Crime

Hackers Leak List of FBI Employees (vice.com) 118

puddingebola writes: The hackers responsible for the leaking of DHS employees made good on their threat to reveal the names of 20,000 FBI employees. From the article: "The hacker provided Motherboard with a copy of the data on Sunday. The list includes names, email addresses (many of which are non-public) and job descriptions, such as task force deputy director, security specialist, special agent, and many more. The list also includes roughly 1,000 FBI employees in an intelligence analysis role."
Crime

Metel Hackers Roll Back ATM Transactions, Steal Millions (threatpost.com) 69

msm1267 writes: Researchers from Kaspersky Lab's Global Research & Analysis Team today unveiled details on two new criminal operations that have borrowed heavily from targeted nation-state attacks, and also shared an update on a resurgent Carbanak gang, which last year, it was reported, had allegedly stolen upwards of $1 billion from more than 100 financial companies. The heaviest hitter among the newly discovered gangs is an ongoing campaign, mostly confined to Russia, known as Metel. This gang targets machines that have access to money transactions, such as call center and support machines, and once they are compromised, the attackers use that access to automate the rollback of ATM transactions. As the attackers empty ATM after ATM—Metel was found inside 30 organizations—the balances on the stolen accounts remained untouched.
China

Malware Targets Skype Users, Records Conversations (softpedia.com) 48

An anonymous reader writes: A new backdoor trojan is making the rounds, coming equipped with features that allow it to steal files, take screengrabs, and record Skype conversations. Currently detected targeting US organizations, researchers linked it to previous malware developed by a Chinese cyber-espionage group called Admin@338. Besides recording Skype conversations, the malware can also steal Office documents, and includes a complicated installation procedure that allows it to avoid antivirus software installed on the machine.
Security

Neutrino Exploit Kit Has a New Way To Detect Security Researchers (csoonline.com) 40

itwbennett writes: [The Neutrino exploit kit] is using passive OS fingerprinting to detect visiting Linux machines, according to Trustwave researchers who found that computers they were using for research couldn't make a connection with servers that delivered Neutrino. Daniel Chechik, senior security researcher at Trustwave's SpiderLabs division wrote that they tried changing IP addresses and Web browsers to avoid whatever was causing the Neutrino server to not respond, but it didn't work. But by fiddling with some data traffic that Trustwave's computers were sending to the Neutrino server, they figured out what was going on.
Botnet

Online Museum Displays Decades of Malware (thestack.com) 39

An anonymous reader writes: archive.org has launched a Museum of Malware, which devotes itself to a historical look at DOS-based viruses of the 1980s and 1990s, and gives viewers the opportunity to run the viruses in a DOS game emulator, and to download 'neutered' versions of the code. With an estimated 50,000 DOS-based viruses in existence by the year 2000, the Malware Museum's 65 examples should be seen as representative of an annoying, but more innocent era of digital vandalism.
Government

UK Wants Authority To Serve Warrants In U.S. (usatoday.com) 143

schwit1 writes with this news, as reported by USA Today: British and U.S. officials have been negotiating a plan that could allow British authorities to directly serve wiretap orders on U.S. communications companies in criminal and national security inquiries, U.S. officials confirmed Thursday. The talks are aimed at allowing British authorities access to a range of data, from interceptions of live communications to archived emails involving British suspects, according to the officials, who are not authorized to comment publicly. ... Under the proposed plan, British authorities would not have access to records of U.S. citizens if they emerged in the British investigations. Congressional approval would be required of any deal negotiated by the two countries.
Google

Google Targets Fake "Download" and "Play" Buttons (torrentfreak.com) 117

AmiMoJo writes: Google says it will go to war against the fake 'download' and 'play' buttons that attempt to deceive users on file-sharing and other popular sites. According to a new announcement from the company titled 'No More Deceptive Download Buttons', Google says it will expand its eight-year-old Safe Browsing initiative to target some of the problems highlighted above. 'You may have encountered social engineering in a deceptive download button, or an image ad that falsely claims your system is out of date. Today, we're expanding Safe Browsing protection to protect you from such deceptive embedded content, like social engineering ads,' the company says.
Crime

