Reuben Paul, el niño de 11 años que hackea ositos de peluche y ya tiene su propia empresa de ciberseguridad – El Mostrador

Este joven estadounidense, un prodigio de la informática, se llama a sí mismo “ciberninja” y a través de su propia empresa quiere “educar a la gente, enseñarles cosas nuevas” sobre la seguridad en el mundo cibernético.

Fuente: Reuben Paul, el niño de 11 años que hackea ositos de peluche y ya tiene su propia empresa de ciberseguridad – El Mostrador


Shadow Brokers threaten to unleash more hacking tools | Technology | The Guardian

The so-called Shadow Brokers, who claimed responsibility for releasing NSA tools that were used to spread the WannaCry ransomware through the NHS and across the world, said they have a new suite of tools and vulnerabilities in newer software. The possible targets include Microsoft’s Windows 10, which was unaffected by the initial attack and is on at least 500m devices around the world.

Fuente: Shadow Brokers threaten to unleash more hacking tools | Technology | The Guardian


WikiLeaks publishes ‘biggest ever leak of secret CIA documents’ | Media | The Guardian

The US intelligence agencies are facing fresh embarrassment after WikiLeaks published what it described as the biggest ever leak of confidential documents from the CIA detailing the tools it uses to break into phones, communication apps and other electronic devices.

Fuente: WikiLeaks publishes ‘biggest ever leak of secret CIA documents’ | Media | The Guardian


Wikileaks Dump Shows CIA Could Turn Smart TVs into Listening Devices

It’s difficult to buy a new TV that doesn’t come with a suite of (generally mediocre) “smart” software, giving your home theater some of the functions typically found in phones and tablets. But bringing these extra features into your living room means bringing a microphone, too — a fact the CIA is exploiting, according to a new trove of documents released today by Wikileaks.

Fuente: Wikileaks Dump Shows CIA Could Turn Smart TVs into Listening Devices


WikiLeaks filtra programa encubierto de la CIA que usa celulares y televisores como “micrófonos encubiertos” – El Mostrador

La información revelada hoy sobre “hacking” (ataque cibernético) es parte de una serie en siete entregas que define como “la mayor filtración de datos de inteligencia de la historia”.

Fuente: WikiLeaks filtra programa encubierto de la CIA que usa celulares y televisores como “micrófonos encubiertos” – El Mostrador


Servicio de inteligencia alemán recluta “espías 2.0” capaces de anticiparse a hackers – El Mostrador

los servicios secretos germanos han lanzado en su página web una especie de concurso llamado “Sherlock Holmes en el ciberespacio”, con el que pretenden encontrar jóvenes talentos que puedan hacer frente a los riesgos de futuro gracias a su destreza con las nuevas tecnologías.

Fuente: Servicio de inteligencia alemán recluta “espías 2.0” capaces de anticiparse a hackers – El Mostrador


Russia hacked the US election. Now it’s coming for western democracy | Robby Mook | Opinion | The Guardian

We have to take action now to root out Russian and other foreign influences before they become too deeply enmeshed in our political ecosystem. First and foremost, leaders in the US and Europe must stop any attempt by the Trump administration to ease sanctions on Russia. It must be abundantly clear that attacking our elections through cyberspace will prompt a tough and proportional response.

Fuente: Russia hacked the US election. Now it’s coming for western democracy | Robby Mook | Opinion | The Guardian


The FBI Hacked Over 8,000 Computers In 120 Countries Based on One Warrant | Motherboard

In January, Motherboard reported on the FBI’s “unprecedented” hacking operation, in which the agency, using a single warrant, deployed malware to over one thousand alleged visitors of a dark web child pornography site. Now, it has emerged that the campaign was actually an order of magnitude larger.

Fuente: The FBI Hacked Over 8,000 Computers In 120 Countries Based on One Warrant | Motherboard


HELP US FIGHT SWEEPING STATE HACKING POWERS | Privacy International

Following on from our recent victory against unlawful surveillance by the British intelligence services, Privacy International is taking the British Government to court again. Why? Because it is using ‘general warrants’ to hack the electronic devices (computers, phones, tablets, and the increasing number of things that ‘connect’ to the internet) of sweeping groups of unidentified people at home and abroad. General warrants permit the government to target wide categories of people, places or property (e.g. all mobile phones in London) without any individualised suspicion of wrongdoing.

Fuente: HELP US FIGHT SWEEPING STATE HACKING POWERS | Privacy International


Spies for Hire

While cybersecurity companies traditionally aim to ensure that the code in software and hardware is free of flaws — mistakes that malicious hackers can take advantage of — DarkMatter, according to sources familiar with the company’s activities, was trying to find and exploit these flaws in order to install malware. DarkMatter could take over a nearby surveillance camera or cellphone and basically do whatever it wanted with it — conduct surveillance, interfere with or change any electronic messages it emitted, or block the signals entirely.

