Shadow Brokers threaten to unleash more hacking tools | Technology | The Guardian

The so-called Shadow Brokers, who claimed responsibility for releasing NSA tools that were used to spread the WannaCry ransomware through the NHS and across the world, said they have a new suite of tools and vulnerabilities in newer software. The possible targets include Microsoft’s Windows 10, which was unaffected by the initial attack and is on at least 500m devices around the world.

Fuente: Shadow Brokers threaten to unleash more hacking tools | Technology | The Guardian


NYU Accidentally Exposed Military Code-breaking Computer Project to Entire Internet

The supercomputer described in the trove, “WindsorGreen,” was a system designed to excel at the sort of complex mathematics that underlies encryption, the technology that keeps data private, and almost certainly intended for use by the Defense Department’s signals intelligence wing, the National Security Agency. WindsorGreen was the successor to another password-cracking machine used by the NSA, “WindsorBlue,” which was also documented in the material leaked from NYU and which had been previously described in the Norwegian press thanks to a document provided by National Security Agency whistleblower Edward Snowden. Both systems were intended for use by the Pentagon and a select few other Western governments, including Canada and Norway.

Fuente: NYU Accidentally Exposed Military Code-breaking Computer Project to Entire Internet


Leaked NSA Malware Is Helping Hijack Computers Around the World

In mid-April, an arsenal of powerful software tools apparently designed by the NSA to infect and control Windows computers was leaked by an entity known only as the “Shadow Brokers.” Not even a whole month later, the hypothetical threat that criminals would use the tools against the general public has become real, and tens of thousands of computers worldwide are now crippled by an unknown party demanding ransom.

Fuente: Leaked NSA Malware Is Helping Hijack Computers Around the World


Microsoft responsabiliza a la Agencia de Seguridad Nacional de EE.UU. de propiciar el ciberataque masivo que afectó al menos a 150 países – El Mostrador

El gigante de la informática criticó el papel de los gobiernos y organizaciones que coleccionan vulnerabilidades informáticas que después pueden ser robadas o vendidas a delincuentes informáticos. La empresa pide que lo sucedido sea una lección para erradicar esta práctica en el mundo.

Fuente: Microsoft responsabiliza a la Agencia de Seguridad Nacional de EE.UU. de propiciar el ciberataque masivo que afectó al menos a 150 países – El Mostrador


Japan Made Secret Deals With the NSA That Expanded Global Surveillance

The documents, published Monday in collaboration with Japanese news broadcaster NHK, reveal the complicated relationship the NSA has maintained with Japan over a period of more than six decades. Japan has allowed NSA to maintain at least three bases on its territory and contributed more than half a billion dollars to help finance the NSA’s facilities and operations. In return, NSA has kitted out Japanese spies with powerful surveillance tools and shared intelligence with them. However, there is a duplicitous dimension to the partnership. While the NSA has maintained friendly ties with its Japanese counterparts and benefited from their financial generosity, at the same time it has secretly spied on Japanese officials and institutions.

Fuente: Japan Made Secret Deals With the NSA That Expanded Global Surveillance


Leaked NSA Malware Threatens Windows Users Around the World

“This is as big as it gets,” Hickey said. “Nation-state attack tools are now in the hands of anyone who cares to download them…it’s literally a cyberweapon for hacking into computers…people will be using these attacks for years to come.”

Fuente: Leaked NSA Malware Threatens Windows Users Around the World


Apple Says It Fixed CIA Vulnerabilities Years Ago

Yesterday, WikiLeaks released its latest batch of pilfered CIA material, five documents describing malicious software for taking over Apple MacBooks and iPhones, and wrote in an accompanying post that “the CIA has been infecting the iPhone supply chain of its targets,” prompting concerned readers to wonder if their iPhone or MacBook had been infected on the factory floor. In a statement, Apple says that is almost certainly not the case.

Fuente: Apple Says It Fixed CIA Vulnerabilities Years Ago


Wikileaks filtra nuevos documentos secretos sobre cómo “hackeaba” la CIA cualquier iPhone o Mac – El Mostrador

Bajo el nombre “Dark Matter” Wikileaks publicó una nueva tanda de documentos secretos, en los que detalla varios proyectos de la CIA para lograr infectar y “hackear” cualquier iPhone o Mac.

Fuente: Wikileaks filtra nuevos documentos secretos sobre cómo “hackeaba” la CIA cualquier iPhone o Mac – El Mostrador


With the latest WikiLeaks revelations about the CIA – is privacy really dead? | World news | The Guardian

Both the Snowden revelations and the CIA leak highlight the variety of creative techniques intelligence agencies can use to spy on individuals, at a time when many of us are voluntarily giving up our personal data to private companies and installing so-called “smart” devices with microphones (smart TVs, Amazon Echo) in our homes.So, where does this leave us? Is privacy really dead, as Silicon Valley luminaries such as Mark Zuckerberg have previously declared?

Fuente: With the latest WikiLeaks revelations about the CIA – is privacy really dead? | World news | The Guardian


Malware Attacks Used by the U.S. Government Retain Potency for Many Years, New Evidence Indicates

A new report from Rand Corp. may help shed light on the government’s arsenal of malicious software, including the size of its stockpile of so-called “zero days” — hacks that hit undisclosed vulnerabilities in computers, smartphones, and other digital devices.The report also provides evidence that such vulnerabilities are long lasting. The findings are of particular interest because not much is known about the U.S. government’s controversial use of zero days.

