Monday, July 21, 2014

Hidden network packet sniffer found in millions of iPhones, iPads

An analysis of iOS by a security expert digging into claims of the NSA spying on Apple products has revealed some unexplained surveillance tools hidden in the operating system.
His study has also shown that a user's data may not be as safe as Cupertino is making out.

Data forensics expert and author Jonathan Zdziarski wrote an academic paper on the topic in March, and gave a talk [PDF] at the Hackers On Planet Earth (HOPE X) conference in New York on Friday showing his findings. The results of his research indicate a backdoor into iOS, although it's not as wide open as some reports have suggested.
"There are certain steps that have to be taken to get this data," Zdziarski told The Register. "Backdoors are guarded, there are things protecting it – you don’t just type 'Joshua' for full access."
Zdziarski's analysis shows that 600 million iOS devices, particularly those running the most recent version 7 builds, have data discovery tools that are separate from those used by Apple for standard backup and storage. These include a file-relay service that can snoop out data, bypassing the Backup Encryption service offered by Apple.

Read more here.

Kerry caught on hot mic disparaging Israel

Secretary of State John Kerry was caught on a hot mic on Fox News Sunday apparently disparaging Israel’s claim to be conducting a “pinpoint” operation in Gaza.

Host Chris Wallace explained that while Kerry spoke with an aide between his interviews with multiple Sunday shows, a microphone picked up his rather candid remarks in what Wallace called an “extraordinary moment of diplomacy” about the violence there.

“It’s a hell of a pinpoint operation,” Kerry said. “It’s a hell of a pinpoint operation … We’ve got to get over there. Thank you, John. I think, John, we ought to go tonight. I think it’s crazy to be sitting around.”
Wallace asked him after playing the recording whether he was upset that the Israelis were going too far, and Kerry appeared to go into damage control mode.

Read more here.

Thursday, July 17, 2014

Former Hospital Worker Faces HIPAA Charges

Federal prosecutors in Texas have taken the relatively uncommon move of pursuing criminal charges against an individual for alleged HIPAA violations. The case serves as a reminder that healthcare workers can potentially face prison time and hefty monetary fines for wrongful disclosures of patient data.

The U.S. Department of Justice earlier this month announced the criminal indictment of Joshua Hippler, a 30-year-old former employee of an unnamed hospital in East Texas.

The indictment, which was filed on March 26 in the U.S. district court in Tyler, Texas, but was sealed until July 3, charges Hippler with wrongful disclosure of individual identifiable health information, with the intent to sell, transfer and use for personal gain. The alleged criminal HIPAA violations began about Dec. 1, 2012, continuing through about Jan. 14, 2013, court documents says.

Read more here.

Wednesday, July 16, 2014

Details Emerge of Boeing Hack

Three Chinese nationals seeking to make "big bucks" broke into the computers of Boeing and other military contractors, stealing trade secrets on transport aircraft, a U.S. criminal complaint says.
The criminal complaint, dated June 27 and made public last week, describes in some detail how the alleged conspirators patiently observed Boeing and its computer network for a year, and then breached the contractor's systems to steal intellectual property on the C-17 military transport. It also casts light on the free-enterprise nature of cyber-snooping, as the co-conspirators allegedly exchanged e-mails about profiting from their enterprise.

U.S. authorities accuse Su Bin, a Chinese businessman residing in Canada, of helping direct two other Chinese nationals in cyberattacks to obtain information about the C-17 and other military projects. The complaint says that Su, who was arrested last month in Canada, and two-unnamed co-conspirators, identified as UC1 and UC2, targeted information related to parts and performance of the C-17 transport and Lockheed Martin's F-22 and F-35 fighter jets. Su, who was arrested last month, is in jail in Canada, awaiting a bail hearing.
The initial attacks against Boeing occurred between Jan 14 and March 20, 2010, and for part of that time Su was in the United States, FBI Special Agent Noel Neeman says in the complaint. The documents do not describe how the information about the Lockheed Martin jet fighters were obtained.

Read more here.

Philadelphia VA tried to bug congressional investigators

During a congressional hearing into alleged intimidation of whistleblowers at the Department of Veterans Affairs, it was revealed that members of the Philadelphia regional office tried to record committee investigators with microphones and cameras earlier in the month.

In the July 2 incident, committee aides met with officials at the office, where they were directed to a workspace equipped with cameras and microphones, ABC News reported.

Once investigators realized they were being taped, they requested to be moved to a new room.

“It has been made clear that there is not a corner that [Veterans Benefits Administration] leadership will not cut, nor a statistic that they will not manipulate to lay claim to a hollow victory,” House Veterans Affairs Chairman Jeff Miller, Florida Republican, said Monday, ABC reported.

Allison Hickey, VA undersecretary for benefits apologized to the committee for the July 2 incident.

“I offer my sincere apologies to your staff and my commitment that it will not happen again. You’ll receive anything you need,” Ms. Hickey said, ABC News reported.

Americans installing 'perfect spying device' in their own living rooms..

(NaturalNews) Amazon.com is building the CIA's new $600 million data center, reports the Financial Times. (1) At the same time Amazon.com is building this massive cloud computing infrastructure for the CIA, the company is also shipping millions of Fire TV set-top devices to customers who are placing them in their private homes. I have one myself, and it's a terrific piece of hardware for delivering Prime video content. In fact, in terms of its usability and specs, it's far superior to Roku or Netflix-capable devices. Fire TV is, hands down, the best set-top video delivery device on the market today.

But there's something about it that always struck me as odd: it has no power button. There's no power button on the remote, and there's no power button on the box. It turns out there's no way to power the device off except for unplugging it.

This is highly unusual and apparently done by design. "It is not necessary to turn off Amazon Fire TV when you are finished using it," says the Amazon.com website. (2) "Your Amazon Fire TV is designed to go into sleep mode after 30 minutes, while continuing to automatically receive important software updates."

Note carefully that this does not say your Fire TV device WILL go into sleep mode after 30 minutes; only that it is "designed" to go into sleep mode after 30 minutes. As lawyers well know, this is a huge difference.

Friday, July 11, 2014

Hotel's Payment System Breached

For six months, cyber-attackers breached the credit card payment system for The Houstonian Hotel, Club and Spa, accessing account information about an undisclosed number of customers.
On June 10, the U.S. Secret Service notified the hotel regarding a potential breach in the organization's payment processing systems; The Houstonian then took mitigation steps, according to a statement provided to Information Security Media Group.

"As of June 20, we had fully replaced and overhauled the breached systems, further restricted access to all our servers and hired a data forensics firm to help us enhance our digital security," the hotel says.
The forensics team determined that an intruder illegally penetrated the hotel's internal computer systems between Dec. 28, 2013, and June 20, 2014. Credit card and payment information was compromised during that time, the hotel says.
State and federal law enforcement investigations into the incident are continuing. The hotel is offering affected individuals one year of free credit monitoring services.
A spokesman for the hotel declined to provide additional information.

Read more here.