Fuente: Spies for Hire


El pionero satélite cuántico chino que puede revolucionar las comunicaciones del mundo – El Mostrador

Se trata de un millonario y ambicioso proyecto apodado QUESS, que pone al gigante asiático a la cabeza de una revolución tecnológica: crear nuevas redes de comunicación globales a prueba de hackeos.

Fuente: El pionero satélite cuántico chino que puede revolucionar las comunicaciones del mundo – El Mostrador


Cyber experts warn of hacking capability of drones – FT.com

Hackers could employ flying drones to buzz office buildings and intercept corporate communications, cyber security researchers have warned ahead of the industry’s annual gathering.A simple drone can be used to attack WiFi, bluetooth and other wireless connections such as those used in contactless payment cards, making it as easy to intercept information in a private building as it is in a public café.

Fuente: Cyber experts warn of hacking capability of drones – FT.com


Se cumple el aniversario de la filtración masiva de datos del Hacking Team | R3D: Red en Defensa de los Derechos Digitales

Hace un año, más de mil 500 correos electrónicos y 400 GB de información de la empresa italiana Hacking Team, dedicada a la venta de software para vigilancia, fueron hechos públicos.

Fuente: Se cumple el aniversario de la filtración masiva de datos del Hacking Team | R3D: Red en Defensa de los Derechos Digitales


The Vigilante Who Hacked Hacking Team Explains How He Did It | Motherboard

Back in July of last year, the controversial government spying and hacking tool seller Hacking Team was hacked itself by an outside attacker. The breach made headlines worldwide, but no one knew much about the perpetrator or how he did it.That mystery has finally been revealed.

Fuente: The Vigilante Who Hacked Hacking Team Explains How He Did It | Motherboard


Reino Unido espía a los refugiados hackeando sus móviles y ordenadores

Los refugiados no tienen derechos. De ahí se deriva que sus teléfonos pueden ser hackeados y sus ordenadores también. Al parecer, esto es lo que ha hecho -legalmente y según The Observer – los funcionarios de la oficina de inmigración británica. En 2013 recibieron poderes para hackear los dispositivos electrónicos de todos los refugiados y peticionarios de asilo que considerasen necesario. Y lo consideran.

Fuente: Reino Unido espía a los refugiados hackeando sus móviles y ordenadores


Hacking Team Is Back In Business, But Struggling To Survive | Motherboard

Earlier this year, a representative for the notorious surveillance vendor Hacking Team traveled to South America to pitch the company’s marquee spyware product to a potential new customer.The representative gave a presentation at the office of a government agency, showed off the spyware control center, and handed out some marketing materials.It was an unremarkable sales pitch—affirmed by the fact that the potential client decided not to buy, according to a source who attended the meeting—except for the timing, which was almost six months after what some consider Hacking Team’s near-death experience.

Fuente: Hacking Team Is Back In Business, But Struggling To Survive | Motherboard


La vulnerabilidad de los smartphones: Muy pocos modelos son seguros ante los hackers – BioBioChile

La vulnerabilidad de los smartphones: Muy pocos modelos son seguros ante los hackers – BioBioChile.

 

Johan Larsson (CC) Flickr

Johan Larsson (CC) Flickr

 

Publicado por Denisse Charpentier | La Información es de Agencia AFP

 

Muy vulnerables actualmente, los smartphones pueden convertirse en el futuro blanco predilecto de los hackers que se pueden aprovechar de las negligencias y la inocencia de los usuarios al manejar su teléfono.

“El mercado del móvil se rige por la innovación y se concentra sobre todo en la obtención de nuevas funcionalidades ligadas al marketing más que en la seguridad y el respeto de la vida privada”, analiza James Lyne, entrevistado en el Mobile World Congress que se cierra este jueves en Barcelona.

Responsable de la seguridad global en Sophos, Lyne responsabiliza a los fabricantes de la insuficiente sensibilización de los consumidores, de los que solo un 40% utiliza un código PIN.

En su presentación del Galaxy S6 el domingo en Barcelona, Samsung insistió en su apariencia, en la recarga inalámbrica o en la calidad de su cámara fotográfica pero apenas se refirió a su protección antivirus.

Por ello, explica a la AFP Tanguy de Coatpont, director general de Kaspersky Lab France, “vivimos con los smartphones lo que experimentamos con los ordenadores hace 15 años”.

“Cada vez hay más problemas de seguridad porque con su potencia se convierten en pequeños ordenadores, conectados permanentemente”, añade.


Hackers take down Lenovo website – FT.com

Hackers take down Lenovo website – FT.com.