Fuente: Malware Attacks Used by the U.S. Government Retain Potency for Many Years, New Evidence Indicates


WikiLeaks publishes ‘biggest ever leak of secret CIA documents’ | Media | The Guardian

The US intelligence agencies are facing fresh embarrassment after WikiLeaks published what it described as the biggest ever leak of confidential documents from the CIA detailing the tools it uses to break into phones, communication apps and other electronic devices.

Fuente: WikiLeaks publishes ‘biggest ever leak of secret CIA documents’ | Media | The Guardian


Wikileaks Dump Shows CIA Could Turn Smart TVs into Listening Devices

It’s difficult to buy a new TV that doesn’t come with a suite of (generally mediocre) “smart” software, giving your home theater some of the functions typically found in phones and tablets. But bringing these extra features into your living room means bringing a microphone, too — a fact the CIA is exploiting, according to a new trove of documents released today by Wikileaks.

Fuente: Wikileaks Dump Shows CIA Could Turn Smart TVs into Listening Devices


WikiLeaks filtra programa encubierto de la CIA que usa celulares y televisores como “micrófonos encubiertos” – El Mostrador

La información revelada hoy sobre “hacking” (ataque cibernético) es parte de una serie en siete entregas que define como “la mayor filtración de datos de inteligencia de la historia”.

Fuente: WikiLeaks filtra programa encubierto de la CIA que usa celulares y televisores como “micrófonos encubiertos” – El Mostrador


The FBI Hacked Over 8,000 Computers In 120 Countries Based on One Warrant | Motherboard

In January, Motherboard reported on the FBI’s “unprecedented” hacking operation, in which the agency, using a single warrant, deployed malware to over one thousand alleged visitors of a dark web child pornography site. Now, it has emerged that the campaign was actually an order of magnitude larger.

Fuente: The FBI Hacked Over 8,000 Computers In 120 Countries Based on One Warrant | Motherboard


Hillary Clinton’s Encryption Proposal Was “Impossible,” Said Top Adviser

Hillary Clinton’s advisers recognized that her policy position on encryption was problematic, with one writing that it was tantamount to insisting that there was “‘some way’ to do the impossible.”Instead, according to campaign emails released by Wikileaks, they suggested that the campaign signal its willingness to use “malware” or “super code breaking by the NSA” to get around encryption.

Fuente: Hillary Clinton’s Encryption Proposal Was “Impossible,” Said Top Adviser


Ex-Yahoo Employee: Government Spy Program Could Have Given a Hacker Access to All Email

Contrary to a denial by Yahoo and a report by the New York Times, the company’s scanning program, revealed earlier this week by Reuters, provided the government with a custom-built back door into the company’s mail service — and it was so sloppily installed that it posed a privacy hazard for hundreds of millions of users, according to a former Yahoo employee with knowledge of the company’s security practices.

Fuente: Ex-Yahoo Employee: Government Spy Program Could Have Given a Hacker Access to All Email


Hackean grupo de espionaje de la NSA y subastan información por 1 millón de bitcoins | CriptoNoticias – Bitcoin, Blockchain y criptomonedas

Un grupo de hackers vinculado a la Agencia de Seguridad Nacional de los Estados Unidos, mejor conocida como la NSA (National Security Agency), ha sido hackeado recientemente y sus herramientas de espionaje, recolección de información, malware y más, han sido puestas en venta por 1 millón de bitcoins (más de 550 millones de dólares al momento de la publicación).

Fuente: Hackean grupo de espionaje de la NSA y subastan información por 1 millón de bitcoins | CriptoNoticias – Bitcoin, Blockchain y criptomonedas


¿Son estas las armas de espionaje de la NSA? | Derechos Digitales

Un grupo de hackers dice haber obtenido información confidencial de Equation Group, un conocido y sofisticado grupo de ciber atacantes ligado a la NSA. Parte de la información publicada permite por primera vez echar un vistazo a las herramientas utilizadas por la agencia de seguridad estadounidense.

Fuente: ¿Son estas las armas de espionaje de la NSA? | Derechos Digitales


Justice department ‘uses aged computer system to frustrate Foia requests’ | Politics | The Guardian

A new lawsuit alleges that the US Department of Justice (DoJ) intentionally conducts inadequate searches of its records using a decades-old computer system when queried by citizens looking for records that should be available to the public.

Fuente: Justice department ‘uses aged computer system to frustrate Foia requests’ | Politics | The Guardian


FBI’s Secret Surveillance Tech Budget Is ‘Hundreds of Millions’

The FBI has “hundreds of millions of dollars” to spend on developing technology for use in both national security and domestic law enforcement investigations — but it won’t reveal the exact amount.

Fuente: FBI’s Secret Surveillance Tech Budget Is ‘Hundreds of Millions’


Ron Wyden vows to filibuster anti-cryptography bill / Boing Boing

Senators Richard Burr [R-NC] and Dianne Feinstein [D-CA] finally introduced their long-rumored anti-crypto bill, which will ban US companies from making products with working cryptography, mandating that US-made products have some way to decrypt information without the user’s permission.

Fuente: Ron Wyden vows to filibuster anti-cryptography bill / Boing Boing


The CIA Is Investing in Firms That Mine Your Tweets and Instagram Photos

SOFT ROBOTS THAT can grasp delicate objects, computer algorithms designed to spot an “insider threat,” and artificial intelligence that will sift through large data sets — these are just a few of the technologies being pursued by companies with investment from In-Q-Tel, the CIA’s venture capital firm, according to a document obtained by The Intercept.

