Shadow Brokers threaten to unleash more hacking tools | Technology | The Guardian

The so-called Shadow Brokers, who claimed responsibility for releasing NSA tools that were used to spread the WannaCry ransomware through the NHS and across the world, said they have a new suite of tools and vulnerabilities in newer software. The possible targets include Microsoft’s Windows 10, which was unaffected by the initial attack and is on at least 500m devices around the world.

Fuente: Shadow Brokers threaten to unleash more hacking tools | Technology | The Guardian


Microsoft responsabiliza a la Agencia de Seguridad Nacional de EE.UU. de propiciar el ciberataque masivo que afectó al menos a 150 países – El Mostrador

El gigante de la informática criticó el papel de los gobiernos y organizaciones que coleccionan vulnerabilidades informáticas que después pueden ser robadas o vendidas a delincuentes informáticos. La empresa pide que lo sucedido sea una lección para erradicar esta práctica en el mundo.

Fuente: Microsoft responsabiliza a la Agencia de Seguridad Nacional de EE.UU. de propiciar el ciberataque masivo que afectó al menos a 150 países – El Mostrador


Leaked NSA Malware Threatens Windows Users Around the World

“This is as big as it gets,” Hickey said. “Nation-state attack tools are now in the hands of anyone who cares to download them…it’s literally a cyberweapon for hacking into computers…people will be using these attacks for years to come.”

Fuente: Leaked NSA Malware Threatens Windows Users Around the World


Russian cybersecurity experts suspected of treason linked to CIA | World news | The Guardian

Two of Moscow’s top cybersecurity officials are facing treason charges for cooperating with the CIA, according to a Russian news report.The accusations add further intrigue to a mysterious scandal that has had the Moscow rumour mill working in overdrive for the past week, and comes not long after US intelligence accused Russia of interfering in the US election and hacking the Democratic party’s servers.

Fuente: Russian cybersecurity experts suspected of treason linked to CIA | World news | The Guardian


Ex-Yahoo Employee: Government Spy Program Could Have Given a Hacker Access to All Email

Contrary to a denial by Yahoo and a report by the New York Times, the company’s scanning program, revealed earlier this week by Reuters, provided the government with a custom-built back door into the company’s mail service — and it was so sloppily installed that it posed a privacy hazard for hundreds of millions of users, according to a former Yahoo employee with knowledge of the company’s security practices.

Fuente: Ex-Yahoo Employee: Government Spy Program Could Have Given a Hacker Access to All Email


NSA Theft Suspect Worked For Contractor That Sells the Government Tech for Spotting Rogue Employees

Booz Allen Hamilton, the defense contracting giant whose employee was charged Wednesday in connection with the theft of hacking codes used by the National Security Agency, provides a fairly ironic service to the government: spotting rogue employees.

Fuente: NSA Theft Suspect Worked For Contractor That Sells the Government Tech for Spotting Rogue Employees


NSA contractor arrested for alleged theft of top secret classified information | US news | The Guardian

Shares183Save for laterThe FBI has arrested a National Security Agency contractor on suspicion of the theft of top secret classified data and documents in an alleged security breach at the same intelligence agency whose spy secrets were exposed by Edward Snowden.

Fuente: NSA contractor arrested for alleged theft of top secret classified information | US news | The Guardian


Hackean grupo de espionaje de la NSA y subastan información por 1 millón de bitcoins | CriptoNoticias – Bitcoin, Blockchain y criptomonedas

Un grupo de hackers vinculado a la Agencia de Seguridad Nacional de los Estados Unidos, mejor conocida como la NSA (National Security Agency), ha sido hackeado recientemente y sus herramientas de espionaje, recolección de información, malware y más, han sido puestas en venta por 1 millón de bitcoins (más de 550 millones de dólares al momento de la publicación).

Fuente: Hackean grupo de espionaje de la NSA y subastan información por 1 millón de bitcoins | CriptoNoticias – Bitcoin, Blockchain y criptomonedas


¿Son estas las armas de espionaje de la NSA? | Derechos Digitales

Un grupo de hackers dice haber obtenido información confidencial de Equation Group, un conocido y sofisticado grupo de ciber atacantes ligado a la NSA. Parte de la información publicada permite por primera vez echar un vistazo a las herramientas utilizadas por la agencia de seguridad estadounidense.

