Saturday, March 30, 2013

The Government is Stalking you (video)

Remember to keep your Information private while browsing the internet there are spies about.
Facebook, Google, Twitter, and Foursquare are tracking all your activities. A multinational security firm has secretly developed software capable of tracking people's movements and predicting future behaviour by mining data from social networking websites. A video obtained by the Guardian reveals how an "extreme-scale analytics" system created by Raytheon, the world's fifth largest defence contractor, can gather vast amounts of information about people from websites including Facebook, Twitter and Foursquare.

How and why the Government is Stalking you | Applied Data Labs: " . . . Beyond simple monitoring, the government is actively using their capabilities to control the conversation online and direct public opinion. It’s well known that humans value social proof highly, and that a herd behavior often develops around popularity of any kind. And we now know that the government is capitalizing on this behavior: the US government is running a large ring of puppet accounts as part of Operation Earnest Voice (OEV)--a practice commonly called “astroturfing”. The little declassified information we have about OEV comes from a contract awarded by Central Command (Centcom), which oversees military operations, to a California corporation called Ntrepid. The stated goal of this technology is to support, “classified blogging activities on foreign-language websites to enable Centcom to counter violent extremist and enemy propaganda outside the US." But Isaac R. Porche, a researcher at the RAND corporation, claims it would not be easy to exclude US audiences when dealing with internet communications. . . ."

more news below

Thursday, March 28, 2013

Iran Web censors vs Google Reader

Iran’s Web censors vs. Google Reader: "Google’s much-dreaded announcement on the coming demise of Google Reader has alarmed users in Iran — and drawn attention to the scale and complexity of online censorship there. As Quartz’s Zach Seward explained in a great post yesterday, Google Reader is one of the few ways Iranians can access Web sites blocked in Iran. (According to ViewDNS, a site that monitors servers, the government censors roughly one in three news sites and one in four of all sites on the general Web.) To quote Seward:
Many RSS readers, including Google’s, serve as anti-censorship tools for people living under oppressive regimes. That’s because it’s actually Google’s servers, located in the U.S. or another country with uncensored internet, that accesses each feed. So a web user in Iran just needs access to in order to read websites that would otherwise be blocked. . . ."

more news below

Tuesday, March 26, 2013

US to let spy agencies examine Americans finances

U.S. to let spy agencies examine Americans' finances - " . . . The Treasury document outlines a proposal to link the FinCEN database with a computer network used by U.S. defense and law enforcement agencies to share classified information called the Joint Worldwide Intelligence Communications System. The plan calls for the Office of the Director of National Intelligence - set up after 9/11 to foster greater collaboration among intelligence agencies - to work with Treasury. The Director of National Intelligence declined to comment. More than 25,000 financial firms - including banks, securities dealers, casinos, and money and wire transfer agencies - routinely file "suspicious activity reports" to FinCEN. The requirements for filing are so strict that banks often over-report, so they cannot be accused of failing to disclose activity that later proves questionable. This over-reporting raises the possibility that the financial details of ordinary citizens could wind up in the hands of spy agencies. Stephen Vladeck, a professor at American University's Washington College of Law, said privacy advocates have already been pushing back against the increased data-sharing activities between government agencies that followed the Sept. 11 attacks. "One of the real pushes from the civil liberties community has been to move away from collection restrictions on the front end and put more limits on what the government can do once it has the information," he said. . . ."

more news below

Saturday, March 23, 2013

Cyber Security and Forensics careers

12 Certainties That Will Transform Every Career and Create New Ones | Flash Foresights from Daniel Burrus | Big Think: "4. Cyber Security and Forensics careers will grow rapidly as we become increasingly connected and dependent on computer systems and machines using intelligent sensors connected to just about everything. Careers in data and information forensics will grow rapidly as the need to solve cyber crimes increases."