Fuente: The CIA Is Investing in Firms That Mine Your Tweets and Instagram Photos


Forget Apple's fight with the FBI – our privacy catastrophe has only just begun | Technology | The Guardian

The privacy crisis is a disaster of our own making – and now the tech firms who gathered our data are trying to make money out of privacy

Fuente: Forget Apple’s fight with the FBI – our privacy catastrophe has only just begun | Technology | The Guardian


Exclusive: Snowden intelligence docs reveal UK spooks' malware checklist / Boing Boing

Boing Boing is proud to publish two original documents disclosed by Edward Snowden, in connection with “Sherlock Holmes and the Adventure of the Extraordinary Rendition,” a short story …

Fuente: Exclusive: Snowden intelligence docs reveal UK spooks’ malware checklist / Boing Boing


Apple's Tim Cook defends encryption. When will other tech CEOs do so? | Trevor Timm | Opinion | The Guardian

More high-profile titans need to use their platforms to make crystal clear how important encryption is to users everywhere

Fuente: Apple’s Tim Cook defends encryption. When will other tech CEOs do so? | Trevor Timm | Opinion | The Guardian


New smoking gun further ties NSA to omnipotent “Equation Group” hackers | Ars Technica

New smoking gun further ties NSA to omnipotent “Equation Group” hackers | Ars Technica.

What are the chances unrelated state-sponsored projects were both named “BACKSNARF”?

 

 

 

Researchers from Moscow-based Kaspersky Lab have uncovered more evidence tying the US National Security Agency to a nearly omnipotent group of hackers who operated undetected for at least 14 years.

 

The Kaspersky researchers once again stopped short of saying the hacking collective they dubbed Equation Group was the handiwork of the NSA, saying only that the operation had to have been sponsored by a nation-state with nearly unlimited resources to dedicate to the project. Still, they heaped new findings on top of a mountain of existing evidence that already strongly implicated the spy agency. The strongest new tie to the NSA was the string “BACKSNARF_AB25” discovered only a few days ago embedded in a newly found sample of the Equation Group espionage platform dubbed “EquationDrug.” “BACKSNARF,” according to page 19 of this undated NSA presentation, was the name of a project tied to the NSA’s Tailored Access Operations.


Apple and Google 'FREAK attack' leaves millions of users vulnerable to hackers | Technology | The Guardian

Apple and Google ‘FREAK attack’ leaves millions of users vulnerable to hackers | Technology | The Guardian.

The Apple logo inside an Apple store in Tokyo. The company is working to fix a potential security issue which could leave devices vulnerable to hackers. The Apple logo inside an Apple store in Tokyo. The company is working to fix a potential security issue which could leave devices vulnerable to hackers. Photograph: Yuya Shino/Reuters

Millions of people may have been left vulnerable to hackers while surfing the web on Apple and Google devices, thanks to a newly discovered security flaw known as “FREAK attack.”

There’s no evidence so far that any hackers have exploited the weakness, which companies are now moving to repair. Researchers blame the problem on an old government policy, abandoned over a decade ago, which required US software makers to use weaker security in encryption programs sold overseas due to national security concerns.

Many popular websites and some internet browsers continued to accept the weaker software, or can be tricked into using it, according to experts at several research institutions who reported their findings Tuesday.

They said that could make it easier for hackers to break the encryption that’s supposed to prevent digital eavesdropping when a visitor types sensitive information into a website.

About a third of all encrypted websites were vulnerable as of Tuesday, including sites operated by American Express, Groupon, Kohl’s, Marriott and some government agencies, the researchers said.


EE.UU. ‘quebrantó’ las redes informáticas de Corea del Norte en 2010 – El Mostrador

EE.UU. ‘quebrantó’ las redes informáticas de Corea del Norte en 2010 – El Mostrador.

La Agencia de Seguridad Nacional logró romper las barreras informáticas en 2010 y entrar en los sistemas norcoreanos a través de las redes chinas que conectan a este país con el resto del mundo.

eeuucoreadelnorte

Estados Unidos “quebrantó” las redes informáticas de Corea del Norte en 2010 y por eso supo que el país estaba detrás del ataque a Sony Pictures, reportaron The New York Times y Der Spiegel.

Corea del Norte dedicó dos meses a entrar en los sistemas de Sony después de que la empresa anunciara sus planes para producir una comedia sobre el asesinato del líder de este país, titulada “The Interview”.

La Agencia de Seguridad Nacional logró romper las barreras informáticas en 2010 y entrar en los sistemas norcoreanos a través de las redes chinas que conectan a este país con el resto del mundo.

Corea del Norte ha negado repetidamente su responsabilidad en el ciberataque contra Sony.


Cuentas en redes de Comando Central de EE.UU. hackeadas por “simpatizantes” de EI – El Mostrador

Cuentas en redes de Comando Central de EE.UU. hackeadas por “simpatizantes” de EI – El Mostrador.

Centcom es el comando estadounidense que maneja las operaciones en Medio Oriente, Asia Central y Africa del Norte, y por tanto es donde se coordina la ofensiva contra EI en Irak y Siria.

EI

Algunas cuentas de redes sociales del Comando Central del Ejército de Estados Unidos (CentCom) fueron hackeadas este lunes por un grupo que se declaró simpatizante de Estado Islámico.

