Top-Secret NSA Report Details Russian Hacking Effort Days Before 2016 Election

While the document provides a rare window into the NSA’s understanding of the mechanics of Russian hacking, it does not show the underlying “raw” intelligence on which the analysis is based. A U.S. intelligence officer who declined to be identified cautioned against drawing too big a conclusion from the document because a single analysis is not necessarily definitive.

Fuente: Top-Secret NSA Report Details Russian Hacking Effort Days Before 2016 Election


WannaCry: por qué los expertos creen que puede haber otro ciberataque muy pronto – El Mostrador

Expertos en informática advierten que un nuevo ataque global con un brote de ransomware es “inminente” y que incluso podría ser lanzado el lunes. BBC Mundo te cuenta los detalles y cómo protegerte de estos virus.

Fuente: WannaCry: por qué los expertos creen que puede haber otro ciberataque muy pronto – El Mostrador


The hacking is 21st-century, but US-Russia relations are stuck in the past | Simon Jenkins | Opinion | The Guardian

While Moscow’s cyberwar capacity is cutting-edge, the flurry of expulsions and misguided sanctions simply rehash the mistakes of the cold war

Fuente: The hacking is 21st-century, but US-Russia relations are stuck in the past | Simon Jenkins | Opinion | The Guardian


En qué consisten las sanciones aprobadas por EE.UU. contra Rusia por los ciberataques ocurridos durante la campaña electoral – El Mostrador

La Casa Blanca aprobó severas medidas para castigar a Moscú por sus supuestos intentos de influir en las elecciones presidenciales de noviembre pasado. Donald Trump dijo que el país debe “ocuparse de cosas más grandes y mejores”, aunque anunció que se reunirá la próxima semana con los jefes de inteligencia para informarse sobre el caso.

Fuente: En qué consisten las sanciones aprobadas por EE.UU. contra Rusia por los ciberataques ocurridos durante la campaña electoral – El Mostrador


DDoS attack that disrupted internet was largest of its kind in history, experts say | Technology | The Guardian

The cyber-attack that brought down much of America’s internet last week was caused by a new weapon called the Mirai botnet and was likely the largest of its kind in history, experts said.

Fuente: DDoS attack that disrupted internet was largest of its kind in history, experts say | Technology | The Guardian


Cyber attack: hackers ‘weaponised’ everyday devices with malware to mount assault | Technology | The Guardian

The huge attack on global internet access, which blocked some of the world’s most popular websites, is believed to have been unleashed by hackers using common devices like webcams and digital recorders.

Fuente: Cyber attack: hackers ‘weaponised’ everyday devices with malware to mount assault | Technology | The Guardian


“La ciberguerra sería una forma de terrorismo de Estado”

El libro pretende incentivar la mirada crítica entre el gran público ante los acontecimientos calificados de “ciberguerra” y alertar de la coartada que puede proporcionar el tremendismo sensacionalista en estos temas a quienes pretenden recortar libertades o privacidad.

Fuente: “La ciberguerra sería una forma de terrorismo de Estado”


Panamá Papers: las formas en las que los ricos y poderosos esconden riquezas y evaden impuestos – El Mostrador

Millones de documentos filtrados de la compañía panameña Mossack Fonseca muestran cómo la firma ayudó a clientes a lavar esconcer dinero y evadir impuestos.

Fuente: Panamá Papers: las formas en las que los ricos y poderosos esconden riquezas y evaden impuestos – El Mostrador


Malicious attacks account for bulk of data loss – FT.com

Malware and hacking have overtaken employee error as the leading cause of data loss at companies, according to research from Beazley, the insurer. Malicious attacks accounted for a third of data breaches last year, up from 18 per cent in 2014.

Fuente: Malicious attacks account for bulk of data loss – FT.com


Website hosting company Easily hit by cyber attack – FT.com

Easily.co.uk, one of the UK’s largest website hosting companies, has become the latest group to suffer a serious cyber attack. The company, which hosts 100,000 websites, 65,000 of them in the UK, confirmed on Thursday that it had been hacked. “A

Fuente: Website hosting company Easily hit by cyber attack – FT.com


Western Spy Agencies Secretly Rely on Hackers for Intel and Expertise – The Intercept

Western Spy Agencies Secretly Rely on Hackers for Intel and Expertise – The Intercept.

