WikiLeaks’ CIA dump makes the Russian hacking story even murkier — if that’s possible

Sunday, Mar 12, 2017 06:00 AM EDT

WikiLeaks' new trove suggests the CIA could easily fake a Russian hack. It's no smoking gun, but it's disturbing Danielle Ryan

Enlarge(Credit: AP/Kirsty Wigglesworth/Reuters/Lucas Jackson/Salon/Mireia Triguero Roura)


Russia hacked the election. Russia didn’t hack the election. Russia sort of, maybe, possibly hacked the election.


Is your head spinning from this story yet?

The latest WikiLeaks disclosures concerning the CIA’s hacking abilities has further complicated the hall of mirrors that is the Russian hacking story. The “Vault 7″ leaks are believed to be authentic and reveal a few uncomfortable truths about the overreach of U.S. intelligence agencies.

Reactions to the leaks have varied from those who think they could be more significant than the Edward Snowden revelations to those who think it’s all a bit of a non-story. Basically, it’s a pretty clear split between those who regard WikiLeaks’ editor Julian Assange as a trustworthy whistleblower and those who regard him as a tool of the Kremlin.

Among other things, the leaks revealed that the U.S. government is essentially paying out to exploit the vulnerabilities in software without telling companies and, disturbingly, that they could be using your iPhone or Samsung TV as a microphone — even when it’s supposedly switched off.

One of the most interesting disclosures concerns how the CIA can cover its tracks by leaving electronic trails suggesting the hacking is being done in different places — notably, in Russia. In fact, according to WikiLeaks, there’s an entire department dedicated to this. Its job is to “misdirect attribution” by leaving false fingerprints. If you’ve been at all skeptical about the recent levels of Russia-related hysteria, promoted heavily by U.S. intelligence agencies, alarm bells are probably going off in your head.

Keeping these tactics in mind, the evidence presented to prove that Russia hacked the Democratic National Committee in an effort to throw the presidential election to Donald Trump becomes flimsier than it was before. And it was pretty flimsy to begin with.

Recall, for example, that cybersecurity firm CrowdStrike conveniently concluded within one day that the Russian government was behind the attack on the DNC servers. I say conveniently, because the DNC paid for CrowdStrike’s services — and it’s fair to say the DNC had an unhealthy fixation on all things Russia for the duration of the election cycle.

The evidence provided by CrowdStrike included the fact that malware found on DNC servers was the same as malware believed to be used by Russian intelligence units, that metadata files included information in Cyrillic text, and that emails had been sent using the Russian email service Yandex. In other words, it was nothing the CIA couldn’t have done itself in order to “misdirect attribution.” What’s more, CrowdStrike actually admitted that it deliberately left out evidence that didn’t support its claims that Russia was responsible.

FireEye, a competitor of CrowdStrike, made similar claims on thin evidence. The hackers, they explained, “appeared to cease operations on Russian holidays, and their work hours seem to align with the UTC +3 time zone, which contains cities such as Moscow and St. Petersburg.”

In a thorough and thought-provoking piece on Russian hacking, investigative journalist Yasha Levine picks this “evidence” apart:

Why it's a good idea to cover up your webcam

KELLEN BECK

Jun 22, 2016 3:29 PM

If Mark Zuckerberg is covering up his webcam at work, does that mean we should all be following suit and covering up our webcams too?

Yes.

SEE ALSO: Photo reveals that even Mark Zuckerberg puts tape over his webcam

Zuckerberg, the CEO of Facebook, dabbled in a little hacking before starting his venture with social media, so if he's covering his webcam, you should at least consider that security measure for yourself. And if his own action isn't convincing, consider the fact that FBI Director James Comey said he does the same.

Why? Because webcams can be, and have been, hacked. In fact, even the FBI has hacked into people's computers to access their webcams for surveillance. There's really very little stopping someone else doing the same thing to you.

How webcam hacks happen

There are two major kinds of webcams: Internet-connected webcams and computer-connected webcams.

Internet-connected webcams typically connect over Wi-Fi. Most have their own IP address, which enables remote access, letting you connect directly to the webcam from anywhere in the world. Of course, that evil-doers could potentially connect to it as well, so your camera should be protected by a strong password. Unfortunately, these webcams often come with weak default passwords, and many people don't change them.

A 2014 report on Naked Security revealed that, at the time, 73,000 Internet-connected webcams were accessible if you just put in the default password. If this setup matches your description, change your password immediately to something strong. And if you don't need to use it, it's still a good idea to cover it up.

SEE ALSO: This Android phone will put military-grade security in your pocket — for $14,000

Computer-connected webcams on the other hand can be a bit more difficult for hackers to get into, but that doesn't mean it's impossible. These are the webcams are the cameras built right into your computers (usually above your laptop screen) or connected via USB.

Hackers can access these cameras through malware. If you accidentally click a bad link or download the wrong file, that malware could contain executable code to turn on your webcam and send that video feed to a website or save it somewhere else. Worse, often this kind of malware can even disable the camera's LED light, so you'd never know your camera's been hijacked just by looking at it.

If you don't want people watching you when you don't know it, the only thing that's a surefire method to make sure you aren't being recorded is to put a physical barrier over your webcam. After all, antivirus programs can't catch everything.

What about your phone's camera? It's definitely possible to hack into a phone camera, and it's been done, at least on Android. However, it's probably less of a concern since, when you're not actively using your phone, it's typically in a pocket, handbag or sitting face-up or face-down on a tabletop. That means it's less of desirable target for hackers, since you're far less likely to be in a compromising position when you're in front of the camera. Also, the sandboxing of mobile operating systems makes hijacking a camera inherently more difficult.

Besides, covering your phone's front-facing camera would make selfies a lot less convenient. And we can't have that.

Source

.

IRS says data thieves accessed information on 100,000 taxpayers

CYBER CRIME

6:53 p.m. ET

Joe Raedle/Getty Images


From February to May, data thieves were able to gain access to the tax return information for roughly 100,000 taxpayers, IRS Commissioner John Koskinen said Tuesday.

During those four months, the thieves attempted to get information 200,000 times through the agency's "Get Transcript" online application, Reuters reports, and were successful about half of the time. It wasn't a hack, since the cyber criminals already had names, addresses, Social Security numbers, and other personal information that they used to access the system. IRS data outside of the application was not affected, and the agency said it plans to strengthen its security measures.

Koskinen did not share any information on who might have been behind the attack, and said the data theft was intended to steal information in order to submit fraudulent tax returns next year. "We're confident these are not amateurs," he said. "These are actually organized crime syndicates that not only we but everyone in the financial industry are dealing with." Catherine Garcia

Source
.
.

