Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!


Forgot your password?
Check out the new SourceForge HTML5 internet speed test! No Flash necessary and runs on all devices. ×

Submission + - FBI Authorized Informants To Break The Law 22,800 Times In 4 Years

blottsie writes: Over a four-year period, the FBI authorized informants to break the law more than 22,800 times, according to newly reviewed documents.

Official records obtained by the Daily Dot under the Freedom of Information Act show the Federal Bureau of Investigation gave informants permission at least 5,649 times in 2013 to engage in activity that would otherwise be considered a crime. In 2014, authorization was given 5,577 times, the records show.

USA Today previously revealed confidential informants engaged in “otherwise illegal activity,” as the bureau calls it, 5,658 times in 2011. The figure was at 5,939 the year before, according to documents acquired by the Huffington Post. In total, records obtained by reporters confirm the FBI authorized at least 22,823 crimes between 2011 and 2014.

Submission + - How The U.S. Will Likely Respond To Shadow Brokers Leak

blottsie writes: The NSA and FBI are both expected to investigate the leak of NSA-linked cyberweapons leaked this week by an entity calling itself the Shadow Brokers, experts with knowledge of the process tell the Daily Dot. However, multiple experts say any retaliation by the U.S. will likely remain secret to keep the tactical advantage.

Meanwhile, Motherboard reports that some former NSA staffers believe the leak is the work of a "rogue NSA insider."

Submission + - Cisco patches 'ExtraBacon' zero-day exploit leaked by NSA hackers (dailydot.com)

Patrick O'Neill writes: After a group of hackers stole and published a set of NSA cyberweapons earlier this week, the multibillion dollar tech firm Cisco is now updating its software to counter two potent leaked exploits that attack and take over crucial security software used to protect corporate and government networks.

  “Cisco immediately conducted a thorough investigation of the files released, and has identified two vulnerabilities affecting Cisco ASA devices that require customer attention,” the company said in a statement. “On Aug. 17, 2016, we issued two Security Advisories, which deliver free software updates and workarounds where possible.”

Submission + - Hackers Claim To Be Selling NSA Cyberweapons In Online Auction

blottsie writes: A group of hackers identifying themselves as the Shadow Brokers claims to have hacked the NSA's Equation Group, a team of American hackers that have been described as both "omnipotent" and "the most advanced" threat cyberspace has ever seen.

On the Shadow Brokers' website, the group has shared a sample of data that some cybersecurity experts say lends credibility to the breach. The the hackers' asking price for what they claim is a cache of NSA-built cyberweapons.

Submission + - Russia's Rise To Cyberwar Superpower

blottsie writes: In a flurry of action over the last decade, Russia has established itself as one of the world’s great and most active cyber powers.

The focus this week is on the leak of nearly 20,000 emails from the Democratic National Committee. The culprit is alleged by many, including Democratic Party officials, to be Russia. The evidence—plainly not definitive but clearly substantial—has found support among a wide range of security professionals. The Russian link is further supported by U.S. intelligence officials, who reportedly have “high confidence” that Russia is behind the attack.

“They are some of the best in the world,” Chris Finan, a former director of cybersecurity legislation in the Obama administration, an ex-director at DARPA for cyberwar research, and now the CEO of the security firm Manifold Technology, says. “We’re not talking North Korea or even China, who are really sloppy. The Russians are really good at covering their tracks.”

Submission + - Leaky Database Leaves Oklahoma Police, Bank Vulnerable To Intruders

blottsie writes: A leaky database has exposed the physical security of multiple Oklahoma Department of Public Safety facilities and at least one Oklahoma bank.

The vulnerability—which has reportedly been fixed—was revealed on Tuesday by Chris Vickery, a MacKeeper security researcher who this year has revealed numerous data breaches affecting millions of Americans.

The misconfigured database, which was managed by a company called Automation Integrated, was exposed for at least a week, according to Vickery, who said he spoke to the company’s vice president on Saturday. Reached on Tuesday, however, an Automation Integrated employee said “no one” in the office was aware of the problem.

Submission + - The Trials And Tribulations Of 'Kidnapped' Startup Founder Mayer Mizrachi (dailydot.com)

blottsie writes: Mayer Mizrachi and his attorney sat in the backseat as guards drove through the barbed-wire gates of La Picota prison and deposited the pair onto a sidewalk in Bogotá, Colombia. Mizrachi held fast onto a piece of paper in his right hand that declared his freedom. Before slipping into a taxi, he took one last look at the prison behind him, his home for nearly six months.

The nightmare, it seemed, was finally coming to an end. Today, Mizrachi's future is anything but certain.

In the United States, we’re used to hearing tales of technology startup failures and successes. None compare to that of Mizrachi, a 28-year-old tech entrepreneur and startup CEO, who has endured what his attorney characterizes as “kidnapping,” months of imprisonment, political grudges targeting his family, multinational maneuvering, and a life-long illness that could kill him at any moment.

In this months-long investigation, the Daily Dot dives into the forces that landed Mizrachi in prison, and how he escaped to freedom—for now.

