aggregator

Hacks Raise Fear Over NSA's Hold on Cyberweapons

Slashdot - Your Rights Online - Cz, 2017-06-29 16:50
Nicole Perlroth, and David Sanger, writing for The New York Times: Twice in the past month, National Security Agency cyberweapons stolen from its arsenal have been turned against two very different partners of the United States -- Britain and Ukraine. The N.S.A. has kept quiet, not acknowledging its role in developing the weapons (alternative source). White House officials have deflected many questions, and responded to others by arguing that the focus should be on the attackers themselves, not the manufacturer of their weapons. But the silence is wearing thin for victims of the assaults, as a series of escalating attacks using N.S.A. cyberweapons have hit hospitals, a nuclear site and American businesses. Now there is growing concern that United States intelligence agencies have rushed to create digital weapons that they cannot keep safe from adversaries or disable once they fall into the wrong hands. On Wednesday, the calls for the agency to address its role in the latest attacks grew louder, as victims and technology companies cried foul. Representative Ted Lieu, a California Democrat and a former Air Force officer who serves on the House Judiciary and Foreign Affairs Committees, urged the N.S.A. to help stop the attacks and to stop hoarding knowledge of the computer vulnerabilities upon which these weapons rely.

Read more of this story at Slashdot.

WikiLeaks Dump Reveals CIA Malware For Tracking Windows Devices Via WiFi Networks

Slashdot - Your Rights Online - Cz, 2017-06-29 15:00
WikiLeaks has published the documentation manual for an alleged CIA tool that can track users of Wi-Fi-capable Windows devices based on the Extended Service Set (ESS) data of nearby Wi-Fi networks. According to the tool's 42-page manual, the tool's name is ELSA. Bleeping Computer has an image embedded in its report that explains how the tool works. There are six steps that summarize the ELSA operation. Bleeping Computer reports: Step 1: CIA operative configures ELSA implant (malware) based on a target's environment. This is done using a tool called the "PATCHER wizard," which generates the ELSA payload, a simple DLL file. Step 2: CIA operative deploys ELSA implant on target's Wi-Fi-enabled Windows machine. Because ELSA is an implant (malware), the CIA operator will likely have to use other CIA hacking tools and exploits to place the malware on a victim's PC. Step 3: The implant begins collecting Wi-Fi access point information based on the schedule set by the operator. Data collection can happen even if the user is disconnected from a Wi-Fi network. Step 4: When the target user connects to the Internet, ELSA will take the collected Wi-Fi data and query a third-party database for geolocation information. Step 5: The CIA operative connects to the target's computer and fetches the ELSA log. This is done via the tools that allowed the operator to place ELSA on his system, or through other tools. Step 6: The operator decrypts the log and performs further analysis on their target. Optionally, he can use the collected WiFi data to query alternate EES geo-location databases, if he feels they provide a better accuracy.

Read more of this story at Slashdot.

Mayors of 7,400 Cities Vow To Meet Obama's Climate Commitments

Slashdot - Your Rights Online - Cz, 2017-06-29 05:30
An anonymous reader quotes a report from The Guardian: Mayors of more than 7,400 cities across the world have vowed that Donald Trump's decision to withdraw from the Paris accord will spur greater local efforts to combat climate change. At the first meeting of a "global covenant of mayors," city leaders from across the US, Europe and elsewhere pledged to work together to keep to the commitments made by Barack Obama two years ago. Cities will devise a standard measurement of emission reductions to help them monitor their progress. They will also share ideas for delivering carbon-free transport and housing. Kassim Reed, the mayor of Atlanta, told reporters he had travelled to Europe to "send a signal" that US states and cities would execute the policies Obama committed to, whether the current White House occupants agreed or not. Reed, whose administration has promised that the city of Atlanta will use 100% renewable energy by 2035, said 75% of the US population and GDP lay in urban areas, where local leaders were committed to fighting climate change. "We have the ability to still achieve between 35% and 45% CO2 emission reductions without the involvement of the national government and it is why I chose to be here at this time to send a signal to 7,400 cities around the world that now should be a time of optimism, passion and action," he said.

Read more of this story at Slashdot.

