Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror

Submission + - Hacking Team and Boeing Subsidiary Envisioned Drones Deploying Spyware->

Advocatus Diaboli writes: The plan is described in internal emails from the Italian company Hacking Team, which makes off-the-shelf software that can remotely infect a suspect’s computer or smartphone, accessing files and recording calls, chats, emails and more. A hacker attacked the Milan-based firm earlier this month and released hundreds of gigabytes of company information online. Among the emails is a recap of a meeting in June of this year, which gives a “roadmap” of projects that Hacking Team’s engineers have underway. On the list: Develop a way to infect computers via drone. One engineer is assigned the task of developing a “mini” infection device, which could be “ruggedized” and “transportable by drone (!)” the write-up notes enthusiastically in Italian. The request appears to have originated with a query from the Washington-based Insitu, which makes a range of unmanned systems, including the small ScanEagle surveillance drone, which has long been used by the militaries of the U.S. and other countries. Insitu also markets its drones for law enforcement.
Link to Original Source

Submission + - Senate advances secret plan forcing Internet services to report terror activity->

Advocatus Diaboli writes: The Senate Intelligence Committee secretly voted on June 24 in favor of legislation requiring e-mail providers and social media sites to report suspected terrorist activities. The legislation, approved 15-0 in a closed-door hearing, remains "classified." The relevant text is contained in the 2016 intelligence authorization, a committee aide told Ars by telephone early Monday. Its veil of secrecy would be lifted in the coming days as the package heads to the Senate floor, the aide added.

The legislation is modeled after a 2008 law, the Protect Our Children Act. That measure requires Internet companies to report images of child porn, and information identifying who trades it, to the National Center for Missing and Exploited Children. That quasi-government agency then alerts either the FBI or local law enforcement about the identities of online child pornographers. The bill, which does not demand that online companies remove content, requires Internet firms that obtain actual knowledge of any terrorist activity to "provide to the appropriate authorities the facts or circumstances of the alleged terrorist activity," wrote The Washington Post, which was able to obtain a few lines of the bill text. The terrorist activity could be a tweet, a YouTube video, an account, or a communication.

Also see this link (https://www.washingtonpost.com/world/national-security/lawmakers-want-internet-sites-to-flag-terrorist-activity-to-law-enforcement/2015/07/04/534a0bca-20e9-11e5-84d5-eb37ee8eaa61_story.html)

Link to Original Source

Submission + - Reddit's Top Forums are Shutting Down to Protest an Admin's Removal->

Advocatus Diaboli writes: Some of the most prominent parts of the social media site Reddit are going dark in defiance of the removal of an admin who organized the site’s popular “IAmA” interviews with celebrities, politicians, and other people of note. The subreddit /r/IAmA was the first to go dark following the departure of administrator Victoria Taylor, a Reddit employee who was let go, according to the forum moderators. Taylor scheduled and ran many of the forum’s Q&As.
Link to Original Source

Submission + - XKEYSCORE: NSA'S Google for the World's Private Communications->

Advocatus Diaboli writes: "The NSA’s ability to piggyback off of private companies’ tracking of their own users is a vital instrument that allows the agency to trace the data it collects to individual users. It makes no difference if visitors switch to public Wi-Fi networks or connect to VPNs to change their IP addresses: the tracking cookie will follow them around as long as they are using the same web browser and fail to clear their cookies. Apps that run on tablets and smartphones also use analytics services that uniquely track users. Almost every time a user sees an advertisement (in an app or in a web browser), the ad network is tracking users in the same way. A secret GCHQ and CSE program called BADASS, which is similar to XKEYSCORE but with a much narrower scope, mines as much valuable information from leaky smartphone apps as possible, including unique tracking identifiers that app developers use to track their own users."

also

"Other information gained via XKEYSCORE facilitates the remote exploitation of target computers. By extracting browser fingerprint and operating system versions from Internet traffic, the system allows analysts to quickly assess the exploitability of a target. Brossard, the security researcher, said that “NSA has built an impressively complete set of automated hacking tools for their analysts to use.” Given the breadth of information collected by XKEYSCORE, accessing and exploiting a target’s online activity is a matter of a few mouse clicks. Brossard explains: “The amount of work an analyst has to perform to actually break into remote computers over the Internet seems ridiculously reduced — we are talking minutes, if not seconds. Simple. As easy as typing a few words in Google.”