Featured photo - Western Spy Agencies Secretly Rely on Hackers for Intel and Expertise

The U.S., U.K. and Canadian governments characterize hackers as a criminal menace, warn of the threats they allegedly pose to critical infrastructure, and aggressively prosecute them, but they are also secretly exploiting their information and expertise, according to top secret documents.

In some cases, the surveillance agencies are obtaining the content of emails by monitoring hackers as they breach email accounts, often without notifying the hacking victims of these breaches. “Hackers are stealing the emails of some of our targets… by collecting the hackers’ ‘take,’ we . . .  get access to the emails themselves,” reads one top secret 2010 National Security Agency document.

These and other revelations about the intelligence agencies’ reliance on hackers are contained in documents provided by whistleblower Edward Snowden. The documents—which come from the U.K. Government Communications Headquarters agency and NSA—shed new light on the various means used by intelligence agencies to exploit hackers’ successes and learn from their skills, while also raising questions about whether governments have overstated the threat posed by some hackers.

By looking out for hacking conducted “both by state-sponsored and freelance hackers” and riding on the coattails of hackers, Western intelligence agencies have gathered what they regard as valuable content:

Recently, Communications Security Establishment Canada (CSEC) and Menwith Hill Station (MHS) discovered and began exploiting a target-rich data set being stolen by hackers. The hackers’ sophisticated email-stealing intrusion set is known as INTOLERANT. Of the traffic observed, nearly half contains category hits because the attackers are targeting email accounts of interest to the Intelligence Community. Although a relatively new data source, [Target Offices of Primary Interest] have already written multiple reports based on INTOLERANT collect.

The hackers targeted a wide range of diplomatic corps, human rights and democracy activists and even journalists:

INTOLERANT traffic is very organized. Each event is labeled to identify and categorize victims. Cyber attacks commonly apply descriptors to each victim – it helps herd victims and track which attacks succeed and which fail. Victim categories make INTOLERANT interesting:

A = Indian Diplomatic & Indian Navy
B = Central Asian diplomatic
C = Chinese Human Rights Defenders
D = Tibetan Pro-Democracy Personalities
E = Uighur Activists
F = European Special Rep to Afghanistan and Indian photo-journalism
G = Tibetan Government in Exile

In those cases, the NSA and its partner agencies in the United Kingdom and Canada were unable to determine the identity of the hackers who collected the data, but suspect a state sponsor “based on the level of sophistication and the victim set.”


Piratas informáticos roban datos de miles de clientes en un banco de Suiza – BioBioChile

Piratas informáticos roban datos de miles de clientes en un banco de Suiza – BioBioChile.

 

Banco Cantonal de Ginebra | Fabrice Coffrini | AFP

Banco Cantonal de Ginebra | Fabrice Coffrini | AFP

 

Publicado por Alberto Gonzalez | La Información es de Agencia AFP

 

Piratas informáticos robaron los datos de miles de clientes del Banco Cantonal de Ginebra (BCGE), anunció este jueves la entidad, que se declara víctima de una extorsión por lo que ha presentado una querella. Autoridades confirmaron que se ha abierto una investigación judicial.

El ataque informático se produjo al principio de semana a través de la página web del banco, que fue reivindicado por el grupo de hackers Rex Mundi a través de Twitter. La organización reclama 10.000 euros para el viernes porque de lo contrario amenaza con publicar los 30.000 correos electrónicos robados de clientes, según el diario suizo Le Temps.


Las dudas sobre el papel de Corea del Norte en el caso de piratería contra Sony – BioBioChile

Las dudas sobre el papel de Corea del Norte en el caso de piratería contra Sony – BioBioChile.

 

ARCHIVO | Global Panorama (CC) | FlickrARCHIVO | Global Panorama (CC) | Flickr

Publicado por Claudia Miño | La Información es de Agencia AFP
 

Para Barack Obama no hay duda alguna: Corea del Norte y su líder Kim Jong-Un están detrás del acto de piratería de que fue objeto el estudio Sony Pictures. Pero según expertos, el caso no es tan simple.

El régimen comunista niega estar implicado en una operación durante la cual fueron robados los datos personales de 47.000 empleados y colaboradores de Sony, pero ha elogiado a sus autores.

El incidente, revelado el 24 de noviembre, fue reivindicado por el grupo de piratas Guardianes de la Paz (GOP, por sus iniciales en inglés), que exigió a Sony anular el estreno de “The Interview” (La entrevista), una sátira en la que dos periodistas son contactados por la CIA para asesinar a Kim Jong-Un.