High quality global journalism requires investment. Please share this article with others using the link below, do not cut & paste the article. See our Ts&Cs and Copyright Policy for more detail. Email ftsales.support@ft.com to buy additional rights. http://www.ft.com/cms/s/0/77843ec2-bd5f-11e4-b523-00144feab7de.html#ixzz3SzdZG1cE

 

February 26, 2015 2:45 am

Hackers take down Lenovo website

 

A pedestrian walks past the Lenovo Group Ltd. flagship store on Qianmen Street in Beijing, China, on Tuesday, Nov. 11, 2014. Lenovo Chief Executive Officer Yang Yuanqing has expanded in computer servers and mobile phones, including the $2.91 billion purchase of Motorola Mobility, to help combat a shrinking personal-computer market. Photographer: Tomohiro Ohsumi/Bloomberg©Bloomberg

Lenovo’s website has been hacked, less than a week after the personal computer maker was forced to disable controversial software that left users of its laptops vulnerable to cyber attacks.

On Thursday, the group – the world’s largest PC manufacturer by unit sales – said that users trying to visit its website had been redirected to another site by hackers.Hacker collective Lizard Squad had claimed credit for the attack via Twitter, where it also posted internal Lenovo e-mails discussing Superfish, the advertising software that the PC maker disabled on its products last week.

Lizard Squad has previously claimed credit for cyber attacks on Sony’s PlayStation network and Microsoft’s Xbox Live network. On Thursday, it also boasted of an attack on Google’s Vietnamese website.

Lenovo said it had taken its website down and was also investigating “other aspects” of the attack.

Later on Thursday morning, visitors to lenovo.com on Thursday morning received a message stating: “The Lenovo site you are attempting to access is currently unavailable due to system maintenance.” It was restored on Thursday afternoon.

Last week, Lenovo acknowledged that its consumer division had sold laptops pre-installed with controversial advertising software called Superfish that potentially left its computers open to being hacked. It said it had stopped installing Superfish on new units in January and disabled the software on existing machines.

Computer experts had warned of a security hole in the software that hackers could exploit to eavesdrop on a user’s web-browsing behaviour.

 


Lenovo admits to software vulnerability – FT.com

Lenovo admits to software vulnerability – FT.com.

 

Last updated: February 19, 2015 7:00 pm

Lenovo admits to software vulnerability

 

Lenovo Group Ltd. signage is displayed near laptops in an arranged photograph at a Lenovo store in the Yuen Long district of Hong Kong, China, on Friday, May 23, 2014. Lenovo, the world's largest maker of personal computers, reported a 25 percent jump in fourth-quarter profit as its desktop models and mobile devices gained global market share. Photographer: Brent Lewin/Bloomberg©Bloomberg

Lenovo, the world’s largest computer manufacturer by unit sales, has been forced to disable controversial software that left users of its laptops vulnerable to hacking attacks.

The software Superfish, which was pre-installed on Lenovo’s devices, was billed as a free “visual search” tool. But Lenovo used it to inject adverts into web pages.

More controversially, however, computer experts have discovered that Superfish contains a major security hole that hackers can potentially exploit to eavesdrop on a user’s web-browsing behaviour.

Users have been raising concerns about Superfish on Lenovo’s own online forums since September, complaining that the software is putting additional advertising into web pages without their permission.

Computer manufacturers often pre-install so-called “adware” into their laptops and PCs in exchange for payment by the software makers, which in turn make money from advertisers.

Lenovo said its customers were given a choice about whether to use the product.

However, Graham Cluley, an independent security expert, said the way in which Lenovo had installed the adware was “cack-handed, and could be exploited by a malicious hacker to intercept the traffic of innocent parties”.

While there is no evidence that hackers have exploited the vulnerability, Mr Cluley said: “If you have Superfish on your computer you really can’t trust secure connections to sites any more.”

 


Western Spy Agencies Secretly Rely on Hackers for Intel and Expertise – The Intercept

Western Spy Agencies Secretly Rely on Hackers for Intel and Expertise – The Intercept.

Featured photo - Western Spy Agencies Secretly Rely on Hackers for Intel and Expertise

The U.S., U.K. and Canadian governments characterize hackers as a criminal menace, warn of the threats they allegedly pose to critical infrastructure, and aggressively prosecute them, but they are also secretly exploiting their information and expertise, according to top secret documents.

In some cases, the surveillance agencies are obtaining the content of emails by monitoring hackers as they breach email accounts, often without notifying the hacking victims of these breaches. “Hackers are stealing the emails of some of our targets… by collecting the hackers’ ‘take,’ we . . .  get access to the emails themselves,” reads one top secret 2010 National Security Agency document.

These and other revelations about the intelligence agencies’ reliance on hackers are contained in documents provided by whistleblower Edward Snowden. The documents—which come from the U.K. Government Communications Headquarters agency and NSA—shed new light on the various means used by intelligence agencies to exploit hackers’ successes and learn from their skills, while also raising questions about whether governments have overstated the threat posed by some hackers.