Fuente: ¿Son estas las armas de espionaje de la NSA? | Derechos Digitales


Brussels to tighten grip on web services in telecoms shake-up – FT.com

Brussels will tighten its regulatory grip over online services such as WhatsApp and Skype in a radical overhaul of the EU’s rules on telecoms due out in September. According to internal documents seen by the Financial Times, so-called “over-the-top” services operated by groups such as Facebook, which runs WhatsApp, and Skype owner Microsoft would in future have to abide by “security and confidentiality provisions” demanded by the EU.

Fuente: Brussels to tighten grip on web services in telecoms shake-up – FT.com


America’s broken digital copyright law is about to be challenged in court | Technology | The Guardian

The Electronic Frontier Foundation is suing the US government over ‘unconstitutional’ use of the Digital Millennium Copyright Act

Fuente: America’s broken digital copyright law is about to be challenged in court | Technology | The Guardian


Brussels set to sign off on transatlantic data transfer rules – FT.com

The new deal, called Privacy Shield, will provide a legal means for businesses to transfer personal data online — whether payslips, pictures or healthcare data — to the US from the EU without falling foul of the bloc’s strict privacy laws.

Fuente: Brussels set to sign off on transatlantic data transfer rules – FT.com


La mitad de los ministros de telecomunicaciones europeos quiere que tus datos fluyan libremente

13 miembros de la UE, entre los que se encuentran Irlanda, Bélgica, Polonia, Suecia y Reino Unido se muestran partidarios de que los datos fluyan solo por territorio europeo

Fuente: La mitad de los ministros de telecomunicaciones europeos quiere que tus datos fluyan libremente


Government keeping its method to crack San Bernardino iPhone ‘classified’ | Technology | The Guardian

Revealed: After postponing a court hearing with Apple, the FBI is testing a new technique which Apple says they will pressure government to reveal

Fuente: Government keeping its method to crack San Bernardino iPhone ‘classified’ | Technology | The Guardian


Forget Apple's fight with the FBI – our privacy catastrophe has only just begun | Technology | The Guardian

The privacy crisis is a disaster of our own making – and now the tech firms who gathered our data are trying to make money out of privacy

Fuente: Forget Apple’s fight with the FBI – our privacy catastrophe has only just begun | Technology | The Guardian


Facebook, Google and WhatsApp plan to increase encryption of user data | Technology | The Guardian

Spurred on by Apple’s battles against the FBI, some of tech’s biggest names are to expand encryption of user data in their services, the Guardian can reveal

Fuente: Facebook, Google and WhatsApp plan to increase encryption of user data | Technology | The Guardian


Obama Wants Nonexistent Middle Ground on Encryption, Warns Against “Fetishizing Our Phones”

Obama’s first extended disquisition on the contentious issue of encryption suggests he’s only been listening to one side.

Fuente: Obama Wants Nonexistent Middle Ground on Encryption, Warns Against “Fetishizing Our Phones”


Snowden: FBI's claim it can't unlock the San Bernardino iPhone is 'bullshit' | Technology | The Guardian

NSA whistleblower rubbishes claims that only Apple can unlock killer’s iPhone 5C, indicating FBI has the means itself

Fuente: Snowden: FBI’s claim it can’t unlock the San Bernardino iPhone is ‘bullshit’ | Technology | The Guardian


NSA Is Mysteriously Absent From FBI-Apple Fight

The Federal Bureau of Investigation insisted that it was helpless. The bureau told a judge in February that Apple has the “exclusive technical means” to try to unlock the contents of San Bernardino shooter Syed Rizwan Farook’s iPhone — and that’s why it should be forced to do so. But notably missing from the FBI’s argument was any mention of whether it had consulted spies and sleuths from the government’s intelligence community — particularly the National Security Agency. The Twitterverse exploded with q

