USA Today previously revealed confidential informants engaged in “otherwise illegal activity,” as the bureau calls it, 5,658 times in 2011. The figure was at 5,939 the year before, according to documents acquired by the Huffington Post. In total, records obtained by reporters confirm the FBI authorized at least 22,823 crimes between 2011 and 2014.
blottsie writes: The NSA and FBI are both expected to investigate the leak of NSA-linked cyberweapons leaked this week by an entity calling itself the Shadow Brokers, experts with knowledge of the process tell the Daily Dot. However, multiple experts say any retaliation by the U.S. will likely remain secret to keep the tactical advantage.
Meanwhile, Motherboard reports that some former NSA staffers believe the leak is the work of a "rogue NSA insider."
“Cisco immediately conducted a thorough investigation of the files released, and has identified two vulnerabilities affecting Cisco ASA devices that require customer attention,” the company said in a statement. “On Aug. 17, 2016, we issued two Security Advisories, which deliver free software updates and workarounds where possible.”
The focus this week is on the leak of nearly 20,000 emails from the Democratic National Committee. The culprit is alleged by many, including Democratic Party officials, to be Russia. The evidence—plainly not definitive but clearly substantial—has found support among a wide range of security professionals. The Russian link is further supported by U.S. intelligence officials, who reportedly have “high confidence” that Russia is behind the attack.
“They are some of the best in the world,” Chris Finan, a former director of cybersecurity legislation in the Obama administration, an ex-director at DARPA for cyberwar research, and now the CEO of the security firm Manifold Technology, says. “We’re not talking North Korea or even China, who are really sloppy. The Russians are really good at covering their tracks.”
The misconfigured database, which was managed by a company called Automation Integrated, was exposed for at least a week, according to Vickery, who said he spoke to the company’s vice president on Saturday. Reached on Tuesday, however, an Automation Integrated employee said “no one” in the office was aware of the problem.
blottsie writes: Mayer Mizrachi and his attorney sat in the backseat as guards drove through the barbed-wire gates of La Picota prison and deposited the pair onto a sidewalk in Bogotá, Colombia. Mizrachi held fast onto a piece of paper in his right hand that declared his freedom. Before slipping into a taxi, he took one last look at the prison behind him, his home for nearly six months.
The nightmare, it seemed, was finally coming to an end. Today, Mizrachi's future is anything but certain.
In the United States, we’re used to hearing tales of technology startup failures and successes. None compare to that of Mizrachi, a 28-year-old tech entrepreneur and startup CEO, who has endured what his attorney characterizes as “kidnapping,” months of imprisonment, political grudges targeting his family, multinational maneuvering, and a life-long illness that could kill him at any moment.
In this months-long investigation, the Daily Dot dives into the forces that landed Mizrachi in prison, and how he escaped to freedom—for now.
blottsie writes: A Government Accountability Office (GAO) report released this week revealed that the FBI is using images culled from driver’s licenses, as well as passport and visa applications, in its criminal facial recognition database, something civil liberties advocates find highly problematic.
So how many libraries does the FBI have? “Oh, who knows,” FBI CJIS privacy attorney Roxane Panarella said, followed by some laughter. “There might be hundreds, or thousands, but there will only be some that are valuable to the FBI and some that are going to be legally allowed to be searched by us.”
erier2003 writes: Internet voting isn’t online banking or video calling or tweeting. Voting is a special activity, and trying to do it online poses special problems, most of which security researchers don’t yet know how to solve. Through conversations with cybersecurity experts, political scientists, a former Department of Homeland Security official, and a representative from online voting vendor, the Daily Dot's Eric Geller explores why we're a long way off from casting ballots online.
AmiMoJo writes: This interesting research documents this phenomenon in Wikipedia: "Chilling Effects: Online Surveillance and Wikipedia Use," by Jon Penney, Berkeley Technology Law Journal, 2016. Internet traffic to Wikipedia pages summarizing knowledge about terror groups and their tools plunged nearly 30 percent after revelations of widespread Web monitoring by the U.S. National Security Agency, suggesting that concerns about government snooping are hurting the ordinary pursuit of information.
chicksdaddy writes: Security improvements for connected cars may be years away, as both the government and industry struggle to catch up on the cyber security issue, according to a report from the Government Accountability Office (GAO), the Security Ledger is reporting. (https://securityledger.com/2016/04/gao-help-securing-connected-cars-is-years-away/)
In a report published in March (http://www.gao.gov/assets/680/676064.pdf) GAO paints a worrying picture as regards vehicle cyber security, telling Congress that modern vehicles feature many communications interfaces that are vulnerable to attack, and noting that remote, software based attacks that affect critical vehicle functions have already been demonstrated by researchers. Unfortunately, measures to address those threats are likely years away, as automakers work to design more secure in-vehicle systems and regulators, like that National Highway Traffic Safety Administration (NHTSA) struggle to determine their role and the scope of possible regulations.
In either case, help is likely years away, the GAO concluded, citing information gleaned from automotive industry “stakeholders.”
Despite independent research dating back more than five years showing that remote, software based attacks on vehicles were technically possible, GAO notes that both the government and industry have been slow to respond.
“Despite awareness of risks related to vehicle cybersecurity since at least 2011, the auto industry and NHTSA have only recently sharpened their focus on this issue,” GAO said.
NHTSA, the government’s lead body on vehicle safety, has taken “several important steps” on vehicle cybersecurity since 2012, GAO noted that the agency has established a vehicle-cybersecurity research program and is “soliciting industry input on the need for government and voluntary industry standards.”(https://securityledger.com/2016/04/nhtsa-drafting-cyber-security-guidelines-for-light-vehicles/) However, “NHTSA does not anticipate making a final determination on the need for government standards until 2018 when additional cybersecurity research is expected to be completed,” GAO noted.
So too on industry efforts to address vehicle cybersecurity. The development of an Automotive ISAC and a voluntary design and engineering process standard for cybersecurity—are still in their early stages, GAO notes.
“As such, some of these government and industry efforts to address vehicle cybersecurity are unlikely to provide many benefits for vehicles already operating on the roads today or those currently in the design and production stages,” the report notes.
Patrick O'Neill writes: Matt Edman is a cybersecurity expert who worked as a part-time employee at Tor Project, the nonprofit that builds Tor software and maintains the network, almost a decade ago. Since then, he's developed potent malware used by law enforcement to unmask Tor users. It's been wielded in multiple investigations by federal law-enforcement and U.S. intelligence agencies in several high-profile cases.
lpress writes: Originally, the embargo, the economy and fear of free information stifled the Cuban Internet, but each of those barriers has been eroded. The problem today is bureaucracy and its companions — fear of competition, change and stepping out of line.