No, Russia Did Not Just Hack The White House

No, Russia Did Not Just Hack The White House - #NewWorldNextWeek

corbettreport 

Published on Apr 9, 2015


Welcome to New World Next Week — the video series from Corbett Report and Media Monarchy that covers some of the most important developments in open source intelligence news. This week:

Story #1: White House Computers Hacked by Russians
http://ur1.ca/k4vad
Russia Didn’t Carry Out White House Computer Hack
http://ur1.ca/k4vam
Flashback: No, North Korea Didn’t Hack Sony
http://ur1.ca/k4vat

Story #2: Law Changed So Nuclear Waste Dumps Can be Forced on UK Communities
http://ur1.ca/k4vb4
Portland Sustainability Commission Says 'Yes' to Propane Terminal
http://ur1.ca/k4vb9
Sellafield: One of the Ten Most Radioacive Places on the Planet
http://ur1.ca/k4vc4
Radiation From Fukushima Has Reached The BC Coast
http://ur1.ca/k4vcb

Story #3: #GoodNewsNextWeek - Creative Commons Launches Open Business Models Initiative
http://ur1.ca/k4vck
Solutions: The Peer-to-Peer Economy
http://ur1.ca/k4vcs
Sacramento City Council Approves Urban Farm Ordinance
http://ur1.ca/k4vd6
Solutions: Guerrilla Gardening
http://ur1.ca/k4vde
What America’s Most Walkable Suburb Can Teach Towns Everywhere
http://ur1.ca/k4vdl
Chinese Gov Tries to Regulate Public Dancing, Fails When Grannies Fight Back
http://ur1.ca/k4vee
Mobile laundry mat created to help homeless
http://ur1.ca/k4ven

#NewWorldNextWeek Updates: Prince Andrew Sex Abuse Claims Thrown Out By Florida Judge
http://ur1.ca/k4vez
Meanwhile, Mainstream British Media Reports ‘MI5 Allow Cover-up of Child Abuse’
http://ur1.ca/k4vgf
AstraZeneca Accused of Testing Antipsych Drug for Marketing With Horrific Results
http://ur1.ca/k4vgo
Johns Hopkins Faces $1B Class Lawsuit Over Knowingly Infecting Guatemalans With STD’s
http://ur1.ca/k4vgr
NWNW Flashback: US Argues It Is 'Immune' From Guatemalan STD Experiment Lawsuit (Jan 2012)
http://ur1.ca/k4vgx

Visit http://NewWorldNextWeek.com to get previous episodes in various formats to download, burn and share. And as always, stay up-to-date by subscribing to the #NewWorldNextWeek RSS feed or iTunes feed. Thank you.

Previous Episode: Canadian Terror, American Secrecy, NSA Dead Drops
https://www.corbettreport.com/?p=13928

.

.

THE DOLMIO PEPPER HACKER BLOCKS ELECTRONICS AND SEASONS YOUR FOOD

BY ALEXA WEST ON APRIL 05, 2015

PHOTO DOLMIO


We've all experienced meals with that one annoying person who just won't put down their phone. Tired of this disconnect the makers of Australian pasta sauce Dolmio have come up with a revolutionary way to reclaim dinner time: a pepper mill that blocks WiFi one grind at a time.

The Dolmio Pepper Hacker looks and functions like an ordinary pepper grinder but hidden inside is a special device that disables WiFi, shuts down televisions and deactivates mobile devices for thirty minutes. In order to accomplish this task mobile devices need to be connected to an app called AirWatch while the rest of the devices only need to be connected to the primary power hub in the home, according to iDigital Times.

“We believe that meals shared with family and friends are often distracted by the very technology that is supposed to bring us closer together, so we’ve created the Dolmio pepper hacker to help connect us with the people in front of us,” Richard Stear, marketing director of Mars Food Australia, told Marketing Mag.

If you are itching to get your hands on the Dolmio Pepper Hacker you'll have to exercise patience. At the moment, only a limited number of prototype devices are being tested and it's uncertain whether the gadget will hit the market. But with a demand so high we can't imagine it wouldn't. Do you?

Dolmio armed a few Australian moms with a prototype of the Pepper Hacker- watch how their families reacted when their mobile devices and televisions stopped working:

Source
.
.

Treasure Map: The NSA Breach of Telekom and Other German Firms

By Andy Müller-Maguhn, Laura Poitras, Marcel Rosenbach, Michael Sontheimer and Christian Grothoff

DPA

According to internal NSA and GCHQ documents, the intelligence agencies managed to break into Deutsche Telekom networks.

According to top-secret documents from the NSA and the British agency GCHQ, the intelligence agencies are seeking to map the entire Internet, including end-user devices. In pursuing that goal, they have broken into networks belonging to Deutsche Telekom.


When it comes to choosing code names for their secret operations, American and British agents demonstrate a flare for creativity. Sometimes they borrow from Mother Nature, with monikers such as "Evil Olive" and "Egoistic Giraffe." Other times, they would seem to take their guidance from Hollywood. A program called Treasure Map even has its own logo, a skull superimposed onto a compass, the eye holes glowing in demonic red, reminiscent of a movie poster for the popular "Pirates of the Caribbean" series, starring Johnny Depp.

Treasure Map is anything but harmless entertainment. Rather, it is the mandate for a massive raid on the digital world. It aims to map the Internet, and not just the large traffic channels, such as telecommunications cables. It also seeks to identify the devices across which our data flows, so-called routers.

Furthermore, every single end device that is connected to the Internet somewhere in the world -- every smartphone, tablet and computer -- is to be made visible. Such a map doesn't just reveal one treasure. There are millions of them.

The breathtaking mission is described in a Treasure Map presentation from the documents of the former intelligence service employee Edward Snowden which SPIEGEL has seen. It instructs analysts to "map the entire Internet -- Any device, anywhere, all the time."

Treasure Map allows for the creation of an "interactive map of the global Internet" in "near real-time," the document notes. Employees of the so-called "FiveEyes" intelligence agencies from Great Britain, Canada, Australia and New Zealand, which cooperate closely with the American agency NSA, can install and use the program on their own computers. One can imagine it as a kind of Google Earth for global data traffic, a bird's eye view of the planet's digital arteries.

Battlefield Map

In addition to monitoring one's own networks as well as those belonging to "adversaries," Treasure Map can also help with "Computer Attack/Exploit Planning." As such, the program offers a kind of battlefield map for cyber warfare.

The New York Times reported on the existence of Treasure Map last November. What it means for Germany can be seen in additional material in the Snowden archive that SPIEGEL has examined.

Treasure Map graphics don't just provide detailed views of German cable and satellite networks. Red markings also reveal to agents which carriers and internal company networks FiveEyes agencies claim to have already accessed. Of particular interest from the German perspective are two "Autonomous Systems" (AS) -- networks -- marked in red. They are labeled Deutsche Telekom AG and Netcologne, a Cologne-based provider.

The legend for the graphics in question explains the meaning behind the red markings: "Red Core Nodes: SIGINT Collection access points within AS." SIGINT refers to signals intelligence. In other words, networks marked with a red dot are under observation.

Regional provider Netcologne operates its own fiber-optic network and provides telephone and Internet services to over 400,000 customers. The formerly state-owned company Telekom, of which the German government still owns a 31.7 percent stake, is one of the dozen or so international telecommunications companies that operate global networks, so-called Tier 1 providers. In Germany alone, Telekom provides mobile phone services, Internet and land lines to 60 million customers.

According to the logic of the undated Treasure Map documents, that would mean that the NSA and its partner agencies are perhaps not only able to monitor the networks of these companies and the data that travels through them, but also the end devices of their customers. Where exactly the NSA gained access to the companies' networks is not made clear in the graphics. The red-marked AS of Deutsche Telekom by itself includes several thousand routers worldwide.