London Metropolitan Police's 18,000 Windows XP PCs Is a Disaster Waiting To Happen

Slashdot - Your Rights Online - Cz, 2017-06-29 03:00
According to MSPoweruser, the London Metropolitan Police are still using around 18,000 PCs powered by Windows XP, an operating system Microsoft stopped supporting in 2014. What's more is that the police force is upgrading its PCs from Windows XP to Windows 8.1, instead of Windows 10. Only 8 PCs at the police force are reportedly powered by the "most secure version of Windows right now." From the report: From the looks of things, the London Metropolitan Police will continue to upgrade their systems to Windows 8.1 at the moment. Windows 8.1 is still being supported by Microsoft, although the mainstream support for the OS is set to end on the 9 January 2018. Microsoft will offer extended support for the OS until 2023, which means Windows 8.1 is still a much more secure alternative for the Metropolitan Police than Windows XP. Windows 10 still would have been the best option in terms of security, however. Microsoft is releasing security updates for the OS every month, and the new advanced security features like Windows Defender Advanced Threat Protection makes PCs running Windows a whole lot more secure. The spokesman of the 0Conservative London Assembly said in a statement: "The Met is working towards upgrading its software, but in its current state it's like a fish swimming in a pool of sharks. It is vital the Met is given the resources to step up its upgrade timeline before we see another cyber-attack with nationwide security implications."

Read more of this story at Slashdot.

US Imposes Stricter Security Screenings At Foreign Airports, But Won't Expand Laptop Ban Yet

Slashdot - Your Rights Online - Cz, 2017-06-29 01:20
An anonymous reader quotes a report from The Verge: The United States will require foreign airports to implement stricter security practices and screenings for any passengers headed to the U.S. John Kelly, the U.S. secretary of Homeland Security, announced today that the new measures were being put in place. Though he didn't go into specifics, Kelly said the new requirements would include further screenings of electronics, more thorough vetting of passengers, and measures meant to stop "insider attacks." The U.S. is also encouraging the use of more bomb-detecting dogs, "advanced checkpoint screening technology," and the addition of "preclearance" locations, which station U.S. customs officers overseas, allowing them to screen passengers before boarding instead of after they land. One thing Kelly didn't announce was an expansion of the tablet and laptop ban, which is currently in effect on flights from 10 airports in the Middle East and North Africa. If airports don't comply with the new screening rules, Kelly said, they may be subject to additional electronics bans. But for the time being, it sounds like the ban will be kept to those 10 locations. According to Reuters, airlines have 21 days to comply with the new rules for explosives screenings and four months to comply with everything else.

Read more of this story at Slashdot.

Equal Rights Center Sues Uber For Denying Equal Access To People Who Use Wheelchairs

Slashdot - Your Rights Online - Cz, 2017-06-29 00:40
The Equal Rights Center is suing Uber, alleging that the company has chosen not to include wheelchair-accessible cars as an option in its standard UberX fleet of vehicles, and excludes people who use wheelchairs in Washington, D.C. According to the lawsuit, Uber is in violation of Title 3 of the Americans with Disabilities Act and the D.C. Human Rights Act. TechCrunch reports: After conducting its own investigation of Uber's services for people in wheelchairs, the ERC found that passengers had to wait an average of eight times longer for an accessible car to arrive. They also had to pay twice as much in fares, according to the ERC's study. Ultimately, the ERC wants Uber to integrate wheelchair accessible cars into its UberX fleet so that people who use wheelchairs don't have to wait longer and pay more to use the car service. Uber said in a statement provided to TechCrunch: "We take this issue seriously and are committed to continued work with the District, our partners, and stakeholders toward expanding transportation options and freedom of movement for all residents throughout the region."

Read more of this story at Slashdot.

The Petya Ransomware Is Starting To Look Like a Cyberattack in Disguise

Slashdot - Your Rights Online - Śr, 2017-06-28 22:46
Further research and investigation into Petya ransomware -- which has affected computers in over 60 countries -- suggest three interesting things: 1. Ukraine was the epicentre of the attack. According to Kaspersky, 60 percent of all machines infected were located within Ukraine. 2. The attackers behind the attack have made little money -- around $10,000. Which leads to speculation that perhaps money wasn't a motive at all. 3. Petya was either "incredibly buggy, or irreversibly destructive on purpose." An anonymous reader shares a report: Because the virus has proven unusually destructive in Ukraine, a number of researchers have come to suspect more sinister motives at work. Peeling apart the program's decryption failure in a post today, Comae's Matthieu Suiche concluded a nation state attack was the only plausible explanation. "Pretending to be a ransomware while being in fact a nation state attack," Suiche wrote, "is in our opinion a very subtle way from the attacker to control the narrative of the attack." Another prominent infosec figure put it more bluntly: "There's no fucking way this was criminals." There's already mounting evidence that Petya's focus on Ukraine was deliberate. The Petya virus is very good at moving within networks, but initial attacks were limited to just a few specific infections, all of which seem to have been targeted at Ukraine. The highest-profile one was a Ukrainian accounting program called MeDoc, which sent out a suspicious software update Tuesday morning that many researchers blame for the initial Petya infections. Attackers also planted malware on the homepage of a prominent Ukraine-based news outlet, according to one researcher at Kaspersky. Ars Technica has more.