Fuente: NSA Is Mysteriously Absent From FBI-Apple Fight


Apple gains support from tech rivals in FBI case – FT.com

ft.com > Companies >TechnologySubscribe Sign in Home World Companies Energy Financials Health Industrials Luxury 360 Media Retail & Consumer Tech Telecoms Transport By Region Tools Markets Global Economy Lex Comment Management Life & Arts March 4, 2016 2:25 amApple gains support from tech rivals in FBI caseTim Bradshaw in San Francisco Share Print Clip CommentsFBI and Apple logos©FBI/AppleAmerica’s largest technology companies have joined Apple’s fight against the government over data protection and security, in an unusual display of unity by the Silicon Valley rivals.More than a dozen motions filed on Thursday sided with Apple as it tries to resist a demand to write software that would help the FBI unlock the San Bernardino shooter’s iPhone. Civil liberties groups and IT trade associations lined up alongside dozens of law professors and cryptography experts, after Apple filed its own motion for the judicial order to be withdrawn last week.

Fuente: Apple gains support from tech rivals in FBI case – FT.com


Tech start-up Dwolla fined $100,000 for cyber defence flaws – FT.com

A financial technology start-up has been fined $100,000 for deficiencies in its cyber defence systems in a sign that new online payment networks are facing tougher scrutiny from regulators.The Consumer Financial Protection Bureau on Wednesday handed its first penalty for data security shortcomings to Dwolla, an ecommerce company that is little more than five years old.

Fuente: Tech start-up Dwolla fined $100,000 for cyber defence flaws – FT.com


Apple recurre la orden para dar acceso al FBI al móvil del terrorista de San Bernardino | Internacional | EL PAÍS

Cook reitera su negativa a crear un software que altere su sistema de encriptación. El buró dice que este caso no sentaría precedentes

Fuente: Apple recurre la orden para dar acceso al FBI al móvil del terrorista de San Bernardino | Internacional | EL PAÍS


What has the FBI ordered Apple to do and why is it refusing? – FT.com

What has Apple been ordered to do?The US court has told Apple to write a piece of software that lowers an iPhone’s defences, enabling the FBI to use brute force to break in by bombarding the device with many possible passwords until it gets the right answer. The new tool would do three things:

Fuente: What has the FBI ordered Apple to do and why is it refusing? – FT.com


N.Y. judge backs Apple in encryption fight with government | Reuters

The U.S. government cannot force Apple Inc (AAPL.O) to unlock an iPhone in a New York drug case, a federal judge in Brooklyn said on Monday, a ruling that bolsters the company’s arguments in its landmark legal showdown with the Justice Department over encryption and privacy.

Fuente: N.Y. judge backs Apple in encryption fight with government | Reuters


Apple vs. FBI: Cuando las compañías hacen activismo | Hiperderecho

Durante la semana pasada se ha dicho y escrito mucho sobre la orden judicial que ordena a Apple colaborar con el FBI para acceder a los datos del iPhone de uno de los autores de la masacre de San Bernardino. La negativa de Tim Cook, CEO de la compañía, ha sido apoyada y criticada desde …

Fuente: Apple vs. FBI: Cuando las compañías hacen activismo | Hiperderecho


EFF, ACLU, and Amnesty International voice support for Apple in FBI battle | The Verge

The American Civil Liberties Union (ACLU), Electronic Frontier Foundation (EFF), and Amnesty International have come out in support of Apple, after the company said it would contest a judge’s order to unlock an iPhone used by one of the San Bernardino shooters.

Fuente: EFF, ACLU, and Amnesty International voice support for Apple in FBI battle | The Verge


Apple’s FBI Battle Is Complicated. Here’s What’s Really Going On | WIRED

The news this week that a magistrate ordered Apple to help the FBI hack an iPhone used by one of the San Bernardino shooter suspects has polarized the nation—and also generated some misinformation.  In the interest of clarifying the facts and correcting some misinformation, we’ve pulled together a summary of the issues at hand.

