Top-Secret NSA Report Details Russian Hacking Effort Days Before 2016 Election

While the document provides a rare window into the NSA’s understanding of the mechanics of Russian hacking, it does not show the underlying “raw” intelligence on which the analysis is based. A U.S. intelligence officer who declined to be identified cautioned against drawing too big a conclusion from the document because a single analysis is not necessarily definitive.

Fuente: Top-Secret NSA Report Details Russian Hacking Effort Days Before 2016 Election


Shadow Brokers threaten to unleash more hacking tools | Technology | The Guardian

The so-called Shadow Brokers, who claimed responsibility for releasing NSA tools that were used to spread the WannaCry ransomware through the NHS and across the world, said they have a new suite of tools and vulnerabilities in newer software. The possible targets include Microsoft’s Windows 10, which was unaffected by the initial attack and is on at least 500m devices around the world.

Fuente: Shadow Brokers threaten to unleash more hacking tools | Technology | The Guardian


Digital gold: why hackers love Bitcoin | Technology | The Guardian

The WannaCry ransomware attackers demanded payment in the cryptocurrency. But its use in the ‘clean’ economy is growing, too, and could revolutionise how we use money

Fuente: Digital gold: why hackers love Bitcoin | Technology | The Guardian


Leaked NSA Malware Is Helping Hijack Computers Around the World

In mid-April, an arsenal of powerful software tools apparently designed by the NSA to infect and control Windows computers was leaked by an entity known only as the “Shadow Brokers.” Not even a whole month later, the hypothetical threat that criminals would use the tools against the general public has become real, and tens of thousands of computers worldwide are now crippled by an unknown party demanding ransom.

Fuente: Leaked NSA Malware Is Helping Hijack Computers Around the World


Microsoft responsabiliza a la Agencia de Seguridad Nacional de EE.UU. de propiciar el ciberataque masivo que afectó al menos a 150 países – El Mostrador

El gigante de la informática criticó el papel de los gobiernos y organizaciones que coleccionan vulnerabilidades informáticas que después pueden ser robadas o vendidas a delincuentes informáticos. La empresa pide que lo sucedido sea una lección para erradicar esta práctica en el mundo.

Fuente: Microsoft responsabiliza a la Agencia de Seguridad Nacional de EE.UU. de propiciar el ciberataque masivo que afectó al menos a 150 países – El Mostrador


El ciberataque de escala mundial y “dimensión nunca antes vista” que afectó a instituciones y empresas de casi 100 países – El Mostrador

Un ciberataque “de dimensión nunca antes vista” logró este viernes bloquear el acceso a los sistemas informáticos de instituciones estatales y empresas de varios países.La policía europea, Europol, indicó que el ciberataque era de una escala “sin precedentes” y advirtió que una “compleja investigación internacional” era necesaria para “identificar a los culpables”.

Fuente: El ciberataque de escala mundial y “dimensión nunca antes vista” que afectó a instituciones y empresas de casi 100 países – El Mostrador


Teenage hackers motivated by morality not money, study finds | Technology | The Guardian

Young people attack computer networks to impress friends and challenge political system, crime research shows

Fuente: Teenage hackers motivated by morality not money, study finds | Technology | The Guardian


Leaked NSA Malware Threatens Windows Users Around the World

“This is as big as it gets,” Hickey said. “Nation-state attack tools are now in the hands of anyone who cares to download them…it’s literally a cyberweapon for hacking into computers…people will be using these attacks for years to come.”

Fuente: Leaked NSA Malware Threatens Windows Users Around the World


WikiLeaks publishes ‘biggest ever leak of secret CIA documents’ | Media | The Guardian

The US intelligence agencies are facing fresh embarrassment after WikiLeaks published what it described as the biggest ever leak of confidential documents from the CIA detailing the tools it uses to break into phones, communication apps and other electronic devices.