Read more of this story at Slashdot.

More Than 40 ISPs Across the Country Tell Chairman Pai to Not Repeal Network Neutrality

Slashdot - Your Rights Online - Śr, 2017-06-28 21:25
An anonymous reader shares a report: One excuse FCC Chairman Ajit Pai regularly offers to explain his effort to gut net neutrality protections is the claim that open Internet rules have harmed ISPs, especially small ones. During a speech earlier this year, he stressed that 22 small ISPs told him that the 2015 Open Internet Order hurt their ability to invest and deploy. In reality, though, many more ISPs feel very differently. Today, more than 40 ISPs told the FCC that they have had no problem with the Open Internet Order (PDF) and that it hasn't hurt their ability to develop and expand their networks. What is more, that they want the FCC to do its job and address the problem Congress created when it repealed the broadband privacy rules in March.

Read more of this story at Slashdot.

Google Must Delete Search Results Worldwide, Supreme Court of Canada Rules

Slashdot - Your Rights Online - Śr, 2017-06-28 20:45
The Supreme Court of Canada ruled against Google on Wednesday in a closely-watched intellectual property case over whether judges can apply their own country's laws to all of the internet. From a report: In a 7-2 decision, the court agreed a British Columbia judge had the power to issue an injunction forcing Google to scrub search results about pirated products not just in Canada, but everywhere else in the world too. Those siding with Google, including civil liberties groups, had warned that allowing the injunction would harm free speech, setting a precedent to let any judge anywhere order a global ban on what appears on search engines. The Canadian Supreme Court, however, downplayed this objection and called Google's fears "theoretical." "This is not an order to remove speech that, on its face, engages freedom of expression values, it is an order to de-index websites that are in violation of several court orders. We have not, to date, accepted that freedom of expression requires the facilitation of the unlawful sale of goods," wrote Judge Rosalie Abella.

Read more of this story at Slashdot.

FBI Interviews Employees of Russia-Linked Cyber Security Firm Kaspersky Lab

Slashdot - Your Rights Online - Śr, 2017-06-28 19:20
FBI agents on Tuesday paid visits to at least a dozen employees of Kaspersky Lab, a Russia-based cyber-security company, asking questions about that company's operations as part of a counter-intelligence inquiry, multiple sources familiar with the matter told NBC News. From a report: In a classic FBI investigative tactic, agents visited the homes of the employees at the end of the work day at multiple locations on both the east and west coasts, the sources said. There is no indication at this time that the inquiry is part of Special Counsel Robert Mueller's investigation into Russian election meddling and possible collusion. Kaspersky has long been of interest to the U.S. government. Its cyber-security software is widely used in the United States, and its billionaire owner, Eugene Kaspersky, has close ties to some Russian intelligence figures, according to U.S. officials.

Read more of this story at Slashdot.

Toshiba Sues Western Digital For $1 Billion in Damages

Slashdot - Your Rights Online - Śr, 2017-06-28 18:40
Toshiba has raised the stakes in an embittered legal row with its joint venture partner, suing Western Digital for a $1bn in damages and hoping Japanese courts will quash the US firm's interference in the sale of its memory chip business. From a report: The litigation, filed Wednesday in Tokyo District Court, seeks to stop Western Digital from making ownership claims over the enterprise that Toshiba is trying to sell. The Japanese company said in a statement that Western Digital's employees improperly obtained proprietary information. The relationship between Toshiba and Western Digital has gotten more acrimonious, as Toshiba moves toward a sale of the flash-memory division. Last month, Western Digital invoked an arbitration clause in their business agreement, seeking to block Toshiba's transfer of ownership of the unit to a separate legal entity in preparation for a sale. Toshiba, which has since reversed that transfer, then had its lawyers send a letter demanding that the U.S. company stop its "harassment" as Toshiba tries to sell the business.

Read more of this story at Slashdot.