Link to Original Source

Submission + - Controversial GCHQ Unit Engaged in Domestic Law Enforcement, Online propaganda ->

Advocatus Diaboli writes: The spy unit responsible for some of the United Kingdom’s most controversial tactics of surveillance, online propaganda and deceit focuses extensively on traditional law enforcement and domestic activities — even though officials typically justify its activities by emphasizing foreign intelligence and counter-terrorism operations. Documents published today by The Intercept demonstrate how the Joint Threat Research Intelligence Group (JTRIG), a unit of the signals intelligence agency Government Communications Headquarters (GCHQ), is involved in efforts against political groups it considers “extremist,” Islamist activity in schools, the drug trade, online fraud, and financial scams. Though its existence was secret until last year, JTRIG quickly developed a distinctive profile in the public understanding, after documents from NSA whistleblower Edward Snowden revealed that the unit had engaged in “dirty tricks” like deploying sexual “honey traps” designed to discredit targets, launching denial-of-service attacks to shut down internet chat rooms, pushing veiled propaganda onto social networks, and generally warping discourse online.
Link to Original Source

Submission + - Stepson of Stuxnet stalked Kaspersky for months, tapped Iran nuke talks->

Advocatus Diaboli writes: Not long after blowing the lid off a National Security Agency-backed hacking group that operated in secret for 14 years, researchers at Moscow-based Kaspersky Lab returned home from February's annual security conference in Cancun, Mexico to an even more startling discovery. Since some time in the second half of 2014, a different state-sponsored group had been casing their corporate network using malware derived from Stuxnet, the highly sophisticated computer worm reportedly created by the US and Israel to sabotage Iran’s nuclear program.

Further in the article..

While neither the US nor Israel has officially acknowledged any involvement with Stuxnet, New York Times reporter David Sanger's book Obama's Secret Wars and Surprising Use of American Power leaves little doubt the computer weapon was jointly developed by the two countries in an attempt to sabotage Iran's uranium enrichment program. Nearly identical code signatures in Stuxnet and the 2011 version of Duqu mean that whoever developed the latter had broad access to the Stuxnet source. And given the work schedules of the Duqu attackers, it seems likely they were physically located in or near Israel.

Link to Original Source

Submission + - New Snowden Documents Reveal Secret Memos Expanding Spying->

Advocatus Diaboli writes: Without public notice or debate, the Obama administration has expanded the National Security Agency’s warrantless surveillance of Americans’ international Internet traffic to search for evidence of malicious computer hacking, according to classified NSA documents. In mid-2012, Justice Department lawyers wrote two secret memos permitting the spy agency to begin hunting on Internet cables, without a warrant and on American soil, for data linked to computer intrusions originating abroad — including traffic that flows to suspicious Internet addresses or contains malware, the documents show.

The Justice Department allowed the agency to monitor only addresses and “cybersignatures” — patterns associated with computer intrusions — that it could tie to foreign governments. But the documents also note that the NSA sought permission to target hackers even when it could not establish any links to foreign powers.

Link to Original Source

Submission + - NSA Planned to Hijack Google App Store to Hack Smartphones->

Advocatus Diaboli writes: "The National Security Agency and its closest allies planned to hijack data links to Google and Samsung app stores to infect smartphones with spyware, a top-secret document reveals. The surveillance project was launched by a joint electronic eavesdropping unit called the Network Tradecraft Advancement Team, which includes spies from each of the countries in the “Five Eyes” alliance — the United States, Canada, the United Kingdom, New Zealand and Australia."

"The newly published document shows how the agencies wanted to “exploit” app store servers – using them to launch so-called “man-in-the-middle” attacks to infect phones with the implants. A man-in-the-middle attack is a technique in which hackers place themselves between computers as they are communicating with each other; it is a tactic sometimes used by criminal hackers to defraud people. In this instance, the method would have allowed the surveillance agencies to modify the content of data packets passing between targeted smartphones and the app servers while an app was being downloaded or updated, inserting spyware that would be covertly sent to the phones."

Link to Original Source

Submission + - On the Dangers and Potential Abuses of DNA familial searching->

Advocatus Diaboli writes: Investigators last year turned to a controversial technique known as familial searching, which seeks to identify the last name of potential suspects through a DNA analysis focusing on the Y chromosome. A promising “partial match” emerged between the semen sample and the genetic profile of Usry’s father, Michael Usry Sr. — a finding that excluded the father but strongly suggested one of his relatives had a hand in the young woman’s murder. The results instantly breathed new life into a high-profile investigation in which Idaho Falls authorities have weathered intense criticism. But the story of how the police came to suspect the younger Usry and then eventually clear him of murder raises troubling questions about civil liberties amid the explosive — and increasingly commercial — growth of DNA testing. The elder Usry, who lives outside Jackson, Mississippi, said his DNA entered the equation through a project, sponsored years ago by the Mormon church, in which members gave DNA samples to the Sorenson Molecular Genealogy Foundation, a nonprofit whose forensic assets have been acquired by Ancestry.com, the world’s largest for-profit genealogy company.
Link to Original Source