Centcom es el comando estadounidense que maneja las operaciones en Medio Oriente, Asia Central y Africa del Norte, y por tanto es donde se coordina la ofensiva contra EI en Irak y Siria.

En la cuenta de Twitter se pudo observar como los piratas informáticos cambiaron las imágenes de la cuenta y ubicaron la de un hombre encapuchado y el siguiente mensaje: “El cibercalifato continúa su ciber yihad. Ya está aquí. Estamos en sus PCs. En cada base militar”.

También fue publicada una lista de generales y una lista de direcciones aparentemente asociadas a ellos.

Además se colocó una serie de lo que parece ser documentos militares vinculados a China y Corea del Norte.

En el sitio de YouTube fueron colocados videos de propaganda del grupo mostrando operaciones militares.


US Central Command Twitter account hacked to read 'I love Isis' | US news | theguardian.com

US Central Command Twitter account hacked to read ‘I love Isis’ | US news | theguardian.com.

Twitter avatar used by @CENTCOM was replaced with an image of a masked militant and the legends ‘CyberCaliphate’ and ‘I love Isis’

US Central Command
Central Command said it was aware of the apparent hack.

The Twitter account for US military forces in the Middle East and South Asia was hacked on Monday.

@CENTCOM, the account used by the US Central Command, tweetedout “messages from Islamic State (Isis) sympathizers threatening attacks on US military personnel”. Other tweets contained contact details for current and retired senior officers, though they did not appear to disseminate classified material.

The Twitter avatar used by the command was replaced with an image of a masked militant and the legends “CyberCaliphate” and “I love Isis”.

Documents and images tweeted out by the hackers did not appear to be classified, despite their boast that Isis had deeply penetrated the cyber defenses of the US military. Other military websites, including Central Command’s, appeared unaffected, and did not show any mark of cybervandalism, let alone any more hostile acts.

A similar avatar appeared on Central Command’s YouTube channel as well, as did at least two pro-Isis videos. Its Facebook account appeared unaffected.

“American soldiers, we are coming, watch your back!” read one tweet.Another claimed: “Isis is already here, we are in your PCs, in each military base.”

Within minutes of the hijacked tweets, the Twitter account switched to a neutral, egg-like avatar as the unauthorized tweets paused. Twitter appeared to have suspended the account shortly after 1pm ET.

The hack happened nearly the same time President Obama was unveiling a plan to require companies to inform customers when their data has been hacked.


Sony hack: sacked employees could be to blame, researchers claim | Film | The Guardian

Sony hack: sacked employees could be to blame, researchers claim | Film | The Guardian.

Sony cancelled the release of the Interview in major cinemas, believing it had been hacked by North Korea in retaliation for the film’s depiction of its leader Kim Jong-un being assasinated Photograph: Veronique Dupont/Getty

Security experts investigating the devastating hack against Sony Pictures appear to be moving away from the theory that the attack was a carried out by North Korea, focusing instead on disgruntled former employees of the firm.

Researchers at Norse cybersecurity claim that six former employees could have compromised the company’s networks, arguing that accessing and navigating selective information would take a detailed knowledge of Sony’s systems.

Norse is not part of the official FBI investigation, but did brief the government on Monday, the company said. Though noting that the findings are “hardly conclusive”, Norse senior vice president Kurt Stammberger told the Security Ledger that nine researchers had begun to explore the theory that an insider with motive against Sony would be best placed to execute a hack.

“The FBI points to reused code from previous attacks associated with North Korea, as well as similarities in the networks used to launch the attacks,” said writer Bruce Schneier. “This sort of evidence is circumstantial at best. It’s easy to fake, and it’s even easier to interpret it wrong. In general, it’s a situation that rapidly devolves into storytelling, where analysts pick bits and pieces of the ‘evidence’ to suit the narrative they already have worked out in their heads.”

 

Schneier also said that diplomatically, it may suit the US government to be “overconfident in assigning blame for the attack” to try and discourage future attacks by nation states.

 

He also pointed to comments by Harvard law professor Jonathan Zittrain, who said Sony might be encouraged to present the hack as an act or terrorism to help fend of likely lawsuits from current and former employees damaged by leaked material.

“If Sony can characterize this as direct interference by or at the behest of a nation-state, might that somehow earn them the kind of immunity from liability that you might see other companies getting when there’s physical terrorism involved, sponsored by a state?” Zittrain told AP.


Las dudas sobre el papel de Corea del Norte en el caso de piratería contra Sony – BioBioChile

Las dudas sobre el papel de Corea del Norte en el caso de piratería contra Sony – BioBioChile.

 

ARCHIVO | Global Panorama (CC) | FlickrARCHIVO | Global Panorama (CC) | Flickr

Publicado por Claudia Miño | La Información es de Agencia AFP
 

Para Barack Obama no hay duda alguna: Corea del Norte y su líder Kim Jong-Un están detrás del acto de piratería de que fue objeto el estudio Sony Pictures. Pero según expertos, el caso no es tan simple.

El régimen comunista niega estar implicado en una operación durante la cual fueron robados los datos personales de 47.000 empleados y colaboradores de Sony, pero ha elogiado a sus autores.

El incidente, revelado el 24 de noviembre, fue reivindicado por el grupo de piratas Guardianes de la Paz (GOP, por sus iniciales en inglés), que exigió a Sony anular el estreno de “The Interview” (La entrevista), una sátira en la que dos periodistas son contactados por la CIA para asesinar a Kim Jong-Un.