President Trump Attacks Amazon, Incorrectly Claiming That It Owns The Washington Post For Tax Purposes

Slashdot - Your Rights Online - Śr, 2017-06-28 18:00
The Washington Post, which has been critical of Donald Trump and his administration in its coverage, has become the latest victim in Trump's Twitter tirade. On Wednesday, he accused Amazon of not "paying internet taxes (which they should)," adding that the company is using The Washington Post "in a scheme to dodge" the taxes. Quick fact check: Amazon doesn't own The Washington Post, Jeff Bezos -- in his personal capacity -- does. At any rate, Trump's furious tweets come a day after The Washington Post reported that a fake issue of Time magazine with Trump on the cover was hanging in some of the president's golf clubs. The timing of this is also awkward because just last week the president met with Bezos and other top executives to discuss ways the White House can modernize government and aid the tech industry. But the two have a long history. As Recode reminds: Meanwhile, Amazon is about to embark on what could be a lengthy government antitrust review of its bid to buy Whole Foods. Already looming large over the roughly $14 billion deal are the president's own comments: He has previously attacked Bezos and claimed the Post is a tax-dodging scheme for Amazon. "He thinks I'll go after him for antitrust," Trump said at one point during his campaign. "Because he's got a huge antitrust problem, because he's controlling so much, Amazon is controlling so much of what they are doing." Months later, Trump charged: "Believe me, if I become president, oh, do they have problems, they are going to have such problems." Meanwhile, Bezos isn't one to shy about his anti-Trump views either. At one point during the election, Bezos tweeted that he'd save a seat for Trump on his Blue Origin spacecraft, with the hashtag "sendDonaldtospace."

Read more of this story at Slashdot.

Contractors Lose Jobs After Hacking CIA's In-House Vending Machines

Slashdot - Your Rights Online - Śr, 2017-06-28 15:00
An anonymous reader quotes a report from TechRepublic: Today's vending machines are likely to be bolted to the floor or each other and are much more sophisticated -- possibly containing machine intelligence, and belonging to the Internet of Things (IoT). Hacking this kind of vending machine obviously requires a more refined approach. The type security professionals working for the U.S. Central Intelligence Agency (CIA) might conjure up, according to journalists Jason Leopold and David Mack, who first broke the story A Bunch Of CIA Contractors Got Fired For Stealing Snacks From Vending Machines. In their BuzzFeed post, the two writers state, "Several CIA contractors were kicked out of the Agency for stealing more than $3,000 in snacks from vending machines according to official documents... ." This October 2013 declassified Office of Inspector General (OIG) report is one of the documents referred to by Leopold and Mack. The reporters write that getting the records required initiating a Freedom Of Information Act lawsuit two years ago, adding that the redacted files were only recently released. The OIG report states Agency employees use an electronic payment system, developed by FreedomPay, to purchase food, beverages, and goods from the vending machines. The payment system relies on the Agency Internet Network to communicate between vending machines and the FreedomPay controlling server. The OIG report adds the party hacking the electronic payment system discovered that severing communications to the FreedomPay server by disconnecting the vending machine's network cable allows purchases to be made using unfunded FreedomPay cards.

Read more of this story at Slashdot.

Britain's Newest Warship Runs Windows XP, Raising Cyber Attack Fears

Slashdot - Your Rights Online - Śr, 2017-06-28 02:45
Chrisq shares a report from The Telegraph: Fears have been raised that Britain's largest ever warship could be vulnerable to cyber attacks after it emerged it appears to be running the outdated Microsoft Windows XP. A defense source told The telegraph that some of the on-board hardware and software "would have been good in 2004" when the carrier was designed, "but now seems rather antiquated." However, he added that HMS Queen Elizabeth is due to be given a computer refit within a decade. And senior officers said they will have cyber specialists on board to defend the carrier from such attacks.

Read more of this story at Slashdot.

Petya Ransomware Outbreak Originated In Ukraine Via Tainted Accounting Software

Slashdot - Your Rights Online - Śr, 2017-06-28 01:20
An anonymous reader quotes a report from Bleeping Computer: Today's massive ransomware outbreak was caused by a malicious software update for M.E.Doc, a popular accounting software used by Ukrainian companies. According to several researchers, such as Cisco Talos, ESET, MalwareHunter, Kaspersky Lab, and others, an unknown attacker was able to compromise the software update mechanism for M.E.Doc's servers, and deliver a malicious update to customers. When the update reached M.E.Doc's customers, the tainted software packaged delivered the Petya ransomware -- also referenced online as NotPetya, or Petna. The Ukrainian software vendor appears to have inadvertently confirmed that something was wrong when, this morning, issued a security advisory. Hours later, as the ransomware outbreak spread all over Ukraine and other countries across the globe causing huge damages, M.E.Doc denied on Facebook its servers ever served any malware. According to security researcher MalwareHunter, this is not the first time M.E.Doc has carried a malicious software update that delivered ransomware. Back in May, the company's software update mechanism also helped spread the XData ransomware.