Fuente: WikiLeaks publishes ‘biggest ever leak of secret CIA documents’ | Media | The Guardian


Wikileaks Dump Shows CIA Could Turn Smart TVs into Listening Devices

It’s difficult to buy a new TV that doesn’t come with a suite of (generally mediocre) “smart” software, giving your home theater some of the functions typically found in phones and tablets. But bringing these extra features into your living room means bringing a microphone, too — a fact the CIA is exploiting, according to a new trove of documents released today by Wikileaks.

Fuente: Wikileaks Dump Shows CIA Could Turn Smart TVs into Listening Devices


WikiLeaks filtra programa encubierto de la CIA que usa celulares y televisores como “micrófonos encubiertos” – El Mostrador

La información revelada hoy sobre “hacking” (ataque cibernético) es parte de una serie en siete entregas que define como “la mayor filtración de datos de inteligencia de la historia”.

Fuente: WikiLeaks filtra programa encubierto de la CIA que usa celulares y televisores como “micrófonos encubiertos” – El Mostrador


The U.S. Government Thinks Thousands of Russian Hackers May Be Reading My Blog. They Aren’t.

It’s plausible, and in my opinion likely, that hackers under orders from the Russian government were responsible for the DNC and Podesta hacks in order to influence the U.S. election in favor of Donald Trump. But the Grizzly Steppe report fails to adequately back up this claim. My research, for example, shows that much of the evidence presented is evidence of nothing at all.

Fuente: The U.S. Government Thinks Thousands of Russian Hackers May Be Reading My Blog. They Aren’t.


WashPost Is Richly Rewarded for False News About Russia Threat While Public Is Deceived

The most ironic aspect of all this is that it is mainstream journalists — the very people who have become obsessed with the crusade against Fake News — who play the key role in enabling and fueling this dissemination of false stories. They do so not only by uncritically spreading them, but also by taking little or no steps to notify the public of their falsity.

Fuente: WashPost Is Richly Rewarded for False News About Russia Threat While Public Is Deceived


Russia Hysteria Infects WashPost Again: False Story About Hacking U.S. Electric Grid

Those interested in a sober and rational discussion of the Russia hacking issue should read the following:(1) Three posts by cybersecurity expert Jeffrey Carr: first, on the difficulty of proving attribution for any hacks; second, on the irrational claims on which the “Russia hacked the DNC” case is predicated; and third, on the woefully inadequate, evidence-free report issued by the Department of Homeland Security and FBI this week to justify sanctions against Russia.(2) Yesterday’s Rolling Stone article by Matt Taibbi, who lived and worked for more than a decade in Russia, titled: “Something About This Russia Story Stinks.”(3) An Atlantic article by David A. Graham on the politics and strategies of the sanctions imposed this week on Russia by Obama; I disagree with several of his claims, but the article is a rarity: a calm, sober, rational assessment of this debate.

Fuente: Russia Hysteria Infects WashPost Again: False Story About Hacking U.S. Electric Grid


Obama escalates anti-Russian campaign with new sanctions and threats – World Socialist Web Site

In an executive order accompanied by a series of official statements, US President Barack Obama has sharply escalated the campaign against Russia, based on unsubstantiated claims of Russian government hacking of the Democratic National Committee (DNC) and the Hillary Clinton campaign in the presidential election.

Fuente: Obama escalates anti-Russian campaign with new sanctions and threats – World Socialist Web Site


Top-Secret Snowden Document Reveals What the NSA Knew About Previous Russian Hacking

Now, a never-before-published top-secret document provided by whistleblower Edward Snowden suggests the NSA has a way of collecting evidence of Russian hacks, because the agency tracked a similar hack before in the case of a prominent Russian journalist, who was also a U.S. citizen.

Fuente: Top-Secret Snowden Document Reveals What the NSA Knew About Previous Russian Hacking


HELP US FIGHT SWEEPING STATE HACKING POWERS | Privacy International

Following on from our recent victory against unlawful surveillance by the British intelligence services, Privacy International is taking the British Government to court again. Why? Because it is using ‘general warrants’ to hack the electronic devices (computers, phones, tablets, and the increasing number of things that ‘connect’ to the internet) of sweeping groups of unidentified people at home and abroad. General warrants permit the government to target wide categories of people, places or property (e.g. all mobile phones in London) without any individualised suspicion of wrongdoing.

