Tag: Government

How The UK’s HACIENDA Program Targeted Entire Countries

The folks over at Heise/c’t Magazin revealed leaked, classified documents to report on HACIENDA, a GCHQ program to deliver country-wide Internet reconnaissance for so-called “five eyes” nations, including the US (NSA), Canada and Australia. And, as Bruce Schneier points out – its not clear that these documents were from Edward Snowden’s trove of classified NSA materials. HACIENDA involves the large-scale use of TCP “port” scans to profile systems connected to the Internet, in addition to profiling of enabled applications. According to Heise, which published a classified slide deck. GCHQ claimed to have canvassed 27 countries through the program. A list of targeted services includes ubiquitous public services such as HTTP and FTP, SSH (Secure Shell protocol) and SNMP (Simple Network Management Protocol). The Heise report, prepared by Julian Kirsch, Christian Grothoff, Monika Ermert, Jacob Appelbaum, Laura Poitras and Henrik Moltke claim that HACIENDA’s goal was to perform active collection and map vulnerable services across […]

Continue Reading

McAfee sideshow eclipses Defcon’s real security breakthroughs | Security – InfoWorld

The onetime technology wunderkind, who left a job working for Lockheed to turn his curiosity about computer viruses into a thriving, global corporation showed up at two Las Vegas hacker cons last week: B-Sides Las Vegas and DEFCON. He offered some off-the-cuff rebukes to firms like Google. He also rambled long and hard about the dark forces that pursue him: the U.S. government, the government of Belize, Central American drug cartels and script kiddies desperate for his (virtual) scalp. Everywhere he goes, people take his picture. Who are they working for? The phones and computers he buys are bugged. His movements are being tracked. Those in attendance were admonished to beware of government snooping — especially via mobile applications. “Without privacy there is no freedom,” McAfee intoned.   Listening to McAfee rant, it’s easy to forget there were plenty of folks walking the halls of Defcon, Black Hat, and B-Sides […]

Continue Reading

Study Finds Unrelenting Cyber Attacks Against China’s Uyghurs

A group representing the Uyghurs,a  persecuted religious minority in China, faces unrelenting, targeted cyber attacks that appear aimed at stealing sensitive data and otherwise undermining the group’s activity, according to a new study by researchers at Northeastern University in Boston as well as the Max Planck Institute for Software Systems and the National University of Singapore.   A study of more than 1,400 suspicious email messages sent to members of groups representing the Uyghur minority found that more than three quarters of the messages contained malicious attachments. The messages targeted 724 individuals at 108 separate organizations. Moreover, researchers found overlap between the individuals associated with the Uyghur World Contress (UWC) and western targets such as the New York Times and U.S. embassies. The study, “A Look at Targeted Attacks Through the Lense of an NGO” is being presented at the UNENIX Security Conference in San Diego on August 21. (A copy of the full paper is […]

Continue Reading

Punch Out: Security Holes In Time Clock Bite TSA, Others

A common time clock that is used by companies and government agencies, including the Transportation Security Administration (TSA) contains pre-programmed “back door” user accounts that could allow malicious attackers to gain access to sensitive networks, according to research by a security researcher at Qualys Inc. Speaking before an audience at the Black Hat Briefings in Las Vegas on Wednesday, Billy Rios, the Director of Threat Intelligence at Qualys Inc., revealed research on the Kronos 4500, a “time and attendance” product (aka time clock) that employees use to ‘punch in’ and ‘punch out’ from work. Rios said that an in-depth analysis of the Kronos equipment and the software that it runs revealed two types of backdoor accounts (user names and passwords) that will provide access to any deployed 4500 device. The accounts are particularly worrying because some vulnerable devices can be discovered using Internet searches, and because TSA is known to use Kronos attendance […]

Continue Reading

Report: CIA Fears the Internet of Things | Nextgov.com

A story by Patrick Tucker over at Nextgov.com picks up on some comments from Dawn Meyerriecks, the deputy director of the Central Intelligence Agency’s directorate of science and technology regarding the agency’s thinking about the Internet of Things. Meyerriecks was speaking at The Aspen Institute’s Security Forum on Thursday of last week in a panel on “The Future of Warfare.” Speaking about the topic of cyber warfare, she said that current debates about the shape of cyber war don’t address the “looming geo-security threats posed by the Internet of Things.” Meyerriecks cited the now-debunked Proofpoint report about smart refrigerators being used in spam and distributed denial of service attacks.” She also mentioned “smart fluorescent LEDs [that are] are communicating that they need to be replaced but are also being hijacked for other things.” Those might be some sensational (and dubious) examples, but Meyerriecks main point was more pedestrian: that we’re on the cusp of disruptive […]

Continue Reading
1 70 71 72 73 74 98