Submission + - FBI May Be Hiding Facial Recognition Databases From GAO

blottsie writes: A Government Accountability Office (GAO) report released this week revealed that the FBI is using images culled from driver’s licenses, as well as passport and visa applications, in its criminal facial recognition database, something civil liberties advocates find highly problematic.

Perhaps more worrisome, however, is that the GAO report only reveals what the FBI told GAO investigators—meaning the bureau may have far more facial recognition databases that it's hiding.

So how many libraries does the FBI have? “Oh, who knows,” FBI CJIS privacy attorney Roxane Panarella said, followed by some laughter. “There might be hundreds, or thousands, but there will only be some that are valuable to the FBI and some that are going to be legally allowed to be searched by us.”

Submission + - Online Voting Is A Cybersecurity Nightmare

erier2003 writes: Internet voting isn’t online banking or video calling or tweeting. Voting is a special activity, and trying to do it online poses special problems, most of which security researchers don’t yet know how to solve. Through conversations with cybersecurity experts, political scientists, a former Department of Homeland Security official, and a representative from online voting vendor, the Daily Dot's Eric Geller explores why we're a long way off from casting ballots online.

Submission + - New Whistleblower Points To Lawful Disclosure Method Edward Snowden Didn't Try 1

blottsie writes: John Crane, a former head of whistleblower protections has become a whistleblower himself, laying bare how official channels designed for government workers to safely expose wrongdoing are ensnaring them instead. Though some are calling the revelations “vindication for Edward Snowden,” the Crane refuses to condone Snowden’s decision, telling the Daily Dot that the former National Security Agency contractor left a key, legal avenue unexplored.

Submission + - Documenting the Chilling Effects of NSA Surveillance

AmiMoJo writes: This interesting research documents this phenomenon in Wikipedia: "Chilling Effects: Online Surveillance and Wikipedia Use," by Jon Penney, Berkeley Technology Law Journal, 2016. Internet traffic to Wikipedia pages summarizing knowledge about terror groups and their tools plunged nearly 30 percent after revelations of widespread Web monitoring by the U.S. National Security Agency, suggesting that concerns about government snooping are hurting the ordinary pursuit of information.

Submission + - Makerbot dead?

goose-incarnated writes: Makerbot announces new layoffs and an end to self-manufactured products. Pundits rush to pen the obituary. Is this the beginning of the end for 3D printing, or are we simply seeing the "second mouse gets the cheese" meme in action?

Note: Netcraft has not yet weighed in on this announcement.

Submission + - GAO Says Hack Proof Cars Are Years Away (securityledger.com)

chicksdaddy writes: Security improvements for connected cars may be years away, as both the government and industry struggle to catch up on the cyber security issue, according to a report from the Government Accountability Office (GAO), the Security Ledger is reporting. (https://securityledger.com/2016/04/gao-help-securing-connected-cars-is-years-away/)

In a report published in March (http://www.gao.gov/assets/680/676064.pdf) GAO paints a worrying picture as regards vehicle cyber security, telling Congress that modern vehicles feature many communications interfaces that are vulnerable to attack, and noting that remote, software based attacks that affect critical vehicle functions have already been demonstrated by researchers. Unfortunately, measures to address those threats are likely years away, as automakers work to design more secure in-vehicle systems and regulators, like that National Highway Traffic Safety Administration (NHTSA) struggle to determine their role and the scope of possible regulations.

In either case, help is likely years away, the GAO concluded, citing information gleaned from automotive industry “stakeholders.”

Despite independent research dating back more than five years showing that remote, software based attacks on vehicles were technically possible, GAO notes that both the government and industry have been slow to respond.

“Despite awareness of risks related to vehicle cybersecurity since at least 2011, the auto industry and NHTSA have only recently sharpened their focus on this issue,” GAO said.

NHTSA, the government’s lead body on vehicle safety, has taken “several important steps” on vehicle cybersecurity since 2012, GAO noted that the agency has established a vehicle-cybersecurity research program and is “soliciting industry input on the need for government and voluntary industry standards.”(https://securityledger.com/2016/04/nhtsa-drafting-cyber-security-guidelines-for-light-vehicles/) However, “NHTSA does not anticipate making a final determination on the need for government standards until 2018 when additional cybersecurity research is expected to be completed,” GAO noted.

So too on industry efforts to address vehicle cybersecurity. The development of an Automotive ISAC and a voluntary design and engineering process standard for cybersecurity—are still in their early stages, GAO notes.

“As such, some of these government and industry efforts to address vehicle cybersecurity are unlikely to provide many benefits for vehicles already operating on the roads today or those currently in the design and production stages,” the report notes.

Submission + - Former Tor developer created malware to hack Tor users for the FBI (dailydot.com)

Patrick O'Neill writes: Matt Edman is a cybersecurity expert who worked as a part-time employee at Tor Project, the nonprofit that builds Tor software and maintains the network, almost a decade ago. Since then, he's developed potent malware used by law enforcement to unmask Tor users. It's been wielded in multiple investigations by federal law-enforcement and U.S. intelligence agencies in several high-profile cases.

Slashdot Top Deals

If you're not careful, you're going to catch something.