Fuente: HELP US FIGHT SWEEPING STATE HACKING POWERS | Privacy International


Spies for Hire

While cybersecurity companies traditionally aim to ensure that the code in software and hardware is free of flaws — mistakes that malicious hackers can take advantage of — DarkMatter, according to sources familiar with the company’s activities, was trying to find and exploit these flaws in order to install malware. DarkMatter could take over a nearby surveillance camera or cellphone and basically do whatever it wanted with it — conduct surveillance, interfere with or change any electronic messages it emitted, or block the signals entirely.

Fuente: Spies for Hire


Hackean grupo de espionaje de la NSA y subastan información por 1 millón de bitcoins | CriptoNoticias – Bitcoin, Blockchain y criptomonedas

Un grupo de hackers vinculado a la Agencia de Seguridad Nacional de los Estados Unidos, mejor conocida como la NSA (National Security Agency), ha sido hackeado recientemente y sus herramientas de espionaje, recolección de información, malware y más, han sido puestas en venta por 1 millón de bitcoins (más de 550 millones de dólares al momento de la publicación).

Fuente: Hackean grupo de espionaje de la NSA y subastan información por 1 millón de bitcoins | CriptoNoticias – Bitcoin, Blockchain y criptomonedas


¿Son estas las armas de espionaje de la NSA? | Derechos Digitales

Un grupo de hackers dice haber obtenido información confidencial de Equation Group, un conocido y sofisticado grupo de ciber atacantes ligado a la NSA. Parte de la información publicada permite por primera vez echar un vistazo a las herramientas utilizadas por la agencia de seguridad estadounidense.

Fuente: ¿Son estas las armas de espionaje de la NSA? | Derechos Digitales


[Updated] Wikileaks Leak Of Turkish Emails Reveals Private Details; Raises Ethical Questions; Or Not… | Techdirt

Important Update: Michael Best has now come out and said that it was actually he who uploaded the files in question, which he got from the somewhat infamous (i.e., hacked the Hacking Team) hacker Phineas Fisher. Through a somewhat convoluted set of circumstances, it appeared the files were associated with the Wikileaks leak when they were not — and then basically everyone just started calling each other names:

Fuente: [Updated] Wikileaks Leak Of Turkish Emails Reveals Private Details; Raises Ethical Questions; Or Not… | Techdirt


¿Cuáles son las responsabilidades que conlleva una filtración? | Derechos Digitales

Cada cierto tiempo surgen nuevas noticias que dan cuenta de cómo hackers y whistleblowers develan información de interés público, usualmente política. Incluso en algunos países latinoamericanos se han creado plataformas que permiten hacer denuncias anónimas, siguiendo la misma tendencia. Esta actividad ha venido a suplir la falta de canales formales de acceso a la información pública, pero pueden presentar algunos problemas.

Fuente: ¿Cuáles son las responsabilidades que conlleva una filtración? | Derechos Digitales


“La ciberguerra sería una forma de terrorismo de Estado”

El libro pretende incentivar la mirada crítica entre el gran público ante los acontecimientos calificados de “ciberguerra” y alertar de la coartada que puede proporcionar el tremendismo sensacionalista en estos temas a quienes pretenden recortar libertades o privacidad.

Fuente: “La ciberguerra sería una forma de terrorismo de Estado”


Israel action threatens to close down rights group and ‘chill’ free speech | World news | The Guardian

A high-profile Israeli human rights group that publishes the anonymous testimonies of soldiers in the Palestinian territories is facing a court hearing that threatens to shut down its work in what is being viewed as a crucial test case for civil society.The case, which will be heard in court next week, is being brought by the Israeli government, which is demanding that Breaking the Silence identify anonymous serving military personnel who have given it testimony relating to alleged crimes in the 2014 Gaza war. The group says this is likely to deter future potential testifiers coming forward.

