engineering component. Wonder why FBI aren't commenting?  Maybe they're embarrassed? What I don't understand is this:  if you have access to online tools used by US law enforcement agencies, as a result of the hack, why would you disclose the hack and deprive yourself of those tools?  That doesn't make sense to me. ---------------------- ꕤ ---------------------- EDIT WikiLeaks notes that VICE have betrayed the source 'handle'.  Not sure if it's the guy's chat ID or his Twitter handle, or both. LINK | Source I didn't notice that reading the article first time around. Journalists don't seem like a good choice for sharing anything secret.  Look at what happened to Israeli whistleblower Mordechai Vanunu:  he did something like 18 years in an Israeli prison, 11 of it in solitary, after being betrayed by Australian newspapers & kidnapped in Europe by Mossad. With the WikiLeaks electronic submission system people who whistleblow stay anonymous because they're electronically masked, I guess. It must be hard keeping secrets.  One hint of CIA torture (or hint of anything unpleasant, really) and I'd most probably be squealing.  Secrets are also a burden, as in there's an unpleasant, conflicted feeling that must be endured in order to keep a secret.  Or, there would be for me, I think.  But that's just hypothetical social type of situations.  It would probably be worse for something really important.  ꕤ

Video - Assange - Security or Surveillance: Privacy vs Anti-Terror Security in Digital Age - RT10

ꕤ Security or Surveillance: Privacy vs anti-terror security in digital age (#RT10 Panel Discussion) Published 10 Dec 2015 RT News https://www.youtube.com/watch?v=k3rFNQ8ytnE&feature=youtu.be ---------------------- ꕤ ---------------------- Security or Surveillance: Privacy vs anti-terror security in digital age (#RT10 Panel Discussion  /  Celebrating RT's 10-Year Anniversary) Moderator, Raymond Snoddy introduces: Philip Giraldi -- former CIA counter-terrorism specialist -- former military intelligence officer -- served 19 years abroad:  Turkey, Italy, Germany, Spain -- CIA chief of base, Barcelona Olympics, 1992 -- one of first Americans to enter Afghanistan, 2001 -- Exec. Dir. Council for National Interests (CNI) -- CNI - WA-based - to promote US foreign policy in Middle East -- based on 'American values & interests' Ray McGovern -- former US army intelligence officer -- joined Analysis Division of CIA & served -- from Kennedy Admin to G.W. Bush Admin. -- chief of CIA's Soviet foreign policy branch, 1970s -- chaired national intelligence estimates -- prepared Presidential daily briefing -- for Reagan senior national security advisers -- 2003 - co-est. Veteran Intelligence Professionals for Sanity (VIPS) -- to expose: intelligence fraud to justify 2003 US invasion of Iraq -- protested CIA involvement in torture activities -- publicly questioned Defence Secretary Donald Rumsfeld -- re misleading American public in run-up to war (Invasion of Iraq, 2003) Gregory R. Copley -- Australian-born -- President of Strategic International Studies Association, WA-DC -- serves as adviser on strategic studies to a number of govts & leaders [40 years] -- authored / co-authored 32 books on strategic & geopolitical issues, -- history, energy, aviation & defence, incl:     -- 'Un-Civilization: Urban Geopolitics in a Time of Chaos (2013)'     -- 'The Art of Victory (2006)'     [ Yikes!  see:   http://www.brusselsjournal.com/node/5132  ] ---------------------- ꕤ ---------------------- Issue: Security or Surveillance Can right to privacy & effective anti-terror security co-exist in the digital age? ---------------------- ꕤ ---------------------- Julian Assange -- arguably one of the most influential people in world -- on bringing forward these specific issues Moderator -- seeks Assange thoughts on right of privacy -- how that is defined around world -- anti-terror security definition -- what the relationship of these two factors are to each other -- and the relationship to this new digital world in which we live Assange:  mass-surveillance is here to stay & privacy is gone for normal population (not for experts, incl. terrorists (who are experts))  underlying costs of surveillance - rapidly decreasing Five-Eyes (FVEY) - surveillance pervasive ---------------------- ꕤ ---------------------- COMMENT About to watch --  or listen to -- this ... (depending on whether I also plan to get around to doing anything practical as I listen ... like maybe the dishes or some grooming or something practical (for a change) ... lol) ꕤ

Weev On Cuckservative Gavin McInnes & More

ꕤ Video SOURCE | here "I'm Going To Prison For Arithmetic" Andrew Auernheimer aka Weev March 2013 Source  | here YouTube Comment Wei Bin Wang 2 months ago "To explain the 'hack' that he did: On the Apple site, they gave a number to any registered user who uses the site in its URL, and that was what save them the page with their saved email address. What weev did was just add 1 to it, press enter, and it spat out another person's email address. Do the same thing several more times and you'll eventually end up with everyone's email addresses. Hence why he said he was "going to prison for arithmetic." On how he used it, he didn't use it for anything malicious, he just gave his discovery to a journalist. The safest move was to report the exploit to Apple and get a free job or recommendation on his future career, but it's not in his character to do that. The real fault lies in the incompetent design of such a site that made this "gaping hole" in their security. If weev wasn't there, it was only a matter of time before someone else decided to be curious and add 1 to the number of the URL on that site and discover the exploit themselves. The way both the media blasted this out of proportions and the way the judicial system handled it is in some ways surprising, and in other ways very disappointing. The guy just added 1 to a number on a website URL a few times and he gets a trip to prison...for arithmetic! Even to this day, I can't believe he got sentenced to jail for that." source | as above YouTube Comment WellingtonBikeCam01 1 year ago "Someone from AT&T should be in jail over this one." source | as above non-pc Cuckservative "No defense for Gavin McInnes" http://weev.livejournal.com/413176.html#comments Video, Post & Comments ---------------------- ꕤ ---------------------- COMMENT Bear with video #1 ... it's a little high-energy and seems too much like hard work trying to figure what's going on at first, but it's worthwhile persevering. Jaw-dropping what this guy went to prison for in the US (and the ridiculously huge financial penalty they've slapped him with). Above are a couple of the comments I liked on that YouTube source link. Finally, there's a humorous comment on the state of the MSM. I find this Weev guy funny.  Funny interesting.   And funny humorous, too. Wish I was as creative as Weev.  lol ꕤ