'Completely Unacceptable'

The German company is also active in the US and Great Britain. Furthermore, it is part of the TAT14 telecommunications cable consortium; the cable runs via Great Britain to the east coast of the US. "The accessing of our network by foreign intelligence agencies," says a Telekom spokesperson, "would be completely unacceptable."

Because Netcologne is a regional provider, it would seem highly likely that the NSA or one of its Treasure Map partners accessed the network from within Germany. That would be a clear violation of German law and potentially another NSA-related case for German public prosecutors. Thus far, the only NSA-related casecurrently being investigated is the monitoring of Chancellor Angela Merkel's mobile phone.

Several weeks ago, SPIEGEL shared a GCHQ document with both companies in order to give them an opportunity to look into the alleged security breaches themselves. The security departments of both firms say they launched intensive investigations but failed to find suspicious mechanisms or data streams leaving the network.

Telekom and Netcologne are not the first German companies to have been successfully hacked by Anglo-American intelligence agencies, according to their own documents. In March, SPIEGEL reported on the large-scale attack by the British agency GCHQ on German satellite teleport operators Stellar, Cetel and IABG. Such providers offer satellite Internet connections to remote regions of the world. All three companies are marked red on the Treasuremap graphic, meaning that the NSA and its partner agencies have, according to their documents, internal "Collection Access Points."

SPIEGEL also contacted 11 non-German providers marked in the documents to request comment. Four answered, all saying they examined their systems and were unable to find any irregularities. "We would be extremely concerned if a foreign government were to seek unauthorized access to our global networks and infrastructure," said a spokesperson for the Australian telecommunications company Telstra.

'Key Staff'

Just how far GCHG and NSA go to improve their secret map of the Internet and its users can be seen in the example of Stellar.

The document describing the attack on the business, part of the so-called Mittelstand of small- to medium-sized companies that form the backbone of the German economy, originates from the Network Analysis Center of Britain's GCHQ, which is based in Bude along the Atlantic coast in Cornwall. The document lists "key staff" at the company. The document states they should be identified and "tasked." "Tasking" somebody in signals intelligence jargon means that they are to be targeted for surveillance. In addition to CEO Christian Steffen, nine other employees are named in the document.

The attack on Stellar has notable similarities with the GCHQ surveillance operation targeting the half-state-owned Belgian provider Belgacom, which SPIEGEL reported on in the summer of 2013. There too, the GCHQ Network Analysis department penetrated deeply into the Belgacom network and that of its subsidiary BICS by way of hacked employee computers. They then prepared routers for cyber-attacks.

SPIEGEL reporters visited Stellar at its offices in Hürth, near Cologne, and presented passages of the documents in question to the CEO as well as three other employees cited by the British. A video of the visit can be seen here.

Katy Scoggin / Laura Poitras

Among other things, Steffen and his colleagues were able to recognize in the GCHQ document a listing for their central server including the company's mail server, which the attackers appear to have hacked.

The document also includes details about the concrete findings of the spying efforts, including an internal table that shows which Stellar customers are being served by which specific satellite transponders. "Those are company secrets and sensitive information," said Stellar's visibly shocked IT chief, Ali Fares, who is himself cited as an employee to be "tasked."

'Xxxx!'

Any remaining sanguinity is lost at the point the Stellar officials see the password for the central server of an important customer in the intelligence agency documents. The significance of the theft is immense, Fares says. The information, he continues, could allow the agencies to cut off Internet access to customers in, for example, Africa. It could also allow them to manipulate links and emails.

CEO Steffen commented on the document with a terse "xxxx!" He considers it to be final proof that his company's systems were illegally breached. "The hacked server stood behind our company's own firewall," he said. "The only way of accessing it is if you first successfully break into our network." The company in question is no longer a customer with Stellar.

When asked if there are any possible reasons that would prompt Britain, an EU partner country, to take such an aggressive approach to his company, Steffen just shrugged his shoulders, perplexed. "Our customer traffic doesn't run across conventional fiber optic lines," he said. "In the eyes of intelligence services, we are apparently seen as difficult to access." Still, he argues, "that doesn't give anyone the right to break in."

The founder and CEO of Stellar says he has no intention of letting this pass. "A cyber-attack of this nature is a clear criminal offense under German law," he said. "I want to know why we were a target and exactly how the attack against us was conducted -- if for no other reason than to be able to protect myself and my customers from this happening again." Six weeks ago, Steffen wrote a letter to the British government asking for an explanation, but he has not received an answer. Both GCHQ and NSA have likewise declined comment on the matter.

Meanwhile, Deutsche Telekom's security division has conducted a forensic review of important routers in Germany, but has yet to detect anything. Volker Tschersich, who heads the security division, says it's possible the red markings in Treasure Map can be explained as access to the Tat14 cable, in which Telekom occupies a frequency band in Britain and the US. At the end of last week, the company informed Germany's Federal Office for Information Security of SPIEGEL's findings.

The classified documents also indicate that other data from Germany contributes to keeping the global treasure map current. Of the 13 servers the NSA operates around the world in order to track current data flows on the open Internet, one is located somewhere in Germany.

Like the other servers, this one, which feeds data into the secret NSA network is "covered" in a data center.

------------------------------------------------------------------------

NSA and GCHQ Treasure Map Documents

The following selection of NSA and GCHQ documents pertain to Treasure Map and the access to internal networks of German and non-German companies achieved via the program. SPIEGEL has redacted them to obscure the most sensitive information.

Satellite Teleport Knowledge -- Stellar
Bad Guys Are Everywhere -- Treasure Map Presentation
Treasure Map Announces a New Release

Source

.

FYI:
T-Mobile International AG is a holding company for Deutsche Telekom AG's various mobile communications subsidiaries outside Germany.

T-Mobile - Wikipedia, the free encyclopedia

.

Hospital network hacked, 4.5 million records stolen

The Cybercrime Economy



By Jose Pagliery @Jose_Pagliery August 18, 2014: 3:25 PM ET

Hackers have taken 4.5 million Social Security numbers from patients who attended any one of Community Health Systems' 206 hospitals this year.

NEW YORK (CNNMoney)
Community Health Systems, which operates 206 hospitals across the United States, announced on Monday that hackers recently broke into its computers and stole data on 4.5 million patients.

Hackers have gained access to their names, Social Security numbers, physical addresses, birthdays and telephone numbers.

Anyone who received treatment from a physician's office tied to a network-owned hospital in the last five years -- or was merely referred there by an outside doctor -- is affected.

The large data breach puts these people at heightened risk of identity fraud. That allows criminals open bank accounts and credit cards on their behalf, take out loans and ruin personal credit history.

The company's hospitals operate in 28 states but have their most significant presence in Alabama, Florida, Mississippi, Oklahoma, Pennsylvania, Tennessee and Texas.

CNNMoney quiz: What hackers know about you

Community Health Systems (CYH) hired cybersecurity experts at Mandiant to consult on the hack. They have determined the hackers were in China and used high-end, sophisticated malware to launch the attacks sometime in April and June this year.

The FBI said it's working closely with the hospital network and "committing significant resources and efforts to target, disrupt, dismantle and arrest the perpetrators."