The World Has No Room For Cowards — Krebs on Security: "It’s not often that one has the opportunity to be the target of a cyber and kinetic attack at the same time. But that is exactly what’s happened to me and my Web site over the past 24 hours. On Thursday afternoon, my site was the target of a fairly massive denial of service attack. That attack was punctuated by a visit from a heavily armed local police unit that was tricked into responding to a 911 call spoofed to look like it came from my home. . . ."

more news below

Thursday, March 21, 2013

Chinese Military Hacker Life Is Boredom and Bitterness

Blog Reveals a Chinese Military Hacker's Life Is One of Boredom and Bitterness - Slashdot: " . . . . He worked a normal workday—8 A.M. until 5:30 P.M., unless some project required late hours—and lived in a dorm. He dined often on instant noodles and enjoyed the television series 'Prison Break.' He spent lots of time online, even when off the clock. And like millions of people all over the world, he disliked many aspects of his job. 'What I can't understand is why all the work units are located in the most remote areas of the city,' the hacker, who the Times identified as having the family name Wang, wrote in a portion of a blog posting reprinted by the paper. 'I really don't get what those old guys are thinking in the beginning. They should at least take us young people into consideration. How can passionate young people like us handle a prison-like environment like this?'""

more news below

Tuesday, March 19, 2013

We are already fighting an Internet Cold War

Are We Ready for an Internet Cold War? | Endless Innovation | Big Think: " . . . . Compare that to what the rest of the world is doing. Just this week, the Chinese touted plans for a "next-generation” Internet that would be faster, more secure and more flexible than anything we have in the United States. Meanwhile, nations such as Iran are busy at work creating an alternative Internet they can shut down at will. Something very interesting is happening -- nations around the world are starting to think of "Internet space" in the same way they once thought about "air space." They want the ability to see what's coming in and what's coming out - and the ability to shoot things down. Maybe the Chinese next-generation Internet is just a way to accommodate the billions of new users the nation plans to bring onboard within the next few years. OK. But you can also view it from another perspective – as a sign of America's own vulnerability in the face of a potential cyber war. The new Chinese Internet backbone includes a number of safeguards that makes it more invulnerable to the threat of malware or suspicious code. In other words, if the Chinese unleash a lot of malware on the U.S. to take out our grids, it has the potential to do a lot more damage than if the U.S. unleashes a lot of similar malware in China. We are already fighting an Internet Cold War, we just don’t yet know it. . . . "

more news below

Saturday, March 16, 2013

Chrome OS uncrackable

Linux triumphant: Chrome OS resists cracking attempts | ZDNet: "The Chrome Web browser on Windows is breakable, but its little brother, the Linux-based Chrome OS, proved to be essentially uncrackable at the CanSecWest conference in Vancouver, Canada, . . ."

Guess we should all be using Chromebooks!

more news below

Thursday, March 14, 2013

Skype Hijacked in China and Microsoft Does Nothing

Skype's Been Hijacked in China, and Microsoft Is O.K. With It - Businessweek: " . . . . Knockel, a bearded, yoga-practicing son of a retired U.S. Air Force officer, has repeatedly beaten the ever-changing encryption that cloaks Skype’s Chinese service. This has allowed him to compile for the first time the thousands of terms—such as “Amnesty International” and “Tiananmen”—that prompt Skype in China to intercept typed messages and send copies to its computer servers in the country. Some messages are blocked altogether. The lists—which are the subject of a presentation Knockel will make on Friday, March 8, at Boston University, as well as a paper he’s writing with researchers from the University of Toronto’s Citizen Lab—shed light on the monitoring of Internet communications in China. Skype’s videophone-and-texting service there, with nearly 96 million users, is known as TOM-Skype, a joint venture formed in 2005 with majority owner Tom Online, a Chinese wireless Internet company. The words that are subject to being monitored, which Knockel updates almost daily on his department’s website, range from references to pornography and drugs to politically sensitive terms, including “Human Rights Watch,” “Reporters Without Borders,” “BBC News,” and the locations of planned protests. (The system he traced does not involve voice calls.) Knockel says his findings expose a conflict between Microsoft’s advocacy of privacy rights and its role in surveillance. Microsoft, which bought Skype in 2011, is a founding member of the Global Network Initiative, a group that promotes corporate responsibility in online freedom of expression. “I would hope for more,” Knockel says of Microsoft. “I would like to get a statement out of them on their social policy regarding whether they approve of what TOM-Skype is doing on surveillance.” On Jan. 24, an international group of activists and rights groups published an open letter to Skype, calling on it to disclose its security and privacy practices. Microsoft, when asked for comment on Knockel’s findings and activists’ concerns, issued a statement it attributed to an unnamed spokesperson for its Skype unit.“. . . ."