Fuente: Apple’s FBI Battle Is Complicated. Here’s What’s Really Going On | WIRED


Bill Gates backs FBI in battle with Apple over San Bernardino killer's phone | Technology | The Guardian

US government is asking for a particular case, and Apple should comply, says Microsoft co-founder Gates

Fuente: Bill Gates backs FBI in battle with Apple over San Bernardino killer’s phone | Technology | The Guardian


Hillary Clinton and Bernie Sanders Refuse to Choose Between Apple and the FBI

Both candidates tried to occupy a middle ground that doesn’t really exist – either in the war between Apple and the FBI, or when it comes to the spread of unbreakable encryption.

Fuente: Hillary Clinton and Bernie Sanders Refuse to Choose Between Apple and the FBI


FBI Says Apple Court Order Is Narrow, But Other Law Enforcers Hungry to Exploit It

The Justice Department says Apple can destroy the hacking software it makes after it’s used once. But other law enforcers are already lining up to use it themselves.

Fuente: FBI Says Apple Court Order Is Narrow, But Other Law Enforcers Hungry to Exploit It


Exclusive: Snowden intelligence docs reveal UK spooks' malware checklist / Boing Boing

Boing Boing is proud to publish two original documents disclosed by Edward Snowden, in connection with “Sherlock Holmes and the Adventure of the Extraordinary Rendition,” a short story …

Fuente: Exclusive: Snowden intelligence docs reveal UK spooks’ malware checklist / Boing Boing


New Safe Harbor Data “Deal” May Be More Politicking Than Surveillance Reform

European privacy activists criticized a new Safe Harbor data agreement with the U.S. as a superficial political fix that fails to address NSA spying.

Fuente: New Safe Harbor Data “Deal” May Be More Politicking Than Surveillance Reform


Comey Calls on Tech Companies Offering End-to-End Encryption to Reconsider “Their Business Model”

The FBI director essentially wants tech companies to roll back secure encryption to something less secure that law enforcement can intercept.

Fuente: Comey Calls on Tech Companies Offering End-to-End Encryption to Reconsider “Their Business Model”


Intel Security’s Chris Young tells cyber sector to go on offensive – FT.com

Intel Security’s Chris Young tells cyber sector to go on offensive – FT.com.

 

Hacker; Cyber Security

The president of Intel Security has admonished the cyber security industry for being “too reactive” and focusing on the symptoms of attacks rather than the underlying causes.

Chris Young said that the sector had become “bogged down” in data while cyber attackers get better funded, more innovative and improve their skills.

“In security we’re chasing the symptoms like malware and vulnerabilities when we’d be smarter if we knew the context of attacks, who the attackers are and why do I care about them.”“We are swimming in symptoms but we don’t really understand the problem in many cases. To use a human analogy, I’m sneezing, I can’t breathe easily, I have a runny nose: do I have a cold, flu or allergies?” he said.

Mr Young told the Financial Times at the RSA cyber security conference that President Barack Obama’s new information sharing proposals, announced in the State of the Union speech, risk creating a flood of new data on attacks that few companies are skilled at processing. The US House of Representatives could vote on the bill this week.

 


US warns of risks from deeper encryption – FT.com

US warns of risks from deeper encryption – FT.com.

 

Jeh Johnson©Getty

Jeh Johnson

The head of the US Department of Homeland Security has warned the cyber security industry that encryption poses “real challenges” for law enforcement.

In a speech at a cyber security conference, RSA in San Francisco, Jeh Johnson called on the industry to find a solution that protected “the basic physical security of the American people” and the “liberties and freedoms we cherish”.

“The current course on deeper and deeper encryption is one that presents real challenges for those in law enforcement and national security,” he said.He said he understood the importance of encryption for privacy but asked the audience to imagine what it would have meant for law enforcement if, after the invention of the telephone, all the police could search was people’s letters.

Mr Johnson’s comments echo those of FBI director James Comey who called on Congress last year to stop the rise of encryption where no one held a key and so law enforcement agencies could not unlock it.

In the UK, the director of GCHQ criticised US technology companies last year for becoming “the command and control networks of choice” for terrorists by protecting communications. Across Europe, police forces have become concerned by their inability to track the communications of people who plan to travel to the Middle East to join the Islamic State of Iraq and the Levant (Isis).