Fuente: Israel action threatens to close down rights group and ‘chill’ free speech | World news | The Guardian


The Vigilante Who Hacked Hacking Team Explains How He Did It | Motherboard

Back in July of last year, the controversial government spying and hacking tool seller Hacking Team was hacked itself by an outside attacker. The breach made headlines worldwide, but no one knew much about the perpetrator or how he did it.That mystery has finally been revealed.

Fuente: The Vigilante Who Hacked Hacking Team Explains How He Did It | Motherboard


Regulators are failing to block fraudulent adverts – FT.com

You might have thought that an industry in which a tenth of transactions are fraudulent, which leaks billions of dollars a year, and in which many turn a blind eye to criminality would be raided by the police. So far, there is no sign of it. The

Fuente: Regulators are failing to block fraudulent adverts – FT.com


Intel Security’s Chris Young tells cyber sector to go on offensive – FT.com

Intel Security’s Chris Young tells cyber sector to go on offensive – FT.com.

 

Hacker; Cyber Security

The president of Intel Security has admonished the cyber security industry for being “too reactive” and focusing on the symptoms of attacks rather than the underlying causes.

Chris Young said that the sector had become “bogged down” in data while cyber attackers get better funded, more innovative and improve their skills.

“In security we’re chasing the symptoms like malware and vulnerabilities when we’d be smarter if we knew the context of attacks, who the attackers are and why do I care about them.”“We are swimming in symptoms but we don’t really understand the problem in many cases. To use a human analogy, I’m sneezing, I can’t breathe easily, I have a runny nose: do I have a cold, flu or allergies?” he said.

Mr Young told the Financial Times at the RSA cyber security conference that President Barack Obama’s new information sharing proposals, announced in the State of the Union speech, risk creating a flood of new data on attacks that few companies are skilled at processing. The US House of Representatives could vote on the bill this week.

 


Lenovo admits to software vulnerability – FT.com

Lenovo admits to software vulnerability – FT.com.

 

Last updated: February 19, 2015 7:00 pm

Lenovo admits to software vulnerability

 

Lenovo Group Ltd. signage is displayed near laptops in an arranged photograph at a Lenovo store in the Yuen Long district of Hong Kong, China, on Friday, May 23, 2014. Lenovo, the world's largest maker of personal computers, reported a 25 percent jump in fourth-quarter profit as its desktop models and mobile devices gained global market share. Photographer: Brent Lewin/Bloomberg©Bloomberg

Lenovo, the world’s largest computer manufacturer by unit sales, has been forced to disable controversial software that left users of its laptops vulnerable to hacking attacks.

The software Superfish, which was pre-installed on Lenovo’s devices, was billed as a free “visual search” tool. But Lenovo used it to inject adverts into web pages.

More controversially, however, computer experts have discovered that Superfish contains a major security hole that hackers can potentially exploit to eavesdrop on a user’s web-browsing behaviour.

Users have been raising concerns about Superfish on Lenovo’s own online forums since September, complaining that the software is putting additional advertising into web pages without their permission.

Computer manufacturers often pre-install so-called “adware” into their laptops and PCs in exchange for payment by the software makers, which in turn make money from advertisers.

Lenovo said its customers were given a choice about whether to use the product.

However, Graham Cluley, an independent security expert, said the way in which Lenovo had installed the adware was “cack-handed, and could be exploited by a malicious hacker to intercept the traffic of innocent parties”.

While there is no evidence that hackers have exploited the vulnerability, Mr Cluley said: “If you have Superfish on your computer you really can’t trust secure connections to sites any more.”

 


Aaron Swartz stood up for freedom and fairness – and was hounded to his death | Comment is free | The Guardian

Aaron Swartz stood up for freedom and fairness – and was hounded to his death | Comment is free | The Guardian.

Internet activist Aaron Swartz in a San Francisco bookshop in 2008, five years before his suicide.

 Internet activist Aaron Swartz in a San Francisco bookshop in 2008, five years before his suicide. Photograph: Noah Berger/Reuters

On Monday, BBC Four screened a remarkable film in its Storyville series. The Internet’s Own Boy told the story of the life and tragic death of Aaron Swartz, the leading geek wunderkind of his generation who was hounded to suicide at the age of 26 by a vindictive US administration. The film is still available on BBC iPlayer, and if you do nothing else this weekend make time to watch it, because it’s the most revealing source of insights about how the state approaches the internet since Edward Snowden first broke cover.