Federal investigators and Mandiant told the hospital network those hackers have previously been spotted conducting corporate espionage, targeting valuable information about medical devices.

Source

.

Top gov't spyware company hacked; Gamma's FinFisher leaked

Summary: The maker of secretive FinFisher spyware -- sold exclusively to governments and police agencies -- has been hacked, revealing its clients, prices and its effectiveness across an unbelievable span of apps, operating systems and more.

By Violet Blue for Zero Day | August 6, 2014 -- 21:01 GMT (14:01 PDT)



The company that makes and sells the world's most elusive cyber weapon, FinFisher spyware, has been hacked and a 40G file has been dumped on the internet.

The slick and highly secret surveillance software can remotely control any computer it infects, copy files, intercept Skype calls, log keystrokes -- and now we know it can do much, much more.

A hacker has announced on Reddit and Twitter that they'd hacked Anglo-German company Gamma International UK Ltd., makers of FinFisher spyware sold exclusively to governments and police agencies.

The file was linked both on Reddit and "@GammaGroupPR" -- a parody Twitter account by the hacker taking credit for the breach. The Twitter account is still doling out tidbits from the massive theft.

The Reddit post Gamma International Leaked in self.Anarchism said,

Two years ago their software was found being widely used by governments in the middle east, especially Bahrain, to hack and spy on the computers and phones of journalists and dissidents.

Gamma Group (the company that makes FinFisher) denied having anything to do with it, saying they only sell their hacking tools to 'good' governments, and those authoritarian regimes most [sic] have stolen a copy.

...a couple days ago [when] I hacked in and made off with 40GB of data from Gamma's networks. I have hard proof they knew they were selling (and still are) to people using their software to attack Bahraini activists, along with a whole lot of other stuff in that 40GB.

The stolen FinFisher spoils were first leaked as a torrent file on Dropbox and have since been shared across the internet, meaning that controlling the information leak is now impossible.

FinFisher's notoriety of late has come from its use in the government targeting of activists, notably linked to the monitoring of high profile dissidents in Bahrain.

According to initial reports, the enormous file contains client lists, price lists, source code, details about the effectiveness of Finfisher malware, user and support documentation, a list of classes/tutorials, and much more.

One spreadsheet in the dump explains that FinFisher performed well against 35 top antivirus products, showing how the sophisticated malware efficiently defeats detection.

The documents also reveal usage statistics by country. 

The hacker posted to @GammaGrouPR:

A release notes doc covers Gamma's April 2014 patches to ensure its rootkit avoids Microsoft Security Essentials. It also explains that the malware records dual screen Windows setups, and reports better email spying with Mozilla Thunderbird and Apple Mail.

Gamma does note that FinFisher is detected by OSX Skype (a recording prompt appears), and the same is for Windows 8 Metro -- though the spyware goes well undetected by the desktop client.

The files also contain lists of apps the spyware utilizes, and things it can't use -- many still to be determined. There is a fake Adobe Flash Player updater, and a Firefox plugin for RealPlayer.

One of the files contains extensive (though still undetermined) documentation for WhatsApp.

Reporting on just such spyware last month, The Economist noted,

Currently it is legal for governments to buy the spyware—the sale and export of surveillance tools is virtually unregulated by international law.

Spyware providers say they sell their products to governments for “lawful purposes”.

But activists allege that their governments violate national laws in their often politically motivated use of such software. They argue that companies should be held accountable for selling spyware to repressive governments.

The Register reported:

A price list, which appeared to be a customers' record, revealed the FinSpy program cost 1.4 million Euros and a variety of penetration testing training services priced at 27,000 Euros each.

The document did not contain a date but it did show prices for malware targeting the recent iOS version 7 platform.

Links have appeared on Twitter to the GitHub repository for Finfisher docs, although it's being noted that due to Gamma's operational security practices, the unencerypted source code is fairly useless.

Gamma isn't in the business of creating zero-days because they are more of an "ecosystem" spyware company, but apparently they do sell it to their clients.

On the list of zero-day companies from which Gamma appears to purchase its exploits is the controversial French company, VUPEN.

The documents are going to give those fighting against Gamma, and trying to circumvent Finfisher spyware, an advantage that was previously unimaginable.

Special Feature

IT Security in the Snowden Era

The Edward Snowden revelations have rocked governments, global businesses, and the technology world. Here is our perspective on the still-unfolding implications along with IT security and risk management best practices that technology leaders can put to good use.

Read more

The docs will be of interest particularly to researchers at CitizenLab, who have been working to understand and reveal FinFisher (and its component Finspy) for the past few years.

CitizenLab released its first fill report on Gamma and FinFisher in a July 2012 post, From Bahrain With Love: FinFisher's Spy Kit Exposed?

Bloomberg detailed the efforts to unmask the spyware inCyber Attacks on Activists Traced to FinFisher Spyware of Gamma, saying:

For the past year, human rights advocates and virus hunters have scrutinized FinFisher, seeking to uncover potential abuses. They got a glimpse of its reach when a FinFisher sales pitch to Egyptian state security was uncovered after that country's February 2011 revolution.

Until then, researchers had only suspected the malware's existence. Mikko Hypponen, chief research officer at Helsinki-based security company F-Secure, told Bloomberg at the time, "We know it exists, but we've never seen it -- you can imagine a rare diamond."

It's safe to say that we're going to be finding out a lot more in the weeks to come about this previously well-kept spying secret.

Source

S

Internet Criminals Stole a Half Million Dollars from the Seventh-day Adventist General Conference

 


By AT News Team, January 6, 2014

Last week the General Conference of the Seventh-day Adventist Church released a statement that it had been the victim of online theft. No personal information was taken, but about $500,000 was stolen, according to the statement released by Adventist News Network (ANN), the official news service of the denomination.

The theft involved a transfer of funds for an organization or institution within the denomination. Church officials are cooperating with Federal authorities in the United States who are investigating the crime. They are also working with the banks and insurance companies to determine what recoveries may be possible. Information so far suggests that there was no insider involvement in the crime.

“No personal information such as private information, personal donor records or internal accounts were accessed or compromised in the scheme” assured the denomination's treasurer, Bob Lemon. “We are modifying procedures to do our best to prevent this from happening again.”


Source
.
.
.

Why the New York Times website went dark

CyberTruth Byron Acohido, USA TODAY 6:16 p.m. EDT August 14, 2013



(Photo: EMMANUEL DUNAND AFP/Getty Images)



SEATTLE -- Given multiple waves of denial of service attacks against U.S. banks by an Islamic group, the disabling this morning of the New York Times website had the cybersecurity community on alert.

The Times' public website became inaccessible as of around 11 a.m. Eastern time for at least an hour, longer in some parts of the nation, according to Internet reports.

A talk last month at the Black Hat conference in Las Vegas featured a proof-of-concept demonstration by WhiteHat Security chief technology officer Jeremiah Grossman showing how anyone could circulate a paid online ad in a way that would cause a targeted website to be inundated by mundane service requests triggered by the mere circulation of the ad.

But something even more mundane apparently caused the New York Times website outage: human error.

At least that's the consensus of IT pros who discuss things on puck.nether.net. One poster says "a self-inflicted wound, having to do with a software update that was rolled out to both the production and backup servers simultaneously," caused the failure.