By looking out for hacking conducted “both by state-sponsored and freelance hackers” and riding on the coattails of hackers, Western intelligence agencies have gathered what they regard as valuable content:

Recently, Communications Security Establishment Canada (CSEC) and Menwith Hill Station (MHS) discovered and began exploiting a target-rich data set being stolen by hackers. The hackers’ sophisticated email-stealing intrusion set is known as INTOLERANT. Of the traffic observed, nearly half contains category hits because the attackers are targeting email accounts of interest to the Intelligence Community. Although a relatively new data source, [Target Offices of Primary Interest] have already written multiple reports based on INTOLERANT collect.

The hackers targeted a wide range of diplomatic corps, human rights and democracy activists and even journalists:

INTOLERANT traffic is very organized. Each event is labeled to identify and categorize victims. Cyber attacks commonly apply descriptors to each victim – it helps herd victims and track which attacks succeed and which fail. Victim categories make INTOLERANT interesting:

A = Indian Diplomatic & Indian Navy
B = Central Asian diplomatic
C = Chinese Human Rights Defenders
D = Tibetan Pro-Democracy Personalities
E = Uighur Activists
F = European Special Rep to Afghanistan and Indian photo-journalism
G = Tibetan Government in Exile

In those cases, the NSA and its partner agencies in the United Kingdom and Canada were unable to determine the identity of the hackers who collected the data, but suspect a state sponsor “based on the level of sophistication and the victim set.”


Obama's Cyber Proposals Sound Good, But Erode Information Security – The Intercept

Obama’s Cyber Proposals Sound Good, But Erode Information Security – The Intercept.

BY DAN FROOMKIN 

The State of the Union address President Obama delivers tonight will include a slate of cyber proposals crafted to sound like timely government protections in an era beset by villainous hackers.

They would in theory help the government and private sector share hack data more effectively; increase penalties for the most troubling forms of hacking; and require better notification of people when their personal data has been stolen.

But if you cut through the spin, it turns out that the steps Obama is proposing would likely erode, rather than strengthen, information security for citizens and computer experts trying to protect them. Consider:

  • There’s plenty of sharing of data on cyber threats already and no reason to think that the Sony Pictures hack or any of the other major recent cyber attacks could have been averted with more. What Obama is proposing would, by contrast, give companies that have terrible security practices a pass in the form of liability protection from regulatory or civil action based on the information they disclose, while potentially allowing widespread distribution of personal data that should be private.
  • The increased penalties for hacking Obama is proposing could punish people who have only briefly rubbed shoulders with hackers as full-fledged members of a criminal enterprise, and criminalize “white-hat” hacking.
  • And Obama’s federal standards for when companies have to report that customers’ data has been stolen would actually overturn tougher standards in many states.

“There’s nothing that he would propose that would do anything to actually improve cybersecurity,” says Chris Soghoian, the principal technologist at the American Civil Liberties Union. “That’s a problem.”


El final de las contraseñas | Tecnología | EL PAÍS

El final de las contraseñas | Tecnología | EL PAÍS.

 

Los ataques convierten en obsoletos los sistemas de seguridad en la Red. La doble autenticación y la biometría se abren camino

 

 

Emilio Martínez muestra el programa de contraseña por voz. / santi burgos

Con saqueos masivos de datos como el de Sony, el mayor ciberataque padecido por una empresa, o el que sufrió Apple hace unos meses, cuando decenas de fotos privadas de actrices de Hollywood fueron robadas y difundidas por todos los rincones de la red, hablar de Internet y seguridad se ha convertido casi en un oxímoron, una contradicción en los términos. La mayoría de los expertos considera que el actual sistema de contraseñas que rige la red ha caducado por lo incómodo que resulta para los usuarios y, como queda cada vez más claro, por su falta de fiabilidad. El futuro se encuentra en los sistemas de doble autenticación y en la biometría, campo en el que varias empresas españolas están en la vanguardia. Mientras tanto todos los expertos en seguridad dan el mismo consejo: generar contraseñas más complejas para, en la medida de lo posible, entorpecer el trabajo de los ladrones de datos.

Como ha escrito el experto en informática de The New York Times, Farhad Manjoo, “no mandes un mail, no subas una foto a la nube, no mandes un mensaje de texto, al menos si tienes cualquier esperanza de que siga siendo privado”. El problema está en que cada vez tenemos más datos y más importantes en Internet, ya sean bancarios, profesionales o personales, y cada vez están más expuestos. La página web www.databreaches.net calcula que se han producido 30.000 robos de datos en todo tipo de empresas en los últimos diez años, con una inquietante aceleración en 2013 y 2014. Javier García Villalba, profesor del Departamento de Ingeniería de Software e Inteligencia Artificial de la Universidad Complutense de Madrid, asegura: “Una contraseña por sí sola ya no ofrece suficiente seguridad. Los ataques informáticos comprometen por igual cualquier contraseña, sea buena, mala o regular”.