 


How Big Business Is Helping Expand NSA Surveillance, Snowden Be Damned – The Intercept

How Big Business Is Helping Expand NSA Surveillance, Snowden Be Damned – The Intercept.

Featured photo - How Big Business Is Helping Expand NSA Surveillance, Snowden Be Damned

Since November 11, 2011, with the introduction of the Cyber Intelligence Sharing and Protection Act, American spy agencies have been pushing laws to encourage corporations to share more customer information. They repeatedly failed, thanks in part to NSA contractor Edward Snowden’s revelations of mass government surveillance. Then came Republican victories in last year’s midterm Congressional elections and a major push by corporate interests in favor of the legislation.

Today, the bill is back, largely unchanged, and if congressional insiders and the bill’s sponsors are to believed, the legislation could end up on President Obama’s desk as soon as this month. In another boon to the legislation, Obama is expected to reverse his past opposition and sign it, albeit in an amended and renamed form (CISPA is now CISA, the “Cybersecurity Information Sharing Act”). The reversal comes in the wake of high-profile hacks on JPMorgan Chase and Sony Pictures Entertainment. The bill has also benefitted greatly from lobbying by big business, which sees it as a way to cut costs and to shift some anti-hacking defenses onto the government.

For all its appeal to corporations, CISA represents a major new privacy threat to individual citizens. It lays the groundwork for corporations to feed massive amounts of communications to private consortiums and the federal government, a scale of cooperation even greater than that revealed by Snowden. The law also breaks new ground in suppressing pushback against privacy invasions; in exchange for channeling data to the government, businesses are granted broad legal immunity from privacy lawsuits — potentially leaving consumers without protection if companies break privacy promises that would otherwise keep information out of the hands of authorities.

Ostensibly, CISA is supposed to help businesses guard against cyberattacks by sharing information on threats with one another and with the government. Attempts must be made to filter personal information out of the pool of data that is shared. But the legislation — at least as marked up by the Senate Intelligence Committee — provides an expansive definition of what can be construed as a cybersecurity threat, including any information for responding to or mitigating “an imminent threat of death, serious bodily harm, or serious economic harm,” or information that is potentially related to threats relating to weapons of mass destruction, threats to minors, identity theft, espionage, protection of trade secrets, and other possible offenses. Asked at a hearing in February how quickly such information could be shared with the FBI, CIA, or NSA, Deputy Undersecretary for Cybersecurity Phyllis Schneck replied, “fractions of a second.”

Questions persist on how to more narrowly define a cybersecurity threat, what type of personal data is shared, and which government agencies would retain and store this data. Sen. Ron Wyden, D-Ore., who cast the lone dissenting vote against CISA on the Senate Intelligence Committee, declared the legislation “a surveillance bill by another name.” Privacy advocates agree. “The lack of use limitations creates yet another loophole for law enforcement to conduct backdoor searches on Americans,” argues aletter sent by a coalition of privacy organizations, including Free Press Action Fund and New America’s Open Technology Institute. Critics also argue that CISA would not have prevented the recent spate of high-profile hacking incidents. As the Electronic Frontier Foundation’s Mark Jaycox noted in a blog post, the JPMorgan hack occurred because of an “un-updated server” and prevailing evidence about the Sony breach is “increasingly pointing to an inside job.”

But the intelligence community and corporate America have this year unified behind the bill. For a look into the breadth of the corporate advocacy campaign to pass CISA, see this letter cosigned by many of the most powerful corporate interests in America and sent to legislators earlier this year. Or another letter, reported in the Wall Street Journal, signed by “general counsels of more than 30 different firms, including 3M and Lockheed Martin Corp.”


EE UU incorpora los ciberataques a su programa de sanciones | Internacional | EL PAÍS

EE UU incorpora los ciberataques a su programa de sanciones | Internacional | EL PAÍS.