El presidente de Estados Unidos no dudó en culpar a Pyongyang y dijo que su país respondería al ataque.

Sin embargo, especialistas en seguridad informática estiman que las pistas que apuntan hacia Corea del Norte pueden ser en este caso muy frágiles.

“Esta afirmación me deja escéptico y estaría aún más sorprendido de que Corea del Norte haya sido capaz de llevar a cabo (el ataque) sola, sin ayuda”, comentó John Dickson, de la empresa Denim Group.

“No hay duda de que (los norcoreanos) tienen ganas de golpearnos, pero no disponen de los recursos que tienen otros estados” y que les permitirían lanzar un ciberataque de esta envergadura, declaró a la AFP.

“En realidad, no sabemos nada”, dijo por su lado Bruce Schneier, de Co3 Systems, una firma especializada en seguridad informática.


PlayStation Network back online, while Lizard hacker group basks in limelight | Technology | The Guardian

PlayStation Network back online, while Lizard hacker group basks in limelight | Technology | The Guardian.

The PlayStation Network, which provides the online infrastructure for Sony’s games consoles, is back online after a cyber assault on Christmas Eve. Photograph: Chesnot/Getty Images

The PlayStation Network is back online … for now.

The global gaming service used by 110m people was brought down on Christmas Eve, seemingly by a hacking group calling itself Lizard Squad. On Sunday however, Sony assured customers via its PlayStation blog that the system was now functioning.

The company also admitted for the first time that the disruption was caused by hackers who used a distributed denial of service (DDoS) attack to flood the PlayStation servers with traffic, bringing access to a halt.

“As you probably know, PlayStation Network and some other gaming services were attacked over the holidays with artificially high levels of traffic designed to disrupt connectivity and online gameplay,” read the post. “This may have prevented your access to the network and its services over the last few days.”

Microsoft’s Xbox Live infrastructure was also attacked, reportedly by the same group, which revelled in its achievement via a series of tweets throughout Christmas day. However, the Xbox online infrastructure was functioning again by Boxing Day.

Formed in mid-2013, Lizard Squad has been stepping up its media profile in the wake of the Christmas attacks. In a series of interviews, two self-declared founding members have claimed that their motivations are amusement, and to highlight the security weaknesses of the systems.

“If I was working [at Microsoft or Sony] and had a big enough budget, I could totally stop these attacks,” “Ryan Cleary” (a pseudonym borrowed from an infamous LulzSec hacker) claimed to tech news site Daily Dot. “I’d buy more bandwidth, some specific equipment, and configure it correctly. It’s just about programming skill. With an attack of this scale, it could go up to the millions. But that’s really no problem for Sony and Microsoft.”

Speaking to Sky News, “Cleary” added, “These companies make tens of millions every month from subscriber fees and that doesn’t even include purchases made by their customers.

“They should have more than enough funding to be able to protect against these attacks.”

Lizard Squad has claimed that its actions against Sony and Microsoft were more sophisticated than standard DDoS attacks, which don’t usually require hackers to gain access to the target’s online infrastructure.

“There’s plenty of people saying we’re not hackers and DDoS isn’t hacking. For attacks of this scale, you can’t really do them without either having access to insane amounts of funding or being able to gain access to the computers via hacking,” “Cleary” said to Daily Dot. “You can’t just do DDoS attacks from your home computer. It doesn’t work.”

The group has even suggested that it has access to undersea cables that facilitate internet connections between the US and Europe.

But its appetite for fame may prove to be Lizard Squad’s undoing, after security journalist Brian Krebs claims to have uncovered the possible true identities of at least two members, both of whom have conducted TV interviews in the wake of the attacks.


Xbox live and Playstation attack: Christmas ruined for millions of gamers | Technology | The Guardian

Xbox live and Playstation attack: Christmas ruined for millions of gamers | Technology | The Guardian.

Millions of gamers could not use their PlayStation 4 after an apparent cyber-attack at Christmas

 Millions of gamers could not use their PlayStation 4 after an apparent cyber-attack at Christmas. Photograph: Chesnot/Getty Images

Millions of people could not use their games consoles for a second day as disruption on the Xbox Live and Sony Playstation networks continued after an apparent cyber-attack.