El presidente de Estados Unidos no dudó en culpar a Pyongyang y dijo que su país respondería al ataque.

Sin embargo, especialistas en seguridad informática estiman que las pistas que apuntan hacia Corea del Norte pueden ser en este caso muy frágiles.

“Esta afirmación me deja escéptico y estaría aún más sorprendido de que Corea del Norte haya sido capaz de llevar a cabo (el ataque) sola, sin ayuda”, comentó John Dickson, de la empresa Denim Group.

“No hay duda de que (los norcoreanos) tienen ganas de golpearnos, pero no disponen de los recursos que tienen otros estados” y que les permitirían lanzar un ciberataque de esta envergadura, declaró a la AFP.

“En realidad, no sabemos nada”, dijo por su lado Bruce Schneier, de Co3 Systems, una firma especializada en seguridad informática.


FBI warned Year Ago of impending Malware Attacks—But Didn’t Share Info with Sony – The Intercept

FBI warned Year Ago of impending Malware Attacks—But Didn’t Share Info with Sony – The Intercept.

BY JANA WINTER 

Featured photo - FBI warned Year Ago of impending Malware Attacks—But Didn’t Share Info with Sony

Nearly one year before Sony was hacked, the FBI warned that U.S. companies were facing potentially crippling data destruction malware attacks, and predicted that such a hack could cause irreparable harm to a firm’s reputation, or even spell the end of the company entirely.  The FBI also detailed specific guidance for U.S. companies to follow to prepare and plan for such an attack.

But the FBI never sent Sony the report.

The Dec. 13, 2013 FBI Intelligence Assessment, “Potential Impacts of a Data-Destruction Malware Attack on a U.S. Critical Infrastructure Company’s Network,” warned that companies “must become prepared for the increasing possibility they could become victim to a data destruction cyber attack.”

The 16-page report includes details on previous malware attacks on South Korea banking and media companies—the same incidents and characteristics the FBI said Dec. 19th that it had used to conclude that North Korea was behind the Sony attack.

The report, a copy of which was obtained by The Intercept, was based on discussions with private industry representatives and was prepared after the 2012 cyber attack on Saudi Aramco.  The report was marked For Official Use Only, and has not been previously released.

In it, the FBI warned, “In the current cyber climate, the FBI speculates it is not a question of if a U.S. company will experience an attempted data-destruction attack, but when and which company will fall victim.”


Enough with the Sony hack. Can we all calm down about cyberwar with North Korea already? | Trevor Timm | Comment is free | theguardian.com

Enough with the Sony hack. Can we all calm down about cyberwar with North Korea already? | Trevor Timm | Comment is free | theguardian.com.

Yes, the Interview was just a Seth Rogen stoner movie – and, no, privacy, free speech and World War III are not at stake

the interview movie poster
“We will respond proportionally,” Obama said on Friday. Why should the US be responding offensively at all? Photograph: Sony Pictures

The sanest thing anyone said in Washington this week was a reminder, on the Friday before Christmas, when Barack Obama took a break from oscillating between reassuring rationality and understated fear to make an accidental joke:

It says something about North Korea that it decided to mount an all-out attack about a satirical movie … starring Seth Rogen.

It also says something about the over-the-top rhetoric of United States cybersecurity paranoia that it took the President of the United States to remind us to take a deep breath and exhale, even if Sony abruptly scrapped its poorly reviewed Hollywood blockbuster after nebulous threats from alleged North Korean hackers.

Unfortunately, acting rational seems out of the question at this point. In between making a lot of sense about Sony’s cowardly “mistake” to pull a film based on a childish, unsubstantiated threat, Obama indicated the US planned to respond in some as-yet-unknown way, which sounds a lot like a cyberattack of our own.

“We will respond, we will respond proportionally, and in a place and time that we choose,” Obama said at his year-end news conference. Why should we be responding offensively at all? As the Wall Street Journal’s Danny Yadron reported, a movie studio doesn’t reach the US government’s definition of “critical infrastructure” that would allow its military to respond under existing rules, but that didn’t stop the White House from calling the Sony hack a “national security issue” just a day later.

Let’s put aside for a moment that many security experts haven’t exactly been rushing to agree with the FBI’s cut-and-dry conclusion that “the North Korean government is responsible” for the hack. Wired’s Kim Zetter wrote a detailed analysis about why the evidence accusing North Korea is really flimsy, while other security professionals have weighed in with similar research.

But whoever the hackers are, can we stop calling them “cyber-terrorists,”like Motion Picture Association of America chairman Chris Dodd did on Friday? They may be sadistic pranksters, extortionists and assholes, but anonymously posting a juvenile and vague word jumble incorporating “9/11” that has no connection to reality does not make them terrorist masterminds. That’s giving whoever did it way too much credit.


EE UU cree que Corea del Norte está detrás del ataque a Sony | Cultura | EL PAÍS

EE UU cree que Corea del Norte está detrás del ataque a Sony | Cultura | EL PAÍS.


Kim Jong-un, en una ceremonia por el tercer aniversario de la muerte de su padre, el miércoles. / JUNG YEON-JE (AFP)

Enviar a LinkedIn0
Enviar a TuentiEnviar a Eskup

EnviarImprimirGuardar

Estados Unidos ha conseguido finalmente encontrar la conexión entre Corea del Norte y el masivo ataque informático que atenaza a la multinacional Sony Pictures desde hace tres semanas. Fuentes anónimas del FBI citadas por The New York Times, CNN y Associated Press confirmaron por primera vez que Pyongyang está detrás de la brutal represalia contra la compañía por la película La entrevista, una parodia sobre un intento de asesinato del presidente norcoreano, Kin Jong-un.