Submission + - ACLU-Obtained Documents Reveal Breadth of Secretive Stingray Use in Florida->

Advocatus Diaboli writes: The results should be troubling for anyone who cares about privacy rights, judicial oversight of police activities, and the rule of law. The documents paint a detailed picture of police using an invasive technology — one that can follow you inside your house — in many hundreds of cases and almost entirely in secret. The secrecy is not just from the public, but often from judges who are supposed to ensure that police are not abusing their authority. Partly relying on that secrecy, police have been getting authorization to use Stingrays based on the low standard of “relevance,” not a warrant based on probable cause as required by the Fourth Amendment.
Link to Original Source

Submission + - "SSL Hijacker" Behind Superfish Debacle Imperils Large Number of Users->

Advocatus Diaboli writes: The fake secure sockets layer certificate found on Lenovo machines preinstalled with Superfish came from none other than Komodia. It was bundled with a password-protected private encryption key, presumably to prevent it from being used by malicious hackers to create websites that spied on users as they visited HTTPS-protected pages. But as Ars reported Thursday, the measure was laughably easy to bypass, since it took Errata Security CEO Rob Graham just three hours to discover that the password was, you guessed it, "komodia."
Link to Original Source

Submission + - The Great SIM Heist: How Spies Stole The Keys To The Encryptation Castle->

Advocatus Diaboli writes: AMERICAN AND BRITISH spies hacked into the internal computer network of the largest manufacturer of SIM cards in the world, stealing encryption keys used to protect the privacy of cellphone communications across the globe, according to top-secret documents provided to The Intercept by National Security Agency whistleblower Edward Snowden. The hack was perpetrated by a joint unit consisting of operatives from the NSA and its British counterpart Government Communications Headquarters, or GCHQ. The breach, detailed in a secret 2010 GCHQ document, gave the surveillance agencies the potential to secretly monitor a large portion of the world’s cellular communications, including both voice and data.
Link to Original Source

Comment The NSA hides surveillance software in hard drives (Score 5, Informative) 115 115

Ya.. another related post from engadget (http://www.engadget.com/2015/02/16/hard-drive-spyware/). "It's been known for a while that the NSA will intercept and bug equipment to spy on its soon-to-be owners, but the intellgency agency's techniques are apparently more clever than first thought. Security researchers at Kaspersky Lab have discovered apparently state-created spyware buried in the firmware of hard drives from big names like Seagate, Toshiba and Western Digital. When present, the code lets snoops collect data and map networks that would otherwise be inaccessible -- all they need to retrieve info is for an unwitting user to insert infected storage (such as a CD or USB drive) into an internet-connected PC. The malware also isn't sitting in regular storage, so you can't easily get rid of it or even detect it."

Submission + - How "omnipotent" hackers tied to NSA hid for 14 years and were found at last-> 2 2

Advocatus Diaboli writes: The money and time required to develop the Equation Group malware, the technological breakthroughs the operation accomplished, and the interdictions performed against targets leave little doubt that the operation was sponsored by a nation-state with nearly unlimited resources to dedicate to the project. The countries that were and weren't targeted, the ties to Stuxnet and Flame, and the Grok artifact found inside the Equation Group keylogger strongly support the theory the NSA or a related US agency is the responsible party, but so far Kaspersky has declined to name a culrit. NSA officials didn't respond to an e-mail seeking comment for this story. What is safe to say is that the unearthing of the Equation Group is a seminal finding in the fields of computer and national security, as important, or possibly more so, than the revelations about Stuxnet.
Link to Original Source

Submission + - Sites featuring "terrorism" or "child pornography" to be blocked in France->

Advocatus Diaboli writes: Now, the General Directorate of the National Police and its cybercrimes unit will be able to request that sites serving terrorist or pedophilia-related content be blocked by Internet Service Providers serving people in France and its territories. ISPs then have to comply with the request within 24 hours. ISPs will be able to request compensation from the French government for any extra costs incurred in blocking the sites. Users who navigate to a site “to which access is prohibited will be led to an informational page from the Ministry of the Interior,” the text of the decree said. The informational page will list the grounds for the blocking as well as any possibly remedies. Every quarter, French authorities will check whether the blocked pages still contain the offending material. If not, then the authorities will contact ISPs, which will have to unblock the sites, again within 24 hours.
Link to Original Source

You can't go home again, unless you set $HOME.

Working...