Sony Hack: Clooney Says Movie is about Snowden, Not Journalism – The Intercept

Sony Hack: Clooney Says Movie is about Snowden, Not Journalism – The Intercept.

BY NATASHA VARGAS-COOPER 

Featured photo - Sony Hack: Clooney Says Movie is about Snowden, Not Journalism

As curious journalists, tabloid writers, and Hollywood watchers pore over the massive trove of hacked Sony data, the public is being given a rare glimpse into the complicated world of Hollywood and politics. Tucked between bitchy emails about Angelina Jolie and snarky comments on Will Smith’s family are details of a chummy relationship between Sony executives and the CIA, as well as rare insight into how Hollywood views potential movies about NSA whistleblower Edward Snowden.

Sony’s plan to make a Snowden movie got rolling in January 2014, when Elizabeth Cantillon, then an executive producer at Sony, sentcompany Co-Chairman Amy Pascal an email saying she had successfully closed on the rights to the book, “No Place to Hide,” by The Intercept‘s founding editor, Glenn Greenwald.  “[Y]ou will be my Oscar date,” Cantillon promised Pascal.

In March of 2014, Sony officially optioned the rights to Greenwald’s book, which chronicles how he broke the Snowden story, and moved forward with plans for a movie.


Chinese Android phones contain in-built hacker 'backdoor' | Technology | The Guardian

Chinese Android phones contain in-built hacker ‘backdoor’ | Technology | The Guardian.

Coolpad
 Smartphones from Chinese manufacturer Coolpad found to have malware pre-installed. Photograph: Coolpad

Smartphones from a major Chinese manufacturer have a security flaw that was deliberately introduced and allows hackers full control of the device.

The “CoolReaper” backdoor was found in the software that powers at least 24 models made by Coolpad, which is now the world’s sixth-biggest smartphone producer according to Canalys.

The flaw allows hackers or Coolpad itself to download and install any software onto the phones without the user’s permission.

“The operator can simply uninstall or disable all security applications in user devices, install additional malware, steal information and inject content into the users device in multiple ways,” according to a report on the malware by security firm Palo Alto Networks (Pan).


Puertas traseras que recuerdan a la NSA en 600 millones de dispositivos iOS

Puertas traseras que recuerdan a la NSA en 600 millones de dispositivos iOS.

Ciertos servicios de iOS, sobre todo en la versión 7 del sistema, permitirían el establecimiento de puertas traseras

A pesar de que hay una similitud con herramientas de la NSA, Apple defiende que estos servicios descubiertos en iOS solo obedecen a la necesidad de realizar tareas diagnósticas

600 millones de dispositivos iOS en riesgo

Jonathan Zdziarski, hacker experto en iPhone, conocido como NeverGas en la comunidad iOS, ha descubierto indicios de puertas traseras en los dispositivos iOS. El especialista en seguridad ha buceado en las capacidades disponibles en iOS para obtener datos y ha comprobado que unos 600 millones de dispositivos podrían estar en riesgo, sobre todo los que tienen instalada la versión iOS 7.

Zdziarski ha descubierto una serie de funciones no documentadas de iOS que permiten sortear el cifrado del backup en los dispositivos con el sistema operativo móvil de Apple, lo que permitiría robar datos personales de los usuarios sin introducir sus contraseñas, siempre que se den ciertas circunstancias. El atacante tendría que estar físicamente cerca del dispositivo en el que quiere penetrar, así como estar en la misma red WiFi que la víctima, quien para ello debería tener la conexión WiFi activada.

Las vulnerabilidades se han revelado en una conferencia de hackers en Nueva York y Zdziarski ha publicado las ha publicado en un PDF. El sistema iOS ofrece la posibilidad de proteger los mensajes, documentos, cuentas de email, contraseñas varias y otra información personal mediante el backup de iTunes, que se puede asegurar con un cifrado. Pero en lugar de introducir la contraseña para desbloquear todos estos datos, existe un servicio llamado com.apple.mobile.file_relay, cuyo acceso se puede lograr remotamente o a través de cable USB y permite sortear el cifrado del backup.

Así lo cuenta Zdziarski, quien señala que entre la información que se puede obtener de este modo se encuentra la agenda de contactos, las fotografías, los archivos de audio o los datos del GPS. Además, todas las credenciales de cuentas que se hayan configurado en el dispositivo, como los emails, las redes sociales o iCloud, quedan reveladas. El hacker ha señalado que con esta y otras herramientas se puede recopilar casi la misma información que hay en un backup completo.