CyberSec News

ꕤ CyberSec SOURCE as indicated #cybersecurity malware, named XcodeGhost secretly collects info on devices / uploads data to servers WeChat instant messaging app exposed 600 million users to malware downloading the program from #Apple Inc XcodeGhost malware only affected WeChat version 6.2.5 for iOS {new versions of 6.2.6 or later not affected} http://www.bloomberg.com/news/articles/2015-09-21/tencent-fixes-flaw-exposing-wechat-app-users-to-malicious-code How malware is building hacking corporations / underground market teams /  marketed kits http://www.cbronline.com/news/cybersecurity/how-malware-is-building-hacking-corporations-4673904 #cybersecurity DDoS extortion attacks -  new threat / mitigation =  on-premises & cloud-based anti-DDoS tech http://www.scmagazineuk.com/ddos-extortion-attacks--a-new-threat-to-look-out-for/article/439394/ China = one of Boeing's best customers = 25 percent of the Boeing's commercial aircraft http://steelerslounge.com/2015/09/china-wants-us-tech-companies-to-play-by-its-rules/11923/ #cybersecurity (June 2015) expect insurance lobby to seek changes New Zealand Privacy Act  1993 / no mandatory notification / no notification to data breach customers required, either http://www.cio.co.nz/article/577982/cyber-risk-put-it-agenda-before-it-becomes-agenda/ Israel #cybersecurity co:   enSilo /  data exfiltration prevention model shift from inbound / deals w. attackers on inside enSilo tech =  blocking malicious outbound comm. =  employees can continue working even if devices infected http://jewishbusinessnews.com/2015/09/20/ensilo-blocks-the-exit-door-for-data-thieves/ #cybersecurity #cloud 28% #SaudiArabia co's planning to use hybrid cloud services / mobility users & mobility of resources http://ameinfo.com/technology/it/software/saudi-companies-eye-hybrid-cloud ---------------------- ꕤ ---------------------- COMMENT Various that caught my attention. Boeing makes a lot of money out of China.  A quarter of their business is in China.  That's a huge reliance on one country. New Zealand doesn't require notification of data breaches to customers or reporting of breaches to authorities.   Judging by the input from the insurance guy in the New Zealand article (June article), if there's any lobbying for changes to the New Zealand Privacy Act  1993, it will most likely come from the insurance industry and business lobbies, I'm guessing. Israeli cybersec company has a different approach:  stopping data going out while hackers are in. Nothing super exciting here. ---------------------- ꕤ ---------------------- Boeing | here William Edward Boeing  |  here ꕤ