Read more of this story at Slashdot.

Police Use Lyft As 'Trojan Horse' To Capture Suspect In Murder of Tech CEO

Slashdot - Your Rights Online - Śr, 2017-06-28 00:40
McGruber writes: On Friday, June 23, 2017, three men broke into the home of Albert Eugene DeMagnus, the CEO of Computer Management Services. The men stabbed DeMangus, who was pronounced dead after he had been taken to a hospital. Police officers chased two of the suspects as they fled in DeMangus' gray Lexus. The Lexus crashed and the two men ran away into the woods. Police then set up a perimeter with road checkpoints. Soon, a Lyft driver approached a checkpoint and told police she was picking up a passenger nearby. "This may be one of our suspects trying to leave the scene," Fayette County, Georgia Sheriff Barry Babb thought of the person being picked up. So Babb and three officers got into his car, which happened to be identical to the Lyft driver's. They got the location of the suspect from the Lyft driver and simply drove to the suspect, posing as his ride. "The subject walked all the way up, was about to open the door and get in our vehicle, when we exited and identified ourself," said Sheriff Babb. The suspect fled and got about 100 yards into the woods before being taken into custody. "That was something that was unique for us," Babb said, "a first time for us."

Read more of this story at Slashdot.

Hacker Behind Massive Ransomware Outbreak Can't Get Emails From Victims Who Paid

Slashdot - Your Rights Online - Wt, 2017-06-27 22:41
Joseph Cox, reporting for Motherboard: On Tuesday, a new, worldwide ransomware outbreak took off, infecting targets in Ukraine, France, Spain, and elsewhere. The hackers hit everything from international law firms to media companies. The ransom note demands victims send bitcoin to a predefined address and contact the hacker via email to allegedly have their files decrypted. But the email company the hacker happened to use, Posteo, says it has decided to block the attacker's account, leaving victims with no obvious way to unlock their files. [...] The hacker tells victims to send $300 worth of bitcoin. But to determine who exactly has paid, the hacker also instructs people to email their bitcoin wallet ID, and their "personal installation key." This is a 60 character code made up of letters and digits generated by the malware, which is presumably unique to each infection of the ransomware. That process is not possible now, though. "Midway through today (CEST) we became aware that ransomware blackmailers are currently using a Posteo address as a means of contact," Posteo, the German email provider the hacker had an account with, wrote in a blog post. "Our anti-abuse team checked this immediately -- and blocked the account straight away.

Read more of this story at Slashdot.

Heritage Valley Health System Target Of Cyber Attack

Slashdot - Your Rights Online - Wt, 2017-06-27 21:20
The Heritage Valley Health System says it has been hit with a cyber attack. From a report: A spokeswoman confirmed the attack Tuesday morning. "Heritage Valley Health System has been affected by a cyber security incident. The incident is widespread and is affecting the entire health system including satellite and community locations. We have implemented downtime procedures and made operational adjustments to ensure safe patient care continues un-impeded." Heritage Valley is a $480 million network that provides care for residents of Allegheny, Beaver, Butler and Lawrence counties, in Pennsylvania; parts of eastern Ohio; and the panhandle of West Virginia. Also read: Ukrainian Banks, Electricity Firm Hit by Fresh Cyber Attack; Reports Claim the Ransomware Is Quickly Spreading Across the World.

Read more of this story at Slashdot.

China's All-Seeing Surveillance State Is Reading Its Citizens' Faces

Slashdot - Your Rights Online - Wt, 2017-06-27 19:20
China's government is using facial-recognition technology to help promote good behavior and catch lawbreakers, reports the WSJ. From the article: Facial-recognition technology, once a specter of dystopian science fiction, is becoming a feature of daily life in China, where authorities are using it on streets, in subway stations, at airports and at border crossings in a vast experiment in social engineering (alternative source). Their goal: to influence behavior and identify lawbreakers. Ms. Gan, 31 years old, had been caught on camera crossing illegally here once before, allowing the system to match her two images. Text displayed on the crosswalk screens identified her as a repeat offender. "I won't ever run a red light again," she said. China is rushing to deploy new technologies to monitor its people in ways that would spook many in the U.S. and the West. Unfettered by privacy concerns or public debate, Beijing's authoritarian leaders are installing iris scanners at security checkpoints in troubled regions and using sophisticated software to monitor ramblings on social media. By 2020, the government hopes to implement a national "social credit" system that would assign every citizen a rating based on how they behave at work, in public venues and in their financial dealings.

Read more of this story at Slashdot.