Los medios estadounidenses afirman que los investigadores harán un anuncio al respecto este jueves. Un portavoz del Consejo de Seguridad Nacional dijo el miércoles por a noche que “el Gobierno de Estados Unidos ha ofrecido a Sony Pictures Entertainment apoyo y asistencia en respuesta al ataque. El FBI lleva la iniciativa en la investigación. EE UU está investigando la autoría y dará información en el momento apropiado”. El organismo afirma que la Casa Blanca “trabaja sin descanso para llevar a los autores de este ataque ante la justicia” y está “considerando varias opciones” de respuesta.


Cines ceden ante amenazas de hackers y suspenden estreno de película sobre Corea del Norte – El Mostrador

Cines ceden ante amenazas de hackers y suspenden estreno de película sobre Corea del Norte – El Mostrador.

En las últimas semanas, se ha especulado con la posibilidad de que Pyonyang esté detrás del hackeo a Sony, ya que hace unos meses el gobierno norcoreano calificó a “The Interview” como “un acto de guerra”.

El estreno de “The Interview” en Nueva York, previsto para el próximo 25 de diciembre, fue suspendido ante el temor generado por las amenazas de ataques contra las salas.

Otros cines de Estados Unidos también decidieron no proyectar ese título para evitar posibles represalias.

Los piratas informáticos detrás del hackeo del mes pasado contra el estudio Sony Pictures, hiceron público este martes un mensaje en el que hacían referencia a los atentados del 11 de septiembre de 2001 y amenazaban con llevar a cabo acciones similares en las salas que exhibieran la película.

La cinta producida por Sony Pictures es una parodia al régimen de Corea del Norte y en ella sus protagonistas -Seth Rogen y James Franco- diseñan un plan para asesinar al líder norcoreano Kim Jong-Un.

En las últimas semanas, se ha especulado con la posibilidad de que Pyonyang esté detrás del hackeo a Sony, ya que hace unos meses el gobierno norcoreano calificó a “The Interview” como “un acto de guerra”.

“Les mostraremos claramente en el momento y en el los lugares en los que se exhiba ‘The Interview’, incluyendo el estreno, el destino amargo al que estarán condenados aquellos que buscan diversión en el terror”, se puede leer en el mensaje que los hackers enviaron en las últimas horas a los medios en Estados Unidos.

“El mundo estará lleno de miedo. Recuerden el 11 de septiembre de 2001. Les recomendamos que se mantengan alejados en ese momento de esos lugares (si su casa está cerca mejor váyanse). Todo lo que suceda en los próximos días es resultado de la avaricia de Sony Pictures Entertainment”, aseguran los piratas que se identifican bajo las siglas de GOP (Guardians of Peace).

Esta es la primera vez que GOP nombra la película “The Interview” en uno de sus mensajes.


Corea del Norte se declara inocente de piratería informática contra Sony Pictures – BioBioChile

Corea del Norte se declara inocente de piratería informática contra Sony Pictures – BioBioChile.

 

Global Panorama (CC) FlickrGlobal Panorama (CC) Flickr

Publicado por Catalina Díaz | La Información es de Agencia AFP
 

Corea del Norte negó este domingo cualquier responsabilidad en el ataque informático masivo contra Sony Pictures, que reveló información confidencial de unas 47.000 personas, entre las cuales figuran algunas personalidades.

La Comisión de defensa nacional norcoreana denunció los “falsos rumores” implicando a Pyongyang en el ataque contra Sony, aunque lo calificó de “acto legítimo”.


Forget North Korea – the real rogue cyber operator lies much closer to home | Technology | The Guardian

Forget North Korea – the real rogue cyber operator lies much closer to home | Technology | The Guardian.

North Korea

 North Korea was implicated in a cyber-attack on Sony Pictures, but the real story of the past two weeks involved further revelations about the spying methods used by GCHQ and the NSA. Photograph: Kim Jae-Hwan/AFP/Getty Images

Were you to measure significance in column inches, the massive cyber-attack on Sony Pictures would appear to be the story of the week.Company executives had to post notices on office entrances telling staff not to log into the network when they reached their desks. The company’s entire network had to be taken offline as it grappled with a ransom demand that threatened to release confidential documents and not-yet-released films unless money changed hands.

The big question was: who was responsible for the attack? Fevered speculation led some people to point the finger at North Korea, on the grounds that one of the forthcoming films, The Interview, poked fun at the country’s leader, Kim Jong-un. This seemed implausible to this columnist: North Korea may be distinctly humourless on the subject of its beloved leader, but seeking a ransom would be uncool even for that nauseating regime.

In the event, no money seems to have changed hands: some confidential documents, eg spreadsheets giving salaries of top Sony executives,made their way online and the embargoed movies began to pop up on piracy sites.

Exciting stuff, eh? But the really big cyber story of the past two weeks is less glamorous but rather more worrying in the longer term. It concerns Regin, a piece of malware that has only recently come to light, although it’s been around for years. The security firm Symantec describes it as “a complex piece of malware whose structure displays a degree of technical competence rarely seen. Customisable with an extensive range of capabilities depending on the target, it provides its controllers with a powerful framework for mass surveillance and has been used in spying operations against government organisations, infrastructure operators, businesses, researchers and private individuals.”