Gunter Ollmann, chief technology officer at IOActive, says "based upon a couple of screen shots that people have posted it could have been something as simple as a misconfigured DNS server or load balancer. From the underground side, there's no discussions or perps claiming responsibility. I tend to believe that this was likely self-inflicted."

Tom Kellermann, Trend Micro's vice president of cyber security, for one, doesn't buy that explantion.

Kellermann notes that both the paper's web server and internal e-mail server were inaccessible, even after robust security measures taken in the wake of Chinese hackers targeting the New York Times and other big media outlets late last year and earlier this year.

"It's a good spin to blame this on a crappy update or bad management, but I'm leaning toward the fact that they're under attack again," says Kellermann.

Meanwhile, a blog posted on Monday by researchers at security firm FireEye, adds to the intrigue. Researchers Ned Moran and Nart Villeneuve assert that the Chinese hacking collective that cracked into the New York Times' computer network late last year appear to be at it again, mounting fresh assaults with new and improved versions of malicious software.

"After all the attention paid to security to have a web server and e-mail server go down in tandem just doesn't sound right. You usually lose one or the other, and when you lose your e-mail server it's usually from something nefarious," Kellermann says. "So is it hackers from the past returning to haunt them again or new hacktivists attacking them for something they've done or reported recently?"

Darien Kindlund, FireEye's manager of threat intelligence, says he does not believe the Chinese hacking group tied to earlier New York Times hack -- and back in action again -- caused the outage today.

"It goes against against their whole motive," Kindlund says. "They're into this to steal large scale quantities of intelligence and if they were to disrupt their victims it would be clear what's going on and they'd no longer be able to steal any intelligence."


Source
.

The Frightening Reality About How Easily Hackers Could Shut Down The US

Geoffrey Ingersoll Aug. 6, 2013, 9:22 AM 5,545 14





via NASA
Hacking into and shutting down industrial systems on which the U.S. relies is staggeringly easy, according to recent presentations from the Black Hat hacker conference.



Picture this: A few pump station operators along New York City's water tunnels fire up their computers to check the status of various water pressure readings.

But their networks have been hacked, and the readings they see on their computers are not the real readings. The adjustments they make cause the water pressure to skyrocket, blowing several mains, and cutting water to various part of the city, if not the entire city. Sure these systems have redundancies, but those redundancies are vulnerable too.




Flickr via altemark
Attacks require "significantly fewer resources and skill" than previously thought.


Simultaneously, in other parts of the Northeast U.S., hacked high voltage transformers spin out of control and explode. The blackout could cut as wide as the Tri-State area, and last for months, compounding any attempts to fix the water lines.

No water. No electricity. Pure mayhem.

Tim Simonite of MIT Tech Review recently talked to hackers at Black Hat about a vulnerability in a protocol called “Dbus” which leaves more than 90,000 industrial controls vulnerable.

Another vulnerability, this one in sensors “used to monitor oil, water, nuclear, and natural gas infrastructure” can be hacked into with “a relatively cheap 40-mile-range radio transmitter.” Those sensors could be “spoofed” to show false readings, hackers tell Simonite.

The Obama administration says it takes the threat seriously and has taken several steps — including an executive order — to try and improve network security. As Simonite points out, however, even though the information sharing program alerts companies to vulnerabilities, that doesn't mean the companies follow through with patches.

BlackHat attendees showed proof that the companies weren't doing all they could to protect their customers.

From Tech Review:

All the attacks to be mentioned today require significantly fewer resources and skill than what was required to employ the best-known attack on an industrial system, the U.S.-Israeli-backed Stuxnet operation against the Iranian nuclear program.

Previously, the Defense Science Board released a report that said viruses and exploits with Stuxnet-like results are incredibly complicated and likely require the backing of state-sponsored hacking units to perform. The Black Hat findings paint a completely different picture — it seems the idea of a few people in a basement causing cataclysmic damage is not really that far-fetched.




REUTERS/Brendan McDermid
Giant power transformers located seven stories below the main concourse in the power plant of Grand Central Terminal in New York



“We have demonstrated a few scenarios that will cause a catastrophic breakdown — a pipe to burst or tank to overflow — while sending a completely different view to the controller,” Brian Meixell of Texas security company Cimation, told Simonite.
Steve Stone, principle cyber threat intelligence analyst for Mandiant, the company that outed China's hacking unit to The New York Times told Business Insider that every Chinese hack for espionage includes the potential for kinetic actions — that is actual destruction of property.

“Typically we're talking about external attacks. An entity or individual from the outside uses a custom piece of code to break into cyber security systems,” explained Stone. “Once you’re a valid user, you're gaining all the capabilities a valid user can do.”

Right now, China's hackers are only intent on stealing information, Stone explained. They burrow into a network, increase their permissions, become a “valid user,” and then steal trade secrets.




YouTube/NTDTV
A Chinese hacking unit was exposed by Mandiant just this year.



That “valid user” can also increase or decrease water pressure, or make it look like water pressure has decreased, prompting an operator to try and increase it.

Mandiant's opinion, though, is that it's only nation states looking to do this sort of penetration, like Iran's recent spate of bank attacks — likely prompted by President Barack Obama's admission that Stuxnet was of American origin.

“I don't know exactly why the Obama admin started blabbing about that,” said Professor Peter Ludlow, an Internet culture expert and professor of philosophy at Northwestern.

Ludlow said the administration's big mistake was not making sure the defense was bolstered before first releasing a virus like Stuxnet, and then second going ahead and admitting to kinetic cyber operations.

“I think that this has actually been happening for quite some time now,” said Ludlow. “And basically if you start weaponizing the Internet, even kinetically, it's not just going to be for people like nation states.”

Ludlow watched the beginning of kinetic cyber operations, long before the U.S. Military was even aware of the possibility, in a massive multiplayer online roleplaying game called 2nd Life.

According to Ludlow, gamers developed code that first altered the game itself, but then eventually would hack into users' computers. Then kinetic operations came up.

“There was speculation even back then, could you come up with a [software] device that could fry your adversary's computer,” said Ludlow.




AP
NYC power outage following Hurricane Sandy.


Ludlow says the fault for potential exploits like the industrial systems hack falls on the shoulders of government and private agencies who are pressuring the community to find the exploits.

“Right now you have state actors in a bidding war for zero day exploits. Used to be that security people would get zero day exploits for a Tshirt or something, now it's a half mil, million dollars for zero days,” said Ludlow.

A zero-day is a software or network hack that the public is not yet aware of. So when a hacker finds one, it's incredibly lucrative. A state actor or even a private company could use one to conduct espionage, or worse yet, real damage.

The way Ludlow looks at it, the more government takes interest in hacker conventions like Black Hat, the more capable individuals are going to be at leveling potentially destructive cyber weapons.

The previous assertion of the Defense Science Board was that only state-sponsored hackers are capable of shutting down an electrical grid. In response, the Board's recommendation was to protect the nukes, both from network hacks and as a potential response to hacks that would disable the U.S. grid or water system — like a sort of nuclear deterrent akin to the mutually assured destruction of the Cold War.

Stone is skeptical of this approach.