Latest CyberSec News & Related

ꕤ Article SOURCE as indicated Universal Music abusing the DMCA ie #Copyright Act rightsholders MUST consider FAIR USE prior take-down issues http://boingboing.net/2015/09/14/eff-scores-a-giant-victory-for.html #India IT security =  1.2 billion in 2016 http://www.consultancy.uk/news/2591/indian-IT-security-market-reaches-12-billion-next-year #Microsoft signs landmark agreement with #NATO re govt #cybersecurity / solidification relationship http://www.neowin.net/news/microsoft-signs-agreement-with-nato-to-bolster-government-cybersecurity Intel in #cybersecurity - auto-mobiles auto security board set up: Automotive Security Review Board (ASRB) Intel Security (formerly McAfee) published a whitepaper re automotive security best practices http://forexreportdaily.com/2015/09/14/6873-intel-in-cyber-security-driving-seat-sets-up-connected-auto-security-board/ NSA Recruiting / Scholarships USA Colleges vie to entice w. NSA cyber program scholarship stipulation = NSA job on degree http://fedscoop.com/colleges-vie-to-entice-students-with-nsa-cyber-program USA + China meet re #cybersecurity - White House Kerry, Rice + Homeland Sec. Jeh Johnson > comm. competition blocks USA whining that the following  stop US competing on level playing field in China: fines opaque regulatory system http://www.lidtime.com/u-s-chinese-officials-meet-on-cyber-security-issues-white-house-5652/ University of Texas at San Antonio grant puts city on centre #cybersecurity stage emerging cybersecurity + tech hub / expressnews (subscipt) #cybersecurity #hacker Millennial Gen / Gen Y born post 1980 social media over-sharing / lax security http://www.afr.com/technology/a-third-of-millennials-warned-by-employers-over-social-media-posts-norton-20150914-gjlw1h Cybersecurity Bill  |  CISA   |  USA Cybersecurity Information Sharing Act (CISA) Light on Security legal immunity for sharing cyber-intel with govt PRIVACY implications / poised to pass http://foreignpolicy.com/2015/09/14/a-cybersecurity-bill-light-on-security-heavy-on-corporate- Jeb Bush wants USA Internet gov. against transfer of  ICANN oversight to multistakeholders Following Presidential candidates also get a mention re cybersec: Rubio - Marco Rubio Fiorina - Carly Fiorina http://fedscoop.com/jeb-bush-unveils-cybersecurity-plan Clinton appears to be  the CYBERSEC & MILLENNIAL candidate #Clinton2016 'Best Choice' Cybercrime Wakefield Research poll - 42% over half millennials Dems better http://www.inc.com/will-yakowicz/poll-hillary-clinton-most-qualified-presidential-candidate-for-cyberattack.html Hackers hit the Kremlin  #Russia target: election commission website sounds like DDoS http://thehill.com/policy/cybersecurity/253609-hackers-hit-the-kremlin #cybersecurity #banking #cloud x4 US banks agreement w/ regulators re 'guaranteed data deletion' issues Symphony = service created thru consortium of 14 financial instutions Goldman Sachs Deutsche Bank Credit Suisse Bank of New York Mellon = guaranteed data deletion / hinder regulators + prosecutors to investigate misconduct? Does use of Symphony re communications = regulators avoidance? [ I'm not clear on that] http://www.stockhouse.com/news/newswire/2015/09/14/four-us-banks-reach-agreement-with-regulators-on-guaranteed-data-deletion-issues #Russia Yuri Ushakov fmr career diplomat fmr deputy Foreign Minister PhD:  history 2008 appointment Putin deputy chief staff foreign-policy + international economics [various sources - incl. Foreign Policy] #cybersecurity DECEPTION SOFTWARE  / HONEYPOT SOFTWARE Deception to Catch #hacker fake network component, server or database to study their behaviour DECEPTION cybersecurity aims: 1. ID intruders / share info 2. drains hacker resources until aware duped 3. study hackers Deception has long been part of the art of war WWII, USA & British armies set up fake camps to dupe Germans / Penny Crosman {cybersec} Honeypot software = fake system = sits on network = exposes fake or real services to the attacker new gen. honeypot software = called 'deception software' centrally managed, integrated w/ other security software deception software popular with:  financial services x4 layers  (ie "deception stack"): network endpoint application data each layer of x4 deception software = has deception capabilities deception layers: eg. fake credentials in browser caches of decoy workstations, phony files & data sets. deception layers: eg. endpoint set up to look like it runs eg Windows, when is a Linux machine. deception layers: eg. fake OS = deceive malware into attacking vulnerabilities OS does not have. deception strategy: once intruder detected / continue to 'entertain' *find out what intruder knows re system decoy documents eg fake 'new product designs' = embedded w/ tracking element = knowing when & where opened deception software hidden tech in documents = beacon calling 'home' = info re intruder DECEPTION software providers: Attivo Networks TrapX Security Allure Security Technology CyberTrap Cymmetria ForeScout GuardiCore Hexis Cyber Solutions LogRhythm Percipient Networks Rapid7 Shape Security Specter TopSpin Security DECEPTION software LIMITATIONS If the hacker: 1) obtained correct credentials re system 2) knows where to look ie ... if not rummaging, knows where to go & where to get it, deception software ineffective Deception software = not foolproof = but significantly raises odds of detection & lowers false positives http://www.americanbanker.com/news/bank-technology/deception-may-be-the-best-way-to-catch-cybercriminals-1076667-1.html #cybersecurity US Dept Commerce rethinking proposed rule controlling  EXPORT of hacking TOOLS / intrusion software b/c stifles research source (subscription) http://www.law360.com/articles/702478/commerce-to-revise-cyber-rule-said-to-hamper-research #cybersecurity #hacker Cisco routers vulnerable to new attack attacks replace OS used in network Cisco equip. Cisco router attacks = x14 instances of router implants found in: India Mexico Philippines Ukraine http://www.reuters.com/article/2015/09/15/us-cybersecurity-routers-cisco-systems-idUSKCN0RF0N420150915 Malvertising #cybersecurity #hacker Malvertising Campaign Rages Undetected For 3 Weeks / manipulate ad networks' chain of trust Malvertising = number of new tactics to make attackers harder to track down eg use domain names registered years ago w/ BBB #Hacker = look like legit bus. using real-time bidding = ads clean = ads redirected to point for download malicious code ads  thru encrypted HTTPS channel = lets third party directly serve up content + encrypt comm. / no inspect. Malvertising attackers used Google URL shortener in redirects Malwarebytes + Google working to solve Malvertising hits, incl: http://ebay.co.uk  http://drudgereport.com  http://answers.com Malvertising compromised various small ad networks + major ad networks, incl DoubleClick, AppNexus + ExoClick Malvertising hits, adult, incl: nuvid.com upornia.com eroprofile.com very low-cost intro packages = attacker opportunity for short campaigns w/ small investments http://www.darkreading.com/attacks-breaches/malvertising-campaign-rages-undetected-for-3-weeks/d/d-id/1322169 #cybersecurity National Cyber Security Hall of Fame 2015 INDUCTEES Thu 29th Sept x5 - listed http://news.sys-con.com/node/3456101 #cybersecurity - REPORT - Insurance PWC Insurance 2020 & beyond: Reaping the dividends of cyber resilience http://www.pwc.com/gx/en/industries/financial-services/insurance/publications/insurance-2020-cyber.html #cybersecurity #insurance market to reach $7.5 billion annual premiums by end 2020 & min.  $5 billion by 2018 insurance co's may MITIGATE risks by partnering w/ technology co's + data sharing b/w insurance co's Insurer mitigation also by: conditional regular risk assessments of client ops & required remedies re reviews http://www.pymnts.com/in-depth/2015/cyber-insurance-market-to-thrive-triple-by-2020/ #military DOD - Overhaul of Military Ground Systems in favour of single UNIFIED system for satellite networks Satellite networks multiple siloed ground systems aka “stove-piped” =  inhibits security, resiliency, agility & affordability stovepiped / single ununified systems =  op systems each functioning w/ unique proprietary software from contractors #military ground systems - USG wants to move away from reliance original contractor / own tech baseline / free up competition DOD overhaul aim: *control interfaces + standards *no limits interface / proprietary s/w *no contractor control architecture DOD overhaul of military ground systems goals  *agility  *automation  *security  *resilience  Cost savings = inherent result cybersecurity = too many interfaces + incongruous software: *multiple cyber attack surfaces *must be defended individually Enterprise Ground System (EGS) / DOD interested in using #cloud tech for EGS / type undecided / Airforce favours private (b/c physically reside w/in operation centres) http://www.satellitetoday.com/regional/2015/09/14/dod-prepares-for-overhaul-of-military-ground-systems/ NYSE STUDY by Veracode 2015 Survey #cybersecurity in the Boardroom - 8pg PDF https://www.veracode.com/sites/default/files/Resources/Whitepapers/cybersecurity-in-the-boardroom-whitepaper.pdf Associated article: Boardrooms and cyber security http://thetandd.com/news/boardrooms-and-cyber-security/article_5edccb5b-aed1-5e88-b2e4-0dd396d5540d.html Twitter hired a trio of firms / first outside lobbyists to work DC spent $160K / first-half http://www.odwyerpr.com/story/public/5332/2015-09-14/twitter-enters-dc-lobbying-fray.html quantum encryption quantum random number  generator | Entropy Engine / 200 million random Nos. http://www.santafenewmexican.com/news/health_and_science/science-on-the-hill-for-cybersecurity-in-quantum-encryption-we/article_2ce4c8bb-78fa-5dbc-826f-ffdd33501ae3.html WEBINAR - cybersecurity Former NSA Tech. Dir. Jim Penrose cyber ops expert subtle traces compromise detection http://www.bankinfosecurity.com/webinars/view-from-inside-intelligence-driven-approaches-to-cyber-detection-w-764 #Germany #cybersecurity new IT Security Law July 24, 2015 foresees admin fines 4-yr evaluation *overview & links http://www.natlawreview.com/article/what-you-need-to-know-about-germany-s-cybersecurity-law #cybersecurity #hacker 9 FBI Warnings / risks posed by Internet of Things ('IoT') x10 device examples http://www.defenseone.com/threats/2015/09/fbi-department-homeland-security-warnings-internet-connected-everyday-objects/120905/ IronNet fmr  NSA Director Keith Alexander raised $7.5 million in equity re IronNet #Cybersecurity pt  $25-m Trident Capital financing IronNet Cybersecurity funds to go to: *cybersecurity products *building the company’s workforce http://www.bizjournals.com/baltimore/blog/cyberbizblog/2015/09/keith-alexander-led-ironnet-cybersecurity-raises-7.html #cybersecurity digital tax fraud  skyrocketed over last year / data breaches PROPOSED bill re notices ID theft almost half USA states = reported spikes in electronic filing fraud = Minnesota stopped accepting some electronic returns http://thehill.com/policy/cybersecurity/253542-senate-committee-will-mark-up-digital-tax-fraud-bill #cybersecurity new chip developed by Xerox = self-destruct on command Gorilla Glass / shattering chip Potential use:   storage device for encryption keys https://www.siliconrepublic.com/enterprise/2015/09/14/self-destructing-chip-xerox Korean-based SK Telecom + Greenville USA co. to develop vehicle cybersecurity /  Quantum Cryptography ... securely distributes a secret key to legitimate parties. Here, a key is a table of random numbers shared by legitimate users in such a way that the information is known only to them, and secure means secure against any possible eavesdropping, which is the highest level of security. The system is expected to enhance security of critical network infrastructure. Currently, most systems, including the connected vehicle ecosystems, use software-based pseudo-random number generators for encryption, meaning that they can fall vulnerable to hackers who decrypt the sequence of digits. Once developed for commercial use, SK Telecom’s technology will eliminate such concerns for security as it generates true random numbers based on hardware. http://gsabusiness.com/news/55654-greenville-center-korean-firm-to-develop-vehicle-cybersecurity #cybersecurity E-ZPass vulnerable to hackers, ID thieves + govt spying / not using encryption E‑ZPass = electronic toll-collection system =  tolled roads, bridges, & tunnels USA http://www.whdh.com/story/30022568/report-e-zpass-vulnerable-to-hackers-identify-thieves #SouthAfrica #law proposed bill too broad consequences beyond remit / state cyberwarfare / warrantless seizure #SouthAfrica /  penalties - to 25 years in prison /  has until Nov 30 to submit comment on proposed bill. http://www.zdnet.com/article/south-africa-gets-first-look-at-cybercrime-bill-that-comes-with-25-year-jail-terms/ #Tor .onion domain = formal recognition granted security certificates available to site admins http://www.cbronline.com/news/cybersecurity/business/regulators-give-tors-onion-domain-name-special-use-status-4669709 USA Dept Energy DOE REPORT linked US #Energy Tech Exports = cybersecurity risks - b/c rely on digital tech http://www.theepochtimes.com/n3/1751096-global-energy-growth-could-disrupt-americas-grid-security-doe-report-says/ ---------------------- ꕤ ---------------------- COMMENT Bunch of random stuff I looked at. It all seemed very exciting ... at the time.  Now, I'm not so sure.  lol The onion domain news and the self-destructing chip is exciting, I guess. I'm no techie, so the 'internet of things' doesn't bother me.  I like everything manual, if I can help it.  lol Twitter hiring Washington lobbyists is kind of exciting.  Wonder why? The US military proposed overhaul of ground satellite communications (if I understand correctly), is pretty cool. Surprise that it has taken them until 2015 to come up with those ideas, when they're in the business and should know what they're doing when it comes to multiple contracts and software applications etc. It doesn't sound too efficient at the DOD. Digital tax fraud sounds boring.  I don't even know what the point of it is.  lol  People pretend to be someone else ... but then what? Oh, the best news it the Ninth Circuit Court ruling regarding copyright! Take that, Universal Music a#@!@#s! ꕤ