The company goes on to speculate that developing Regin took “months, if not years” and concludes that “capabilities and the level of resources behind Regin indicate that it is one of the main cyberespionage tools used by a nation state”.


Cae una red de fraude cibernético infiltrada en ordenadores de 12 países | Internacional | EL PAÍS

Cae una red de fraude cibernético infiltrada en ordenadores de 12 países | Internacional | EL PAÍS.


El departamento de Justicia de EE UU anunció este lunes la operación. / REUTERS

Enviar a LinkedIn5
Enviar a TuentiEnviar a MenéameEnviar a Eskup

EnviarImprimirGuardar

Una investigación internacional liderada por el FBI ha permitido desmantelar una red de fraude cibernético en 12 países que había robado más de 100 millones de dólares. Las autoridades estadounidenses anunciaron este lunes que se trata del “más sofisticado¨ sistema de infiltración remota de piratas informáticos que el FBI ha desarticulado e identificaron a un ciudadano ruso como el líder de la trama.

Tras esta operación, Evgeniy Bogachev, de 30 años, fue incorporado a la lista del FBI de cibercriminales más buscados. Dado que Rusia no extradita a otros países a sus ciudadanos acusados, es posible que Bogachev nunca llegue a ser detenido. Y con la tensión actual entre Washington y Moscú, a raíz de la crisis ucrania, parece muy improbable cualquier gesto conciliador de Rusia. Consciente de estas limitaciones, el anuncio de su identidad responde a la nueva estrategia de Washington de revelar abiertamente a sus piratas informáticos más buscados, como ya hizo hace dos semanas al acusar a cinco militares chinos de ciberespionaje industrial.

La red conocida como Gameover Zeus logró infectar a entre medio millón y un millón de ordenadores en distintas partes del mundo mediante dos programas con los que robaban credenciales bancarias para posteriormente “vaciar las cuentas” de sus usuarios, y después chantajear a sus propietarios para que pagaran una fianza a cambio de devolverles los datos sustraídos.

El sistema era de tal sofisticación que permitía a los hackers “infiltrarse, espiar e incluso controlar” los ordenadores infectados “desde cualquier lugar”, según la investigación del FBI. “Implementaron el tipo de cibercrímenes que no te creerías si los vieras en una película de ciencia ficción”, dijo el vicefiscal general, Leslie Caldwell, en una rueda de prensa en la sede del departamento de Justicia en Washington.


The NSA, Cisco, And The Issue Of Interdiction | TechCrunch

The NSA, Cisco, And The Issue Of Interdiction | TechCrunch.

It’s been a hectic week of NSA news in light of Glenn Greenwald’s recently published book, which furthered the revelation that the NSA intercepts (interdicts) hardware from US companies. The agency then reportedly compromises the equipment before it is delivered to overseas customers.

Published pictures imply that Cisco technology is part of the class of equipment captured in-transit, before it is received by foreign buyers, and weakened so that the NSA might have greater insight into activity that it helps maintain. In short, the NSA is allegedly hacking American hardware that is sold abroad.

This is akin to what the United States government has warned that Chinese companies are doing on behalf of their local government.

Today, a letter from Cisco CEO John Chambers enjoyed wide circulation. It states that if the NSA revelations are correct, and the pictures accurate, the actions of the agency “undermine confidence in our industry and in the ability [of] technology companies to deliver product globally.” That’s putting it mildly.

Chambers called for a new “standards of conduct,” indicating that, sans reforms, the globe could end up with “a fragmented Internet.” Chambers went on to state that “Cisco does not work with any government, including the United States Government, to weaken [its] products.”


NSA reform: lawmakers aim to bar agency from weakening encryption | World news | theguardian.com

NSA reform: lawmakers aim to bar agency from weakening encryption | World news | theguardian.com.

Concerned about weaknesses in USA Freedom Act, Zoe Lofgren and colleagues pushing to prevent NSA from weakening online encryption with new amendment

 

 

California congressman Zoe Lofgren
Lofgren, in debate with her colleagues last week, attempted to move the USA Freedom Act closer to its civil libertarian origins. Photograph: Carolyn Kaster/AP

 

US legislators concerned about weaknesses in a major surveillance reform bill intend to insert an amendment barring the National Security Agency from weakening the encryption that many people rely on to keep their information secure online, or exploiting any internet security vulnerabilities it discovers.

Congresswoman Zoe Lofgren, a California Democrat, told the Guardian that she and a group of colleagues want to prevent the NSA from “utilizing discovered zero-day flaws,” or unfixed software security vulnerabilities, and entrench “the duty of the NSA and the government generally not to create them, nor to prolong the threat to the internet” by failing to warn about those vulnerabilities.

Since the discovery of the Heartbleed bug afflicting web and email servers, the NSA has faced suspicions that it has exploited the vulnerability, which the agency has strenuously denied. Beyond Heartbleed, documents from whistleblower Edward Snowden have revealed that the NSA has weakened online encryption, causing consternation among technology companies as well as privacy advocates.

Lofgren intends to attach the provision to the USA Freedom Act, increasingly the consensus bill to reform surveillance in the wake of the Edward Snowden disclosures. The bill, mostly favored by civil libertarians and expected to go for a vote on the House floor as early as next week, does not include language stopping the NSA from undermining encryption.