A group calling itself Lizard Squad claimed responsibility for bringing down both networks on Christmas Eve, which could have affected nearly 160 million gamers.

Even an intervention by eccentric internet entrepreneur Kim Dotcom, who offered the hackers free lifetime use of his file storage service, does not appear to have ended the attack. Known as a distributed denial of service, or DDOS, the attack is overloading the systems of both services by generating fake access requests.

Such an attack can prevent people from playing games even when they have a physical copy as newer consoles often require online authentication as an anti-piracy measure.


Sony amenaza con demandar a Twitter por difusión de datos robados en ciberataque – BioBioChile

Sony amenaza con demandar a Twitter por difusión de datos robados en ciberataque – BioBioChile.


STR | AFP

STR | AFP

Publicado por Denisse Charpentier | La Información es de Agencia AFP
Sony Pictures advirtió que podría demandar a Twitter si sigue permitiendo que se difunda a través de esa red social el material robado en un ciberataque a los computadores de la compañía en noviembre.

El estudio de cine y televisión pidió que Twitter suspenda al menos una cuenta (@bikinirobot), que reproduce el material robado según una carta del abogado de Sony David Boies, publicada en varios medios.

“Les pedimos que se suspenda esta cuenta tan pronto como sea posible” señala Boies quien advierte que de no hacerlo Twitter “cargará con la responsabilidad” de los daños que provoque la difusión de los datos robados.


Corea del Norte sufre misterioso “ciberapagón” en plena polémica con EE.UU. – El Mostrador

Corea del Norte sufre misterioso “ciberapagón” en plena polémica con EE.UU. – El Mostrador.

Aunque no es la primera vez que esto ocurre, el fenómeno despertó una fuerte atención y todas las miradas se dirigieron al país norteamericano, ya que el pasado viernes el presidente Barack Obama prometió una “respuesta proporcionada” al reciente ciberataque a Sony Pictures del que culpa a la nación asiática.

Corea-del-Norte-pc

Corea del Norte sufrió un largo apagón en su red de internet, un misterioso suceso que ha desatado especulaciones en pleno conflicto con EE.UU. por el ciberataque que llevó a la cancelación de una película que caricaturiza al líder Kim Jong-un.

Las principales páginas web norcoreanas, entre ellas la de la agencia estatal de noticias KCNA y la del diario Rodong del Partido de los Trabajadores, permanecieron caídas de forma discontinua desde la 01.00 hora local (16.00 GMT del lunes) hasta las 10.45 (01.45 GMT) de este martes.

Aunque no es la primera vez que esto ocurre, el fenómeno despertó una fuerte atención y todas las miradas se dirigieron a EE.UU., ya que el pasado viernes el presidente Barack Obama prometió una “respuesta proporcionada” al reciente ciberataque a Sony Pictures del que culpa a Corea del Norte.

Algunos medios surcoreanos han sugerido que EEUU podría estar detrás del suceso ya que, aunque las caídas de las páginas web norcoreanas son relativamente frecuentes, no es tan habitual que el apagón afecte a todas a la vez.

“Estamos analizando si el motivo de la caída de la red fue un hackeo externo o una prueba del sistema interno para reforzar la seguridad”, explicó una fuente del Gobierno de Corea del Sur a la agencia local Yonhap.

Corea del Norte no se ha pronunciado de momento, mientras otros medios y expertos consideran la posibilidad de que el país comunista pueda haber sufrido un ataque por parte de hackers anónimos u organizaciones civiles.

Como precedente, el pasado agosto la ONG estadounidense Human Rights Foundation inició una campaña de “hackeo” de las redes norcoreanas con informáticos de diversos países para introducir información del exterior en el duramente restringido ciberespacio de uno de los países más aislados del mundo.


Enough with the Sony hack. Can we all calm down about cyberwar with North Korea already? | Trevor Timm | Comment is free | theguardian.com

Enough with the Sony hack. Can we all calm down about cyberwar with North Korea already? | Trevor Timm | Comment is free | theguardian.com.

Yes, the Interview was just a Seth Rogen stoner movie – and, no, privacy, free speech and World War III are not at stake

the interview movie poster
“We will respond proportionally,” Obama said on Friday. Why should the US be responding offensively at all? Photograph: Sony Pictures

The sanest thing anyone said in Washington this week was a reminder, on the Friday before Christmas, when Barack Obama took a break from oscillating between reassuring rationality and understated fear to make an accidental joke:

It says something about North Korea that it decided to mount an all-out attack about a satirical movie … starring Seth Rogen.