Intel, Surveillance & Cybersec- Random News Items

#Algeria - Gen Hassan retired Algerian intel chief (counter-terrorism) / held in military prison Algerian President Abdelaziz Bouteflika reforming intel services relieving them of missions >> control transfer to Military July 2015 Algeria Pres. Bouteflika replaced heads of DSI counter-espionage unit residential security + Republican Guard http://www.news24.com/Africa/News/Algeria-detains-former-counter-terror-chief-report-20150830-4 #SouthAfrica allegations of SA intel spying on journalists Democratic Alliance asked intel Inspector General to investigate allegations SSA is spying on SABC journalists http://www.iol.co.za/news/politics/da-seeks-sabc-spying-probe-1.1907758 #SouthAfrica Cops in 'super-spy' machine probe The Grabber / dirtbox / cigarette smuggling http://www.iol.co.za/news/crime-courts/cops-in-super-spy-machine-probe-1.1907719 MacDonald, Dettwiler & Associates Ltd. = Canada-based communications & info co commercial & govt customers, globally MacDonald, Dettwiler & Associates Ltd. 2 segments: Communications +  Surveillance & Intelligence MacDonald, Dettwiler & Associates Ltd. Communications: = TV, satellite, radio, broadband, mobile Surveillance & Intel: = Geospatial + [think encountered MDA the other day] http://www.lulegacy.com/2015/08/30/macdonald-dettwiler-associates-pt-lowered-to-c89-00-mda/594668/ #UK MI6 agent Gareth Williams hacked Clinton’s agenda / diplomatic nightmare - Sir John Sawers / mysterious death http://nypost.com/2015/08/31/british-agent-hacked-bill-clintons-agenda-before-his-mysterious-death/ #Surveillance  advertising co's profile user, based on internet usage history “super-cookies aka pass ID = unique token injected into every HTTP request / user helpless: no choice / persists after clearing cookies Culprits: Verizon AT&T Bell Canada Bharti Airtel Cricket Telefonica de España Viettel Peru S.A.C. Vodafone NL Vodafone Spain Solution: 1) limit web browsing to sites that offer SSL or TLS 2) switch to provider that does not use super-cookies. http://www.techworm.net/2015/08/supercookies-are-back-in-force-giving-rise-to-privacy-threats.html PricewaterhouseCoopers Insurance Banana Skins 2015 #cybersecurity = one of biggest fears of insurers in world Report http://www.pwc.com/gx/en/insurance/banana-skins/2015-survey-report.jhtml #cybersecurity Ashley Madison hack UK intel checked files for security breaches & info / counterparts doing same http://www.independent.co.uk/life-style/gadgets-and-tech/news/ashley-madison-hack-british-intelligence-checked-leaked-files-for-security-breaches-and-information-10479238.html Ashley Madison hack Noel Biderman steps down as CEO of parent co Canadian Internet entrepreneur Self-proclaimed "King of Infidelity" former CEO of Avid Life Media  [wikipedia] #cybersecurity Indian financial outfits facing numerous cyber attacks from Pakistan / no mandatory reporting of hacks http://economictimes.indiatimes.com/articleshow/48737054.cms?utm_source=contentofinterest&utm_medium=text&utm_campaign=cppst #cybersecurity 3 broad hacker type: 1. financial motive cyber criminal 2. hacktivists or politically motivated 3. nation state attackers most serious type, said to be (3) nation state hackers >> steal business strategy + intellectual property /indiatimes #cybersecurity #OPM US federal agencies to pay at least $132 million re OPM hack Carter said his desire to increase the military’s computer defenses is one reason he was heading to Silicon Valley on Friday to recruit outside help. Federal agencies will pay at least $132 million to begin cleaning up the mess caused by the computer hack of at least 22 million current and former federal employees and military personnel. About 40 percent of the total, or nearly $53 million, will be paid by the Army. A little more than a quarter will be paid by the Air Force and 17 percent, or about $23 million, will come from the Navy, according to National Journal. Last month, OPM notified agencies it would charge them for their share of the protection services being offered to at least 22 million hack victims, proportional to the number of affected former and current employees, contractors, and applicants connected to each agency. The OPM has notified each agency what they owe for fiscal 2015, agencies must shift funds around to make the required payments. The Defense Department submitted its reprogramming request to Congress, where it has already received approval from at least the Senate Appropriations Committee’s panel on Defense spending. The plan set aside $132 million to pay for hack victims’ credit and identity monitoring, identity restoration and protection services for dependent children. https://thetelegraph.com/news/70496/report-says-va-way-short-of-psychiatrists ---------------------- ꕤ ---------------------- COMMENT Just news items that caught my eye. That US$130 million eventually goes to cybersecurity companies? They must be ecstatic whenever there's a big hack.  lol Algeria sounds interesting.  Something big's going on. South Africa sounds corrupt. CEO stepping down is a pointless, symbolic act. ꕤ