To say Swartz was a prodigy is an understatement. As an unknown teenager he was a co-designer of tools – like RSS and Markdown and of services like Reddit – that shaped the evolution of the web. He was also the kid who wrote most of the code underpinning Creative Commons, an inspired system that uses copyright law to give ordinary people control over how their digital creations can be used by others.

But Swartz was far more than an immensely-gifted programmer. The Storyville film includes home movies which show the entrancing, voraciously-inquisitive toddler who was father to the man. As he grew, he displayed the same open, questioning attitude to life one sees in other geniuses who are always asking “why?” and “why not?” and driving normal people nuts.


Western Spy Agencies Secretly Rely on Hackers for Intel and Expertise – The Intercept

Western Spy Agencies Secretly Rely on Hackers for Intel and Expertise – The Intercept.

Featured photo - Western Spy Agencies Secretly Rely on Hackers for Intel and Expertise

The U.S., U.K. and Canadian governments characterize hackers as a criminal menace, warn of the threats they allegedly pose to critical infrastructure, and aggressively prosecute them, but they are also secretly exploiting their information and expertise, according to top secret documents.

In some cases, the surveillance agencies are obtaining the content of emails by monitoring hackers as they breach email accounts, often without notifying the hacking victims of these breaches. “Hackers are stealing the emails of some of our targets… by collecting the hackers’ ‘take,’ we . . .  get access to the emails themselves,” reads one top secret 2010 National Security Agency document.

These and other revelations about the intelligence agencies’ reliance on hackers are contained in documents provided by whistleblower Edward Snowden. The documents—which come from the U.K. Government Communications Headquarters agency and NSA—shed new light on the various means used by intelligence agencies to exploit hackers’ successes and learn from their skills, while also raising questions about whether governments have overstated the threat posed by some hackers.

By looking out for hacking conducted “both by state-sponsored and freelance hackers” and riding on the coattails of hackers, Western intelligence agencies have gathered what they regard as valuable content:

Recently, Communications Security Establishment Canada (CSEC) and Menwith Hill Station (MHS) discovered and began exploiting a target-rich data set being stolen by hackers. The hackers’ sophisticated email-stealing intrusion set is known as INTOLERANT. Of the traffic observed, nearly half contains category hits because the attackers are targeting email accounts of interest to the Intelligence Community. Although a relatively new data source, [Target Offices of Primary Interest] have already written multiple reports based on INTOLERANT collect.

The hackers targeted a wide range of diplomatic corps, human rights and democracy activists and even journalists:

INTOLERANT traffic is very organized. Each event is labeled to identify and categorize victims. Cyber attacks commonly apply descriptors to each victim – it helps herd victims and track which attacks succeed and which fail. Victim categories make INTOLERANT interesting:

A = Indian Diplomatic & Indian Navy
B = Central Asian diplomatic
C = Chinese Human Rights Defenders
D = Tibetan Pro-Democracy Personalities
E = Uighur Activists
F = European Special Rep to Afghanistan and Indian photo-journalism
G = Tibetan Government in Exile

In those cases, the NSA and its partner agencies in the United Kingdom and Canada were unable to determine the identity of the hackers who collected the data, but suspect a state sponsor “based on the level of sophistication and the victim set.”


Obama's Cyber Proposals Sound Good, But Erode Information Security – The Intercept

Obama’s Cyber Proposals Sound Good, But Erode Information Security – The Intercept.

BY DAN FROOMKIN 

The State of the Union address President Obama delivers tonight will include a slate of cyber proposals crafted to sound like timely government protections in an era beset by villainous hackers.

They would in theory help the government and private sector share hack data more effectively; increase penalties for the most troubling forms of hacking; and require better notification of people when their personal data has been stolen.