more news below

Tuesday, March 12, 2013

Simple ways to protect yourself from botnets

Simple ways to protect yourself from botnets - CBS News: " . . .you can mitigate a vast amount of your risk by following five simple and inexpensive security rules: Upgrade to a 64-bit OS. Most malware can only deal with 32-bit versions of Windows, so upgrading to 64-bit Windows 7 or Windows 8 automatically insulates you from most malicious software automatically. Upgrade your browser. Many security experts recommend Chrome, but even switching to Internet Explorer 9 or 10 can dramatically improve your security posture. Use strong passwords. No, passwords can't protect you from all malware, no matter how strong they happen to be. But this is a first line of defense you can't afford not to take. Patch your software. Some of the biggest security threats -- such as Office and Adobe Reader, not to mention Windows itself -- are easily patchable. Keep all of your software updated regularly. In 2010, the Aurora Botnet ravaged a slew of companies, including Google, Adobe, and Yahoo. Microsoft was unscathed, mainly because the company takes the elementary precaution of keeping all of its corporate-managed PCs fully patched. Keep everyone educated. Whether you manage your home network or a small office, make sure everyone who uses PCs knows security best practices, such as not falling for phishing mail and using unique passwords on all websites."

more news below

Saturday, March 9, 2013

China’s Army Tied to Hacking Against US

China’s Army Is Seen as Tied to Hacking Against U.S. - " . . . An unusually detailed 60-page study, to be released Tuesday by Mandiant, an American computer security firm, tracks for the first time individual members of the most sophisticated of the Chinese hacking groups — known to many of its victims in the United States as “Comment Crew” or “Shanghai Group” — to the doorstep of the military unit’s headquarters. The firm was not able to place the hackers inside the 12-story building, but makes a case there is no other plausible explanation for why so many attacks come out of one comparatively small area. “Either they are coming from inside Unit 61398,” said Kevin Mandia, the founder and chief executive of Mandiant, in an interview last week, “or the people who run the most-controlled, most-monitored Internet networks in the world are clueless about thousands of people generating attacks from this one neighborhood.” Other security firms that have tracked “Comment Crew” say they also believe the group is state-sponsored, and a recent classified National Intelligence Estimate, issued as a consensus document for all 16 of the United States intelligence agencies, makes a strong case that many of these hacking groups are either run by army officers or are contractors working for commands like Unit 61398, according to officials with knowledge of its classified content. . . . "

Chinese Army Hackers Are Trying to Bring Down U.S. Infrastructure, After All - Global - The Atlantic Wire: " . . . The level of detail in Mandiant's 60-page report is intimidating if you're an interested citizen — it must be horrifying for the hackers implicated in the operation who may or may not have just gotten busted (by way of Facebook and Twitter, no less). Mandiant knows not only the location of P.L.A. Unit 61398's headquarters but also the various levels of hacking expertise on staff, its spot in the hierarchy of the Army, and the companies it's targeted in recent years. The unit's more commonly known as the "Comment Crew" or the "Shanghai Group." It even made an appearance in a diplomatic cable released by WikiLeaks in 2010 that detailed the group's activity. It was later revealed that the government called the unit "Byzantine Candor," and it's not unimaginable that Obama was referring to Unit 61398's capabilities in his WSJ column as well as his State of the Union Address, when he warned of "enemies … seeking the ability to sabotage our power grid, our financial institutions, our air-traffic control systems. . . ."

more news below

Thursday, March 7, 2013

Insurance and Cybersecurity Regulations

Insurance Cybersecurity Regulations – What Insurance Coverage Do You Need? | Gilbert LLP - JDSupra: " . . . Companies should act now to protect themselves from such losses, including examining their insurance portfolios to ensure that adequate insurance coverage currently exists. If a company does not have stand-alone coverage for cyber risk, companies should highly consider acquiring cyberliability policies that can protect against either third-party or first-party losses, or both. Third-party cybersecurity policies may provide coverage for:
  • liability for permitting access to identifying information of customers;
  • transmitting a computer virus or malware to a third-party customer or business partner;
  • failing to notify a third party of their rights under the relevant regulations in the event of a security breach; and
  • potential “advertising injury,” i.e., harms through the use of electronic media, such as unauthorized use or infringement of copyrighted material, as well as libel, slander, and defamation claims. . . . "
Andreessen Horowitz, Greylock And Norwest Back Stealthy Cyber Security Startup Founded By NSA Engineers, Morta | TechCrunch: ". . . .“Sophisticated cyber threats are a significant and growing concern for both commercial and government organizations,” said Asheem Chandna of Greylock Partners in a release. “Morta is focused on developing a new category of innovative technology solutions that can help customers better defend themselves from cyber threats.” Morta has identified a real problem that both governments and companies face—cyber attacks. Just last week, The New York Times and Wall Street Journal revealed that both were the victims of cyber security breaches by Chinese hackers. There are a number of startups, including Bit9, that are trying to disrupt the space, but it should be interesting to see what Morta can do differently with its talent expertise. . ."