También se han descubierto otros dos servicios potencialmente peligrosos, destinados en principio a usos por parte de los usuarios y desarrolladores, pero que pueden convertirse en armas de espionaje. Uno de ellos es com.apple.pcapd, que permitiría a un atacante monitorizar remotamente el tráfico que entra y sale de un dispositivo conectado a una red WiFi. El otro es com.apple.mobile.house_arrest, a través del cual iTunes puede copiar archivos y documentos sensibles procedentes de aplicaciones de terceros como Twitter o Facebook.

Puertas traseras que recuerdan a la NSA

Algunos de estos descubrimientos se parecen a las herramientas de la NSA, en concreto a DROPOUTJEEP, que en los dispositivos iOS permite a la agencia de espionaje estadounidense controlar y monitorizar remotamente todas las funciones de un iPhone. Zdziarski ha admitido que empezó a investigar a raíz de un informe de Der Spiegel sobre cómo la NSA había tomado como objetivo los dispositivos iOS y los sistemas a los que estaban asociados.

Por su parte Apple se ha apresurado a decir que estas puertas traseras no tienen relación alguna con ninguna agencia gubernamental. La compañía ha indicado que solo están orientadas a labores “diagnósticas” y a permitir a los departamentos de IT de las empresas gestionar los terminales de los empleados.

 “No me creo ni por un minuto que estos servicios estén pensados solo para diagnosticar. La información que filtran es de una naturaleza extremadamente personal. No hay notificación al usuario”, ha rebatido en su blog el hacker que descubrió las vulnerabilidades.


Hacking Online Polls and Other Ways British Spies Seek to Control the Internet – The Intercept

Hacking Online Polls and Other Ways British Spies Seek to Control the Internet – The Intercept.

By 390
Featured photo - Hacking Online Polls and Other Ways British Spies Seek to Control the Internet

The secretive British spy agency GCHQ has developed covert tools to seed the internet with false information, including the ability to manipulate the results of online polls, artificially inflate pageview counts on web sites, “amplif[y]” sanctioned messages on YouTube, and censor video content judged to be “extremist.” The capabilities, detailed in documents provided by NSA whistleblower Edward Snowden, even include an old standby for pre-adolescent prank callers everywhere: A way to connect two unsuspecting phone users together in a call.

The tools were created by GCHQ’s Joint Threat Research Intelligence Group (JTRIG), and constitute some of the most startling methods of propaganda and internet deception contained within the Snowden archive. Previously disclosed documents have detailed JTRIG’s use of “fake victim blog posts,” “false flag operations,” “honey traps” and psychological manipulation to target online activists, monitor visitors to WikiLeaks, and spy on YouTube and Facebook users.

But as the U.K. Parliament today debates a fast-tracked bill to provide the government with greater surveillance powers, one which Prime Minister David Cameron has justified as an “emergency” to “help keep us safe,” a newly released top-secret GCHQ document called “JTRIG Tools and Techniques” provides a comprehensive, birds-eye view of just how underhanded and invasive this unit’s operations are. The document—available in full here—is designed to notify other GCHQ units of JTRIG’s “weaponised capability” when it comes to the dark internet arts, and serves as a sort of hacker’s buffet for wreaking online havoc.


Antivirus software is dead, says security expert at Symantec | Technology | theguardian.com

Antivirus software is dead, says security expert at Symantec | Technology | theguardian.com.

Information chief at Norton developer says software in general misses 55% of attacks and its future lies in responding to hacks

Blue creepy-crawly bug crawls over green electronic circuit
Hackers are said increasingly to use novel methods and bugs in the software of computers to perform attacks. Photograph: Dale O’Dell/Alamy

Antivirus software only catches 45% of malware attacks and is “dead”, according to a senior manager at Symantec.

Remarks by Brian Dye, senior vice-president for information security at the company, which invented commercial antivirus software in the 1980s and now develops and sells Norton Antivirus, suggest that such software leaves users vulnerable.

Dye told the Wall Street Journal that hackers increasingly use novel methods and bugs in the software of computers to perform attacks, resulting in about 55% cyberattacks going unnoticed by commercial antivirus software.

Malware has become increasingly complex in a post-Stuxnet world. Computer viruses range from relatively simple criminal attacks, where credit card information is targeted, to espionage programs that spy on users and data but can easily be upgraded into cyberweapons at the touch of a button, according to security expert Eugene Kaspersky, founder of Kaspersky Lab, which also sells antivirus software.


Inside the NSA’s Secret Efforts to Hunt and Hack System Administrators – The Intercept

Inside the NSA’s Secret Efforts to Hunt and Hack System Administrators – The Intercept.

By  and 
Featured photo - Inside the NSA’s Secret Efforts to Hunt and Hack System AdministratorsA secret document reveals how the NSA tracks down system administrators for surveillance. Illustration: Josh Begley.