It also says something about the over-the-top rhetoric of United States cybersecurity paranoia that it took the President of the United States to remind us to take a deep breath and exhale, even if Sony abruptly scrapped its poorly reviewed Hollywood blockbuster after nebulous threats from alleged North Korean hackers.

Unfortunately, acting rational seems out of the question at this point. In between making a lot of sense about Sony’s cowardly “mistake” to pull a film based on a childish, unsubstantiated threat, Obama indicated the US planned to respond in some as-yet-unknown way, which sounds a lot like a cyberattack of our own.

“We will respond, we will respond proportionally, and in a place and time that we choose,” Obama said at his year-end news conference. Why should we be responding offensively at all? As the Wall Street Journal’s Danny Yadron reported, a movie studio doesn’t reach the US government’s definition of “critical infrastructure” that would allow its military to respond under existing rules, but that didn’t stop the White House from calling the Sony hack a “national security issue” just a day later.

Let’s put aside for a moment that many security experts haven’t exactly been rushing to agree with the FBI’s cut-and-dry conclusion that “the North Korean government is responsible” for the hack. Wired’s Kim Zetter wrote a detailed analysis about why the evidence accusing North Korea is really flimsy, while other security professionals have weighed in with similar research.

But whoever the hackers are, can we stop calling them “cyber-terrorists,”like Motion Picture Association of America chairman Chris Dodd did on Friday? They may be sadistic pranksters, extortionists and assholes, but anonymously posting a juvenile and vague word jumble incorporating “9/11” that has no connection to reality does not make them terrorist masterminds. That’s giving whoever did it way too much credit.


EE UU cree que Corea del Norte está detrás del ataque a Sony | Cultura | EL PAÍS

EE UU cree que Corea del Norte está detrás del ataque a Sony | Cultura | EL PAÍS.


Kim Jong-un, en una ceremonia por el tercer aniversario de la muerte de su padre, el miércoles. / JUNG YEON-JE (AFP)

Enviar a LinkedIn0
Enviar a TuentiEnviar a Eskup

EnviarImprimirGuardar

Estados Unidos ha conseguido finalmente encontrar la conexión entre Corea del Norte y el masivo ataque informático que atenaza a la multinacional Sony Pictures desde hace tres semanas. Fuentes anónimas del FBI citadas por The New York Times, CNN y Associated Press confirmaron por primera vez que Pyongyang está detrás de la brutal represalia contra la compañía por la película La entrevista, una parodia sobre un intento de asesinato del presidente norcoreano, Kin Jong-un.

Los medios estadounidenses afirman que los investigadores harán un anuncio al respecto este jueves. Un portavoz del Consejo de Seguridad Nacional dijo el miércoles por a noche que “el Gobierno de Estados Unidos ha ofrecido a Sony Pictures Entertainment apoyo y asistencia en respuesta al ataque. El FBI lleva la iniciativa en la investigación. EE UU está investigando la autoría y dará información en el momento apropiado”. El organismo afirma que la Casa Blanca “trabaja sin descanso para llevar a los autores de este ataque ante la justicia” y está “considerando varias opciones” de respuesta.


Cines ceden ante amenazas de hackers y suspenden estreno de película sobre Corea del Norte – El Mostrador

Cines ceden ante amenazas de hackers y suspenden estreno de película sobre Corea del Norte – El Mostrador.

En las últimas semanas, se ha especulado con la posibilidad de que Pyonyang esté detrás del hackeo a Sony, ya que hace unos meses el gobierno norcoreano calificó a “The Interview” como “un acto de guerra”.

El estreno de “The Interview” en Nueva York, previsto para el próximo 25 de diciembre, fue suspendido ante el temor generado por las amenazas de ataques contra las salas.

Otros cines de Estados Unidos también decidieron no proyectar ese título para evitar posibles represalias.

Los piratas informáticos detrás del hackeo del mes pasado contra el estudio Sony Pictures, hiceron público este martes un mensaje en el que hacían referencia a los atentados del 11 de septiembre de 2001 y amenazaban con llevar a cabo acciones similares en las salas que exhibieran la película.

La cinta producida por Sony Pictures es una parodia al régimen de Corea del Norte y en ella sus protagonistas -Seth Rogen y James Franco- diseñan un plan para asesinar al líder norcoreano Kim Jong-Un.