WikiLeaks - Hacking Team Leak - Release Verified as Legitimate / Singapore Surveillance

Singapore is using spyware, and its citizens can’t complain By Gabey GohAug 03, 2015 Behind the surveillance curtain Meanwhile, Goh Su Gim (pic), the security advisor at cybersecurity firm F-Secure in Asia, has examined the Hacking Team documents that have been leaked online, and said he believes them to be legitimate. “Especially the source code and their Galileo product architecture – it is exactly how security researchers have expected it to be,” he told DNA. “Many have compiled the source code and replicated what products Hacking Team has been selling to the [Singapore] Government,” he added. The leaked Hacking Team information also includes email threads that point to other Singaporean agencies showing an interest in the Italian company’s spyware, according to Goh. These agencies include the Centre for Strategic Infocomm Technologies (CSIT), part of the Ministry of Defence; and the Infocomm Technology Division (ICTD) of the Ministry of Home Affairs (MHA) back in 2013. Goh noted that an Israeli company, Nice Systems which specialises in telephone voice recording, data security and surveillance, serves as a partner working with Hacking Team to sell to CSIT and MHA. “Interestingly, the MHA was interested in its IPA device (Injection Proxy Appliance),” he said. “This is a networking device, typically installed alongside an Internet service provider’s servers, that can hijack targets’ Internet traffic without their knowing, and surreptitiously deliver malware to their device or computer. “Tricking a target into opening a file or going to a phishing site may be not be as easy, and this is the perfect appliance to intercept Internet activity on the fly – for example, if a target wants to watch a video or download a new app, the IPA could intercept and prompt the target to install a booby-trapped version of Adobe Flash with the spyware. “It is also interesting to note at the end of the [leaked] email, [there is the statement]: ‘(As always, but especially in this country, confidentiality is a must. Thanks.)’,” he added. Why the IDA? There were no further documents available to show whether discussions with the CSIT and MHA panned out and were converted to sales, Goh conceded. He said that the F-Secure team was also unable to independently confirm whether the IDA and other agencies in South-East Asia, besides the publicly published list of clients available on the Internet, were or are Hacking Team customers. However, Goh noted that given what Hacking Team offers, it may seem more relevant for CSIT and MHA to purchase such tools in the name of homeland security. “But the IDA is a statutory board of the Singapore Government, under the Ministry of Communications and Information, whose mission is to develop information technology and telecommunications within Singapore – with a view to servicing citizens of all ages and companies of all sizes. “With that said, since it is not an enforcement agency – there is no use for a surveillance tool, unless it is used for research purposes,” he said. The IDA did not respond to DNA’s repeated requests for comment. https://www.digitalnewsasia.com/digital-economy/singapore-is-using-spyware-and-its-citizens-cant-complain?page=0%2C1 -------- -------- -------- COMMENT Thought this a cool article, as the WikiLeaks publication of the Hacking Team data has been independently verified as legitimate. Israeli involvement is interesting. The rest (surveillance capabilities) just freaks me out.  LOL More re:  SINGAPORE SURVEILLANCE

Business Insider - "British spies are officially setting the standard for fighting hackers"

British spies are officially setting the standard for fighting hackers Business Insider Alastair Stevenson, Business Insider Jul. 29, 2015, 7:27 AM 13 UK big ben union flag jack umbrellaREUTERS/Luke MacGregorBritish spy standards have gone international. A pilot scheme for the UK government’s cyber security training initiative has launched in the US, Canada, Australia and New Zealand – meaning British spies are now setting the international standard for fighting hackers. The scheme will be run by the Communications-Electronics Security Group (CESG), the information security arm of the GCHQ. It is an extension of the CESG's ongoing UK Certified Professional (CCP) scheme. The UK scheme launched in October 2012 and is designed to ensure security professionals meet a quality benchmark set by the CESG, assuring potential hirers of their anti-hacker abilities. The scheme ranks professionals at three levels of competency: Practitioner, Senior Practitioner, and Lead Practitioner. To date, the scheme has accredited 1,200 UK professionals in a variety of roles, including penetration testers and crypto custodians. Penetration testers are hackers companies hire to find holes in their defences. Crypto custodians are professionals that manage companies' use of encryption. Encryption is a security technology that scrambles digital information using specialist mathematics. It makes it so only people in possession of a specific unlock key or password can read the encrypted information. The pilot international scheme will be limited to security and information risk advisors (SIRA) and IA architects – the people who advise companies on how to protect their data and design their information security systems. The new US, Canada, Australia and New Zealand tests will be run by the APMG International examination body and CESG. BUSINESS INSIDER - VIA http://www.techinsider.io/gchq-has-expanded-its-security-training-scheme-to-run-in-the-us-canada-australia-and-new-zealand-2015-7 --------------------- COMMENT Thought this was interesting, but now I'm not that sure.  LOL IA = information assurance APM Group Ltd (APMG) =  global accreditation body, UK based (offices all over) More:  CCP - 'CESG Certified Professional' http://apmg-cyber.com/products/ccp-cesg-certified-professional