But if you cut through the spin, it turns out that the steps Obama is proposing would likely erode, rather than strengthen, information security for citizens and computer experts trying to protect them. Consider:

  • There’s plenty of sharing of data on cyber threats already and no reason to think that the Sony Pictures hack or any of the other major recent cyber attacks could have been averted with more. What Obama is proposing would, by contrast, give companies that have terrible security practices a pass in the form of liability protection from regulatory or civil action based on the information they disclose, while potentially allowing widespread distribution of personal data that should be private.
  • The increased penalties for hacking Obama is proposing could punish people who have only briefly rubbed shoulders with hackers as full-fledged members of a criminal enterprise, and criminalize “white-hat” hacking.
  • And Obama’s federal standards for when companies have to report that customers’ data has been stolen would actually overturn tougher standards in many states.

“There’s nothing that he would propose that would do anything to actually improve cybersecurity,” says Chris Soghoian, the principal technologist at the American Civil Liberties Union. “That’s a problem.”


Enough with the Sony hack. Can we all calm down about cyberwar with North Korea already? | Trevor Timm | Comment is free | theguardian.com

Enough with the Sony hack. Can we all calm down about cyberwar with North Korea already? | Trevor Timm | Comment is free | theguardian.com.

Yes, the Interview was just a Seth Rogen stoner movie – and, no, privacy, free speech and World War III are not at stake

the interview movie poster
“We will respond proportionally,” Obama said on Friday. Why should the US be responding offensively at all? Photograph: Sony Pictures

The sanest thing anyone said in Washington this week was a reminder, on the Friday before Christmas, when Barack Obama took a break from oscillating between reassuring rationality and understated fear to make an accidental joke:

It says something about North Korea that it decided to mount an all-out attack about a satirical movie … starring Seth Rogen.

It also says something about the over-the-top rhetoric of United States cybersecurity paranoia that it took the President of the United States to remind us to take a deep breath and exhale, even if Sony abruptly scrapped its poorly reviewed Hollywood blockbuster after nebulous threats from alleged North Korean hackers.

Unfortunately, acting rational seems out of the question at this point. In between making a lot of sense about Sony’s cowardly “mistake” to pull a film based on a childish, unsubstantiated threat, Obama indicated the US planned to respond in some as-yet-unknown way, which sounds a lot like a cyberattack of our own.

“We will respond, we will respond proportionally, and in a place and time that we choose,” Obama said at his year-end news conference. Why should we be responding offensively at all? As the Wall Street Journal’s Danny Yadron reported, a movie studio doesn’t reach the US government’s definition of “critical infrastructure” that would allow its military to respond under existing rules, but that didn’t stop the White House from calling the Sony hack a “national security issue” just a day later.

Let’s put aside for a moment that many security experts haven’t exactly been rushing to agree with the FBI’s cut-and-dry conclusion that “the North Korean government is responsible” for the hack. Wired’s Kim Zetter wrote a detailed analysis about why the evidence accusing North Korea is really flimsy, while other security professionals have weighed in with similar research.

But whoever the hackers are, can we stop calling them “cyber-terrorists,”like Motion Picture Association of America chairman Chris Dodd did on Friday? They may be sadistic pranksters, extortionists and assholes, but anonymously posting a juvenile and vague word jumble incorporating “9/11” that has no connection to reality does not make them terrorist masterminds. That’s giving whoever did it way too much credit.


Chinese Android phones contain in-built hacker 'backdoor' | Technology | The Guardian

Chinese Android phones contain in-built hacker ‘backdoor’ | Technology | The Guardian.

Coolpad
 Smartphones from Chinese manufacturer Coolpad found to have malware pre-installed. Photograph: Coolpad

Smartphones from a major Chinese manufacturer have a security flaw that was deliberately introduced and allows hackers full control of the device.

The “CoolReaper” backdoor was found in the software that powers at least 24 models made by Coolpad, which is now the world’s sixth-biggest smartphone producer according to Canalys.

The flaw allows hackers or Coolpad itself to download and install any software onto the phones without the user’s permission.

“The operator can simply uninstall or disable all security applications in user devices, install additional malware, steal information and inject content into the users device in multiple ways,” according to a report on the malware by security firm Palo Alto Networks (Pan).