Security firm releases screen capture video of alleged Chinese military hackers at work - The Next Web: "While Chinese officials have dismissed the claims of state-sponsored hacking as “groundless”, numerous media organizations, including Bloomberg and The Wall Street Journal, and companies have come forward to state that they faced similar attacks. The PLA has long been suspected of orchestrating complicated cyber-attacks against foreign governments and corporations, but public evidence backing up those suspicions has been lacking. As such, Mandiant’s report stands as some of the most compelling proof of the Chinese hacking apparatus available to civilians." Access the full report here.

more news below

Tuesday, March 5, 2013

How A Prank Over The Next Xbox Ended Badly

Exclusive: The Australian Raid On SuperDaE And How A Prank Over The Next Xbox Ended In Corporate Espionage | Gizmodo Australia: " . . . . What happens next in the case is completely at the discretion of the investigating officers. . . . The charge he’s looking at — if Microsoft, eBay and PayPal who are at the centre of the dispute decide to press charges — is corporate espionage and dissemination of confidential documents as well as misuse of a computer and/or carrier service. All fairly serious charges that, when added up, can come down to some pretty serious jail time either here or in the US. . . “On my one computer alone, there are things that date back to years ago that can incriminate me in other cases,” Henry says, defeatedly. By his own admission, he intentionally breached several other gaming companies looking for information. Valve was one of the companies he admittedly breached. “There’s an FBI investigation into Valve from a year or two ago. They had their systems compromised by none other than SuperDaE,” he admits to us. Valve are looking to get their own back against SuperDaE now that he’s in a vulnerable spot, as are Epic Games, Blizzard and Sony, who also claim to have fallen victim to SuperDaE. For those transgressions, he probably should be worried. Right now, SuperDaE, also known as Dan Henry — real name Dylan — is in legal limbo. He has no money, no cards, no tech, no idea what will happen next. All he can do is pray to the video game gods to show mercy. “They want to ruin me,” he repeats at the end of our interview. . . "

more news below

Saturday, March 2, 2013

Anonymous helped expose Chinese hackers

How Anonymous accidentally helped expose two Chinese hackers | Ars Technica: " . . . they're a reminder that even talented hackers slip up all the time in little ways that can eventually give them away. Indeed, this whole story is rife with slip-ups at HBGary Federal, at, and even among Anonymous. A year after the hack, nearly everyone involved had been arrested, with ringleader Sabu turned into a snitch by the FBI. By leaving traces in their code and on sites like, hackers like UglyGorilla and SuperHard_M may have slipped up as well. Or not—one theory making the rounds among some security researchers contends that the hackers simply work with impunity in China and thus don't actually care that much about obscuring their identities."

US prepares economic countermeasures in light of recent cyberattacks | The Verge: " . . . the US government is preparing some measures to help address the situation. The Associated Press is reporting that the White House will release a new strategy tomorrow, outlining penalties, fines, and trade restrictions designed to deter countries from participating in such efforts. The announcement would come just days after The New York Times detailed a report from security firm Mandiant. That report traced many of the attacks on US corporations and business back to the People's Liberation Army base in Shanghai. While China has steadfastly denied any involvement in the recent attacks, both The Washington Post and the Times have stated that China was to blame. Facebook and Twitter have also been hit with cyberattacks, and while the details of the White House's proposal aren't known just yet, it's clear that government officials realize steps need to be taken beyond the recentcybersecurity executive order signed by President Obama. . . ."

Anonymous hacked US State Dept, investment firm in homage to Aaron Swartz, Lulzsec — RT: "Anonymous has announced it gained access to the State Department’s website, captured a database, and published it online. It also entered the site of investment firm George K. Baum & Company – all in the name of Aaron Swartz and Lulzsec. The databases which they claimed to have obtained were posted on ZeroBin website. The data dump is part of “round five” of “Operation Last Resort” – Anonymous’ anti-US campaign which was launched shortly after the suicide of internet activist Aaron Swartz. The group published the names and email addresses of State Department consular and careers staff members. In some cases, their phone numbers and date of birth were also revealed."

more news below

Cybersecurity - Google News

Malware - Google News

National Security - Google News

"Security Threats" - Google News

Maritime security - Google News

The State of Security

TSA - Google News

Homeland Security - Google News