Cybersecurity: Darktrace

British cyber company Darktrace ramps up D.C. presence, investors take notice  By Aaron Gregg July 26 at 5:57 PM Follow @Post_AG Washington has always been a government town. But in recent years, the economic pinch of sequestration and other federal cutbacks has many local business leaders wondering where the next source of revenue will come from. Many see cybersecurity as a possible path away from government dependency, hoping that experts from the region’s intelligence community can find ways to sell their expertise to multi-national corporations that want to shore up their data. Darktrace, a Britain-based cybersecurity company that tries to spot internal threats by applying big data analysis to employees’ behavioral patterns, is one of the upstarts seeking to turn the region’s indigenous intelligence know-how into a commercial operation. The company announced Wednesday that it closed a $22.5 million round of financing from Summit Partners, a prominent venture capital firm. The company says it will use the capital to continue expanding its international footprint, hiring sales and marketing people to help broaden its customer base. Last month, the young firm opened a cyber operations center in Columbia, Md., to give it closer proximity to the wealth of talent sitting next door at the National Security Agency. “We’re taking the know-how that people from government agencies like the FBI, CIA and NSA have, and helping people in the commercial private sector to identify threats,” chief executive Nicole Eagan said. Eagan said the company’s plan is to approximate the so-called five eyes of the international spy community — a collaboration of government intelligence agencies from New Zealand, Australia, Britain, the United States and Canada — and sell it to the private sector. Right now Darktrace has offices in all five locations. “When you start to realize that cyber is a global problem, a cyber-threat can originate in one part of the world and culminate in another part of the work,” Eagan said. The company employs about 100 people, but its workforce is spread across 16 cities on four continents, with plans to expand into Latin America. [Related: Founded by spies and mathematicians, Darktrace isn’t your typical cyber-security firm] The company was founded two years ago by a union of Cambridge mathematicians and NSA veterans, with the help of close to $10 million in seed funding from Invoke Capital, a British venture capital firm backed by Mike Lynch, founder of British IT company Autonomy. Darktrace is one of many firms trying to spot data breaches in real time. The company’s Enterprise Immune System technology uses complex mathematical algorithms to take a behavioral “fingerprint” of each company’s day-to-day operations, created from seemingly mundane details such as when particular people tend to log in to certain systems and what they do there, where they work from and from what computer they log in. When something looks out of the ordinary, the company is notified in real time, and management gets a weekly update on the biggest threats it needs to worry about. “What Darktrace offers is an intelligent platform which learns what normal behavior is, and picks out what is unusual,” said Dan Raywood, an information security analyst at IT consultancy 451 Research. After spending a few years honing its product with early testers that included BT Group, a British telecommunications corporation, the company said it is done with research and development and is now focusing its efforts on getting to market. Today, Darktrace works with more than 100 corporations worldwide. It takes on customers by offering them a 30-day free trial, after which they are asked to commit to a three- or four-year contract. The company said more than 80 percent of the companies that try the free trial sign a contract. Darktrace declined to provide details of its financial performance. The company is operating in a crowded field with new firms popping up every day. “Whilst not totally unique, Darktrace has an interesting proposition at a time when spotting the anomaly is a key trend,” Raywood said.  Aaron Gregg covers the local economy for Capital Business, the Post’s local business section. He studied music (Jazz guitar) and political science at Emory University in Atlanta, and has a graduate degree in public policy from Georgetown. SOURCE http://www.washingtonpost.com/business/capitalbusiness/british-cyber-company-darktrace-ramps-up-dc-presence-investors-take-notice/2015/07/26/0fbef782-316d-11e5-97ae-30a30cca95d7_story.html --------------------- COMMENT LOL .. wonder if this is CIA venture capital? Cambridge makes me think of Cambridge Five and NSA's the mass surveillance mob that's been spying on European corporations and politicians. So is this some kind of UK intel meets US intel off the grid (and therefore opaque) Five Eyes clone?  Govt intelligence agencies aren't exactly transparent, so it probably hasn't got anything to do with being 'opaque'.  Maybe it's about having some legit cover, while keeping close tabs on big business? Or, .... I've got an over-active imagination.  LOL --------------------- Founded by spies and mathematicians, Darktrace isn’t your typical cybersecurity firm "... part of a contingent of cybersecurity executives accompanying British Prime Minister David Cameron on his recent trip to Washington, where the two countries announced the launch of a joint cyber-sharing initiative." http://www.washingtonpost.com/business/on-it/founded-by-spies-and-mathematicians-darktrace-isnt-your-typical-cybersecurity-firm/2015/02/15/eb71787e-b079-11e4-886b-c22184f27c35_story.html