Across the world, people who work as system administrators keep computer networks in order – and this has turned them into unwitting targets of the National Security Agency for simply doing their jobs. According to a secret document provided by NSA whistleblower Edward Snowden, the agency tracks down the private email and Facebook accounts of system administrators (or sys admins, as they are often called), before hacking their computers to gain access to the networks they control.

The document consists of several posts – one of them is titled “I hunt sys admins” – that were published in 2012 on an internal discussion board hosted on the agency’s classified servers. They were written by an NSA official involved in the agency’s effort to break into foreign network routers, the devices that connect computer networks and transport data across the Internet. By infiltrating the computers of system administrators who work for foreign phone and Internet companies, the NSA can gain access to the calls and emails that flow over their networks.

The classified posts reveal how the NSA official aspired to create a database that would function as an international hit list of sys admins to potentially target. Yet the document makes clear that the admins are not suspected of any criminal activity – they are targeted only because they control access to networks the agency wants to infiltrate. “Who better to target than the person that already has the ‘keys to the kingdom’?” one of the posts says.

The NSA wants more than just passwords. The document includes a list of other data that can be harvested from computers belonging to sys admins, including network maps, customer lists, business correspondence and, the author jokes, “pictures of cats in funny poses with amusing captions.” The posts, boastful and casual in tone, contain hacker jargon  (pwn, skillz, zomg, internetz) and are punctuated with expressions of mischief. “Current mood: devious,” reads one, while another signs off, “Current mood: scheming.”

The author of the posts, whose name is being withheld by The Intercept, is a network specialist in the agency’s Signals Intelligence Directorate, according to other NSA documents. The same author wrote secret presentations related to the NSA’s controversial program to identify users of the Tor browser – a privacy-enhancing tool that allows people to browse the Internet anonymously. The network specialist, who served as a private contractor prior to joining the NSA, shows little respect for hackers who do not work for the government. One post expresses disdain for the quality of presentations at Blackhat and Defcon, the computer world’s premier security and hacker conferences:

It is unclear how precise the NSA’s hacking attacks are or how the agency ensures that it excludes Americans from the intrusions. The author explains in one post that the NSA scours the Internet to find people it deems “probable” administrators, suggesting a lack of certainty in the process and implying that the wrong person could be targeted. It is illegal for the NSA to deliberately target Americans for surveillance without explicit prior authorization. But the employee’s posts make no mention of any measures that might be taken to prevent hacking the computers of Americans who work as sys admins for foreign networks. Without such measures, Americans who work on such networks could potentially fall victim to an NSA infiltration attempt.

The NSA declined to answer questions about its efforts to hack system administrators or explain how it ensures Americans are not mistakenly targeted. Agency spokeswoman Vanee’ Vines said in an email statement: “A key part of the protections that apply to both U.S. persons and citizens of other countries is the mandate that information be in support of a valid foreign intelligence requirement, and comply with U.S. Attorney General-approved procedures to protect privacy rights.”

As The Intercept revealed last week, clandestine hacking has become central to the NSA’s mission in the past decade. The agency is working to aggressively scale its ability to break into computers to perform what it calls “computer network exploitation,” or CNE: the collection of intelligence from covertly infiltrated computer systems. Hacking into the computers of sys admins is particularly controversial because unlike conventional targets – people who are regarded as threats – sys admins are not suspected of any wrongdoing.


Michael Fertik: “Los datos son nuestro ADN” | Tecnología | EL PAÍS

Michael Fertik: “Los datos son nuestro ADN” | Tecnología | EL PAÍS.


Michael Fertik, fundador y consejero delegado de Reputation.com. / LUIS SEVILLANO (EL PAÍS)

Enviar a LinkedIn11
Enviar a TuentiEnviar a MenéameEnviar a Eskup

EnviarImprimirGuardar

Michael Fertik (Nueva York, 1978) cambió Kentucky por la bahía de San Francisco por una chica. Dice que le salió bien la jugada, allí lanzó en 2006 Reputation.com. Entonces consiguió una ronda de financiación de un millón de dólares. La última fue de más de 65. Conocido blogger y columnista, su libro Wild West 2.0 (Salvaje Oeste 2.0), un manual para mantener a salvo la imagen y datos en redes sociales es uno de los más vendidos en Amazon.

A la vuelta de Davos, “aunque parece una reunión de políticos y grandes poderes, es, básicamente, un lugar para hacer negocios”, dedicó un día en Madrid para tratar con clientes, en su mayoría grandes empresas que quieren estar al tanto la percepción que se tiene de sus servicios en Internet o atajar algún problema en el momento en que se genere.

Con ánimo divulgador, Fertik se atreve a crear una analogía de las leyes de la robótica propuestas por Isaac Asimov adaptadas a la privacidad: 1) Acceso a todo aquello que una empresa sabe de ti con una mera petición. 2) Saber dónde, cómo, en qué formato y con qué frecuencia se recolectan los datos. 3) Poder borrar o impedir que se recojan tus datos personales.