Survey: Average Successful Hack Nets Less Than $15,000 (csoonline.com) 84

itwbennett writes: According to a Ponemon Institute survey, hackers make less than $15,000 per successful attack and net, on average, less than $29,000 a year. The average attacker conducts eight attacks per year, of which less than half are successful. Among the findings that will be of particular interest to defenders: Hackers prefer easy targets and will call off an attack if it is taking too long. According to the survey, 13 percent quit after a delay of five hours. A delay of 10 hours causes 24 percent to quit, a delay of 20 hours causes 36 to quit, and a majority of 60 percent will give up if an attack takes 40 additional hours. 'If you can delay them by two days, you can deter 60 percent of attacks,' said Scott Simkin, senior threat intelligence manager at Palo Alto Networks, which sponsored the study.
Censorship

Julian Assange May Surrender To British Police On Friday (twitter.com) 327

bestweasel writes: As reported by The Guardian and others, Julian Assange has announced via Wikileaks that: "Should the UN announce tomorrow that I have lost my case against the United Kingdom and Sweden, I shall exit the embassy at noon on Friday to accept arrest by British police as there is no meaningful prospect of further appeal. ... However, should I prevail and the state parties be found to have acted unlawfully, I expect the immediate return of my passport and the termination of further attempts to arrest me."
China

Duplicate Login Details Enabled Hack of More Than 20 Million Chinese Consumers (thestack.com) 14

An anonymous reader writes: According to various Chinese sources including Techweb (Chinese language), police in Zhejiang held a conference on Monday announcing that 20.59 million users of the 'Chinese eBay', taobao.com, had their login details stolen by proxy, when hackers ran user/pass combos from a stolen database of 99 million other users and found that more than 20% were using the same login credentials across different ecommerce sites.
Crime

Dutch Police Train Bald Eagles To Take Out Drones 137

Qbertino writes: Heise.de (German article) reports that the Dutch police is training raptor birds — bald eagles, too — to take down drones. There's a video (narrated and interviewed in Dutch) linked in TFA. It's a test phase and not yet determined if this is going real — concerns about the birds getting injured are among the counter-arguments against this course of action. This all is conducted by a company called "Guard from above," which designs systems to prevent smugling via drones. The article also mentions MTU's net-shooting quadcopter concept of a drone-predator. Of course, there are also 'untrained' birds taking out quadcopters, as you might have seen already.
Crime

San Francisco Bay Area In Superbowl Surveillance Mode (wired.com) 95

An anonymous reader links to Wired's description of a surveillance society in miniature assembling right now in San Francisco: Super Bowl 50 will be big in every way. A hundred million people will watch the game on TV. Over the next ten days, 1 million people are expected to descend on the San Francisco Bay Area for the festivities. And, according to the FBI, 60 federal, state, and local agencies are working together to coordinate surveillance and security at what is the biggest national security event of the year.
Previous year's Superbowl security measures have included WMD sensors, database-backed facial recognition, and gamma-ray vehicle scanners. Given the fears and cautions in the air about this year's contest, it's easy to guess that the scanning and sensing will be even more prevalent this time.
EU

Europe Now Has Its Own "Most Wanted Fugitives" Web Page (eumostwanted.eu) 208

New submitter ffkom writes: European police organization Europol was probably jealous of the fame and popularity of the FBI's Most Wanted site, so they finally launched their own, European version. And if you want to know what a peaceful place Europe is, just consider this: You don't even have to kill anyone to get on the current "Most Wanted Fugitives" list. A mere fraud worth 12€ is currently enough to get you into this "Hall of questionable fame."
Crime

The Dark Arts: Meet the LulzSec Hackers (hackaday.com) 63

szczys writes: Reputations are earned. When a small group of hackers who were part of Anonymous learned they were being targeted for doxing (having their identities exposed) they went after the would-be doxxer's company, hard, taking down two of the company websites, the CEO's Facebook, Twitter, Yahoo, and even his World of Warcraft accounts. The process was fast, professional, and like nothing ever seen before. This was the foundation of Lulz Security and the birth of a reputation that makes LulzSec an important part of black hat history. Good companion piece and update to some of our earlier posts about the hack; that would-be doxxer was Aaron Barr.
Communications