“Equating it to an atomic bomb and mutually assured destruction doesn’t match what we see. It’s already happened,” said Stone.

He's talking about attacks like the one in Korea, which was timed to destroy massive amounts of data, or like Stuxnet, which destroyed pieces of Iran's nuclear facilities.

Ludlow seems to think there's no end to the rabbit hole, that the exploits will continue to get easier to execute and more destructive as time goes on, turning the Internet into a “Afghanistan-like war zone,” he said.

Worse yet, as these exploits evolve, the need for state-sponsorship to launch attacks dwindles because the technology ceases to be something that requires money and resources.

Experts tell Business Insider that China and Russia are capable of these attacks but choose not to execute them because the globe's superpowers depend on each other. If the U.S. economy tanks because of a catastrophic attack on New York City, then Russia and China both suffer.

On the other hand, the world is full of ideological psychos. From lone wolves to terrorist organizations — the ability to exact a catastrophic attack is becoming more and more accessible.



Source: http://www.businessinsider.com/hackers-could-shut-down-the-us-2013-8#ixzz2bFn891AA
.
.

With Smarter Cars, The Doors Are Open To Hacking Dangers

by STEVE HENN
July 30, 2013 3:48 AM

Listen to the Story

Morning Edition

3 min 57 sec

Playlist

Download

Transcript

The Toyota Prius, seen here at the New York International Auto Show in March, was one of the cars security experts Chris Valasek and Charlie Miller showed to be susceptible to attacks by hackers.Mike Segar /Reuters /Landov

Chris Valasek and Charlie Miller have been hacking into products for a long time. But they don't steal stuff or mess with people; instead, their purpose is to pressure companies into making their products more secure.

This week, they scored big. Their research on hacking cars has captured the attention of millions and has been featured in Forbes and on the Today show.

Miller and Valasek are not the first guys to hack a car, but they demonstrated like few have before just how dangerous these kinds of attacks could be.

"That's really where Charlie and I came in," says Valasek, a security researcher at IOActive. "We really wanted to see, once someone was inside your car network, to what extent could you control the automobile?"

The pair got a grant from the Defense Advanced Research Projects Agency (DARPA) and bought two modern, connected cars: a Toyota Prius and a Ford Escape. Then they tapped into the network of little built-in computers that run on virtually every car sold today.

Car makers began embedding electronic control units, or ECUs, in cars more than 30 years ago. These simple little computers were developed during the first gas crisis. Initially, they were used as tiny computerized carburetors.

"Engineers figured out that computers were much better at figuring out how to mix gas and air than a mechanical device," Valasek says. "They were much more efficient and you could get better gas mileage."

But soon these little computers were being used for a lot of things, like cruise control or anti-lock brakes.

"Now we're to the point where cars parallel park themselves," Valasek says. "And that's not just magic. There's computers in the car that have sensors and actuators."

Remote Control Havoc

All these little devices talk to each other on an open network. They listen in to every message that's sent, and they don't verify where a specific command is coming from. Miller says all of this makes cars easy to attack.

Any sensor attached to the processor on the network is vulnerable. So after Miller and Valasek learned the code that controlled the ECUs on the two cars they were testing, they were able to cause all kind of havoc.

They were able to jerk the wheel at high speeds in the Prius. They could cause the car to accelerate or brake. They could beep the horn or set off the crash preparation system and jerk the seatbelts back.

In the Ford Escape, if the driver was moving slowly, they could turn the wheel or even kill the brake. In fact, once Miller forgot that the hack was running on his Ford Escape and he drove it into his garage.

"Luckily, these weren't our cars," Valasek says.

But Miller did crush his lawnmower.

"My lawnmower — it was destroyed, utterly," Miller says. "The lawnmower was perhaps the first cyber-attack-in-a-car victim."

Car Companies Not Worried

Miller and Valasek tried to share their findings with Toyota and Ford before they went public. Both companies say while they are taking the research seriously, they're still convinced their cars are safe. They say if someone has to wire a computer into your car to get an attack to work, you are going to notice.

"I've actually been very disappointed with the reaction from these companies," says Don Bailey, a security researcher who has hacked into cars remotely via the cell phone network.

Bailey says Miller and Valasek have proven that "once you are through that initial barrier, you can and will be able to do almost anything you want to."

It's unlikely, however, that malicious hackers will take advantage of these attacks any time soon. All cars don't all use one operating system and they don't all speak one single language. So before a hacker can take control, he or she has to learn the specific code that runs the systems for that specific car.

That's tough, and it takes time. But Valasek says it's not impossible.

By going public with their research, Valesek hopes car companies will be forced to fix these problem before anyone — aside from a lawnmower — gets hurt.


Source

.

Weak U.S. Policy Has Bankrolled China's Rise

By Scott Paul - June 2, 2013




China’s newly installed president, Xi Jinping, will visit California in early June for direct talks with President Obama over how best, the White House says, to “enhance cooperation, while constructively managing our differences.”

There’s certainly a lot to talk about. America’s goods and services trade deficit with China has skyrocketed since 2001, reaching $315 billion in 2012. We’ve lost tremendous manufacturing capacity to China in that time. And most recently comes news that China has hacked into some of our top weapons systems.


Read more: http://www.realclearpolitics.com/articles/2013/06/02/weak_us_policy_has_bankrolled_chinas_rise_118645.html#ixzz2V5hEX4R1

.

Cyberattack suspect had 'bunker' in north Spain

Associated Press
Posted: 04/28/2013 06:44:43 AM PDT
Updated: 04/28/2013 09:34:44 AM PDT



MADRID -- A Dutch citizen arrested in northeast Spain on suspicion of launching what is described as the biggest cyberattack in Internet history operated from a bunker and had a van capable of hacking into networks anywhere in the country, officials said Sunday.

The suspect traveled in Spain using his van "as a mobile computing office, equipped with various antennas to scan frequencies," an Interior Ministry statement said.

Agents arrested him Thursday in the city of Granollers, 35 kilometers (22 miles) north of Barcelona, complying with a European arrest warrant issued by Dutch authorities.

He is accused of attacking the Swiss-British anti-spam watchdog group Spamhaus whose main task is to halt ads for counterfeit Viagra and bogus weight-loss pills reaching the world's inboxes.

The statement said officers uncovered the computer hacker's bunker, "from where he even did interviews with different international media."

The 35-year-old, whose birthplace was given as the western Dutch city of Alkmaar, was identified only by his initials: S.K.

The statement said the suspect called himself a diplomat belonging to the "Telecommunications and Foreign Affairs Ministry of the Republic of Cyberbunker."

Spanish police were alerted in March by Dutch authorities of large denial-of-service attacks being launched from Spain that were affecting Internet servers in the Netherlands, United Kingdom and the U.S. These attacks culminated with a major onslaught on Spamhaus.

The Netherlands National Prosecution Office described them as "unprecedentedly serious attacks on the nonprofit organization Spamhaus."

The largest assault clocked in at 300 billion bits per second, according to San Francisco-based CloudFlare Inc., which Spamhaus enlisted to help it weather the onslaught.

Denial-of-service attacks overwhelm a server with traffic, jamming it with incoming messages. Security experts measure the attacks in bits of data per second. Recent cyberattacks -- such as the ones that caused persistent outages at U.S. banking sites late last year -- have tended to peak at 100 billion bits per second, one third the size of that experienced by Spamhaus.