Israel Cybersec | Hacker News

http://itbusinessnet.com/article/Nonstop-Cyber-Attacks-Drive-Israel-to-Build-Hack-Proof-Defense-3986848 Nonstop Cyber Attacks Drive Israel to Build Hack-Proof Defense By Bloomberg News (Gwen Ackerman)- (Bloomberg) -- In 2013, Israel Electric Corp. registered several hundred potential hacks on its grid each hour. Last year, the figure grew -- to 20,000. None succeeded. Israel Electric, which controls more than 80 percent of the countrys power production, has dramatically increased its cyber personnel, developed new defense tools and enhanced employee training, said Yosi Shneck, senior vice president of information and communications. The new protections reflect a nationwide effort to make Israel one of the most hack- proof countries in the world. This year alone, the government established a national authority to help oversee protection of critical civilian systems, the military announced a reorganization of all its anti-hacking units into one command and the central bank became what may be the first in the world to define mandatory cyber- defense steps for financial institutions. If I ranked the existential threats, cyber would come right behind nuclear weapons, said Carmi Gillon, former head of the Shin Bet domestic security service and chairman of Cytegic, a company that has developed a digital dashboard and tools to help keep companies protected. Israel and the U.S. face some of the most serious cyber assailants in the world, said Daniel Garrie, executive managing partner of cyber-consulting firm Law & Forensics in New York. That forces them to be light years ahead in prevention. While attempted hack attacks on Israel reached 2 million a day during last years fighting in Gaza, the country has yet to report destructive events such as the theft of data from about 22 million people at the U.S. Office of Personnel Management. Hacking Call The threat is growing. Anonymous, a loosely connected global hacker collective, called in April for a hacking onslaught on the country. The Jewish state was the second-most- hit in the world after the U.S. that month, according to monitoring website Hackmageddon. The attacks did little more than deface websites. Anonymous claimed Facebook credentials and phone numbers of hundreds of Israelis were posted online. In March, Check Point Software Technologies Ltd., a cybersecurity company, detected malware that it suspected came from Lebanon. The alleged targets were defense contractors as well as telecommunications and media companies in 10 countries, including Israel. No further details were given. Two Cables Only two cables link Israels Internet network to the world, giving its companies an advantage on the digital battlefield, said Yaron Blachman, director of cyber and technology consulting at PricewaterhouseCoopers Israel. They can just turn to their Internet service provider and disconnect, he said. Israel started building up its defenses more than a decade ago. In 2002, the government created the National Information Security Authority to protect critical infrastructure. In 2012 it established the National Cyber Bureau, an agency within the office of Prime Minister Benjamin Netanyahu that coordinates and advises on policy. The authority established this year will be responsible for protecting civilian entities such as banks, said Yitzhak Ben-Israel, who helped found it. It isnt enough just to have sophisticated defenses, said Amos Yadlin, a former military intelligence chief who now heads Tel Aviv Universitys Institute for National Security Studies. You cant be a good defender unless you understand the offense, he said. Therefore, defensive efforts must overlap to some degree with offensive efforts, including those of intelligence collection. Flame Virus For instance, Iran says Israel tried to sabotage its nuclear program with the Stuxnet virus. It also attributed the Flame virus, which wreaked havoc on Iranian computer systems in the energy sector, to illegitimate regimes. Israeli officials have declined to confirm or deny whether the country was involved. Learning to fend off attacks can be profitable. Israel Electric formed a unit called CyberGym with security consulting firm CyberControl to offer companies around the world a simulated control center to practice protecting their networks. And the new Israeli focus is leading to acquisitions and investments. Elbit Systems Ltd., Israels biggest publicly traded defense company, in May bought a cybersecurity division from Nice Systems Ltd. for $158 million. Two months before that, Alibaba Group Holding Ltd. invested in Jerusalem Venture Partners to work with Israeli cybersecurity startups and protect its own operations. Cytegic chief executive officer Shay Zandani, who established the information-security department in the Israeli Air Force in the 1990s, says many Israeli corporations arent protected against the kind of threats they face. In 2014, one in 10 cyber breaches was in the banking industry, according to a report by FireEye Inc. Bank Protections Attacks and attackers targeting the Israeli financial sector have increased and become more sophisticated, according to a May report by Cytegic and cyber consulting firm Konfidas. Lenders have largely been unsuccessful in reining them in, it said. The industry targeted most by hack attacks: information technology. The Bank of Israel says it appears to be the first central bank in the world to define mandatory steps for cyber defense. Its regulations, issued in March, put pressure on the board of directors and senior management to insure lenders are safe. Israel is a geopolitical target and attacking the banking sector can damage our economy, said Rachel Jacoby, head of the OpRisks management unit for technology and cyber at the central bank. To contact the reporter on this story: Gwen Ackerman in Jerusalem at gackerman@bloomberg.net To contact the editors responsible for this story: Riad Hamade at rhamade@bloomberg.net Anne Swardson, James Hertling http://itbusinessnet.com/article/Nonstop-Cyber-Attacks-Drive-Israel-to-Build-Hack-Proof-Defense-3986848 --------------------- HACKER NEWS #Hacker Identity theft cemeteries, online obituaries > ID 4 fraudulent a/c Sth Africa topping recycled deceased ID prob:  loan providers conducting transactions over phone, often only requiring 3 questions as ID verification South Africa also big on phishing attacks (eg fake SA Revenue Service link) http://www.techcentral.co.za/how-crooks-steal-your-id/58397/ FBI wanted: cybercrim - Evgeniy Mikhailovich Bogachev /Computer Fraud & Abuse Act /Identity Theft & Assumption Deterrence Act US$3m reward Evgeniy Bogachev = responsible for Zeus malware / banking log-on info capture source: http://www.techcentral.co.za/how-crooks-steal-your-id/58397/ Unauthorised apps & app stores contributing to a spike in mobile fraud  400% spike 2014 Access prevention needed on mobile devices *back-up *remote wipe system *password protection *GPS tracking services http://www.timeslive.co.za/thetimes/2015/07/22/Beware-muggers-in-those-dodgy-apps --------------------- COMMENT Just some of the stuff I looked at recently. Doubt I'll remember much of the Israeli cybersecurity article, but I thought it was interesting. Evgeniy Bogachev's got a $3-million FBI reward on his head. That's a massive amount. Bogachev better not go to Thailand.  Thais love handing ppl over to the Yanks.