En las últimas semanas, se ha especulado con la posibilidad de que Pyonyang esté detrás del hackeo a Sony, ya que hace unos meses el gobierno norcoreano calificó a “The Interview” como “un acto de guerra”.

“Les mostraremos claramente en el momento y en el los lugares en los que se exhiba ‘The Interview’, incluyendo el estreno, el destino amargo al que estarán condenados aquellos que buscan diversión en el terror”, se puede leer en el mensaje que los hackers enviaron en las últimas horas a los medios en Estados Unidos.

“El mundo estará lleno de miedo. Recuerden el 11 de septiembre de 2001. Les recomendamos que se mantengan alejados en ese momento de esos lugares (si su casa está cerca mejor váyanse). Todo lo que suceda en los próximos días es resultado de la avaricia de Sony Pictures Entertainment”, aseguran los piratas que se identifican bajo las siglas de GOP (Guardians of Peace).

Esta es la primera vez que GOP nombra la película “The Interview” en uno de sus mensajes.


EU’s new digital commissioner calls celebrities in nude picture leak ‘stupid’ | World news | The Guardian

EU’s new digital commissioner calls celebrities in nude picture leak ‘stupid’ | World news | The Guardian.

Germany’s Günther Oettinger says stars who put naked photos of themselves online could not count on his protection

 

 

Günther Oettinger during his hearing at the European parliament
Günther Oettinger said celebrities ‘stupid enough’ to put nude photos online did not deserve protection. Photograph: /Zuma/Rex

 

Former EU energy commissioner Günther Oettinger, 61, is used to accusations that he is more digitally naïve than digitally native by now. But at a hearing in front of the European parliament, the EU’s next commissioner designate for digital economy and society raised some serious questions about his suitability.

 

During a three-hour grilling by MEPs in Brussels, Oettinger said it would not be his job to protect stars “stupid enough to take a nude photo of themselves and put it online” – seemingly unaware that the recent leak of celebrities’ nude photographs had come about as a result of a targeted hacking attack.

 

Oettinger said: “We can mitigate or even eliminate some risks. But like with any technology, you can’t exclude all risks.

 

If someone is stupid enough as a celebrity to take a nude photo of themselves and put it online, they surely can’t expect us to protect them. Stupidity is something you can only partly save people from.”

 

Oettinger seemed to refer to the recent leak of nude photographs showing celebrities including actress Jennifer Lawrence and singer Rihanna, which took place after hackers targeted their victims’ iClouds. Most modern smartphones automatically store backups of photographs online, often without their users’ knowledge.

 

Oettinger’s comments sparked criticism from a number of MEPs and the German press. “He revealed that he still hasn’t understood the real problem behind these leaked pictures,” Green MEP Jan Philipp Albrecht told the Guardian. “Serious questions need to be asked about the security of cloud systems currently in use, and asking those questions is very much part of the job remit of the next EU commissioner for digital society.”


Filtración de fotos íntimas de famosas cuestiona la seguridad en la nube – El Mostrador

Filtración de fotos íntimas de famosas cuestiona la seguridad en la nube – El Mostrador.

Los expertos en seguridad barajan varios escenarios posibles para que los piratas informáticos tuvieran acceso libre a sus cuentas en la nube, para horror de las actrices y temor de los usuarios comunes, que en ocasiones no son conscientes de que sus datos están siendo almacenados.

nube

La filtración de decenas de fotografías de famosos en internet puso en tela de juicio la seguridad de los servicios de almacenamiento de datos en la nube, una cuestión que muchos consumidores siempre han visto con recelo.

Las imágenes de actrices como Jeniffer Lawrence posando para la cámara desnuda en fotos privadas que no estaban pensadas para que vieran la luz corrieron como la pólvora en las redes sociales para indignación de la actriz, que ha amenazado con demandar a cualquier medio que publique sus “fotografías robadas”.

¿El culpable? Una posible brecha de seguridad en el sistema de iCloud de Apple, que facilita el almacenaje de datos en el mundo virtual sin ocupar espacio en la memoria real de los aparatos electrónicos. La compañía descartó sin embargo que sus sistemas fueran vulnerados.

Las imágenes fueron difundidas en un mensaje en el foro 4chan por una persona (o grupo) anónima, que aseguraba que fueron obtenidas de las cuentas de iCloud de Lawrence y otras famosas como Kate Upton y Mary Elizabeth Winstead.