Netherlands, German, British and U.S. police forces took part in the investigation leading to the arrest, Spain said.

The suspect is expected to be extradited from Spain to face justice in the Netherlands.

.
Source: http://www.mercurynews.com/business/ci_23126210/cyberattack-suspect-had-bunker-north-spain
.

House Votes To Legitimize More Government Computer Snooping

April 24, 2013 by Bob Livingston 

PHOTOS.COM

No amount of online spying is too much, said the criminal elected class in the House of Representatives, as it passed the Cyber Intelligence Sharing and (non)Protection Act (CISPA) yesterday over hollow veto threats by the Administration of President Barack Obama.

The bill will give the government access to online data — including financial data — from private computer networks. A proposal that would have prohibited the military from collecting data directly from industry was blocked from floor debates by Republicans. A compromise measure was passed that ensures companies must first go through the Department of Homeland Security before turning information over the military.

Privacy groups object to the bill because they said it would give the National Security Agency “a front-row seat in analyzing data from private computer networks.” The Associated Press reports that the bill doesn’t address NSA specifically, but “it’s presumed that the military intelligence agency would have a central role in the data-sharing because of its technical expertise in tracking foreign-based hackers.”

Senator Jay Rockefeller (D-W.Va.), who once lamented that the Internet had been created and longed to return to the days of pencil and paper, will take the lead in pushing CISPA through the Senate.

The proposal that puts DHS in charge of disseminating the information between corporations and the military was supposed to be comforting. But considering the DHS’s record regarding electronic privacy, it’s no comfort at all. Recall that for years DHS claimed the naked body scans taken by backscatter radiation emitters at airports were not stored, and the machines were not capable of storing images. Finally, after lawsuits filed by the Electronic Privacy Information Center made their way through the courts, it was revealed that DHS did indeed store the images and that Transportation Security Administration agents used them for all sorts of nefarious purposes.

The Administration’s veto threats ring hollow because it has yet to find a liberty-reducing law it could oppose (see the National Defense Authorization Act). But we should be thankful, because our safety is of foremost concern among the criminal elected class.

Source

.

.

DoD Plans to Use Preemptive Deadly Force on Hackers, Cyber Threats

Saturday, March 9, 2013





Freda Art
Eric BlairActivist Post

A new report from the Department of Defense outlines the military's capability to deter cyber threats with some pretty heavy firepower, including nuclear weapons.

The paper written by the Defense Science Board described the best types of bombs to use on hackers to be "Global selective strike systems e.g. penetrating bomber, submarines with long range cruise missiles, Conventional Prompt Global Strike (CPGS), survivable national and combatant command," while "Nuclear weapons would remain the ultimate response and anchor the deterrence ladder" for cyber threats.

"The report ... implies that the United States might have to rely on nuclear weapons to retaliate after a large-scale cyber attack," Foreign Policy writes.

Although it seems that Foreign Policy is reporting shocking revelations, they're actually engaged in subtle misinformation. They claim that this strike capability is only to be used in "retaliation" after a cyber attack as opposed to preemptive strikes to prevent cyber threats, which the military is already authorized to do.

For all the talk of the indefinite detention section of the National Defense Authorization Act (NDAA), a little known provision gave President Obama the authority to "conduct offensive operations in cyberspace".


Here's what Section 954 of the 2011 NDAA says:

SEC. 954. MILITARY ACTIVITIES IN CYBERSPACE.
Congress affirms that the Department of Defense has the capability, and upon direction by the President may conduct offensive operations in cyberspace to defend our Nation, Allies and interests, subject to—

(1) the policy principles and legal regimes that the Department follows for kinetic capabilities, including the law of armed conflict; and
(2) the War Powers Resolution (50 U.S.C. 1541 et seq.).Prior to this NDAA provision, in July 2011, the Pentagon announced cyberspace to be their "operational domain" and claimed that the U.S. can "under the laws of armed conflict, respond to serious cyber attacks with a proportional and justified military response at the time and place of our choosing," said Deputy Defense Secretary William Lynn during the release of The Department of Defense Strategy for Operating in Cyberspace.

This week we heard Rand Paul speak much about the "law of armed conflict" or "Martial Law" in his talking filibuster of John Brennan over drone strikes on American soil, which is a related concern since the NDAA also officially labeled theU.S. as part of the battlefield.

Paul reiterated that if Americans can be treated the same as an enemy under the law of armed conflict, there is no due process protection, as well as more flexible rules of engagement than those that restrict the police. Just ask the Guantanamo prisoners or Bradley Manning how due process works under the laws of war. Or ask the family of the 16-year-old American murdered by a targeted drone strike about the rules of engagement.

Therefore due process will not be needed to take offensive action against cyber threats under the laws of war. In other words, hackers everywhere may be facing a lethal force if they're suspected of engaging in cyber attacks against the U.S. or its allies and interests.

The report, however, urges US military leaders to develop "cyber escalation scenarios and red lines" that could prompt the use of force. Or simply put, when can they pull the trigger on a cyber threat. Of course, just as the legal justification for drone strikes has remained classified, surely, this will as well.

Here is a nifty illustration they provided to help us visualize how the threat levels are designed for hackers:

It's also important to note that the military has been authorized to conduct a cyberwar with "kinetic capabilities", meaning it can operate wherever the threat is in the world. A borderless war like the war on terror. This eliminates any need for the President to seek an individual declaration of cyber war against China in Congress even though nuclear weapons could potentially be involved.

Does anyone in Congress understand just how dangerous it is to authorize the use of preemptive deadly force against cyber threats without due process?

Source

.

.

National Cyber Security Alliance and McAfee Release New Cybercrime Data for National Cyber Security Awareness Month

Published: October 10, 2012

By National Cyber Security Alliance

WASHINGTON, OCTOBER 10, 2012 — Nearly One in Five Americans Report Being Victimized Online

WASHINGTON, October 10, 2012 /PRNewswire-USNewswire/ -- Nearly one in five Americans report being victim to a crime that was committed over the Internet, according to a survey by the National Cyber Security Alliance (NCSA) and McAfee. October is National Cyber Security Awareness Month, a coordinated national effort focusing on the need for improved online safety and security for all Americans and the study examines one of the month's focal topics: cybercrime and law enforcement.

(Logo:http://photos.prnewswire.com/prnh/20111007/DC82477LOGO)

(Logo: http://photos.prnewswire.com/prnh/20101004/DC76016LOGO)

(Logo: http://photos.prnewswire.com/prnh/20110504/DC95016LOGO)

Of those surveyed, 17 percent say they have been a victim of a crime that was committed over the Internet such as identity theft, data theft, bullying or auction fraud, and 29 percent know someone who has been a victim of such crimes. One in five Americans also had contact with someone on the Internet who made them feel uncomfortable through persistent emails, stalking or in other various ways.

When asked what puts Americans most at risk of a cybercrime or a loss of personal information the largest number of respondents, one-third (30 percent) said they believe connecting to an unsecured wireless network puts them most at risk while 22 percent said not having any or enough security software. Additionally, Americans' top two concerns while using the Internet include: identity theft (41 percent) and someone hacking into their (or their family's) financial information (13 percent). 