 

Obama, el martes en el Despacho Oval. / Susan Walsh (AP)

Aquellas personas o grupos que participen en ataques cibernéticos contra Estados Unidos podrán ser sancionadas del mismo modo que lo son quienes colaboran con la injerencia rusa en Ucrania o con el régimen sirio. En un reflejo de su creciente preocupación por las amenazas virtuales, la Casa Blanca incorporó este miércoles la ciberseguridad a la diplomacia de sanciones que aplica en todo el mundo.

El presidente Barack Obama aprobó una orden ejecutiva, que no requiere del voto del Congreso, que permite por primera vez imponer penalizaciones a los individuos o grupos ubicados fuera de EE UU que perpetren ataques o espionajes cibernéticos “maliciosos” que supongan una “amenaza significativa” a la seguridad nacional, la política exterior, la economía o la estabilidad financiera de la primera potencia mundial.

Esas actividades podrán ser consideradas a partir de ahora una “emergencia nacional”, basándose en una ley de 1977. El Departamento del Tesoro podrá congelar los activos de esas personas o entidades en EE UU e impedir determinadas transacciones financieras con compañías estadounidenses, siguiendo el mismo patrón que en las sanciones diplomáticas convencionales.


Leave Facebook if you don't want to be snooped on, warns EU | Technology | The Guardian

Leave Facebook if you don’t want to be snooped on, warns EU | Technology | The Guardian.

European Commission admits Safe Harbour framework cannot ensure privacy of EU citizens’ data when sent to the US by American internet firms

European flags at the EC
The Safe Harbour Framework that is meant to protect the data of EU citizens when sent to the US by American technology firms including Facebook are not adequate the European Commission has admitted. Photograph: Georges Gobet/AFP/Getty Images

The European Commission has warned EU citizens that they should close their Facebook accounts if they want to keep information private from US security services, finding that current Safe Harbour legislation does not protect citizen’s data.

The comments were made by EC attorney Bernhard Schima in a case brought by privacy campaigner Maximilian Schrems, looking at whether the data of EU citizens should be considered safe if sent to the US in a post-Snowden revelation landscape.

“You might consider closing your Facebook account, if you have one,” Schima told attorney general Yves Bot in a hearing of the case at the European court of justice in Luxembourg.

When asked directly, the commission could not confirm to the court that the Safe Harbour rules provide adequate protection of EU citizens’ data as it currently stands.

The US no longer qualifies

The case, dubbed “the Facebook data privacy case”, concerns the current Safe Harbour framework, which covers the transmission of EU citizens’ data across the Atlantic to the US. Without the framework, it is against EU law to transmit private data outside of the EU. The case collects complaints lodged against Apple, Facebook, Microsoft, Microsoft-owned Skype and Yahoo.

Schrems maintains that companies operating inside the EU should not be allowed to transfer data to the US under Safe Harbour protections – which state that US data protection rules are adequate if information is passed by companies on a “self-certify” basis – because the US no longer qualifies for such a status.

The case argues that the US government’s Prism data collection programme, revealed by Edward Snowden in the NSA files, which sees EU citizens’ data held by US companies passed on to US intelligence agencies, breaches the EU’s Data Protection Directive “adequacy” standard for privacy protection, meaning that the Safe Harbour framework no longer applies.


FBI probes possible China military involvement in cyber attack – FT.com

FBI probes possible China military involvement in cyber attack – FT.com.

hacking hackers chinese registry.com©Dreamstime

The FBI is investigating possible Chinese military involvement in a cyber hack at Register.com, which manages more than 1.4m website addresses for businesses around the world.

Hackers, who appear to have stolen network and employee passwords, have accessed Register’s network for about a year, said people familiar with the probe. But the breach, which the company reported to the FBI but not to customers or investors, is not known to have caused disruptions or resulted in any theft of client data.

Although the investigative trail has pointed to Chinese military involvement, it is unclear what China would want to accomplish by hacking the site. Some current and former law enforcement officials said, however, that the hack could be aimed at obtaining the ability to undermine large parts of internet infrastructure.That has bolstered investigators’ belief that the hackers are state-sponsored rather than criminals intent on making money from credit card data or social security information.