The Widely Reported ISIS Encrypted Messaging App Is Not Real 113

blottsie writes: Despite widespread reports to the contrary, an app created for Islamic State militants to send private encrypted messages does not exist, a week-long Daily Dot investigation found. All of the media articles on the Alrawi app showed screenshots of a different app entirely, one that is a glorified RSS reader with a totally different name. The Defense One journalist who first reported on GSG's claims about the app told the Daily Dot that he hadn't seen any version of Alrawi at all, and the subsequent reports on the app largely relied on Defense One's reporting. The Daily Dot was the first media outlet to receive, on Jan. 18, what GSG claimed was the Alrawi encryption app. The app, called "Alrawi.apk," contained no ability to send or encrypt messages. It was created using MIT's App Inventor, a plug-and-play tool meant primarily for children.
Crime

12 Years Later, Warrantless Wiretaps Whistleblower Facing Misconduct Charges (usnews.com) 96

cold fjord writes: Former Justice Department attorney Thomas Tamm sparked an intense public debate about warrantless surveillance nearly a decade before Edward Snowden. Tamm tipped reporters in 2004 about the use of nonstandard warrantless procedures under the Bush administration for intercepting international phone calls and emails of Americans. New York Times reporters James Risen and Eric Lichtblau used Tamm's revelations to help them win a Pulitzer Prize. Barack Obama criticized the program and the Obama administration Justice Department announced in 2011 that it would not bring criminal charges against him. Unfortunately Tamm is now facing disciplinary hearings before the D.C. Office of Disciplinary Counsel which prosecutes the D.C. Bar's disciplinary cases. Tamm is facing ethics charges that could result is his disbarment, revoking his law license. Tamm is alleged to have "failed to refer information in his possession that persons within the Department of Justice were violating their legal obligations to higher authority within the Department" and "revealed to a newspaper reporter confidences or secrets of his client, the Department of Justice." Tamm currently resides in Maryland where he is a public defender. The effect of the D.C. case on him there is unclear. Tamm's attorney, Georgetown University law professor Michael Frisch, says the delays seen in this case are not unusual in D.C., it can take years for matters to play out. Another of Frisch's clients, who exposed the interrogation of "American Taliban" John Walker Lindh, believes the prosecution is political persecution.
Crime

Ransomware Hits Three Indian Banks, Causes Millions In Damages (malwarebytes.org) 76

An anonymous reader writes: Ransomware has locked computers in three major Indian banks and one pharmaceutical company. While the ransom note asks for 1 Bitcoin, so many computers have been infected that damages racked up millions of dollars. According to an antivirus company that analyzed the ransomware, it's not even that complex, and seems the work of some amateur Russians.
Crime

Utah Bill Would Require IT Workers To Report Child Porn (ksl.com) 391

Mr.Intel writes: A Utah lawmaker wants computer technicians to face jail time if they don't immediately report child pornography they discover on someone's computer. The proposal would require computer technicians to report child pornography to law enforcement or a federal cyber tip line if they encounter the material, but they would not be required to go searching for it. If they find it and don't report it, they could be given up to six months in jail and a $1,000 fine. It would mirror laws already on the books in at least 12 other states, according to the National Conference of State Legislatures.
Advertising

Google Says It Killed 780 Million 'Bad Ads' In 2015 (cio.com) 92

itwbennett writes: According to a new Google report, the search giant disabled more than 780 million "bad ads," including include ads for counterfeit products, misleading or unapproved pharmaceuticals, weight loss scams, phishing ploys, unwanted software and "trick-to-click" cons, globally last year. This marks a 49 percent increase over 2014. For perspective, it would take an individual nearly 25 years to look at the 780 million ads Google removed last year for just one second each, according to Google. If the trend continues, Google's team of more than 1,000 staffers dedicated to killing spam will be even busier in 2016, and they could disable more than a billion junky ads.
Crime

FBI "Took Over World's Biggest Child Porn Website" (telegraph.co.uk) 301

An anonymous reader writes with this excerpt from The Telegraph: The FBI took over the world biggest child pornography website in a sting operation intended to catch viewers of sexual images of children sometimes 'barely old enough for kindergarten', it has been revealed. The controversial operation ran for nearly two weeks last year, when the bureau took control of the Playpen website in an effort to weed out users who would normally be hidden because they accessed such sites through encrypted addresses. Agents have defended the dubious of ethics of a government agency running a child porn site by insisting there was no other way to catch offenders.

Slashdot Top Deals