In an indication of the difficulty legislators will face in recasting the USA Freedom Act to better protect privacy, Lofgren conceded that attaching the provision will be difficult, as House legislators do not want to upset a tenuous deal on surveillance reform by adding to the bill. She is currently seeking a parliamentarian ruling on the “germaneness” of her online security amendment in order to make it difficult for opponents to exclude it from consideration on the floor.

Lofgren said she and other civil libertarian-minded lawmakers will have limited opportunities to add amendments to the bill, and so are prioritizing measures they believe stand the best chance of winning House support.

Lofgren said she thought those would most likely include a ban on the NSA searching through its foreign-focused communications content troves for Americans’ information without a warrant; clarifying a Patriot Act prohibition on collecting Americans’ phone calls and email content; and permitting more detailed transparency for telecoms and internet companies to disclose the sorts of national-security orders they receive from the government for their customers’ data.


La NSA desmiente haber estado al tanto de la falla de Internet “Heartbleed” – BioBioChile

La NSA desmiente haber estado al tanto de la falla de Internet “Heartbleed” – BioBioChile.


Heartbleed.com

Heartbleed.com

Publicado por Gabriela Ulloa | La Información es de Agencia AFP
La agencia estadounidense encargada de interceptar comunicaciones, la NSA, desmintió el viernes las revelaciones de la agencia Bloomberg según la cual sabía de la falla de seguridad en el programa de conexiones seguras conocida como “Heartbleed”, y la habría utilizado en su beneficio.

Bloomberg, que mencionó “fuentes cercanas al caso”, afirmó que la agencia de inteligencia sabía desde hacía “al menos dos años” que existía esta falla, pero no lo había revelado sino que la había utilizado en su beneficio para obtener datos.

“Heartbleed” afecta ciertas versiones de OpenSSL, un programa libre usado para conexiones seguras en Internet, que se reconoce por ejemplo en las direcciones web que empiezan con https o un pequeño candado durante operaciones bancarias y de identificación en internet. Su existencia fue revelada al inicio de esta semana.

“La NSA no estaba al tanto de la vulnerabilidad identificada recientemente en OpenSSL, llamada falla Heartbleed, hasta que se hizo pública en el informe de una firma privada de seguridad informática. Las informaciones que establecen lo contrario son falsas”, declaró a la AFP una portavoz de la NSA, Vanee Vines.


Has the NSA’s mass spying made life easier for digital criminals? | Technology | theguardian.com

Has the NSA’s mass spying made life easier for digital criminals? | Technology | theguardian.com.

In flooding the internet with malware, and by increasing wariness of data sharing, the NSA’s actions have had a negative impact on the fight against cybercrime

A man hands out 'RSA sold us out' ribbons near Moscone West for the badges of people attending the RSA conference.
A man hands out ‘RSA sold us out’ protest ribbons near Moscone West to people attending the RSA conference. Photograph: Steve Rhodes/Demotix/Corbis

Thousands of the world’s security professionals, mostly of them middle-aged white males, gathered in San Francisco last week for the annual RSA Conference.

Traditionally, it’s the time of year vendors hawk their gear in halls containing a perturbing whiff of ammonia, research announcements provide relief from the festival of commerce, and government mandarins hobnob with corporate types – all with the implied intent to work together to protect people’s data.

Yet 2014’s event was always going to be a bit different. RSA, the security company hosting the event, had to defend itself against criticism over an alleged $10m deal with the National Security Agency (NSA) to include flawed encryption in its products.

The company’s chief, Art Coviello, outright denied any wrongdoing, saying RSA was only following advice given by the US government’s National Institute of Standards and Technology (NIST).

RSA’s excuses have convinced some onlookers, others remain sceptical. But the organisation that took far more flak this week was the NSA itself, which had its own booth on the trade floor, albeit a considerably plainer one than the surrounding neon-clad stalls of commercial firms.

There was one criticism, amid the understandable ire around the damage done to global privacy, which stood out: that the NSA’s mass spying had perversely made life easier for digital criminals.

Data sharing in danger

Cross-border data-sharing mechanisms – a critical part in both online and non-internet crime investigations – have come under threat since the Edward Snowden leaks. Even though information-sharing deals covering banking and airline passenger data just about survived calls to suspend them, the Snowden files have caused problems for collaboration between public and private bodies.

The heightened tensions lie not between law enforcement agencies, but between police and other organisations that potentially hold valuable information for investigations. “The impact is more [with] third parties giving more consideration to sharing their data with agencies or other departments,” said Charlie McMurdie, formerly the head of the defunct Metropolitan Police Central e-Crime Unit and now senior crime adviser at PricewaterhouseCoopers.

“This can have a negative impact on law enforcement ability to respond to or progress investigations, but on the positive side [this] has also made third parties think more about where their data exists, security and sharing protocols, which isn’t a bad thing.”

A recent European Commission report on trust between the US and the EU following the leaks last year said: “Information sharing is … an essential component of EU-US security cooperation, critically important to the common goal of preventing and combating serious crime and terrorism. However, recent revelations about US intelligence collection programmes have negatively affected the trust on which this cooperation is based. In particular, it has affected trust in the way personal data is processed.”

Discussions are ongoing about an umbrella agreement covering law enforcement data sharing, with much talk of the need to ensure safeguards are in place, with “strict conditions”.

The US government has already seen the impact. In response to a Guardian question on the effect of Snowden’s revelations on data sharing, Phyllis Schneck, the chief cybersecurity official at the US Department of Homeland Security, said the government body’s partners were “feeling it”.