The most cited concern for parents is adult sexual content, with 39 percent stating this is their biggest source of worry.  Additionally, 27 percent of parents report the potential for their child to make contact with strangers when they are online is their biggest point of concern. Other concerns identified include bullying or harassment from peers (ten percent); identity theft (nine percent) – which is continuing to grow as an issue; portrayals of drug or alcohol use (three percent); long-term damage to their child's reputation (two percent).

"The Internet is an incredible resource for connecting with people but as we conduct more of our lives online, we must remain mindful that there are bad actors using it to track, harass or make unwanted contact, and these criminals are more resourceful than ever," said Michael Kaiser, executive director of the National Cyber Security Alliance. "This data supports an ever-increasing need for online users to be vigilant in their actions each day.  Working together, we can provide Americans with the tools and information they need to practice safe online behaviors during October and throughout the year."

NCSA continues to work with leading companies in the cyber industry to determine best practices for users to stay safe online. Roland Cloutier, vice president and chief security officer of ADP added, "Our goal is to shine a spotlight on cybercrime issues, and provide consumers, parents, and the law enforcement community with an engaging dialogue, tools and practical advice to protect against this growing problem. All Internet users must be educated to recognize cyber threats and how to take ongoing action to protect ourselves and our digital infrastructure from victimization."

Tom Kellermann, U.S. vice president of cybersecurity at TrendMicro, said: "The threats posed by cybercrime are very real and can impact every person and organization across the United States and around the world.  By working together, we can learn how to prevent these acts to provide a safer community for all. We're proud to work together with the National Cyber Security Alliance this month and throughout the year to spread the word about steps we can all take to protect ourselves and our youth online."

NCSA is also continuing to work with local law enforcement and cybercrime organizations to help facilitate an increased awareness and uncover best practices with handling cybercrime issues. An example of such collaboration includes an event today in conjunction with National Cyber Security Awareness Month. NCSA board members and executives will join officials from the U.S. Department of Homeland Security, U.S. Secret Service, local law enforcement and others in Miami, FL to discuss cybercrime issues such as credit card skimming, data breaches, viruses and malware and best practices with handling such crimes. 

In addition to the research study and today's cybercrime focused event, NCSA is also introducing new collateral for victims of cybercrime.  These resources include a pamphlet entitled, "If You Become a Victim of Cybercrime" and a coordinating brochure on tips and advice that were created with input from the National Sheriffs' Association and International Association of Chiefs of Police. 

The publications are targeted to victims of malicious acts and detail the realities of cybercrime, how to report cybercrime and who to contact, how to collect and keep evidence of victimization, information on specific types of cybercrime, and additional links for information.  These materials can be found at: http://www.staysafeonline.org/stay-safe-online/protect-your-personal-information/id-theft-and-fraud.

NCSA also advises all Internet users to access the Web using these three simple steps: STOP. THINK. CONNECT. All Internet users should take security measures, understand the consequences of their behavior and actions and enjoy the benefits of the Internet. Here are some additional tips and advice:

• When in doubt, throw it out: Links in email, tweets, posts, and online advertising are often the way cybercriminals compromise your computer. If it looks suspicious, even if you know the source, it's best to delete or if appropriate, mark as junk email.
• Get savvy about Wi-Fi hotspots: Limit the type of business you conduct and adjust the security settings on your device to limit who can access your machine.
• Protect your Money: When banking and shopping, check to be sure the site is security enabled. Look for Web addresses with "https://" or "shttp://", which means the site takes extra measures to help secure your information. "Http://" is not secure.
• Think before you act: Be wary of communication that implores you to act immediately, offers something that sounds too good to be true, or asks for personal information.
• Back it up: Protect your valuable work, music, photos, and other digital information by making an electronic copy and storing it safely.
• Help the authorities fight cybercrime: Report stolen finances or identities and other cybercrime to the Internet Crime Complaint Center (www.ic3.gov) and to your local law enforcement or state attorney general as appropriate.

For additional information on how to prevent cybercrime before it happens, check out the STOP. THINK. CONNECT. Campaign at http://stopthinkconnect.org/tips-and-advice/.  NCSAM supporters can get the latest news and updates on Facebook at www.facebook.com/staysafeonline and on Twitter at @StaySafeOnline. The official Twitter hashtag of NCSAM is #ncsam. The National Cyber Security Awareness Month Web Portal is also available at: http://www.staysafeonline.org/ncsam/and a calendar of additional NCSAM events can be found at:http://staysafeonline.org/ncsam/events.

NCSA also welcomes organizations to show their support for NCSAM by becoming an official NCSAM Champion and submitting their registration at:

http://www.staysafeonline.org/ncsam/champions/.

Survey Methodology:

JZ Analytics conducted the online safety survey. The survey firm, founded by John Zogby, surveyed 1,000 adults nationwide from August 31, 2012 to September 3, 2012. The margin of error is +/- 3.2 percentage points and margins of error are higher in sub-groups. The full study and fact sheet are available at: http://staysafeonline.org/ncsam/resources/.

About The National Cyber Security Alliance The National Cyber Security Alliance is a non-profit organization. Through collaboration with the government, corporate, non-profit and academic sectors, the mission of the NCSA is to educate and empower a digital citizenry to use the Internet securely and safely protecting themselves and the technology they use and the digital assets we all share. NCSA board members include: ADP, AT&T, Bank of America, EMC Corporation, ESET, Facebook, Google, Intel, McAfee, Microsoft, PayPal, Science Applications International Corporation (SAIC), Symantec, Trend Micro, Verizon and Visa. Visit www.staysafeonline.org for more information and join us on Facebook at www.facebook.com/staysafeonline. 

About McAfee McAfee, a wholly owned subsidiary of Intel Corporation (NASDAQ:INTC), is the world's largest dedicated security technology company. McAfee delivers proactive and proven solutions and services that help secure systems, networks, and mobile devices around the world, allowing users to safely connect to the Internet, browse and shop the Web more securely. Backed by its unrivaled Global Threat Intelligence, McAfee creates innovative products that empower home users, businesses, the public sector and service providers by enabling them to prove compliance with regulations, protect data, prevent disruptions, identify vulnerabilities, and continuously monitor and improve their security. McAfee is relentlessly focused on constantly finding new ways to keep our customers safe. http://www.mcafee.com

About  STOP. THINK. CONNECT. The campaign was developed by the STOP. THINK. CONNECT. Messaging Convention, a public-private partnership established in 2009 and led by The Anti-Phishing Working Group (APWG) and National Cyber Security Alliance (NCSA) to develop and support a national cybersecurity awareness campaign.  The Department of Homeland Security provides the Federal Government's leadership for the campaign. Industry, government, non-profits and education institutions participate in STOP. THINK. CONNECT. Learn how to get involved at the STOP. THINK. CONNECT. Facebook page at https://www.facebook.com/STOPTHINKCONNECT, on Twitter at @STOPTHNKCONNECT, and the campaign website at www.stopthinkconnect.org.

SOURCE National Cyber Security Alliance

Source

.

Read more here: http://www.heraldonline.com/2012/10/10/4327075/national-cyber-security-alliance.html#storylink=cpy