How to protect your digital photos from hackers | Technology | theguardian.com

How to protect your digital photos from hackers | Technology | theguardian.com.

After over 100 celebrities had their sensitive photos exposed this week, here are some tips on keeping yours safe from hackers

 

 

Jennifer Lawrence with her best actress Oscar
Jennifer Lawrence with her best actress Oscar Photograph: Mike Blake/Reuters

 

This week, nude photos of over 100 celebrities were posted online by an anonymous source who may have have got them by hacking the Apple iCloud online storage service, or guessing the security questions needed to gain access to each individual account.

 

Either way it has got many people wondering about the safety of their own photos, nude or otherwise, and about whether any snapshot taken on or shared via a digital device can ever be considered secure.

 

So how can you keep your own images away from uninvited viewers? Here are some quick pointers.


Gang of hackers behind nude celebrity photo leak routinely attacked iCloud | Technology | The Guardian

Gang of hackers behind nude celebrity photo leak routinely attacked iCloud | Technology | The Guardian.

‘Months of hard work’ behind publication of more than 100 stars’ private photos as hackers ask for bitcoin and go underground
Jennifer Lawrence

Hackers claimed to have obtained nude pictures of Jennifer Lawrence at the end of August. Photograph: Frederic J. Brown/AFP/Getty Images

A gang of hackers who collected and traded nude pictures of female celebrities by routinely breaking into Apple‘s iCloud system were the source of private photographs leaked online, new evidence shows.

Private photos and videos of more than 100 mostly female American and British stars were released on the internet on Monday from the 4chan website, sparking condemnation from the Oscar-winner Jennifer Lawrence and other actors including Kirsten Dunst, Kate Upton and Briton Jessica Brown Findlay.

Chatroom transcripts show that “OriginalGuy”, a member of the gang who has now gone on the run, boasted that the hacking of accounts belonging to Lawrence and others “is the result of several months of long and hard work” and that “several people were in on it”.

Other chatroom transcripts show that the gang had offered nude pictures of female celebrities and athletes for sale, and others offered to “rip” the iCloud backup accounts containing photos for anyone once they were given their user name and password. The iCloud backups come from the stars’ iPhones, which automatically store photos online for up to 30 days or until they are downloaded.

The revelation comes as the FBI and Apple started investigating the security breach, the most serious ever to affect the iPhone maker and a serious blow to its efforts to push new devices expected to incorporate mobile payment functions next week.

There are more than 800 million iCloud accounts globally – but the chatroom transcripts suggest there is now a growing semi-professional trade in “ripping” iCloud accounts, posing a serious problem for Apple’s security profile.


Inside the mind of Derp, a hacking group with a taste for cyber chaos | Technology | theguardian.com

Inside the mind of Derp, a hacking group with a taste for cyber chaos | Technology | theguardian.com.

With cyber attacks on the rise, the Guardian meets the team behind one of the most famous incidents. This is the night DerpTrolling took down gaming superstar, Phantomlord

 

 

voltron angel
Derp is a loose collective of coders and computer experts, who have a taste and a talent for internet chaos. Photograph: Robert Anthony Provost/flickr

 

Friday 27 December 2013. The answer phone message was simple: “Get PhantomL0rd”. No one knew who it came from.

 

The message was left on a phone operated by “DerpTrolling”, a clandestine hacker group, active since 2011. Like many similar groups, Derp, as its tens of thousands of Twitter followers know it, is a loose collective of coders and computer experts, who have a taste and a talent for internet chaos. They identify a target – usually a large corporation, often a video game company – and attempt to break its online infrastructure.

 

But Derp has a unique approach. The group advertises a phone number on its Twitter page with the simple instruction: “call or text a request.” Dial the number and you can leave a message with the name of a website you would like to be taken offline. If they decide to act, the hackers then stage a distributed denial of service (DDoS) attack against the target.

 

A DDoS attack is not hacking, it does not require the perpetrator to gain illicit access to the system – instead it involves directing a colossal flood of network traffic at the site until its servers buckle under the load. During the past five years, many of the world’s largest and most powerful websites, including PayPal, Mastercard and even the US National Security Agency have been shut down by DDoS attacks instigated by amateur hacker groups like Derp.

 

This time, however, the target was not a website but a person.