NSA 'hacking unit' infiltrates computers around the world – report | World news | The Guardian

NSA ‘hacking unit’ infiltrates computers around the world – report | World news | The Guardian.

• NSA: Tailored Access Operations a ‘unique national asset’
• Former NSA chief calls Edward Snowden a ‘traitor’

Average reading time: 6m

 

A hacker's silhouette

Der Spiegel reported that TAO’s areas of operation range from counter-terrorism to cyber attacks. Photograph: Getty Images

 

A top-secret National Security Agency hacking unit infiltrates computers around the world and breaks into the toughest data targets, according to internal documents quoted in a magazine report on Sunday.

Details of how the division, known as Tailored Access Operations (TAO), steals data and inserts invisible “back door” spying devices into computer systems were published by the German magazine Der Spiegel.

The magazine portrayed TAO as an elite team of hackers specialising in gaining undetected access to intelligence targets that have proved the toughest to penetrate through other spying techniques, and described its overall mission as “getting the ungettable”. The report quoted an official saying that the unit’s operations have obtained “some of the most significant intelligence our country has ever seen”.

NSA officials responded to the Spiegel report with a statement, which said: “Tailored Access Operations is a unique national asset that is on the front lines of enabling NSA to defend the nation and its allies. [TAO’s] work is centred on computer network exploitation in support of foreign intelligence collection.”


"Existe un nivel de vigilancia que supera al de la Unión Soviética" – Público.es

“Existe un nivel de vigilancia que supera al de la Unión Soviética” – Público.es.

Considerado uno de los más prestigiosos hackers estadounidenses, Richard Stallman nos habla con sencillez y desparpajo sobre la filosofía y los retos del software libre

*KAY LEVIN | SOFÍA DE ROA | VIRGINIA UZAL Madrid 19/12/2013 08:34 Actualizado: 19/12/2013 09:21

 

Richard Stallman, padre del software libre.- AFP

Richard Stallman, padre del software libre.- AFP

“Todos deberíamos exponer en nuestros balcones y ventanas un cartel grande indicando que la Ley de Seguridad Ciudadana insulta a España”. Así de tajante se muestra Richard Stallman, padre del software libre, en una conferencia en la Universidad Rey Juan Carlos. A la cita se presenta descalzo, con la melena suelta y aspecto despreocupado. Comienza soltando frases lapidarias contra el Gobierno y la industria informática con una sinceridad divertida, pero con conocimiento de causa: el que aporta haber estado 30 años aplicando su inteligencia y “espíritu juguetón” para hackear el software y desafiar al monopolio de lo privativo.

Presenta un discurso directo, casi radical, en contra del servilismo ante el yugo informático. Ataca directamente a la conciencia y no hay medias tintas. Por eso, escucharle no deja indiferente. Explica con sencillez lo que significa el software libre: una filosofía iniciada por el hacker estadounidense, que desarrolló el primer sistema operativo libre, GNU (mal conocido como Linux), y creó la Free Software Foundation para proteger la libertad informática. Antes de eso estuvo trabajando en el prestigioso MIT (Massachusetts Institute of Technology), tras comenzar estudios de Física en Harvard.

El principio de su filosofía es claro: “O los usuarios tienen el control del programa o el programa tiene el control de los usuarios”.


Why NSA's war on terror is more than just a 'neat' hacking game | World news | The Observer

Why NSA’s war on terror is more than just a ‘neat’ hacking game | World news | The Observer.

Edward Snowden’s revelations show how British and US spies have compromised e-commerce and civil liberties with a series of clever coding stunts
A smiley face indicates how pleased the NSA was with this intrusion into Google's security system.

A smiley face indicates how pleased the NSA was with this intrusion into Google’s security system. Photograph: Washington Post

Tinker, tailor, soldier, spy. And then there’s Edward Snowden, who was a spy and then became something else. Nobody’s neutral about him. The other day I heard a senior military officer describe him unambiguously as “a thief”. In Washington he seems to be universally regarded as a traitor. Many people in Europe regard him as, at worst, a principled whistleblower and, at best, a hero in the Daniel Ellsberg mould.

Whatever you think about him, though, one thing is clear: Snowden is a pretty astute geek. The evidence for this is in the way he approached his whistleblowing task. Having concluded (as several other distinguished National Security Agency employees before him had) that the NSA had misinterpreted or overstepped its brief, he then identified prominent instances of agency overreach and for each category downloaded evidence that supported his conjecture.

We’re now getting to the point where we can begin to assess the bigger picture. What do the Snowden revelations tell us about what’s wrong with the NSA – and its leading overseas franchise, our own dear GCHQ?