 

Enter Phantomlord

 

Jason Varga is a popular internet TV presenter who earns his living playing and commentating on online video games. Varga, known to his channel’s subscribers as PhantomL0rd, is one of the most popular “casters” in the business: he earns an estimated $184,000 a year from YouTube advertising, which supplements his already sizeable income generated from subscribers who pay to watch to his channel on the popular Twitch service, recently bought by Amazon for $970m.

 

Jason Varga AKA PhantomL0rd
Jason Varga AKA PhantomL0rd. Photograph: Jason Varga

 

The person who called Derp was perhaps a rival presenter or a bored viewer who wanted to cause some trouble during the school holidays. But their simple request was accepted.

 

DDoS attacks have vastly increased in frequency during the past few years. While some of the attacks are financially motivated (groups have demanded a ransom to be paid before they call off the attack), many are motivated by anti-corporate sentiment. When Mastercard and PayPal blocked donations to Wikileaks in 2011, the best-known “hacktivist” group, Anonymous, launched a DDoS attack against both sites in a programme of chaos it called “Operation Payback”.

 

Other hacker groups aren’t doing it for money or activistism, they’re doing it for fun, and to boast about their success on social media. It is the electronic equivalent of graffiti with a vaguely anti-establishment theme. This is where Derp operates.

 

Three days after the answerphone message was left, perhaps drawn to the idea of one of their DDoS attacks being streamed live on air, Derp chose to act against Varga.

 

At 4:07pm GMT on 30 December, the group tweeted: “Something special planned for League of Legends”, a reference to the hugely popular online PC game that Varga was playing while streaming footage to his hundreds of thousands of viewers. During the next few hours the group staged multiple DDoS attacks on the League of Legends servers. They successfully took the game, its accompanying website and forum offline around the world.

 

Rather than report the incident, Varga entered into a dialogue with the hackers. Realising the spectator value of what was happening, he made a deal with them, concerning the next game he was planning to play on air – the popular arena battle title, Dota 2.

 

“If my team wins, we’ll keep going,” he said, live on air. “[But] if my team starts to lose, Derp Bros, take this shit down.” The hackers agreed.

 

When Varga’s team lost the match the hackers made good on their promise: at 21:12pm, DOTA2 disappeared from the internet.

 

Throughout the evening the hackers continued to follow Varga online. They convinced him to play a game on the Disney-owned Club Penguin before they took the entire site down. They were enjoying the attention. They got more ambitious.

 

During the next few hours they successfully brought down various game-related websites, including Origin, the online web store of giant video game publisher, Electronic Arts. Varga asked the group why they were doing this. “For the lulz,” they replied, before adding, perhaps to lend a sub-note of gravitas to their campaign, that they also wanted to target greedy game companies.


Hacking Online Polls and Other Ways British Spies Seek to Control the Internet – The Intercept

Hacking Online Polls and Other Ways British Spies Seek to Control the Internet – The Intercept.

By 390
Featured photo - Hacking Online Polls and Other Ways British Spies Seek to Control the Internet

The secretive British spy agency GCHQ has developed covert tools to seed the internet with false information, including the ability to manipulate the results of online polls, artificially inflate pageview counts on web sites, “amplif[y]” sanctioned messages on YouTube, and censor video content judged to be “extremist.” The capabilities, detailed in documents provided by NSA whistleblower Edward Snowden, even include an old standby for pre-adolescent prank callers everywhere: A way to connect two unsuspecting phone users together in a call.

The tools were created by GCHQ’s Joint Threat Research Intelligence Group (JTRIG), and constitute some of the most startling methods of propaganda and internet deception contained within the Snowden archive. Previously disclosed documents have detailed JTRIG’s use of “fake victim blog posts,” “false flag operations,” “honey traps” and psychological manipulation to target online activists, monitor visitors to WikiLeaks, and spy on YouTube and Facebook users.

But as the U.K. Parliament today debates a fast-tracked bill to provide the government with greater surveillance powers, one which Prime Minister David Cameron has justified as an “emergency” to “help keep us safe,” a newly released top-secret GCHQ document called “JTRIG Tools and Techniques” provides a comprehensive, birds-eye view of just how underhanded and invasive this unit’s operations are. The document—available in full here—is designed to notify other GCHQ units of JTRIG’s “weaponised capability” when it comes to the dark internet arts, and serves as a sort of hacker’s buffet for wreaking online havoc.