Thursday, October 31, 2013

Bugs that scan wi-fi devices found in imported kitchen gadgets

Russian investigators claim to have found household appliances imported from China which contain hidden microchips that pump spam data and malware into wi-fi networks, it has been reported.

Authorities in St Petersburg allegedly discovered 20 to 30 kettles and irons with 'spy microchips that send some data to the foreign server'.

The revelation comes just as the EU launches an investigation into claims that Russia itself bugged gifts to delegates at last month's G20 summit in an attempt to retrieve data from computers and telephones.


This has led to speculation that the chips allegedly found in the home appliances may also have the ability to steal data and send it back to Chinese servers.

The allegations against the Chinese were made in St Petersburg news outlet Rosbalt, which quotes a source from customs broker Panimport, but does not detail what data was being sent or to where.

According to The Register, which translated the article, it would be possible to build a malicious microchip - sometimes referred to as a spambot or spybot - small enough to hide in a kettle.

Wednesday, October 30, 2013

NSA secretly tapped Google, Yahoo data centers worldwide


Massive cloud networks from companies like Google and Yahoo cache and serve up much of the data on the Internet -- and the NSA has secretly tapped into the unencrypted links behind those company’s enormous servers, according to a new report from the Washington Post.
By tapping into that link, the NSA can collect data at will from hundreds of millions of user accounts, the Post reported -- including not just foreign citizens and “metadata” but emails, videos and audio from American citizens.

Operation MUSCULAR, a joint program of the NSA and its British equivalent GCHQ, relies on an unnamed telecommunications provider outside of the U.S. to offer secret access to a cable or switch through with Google and Yahoo pass unencrypted traffic between their servers. The massive servers run by the company are carefully guarded and strictly audited, the companies say; according to Google, buildings housing its servers are guarded around the clock by trained personnel, and secured with heat-sensitive cameras, biometric verification, and more.

Two engineers with close ties to Google exploded in profanity when they saw a drawing of the NSA’s hack revealed by Edward Snowden; the drawing includes a smiley face next to the point at which the agency apparently was able to tap into the world’s data.


Tuesday, October 29, 2013

RUSSIAN G20 GIFTS TO WORLD LEADERS CONTAIN DATA-STEALING MALWARE

Commemorative gifts distributed by the Russian government meant to celebrate the G20 Summit in St. Petersburg last September are infected with data-stealing malware, according to analysis.
The gifts, which included USB drives and phone chargers emblazoned with the G20 Summit logo, were distributed to world leaders at the event. EU Council President Herman Van Rompuy turned his over to German researchers for analysis, and it was determined that the units contained malware designed to exfiltrate sensitive data from cell phones and computers if users plugged them in to their devices according to a report by La Stampa.
EU authorities are conducting an investigation to determine if the attendees were being targeted in an attempted espionage operation, and have warned other nations who participated in the conference of the potential threat to security.

Wednesday, October 23, 2013

Cayman Cops widen techie spying net

(CNS): According to a leaked memo, which was sent by the Information and Communications Technology Authority’s director to local telecommunications firms, government authorities are planning to widen their spying net and wire taps to include all kinds of electronic information. The memo, sent on 15 October, calling the private companies to a meeting indicates that the local authorities are planning revised regulations that will allow the authorities to not only tap phones but wider communication networks as well. While this is supposed to assist the RCIPS in legal investigations, without oversight or a data protection law the authorities will be able to collect masses of information with newly purchased spying equipment.
Almost $1 million has been set aside in this budget for the specialist surveillance equipment to intercept electronic communications, which the police have already purchased, sources told CNS this week. However, the cops now need to get inside the local communication networks to check that it can do the job required, especially with the upgrades that most of the local telecoms firms have recently undertaken.
The ICTA’s director, David Archbold who is himself currently under an investigation regarding possible irregularities relating to recruitment at the government authority, told the local telecom firms and internet service providers that government had instructed the authority to draft new regulations to mandate the provision of legal interception facilities for the police by the telecom firms.

Tuesday, October 22, 2013

Wall Street banks stage cyber attack

In a staged simulation called Quantum Dawn 2, bank security executives were tasked with detecting how a massive cyber attack was unfolding in the markets.


A few months ago, a group of Wall Street banks fashioned a risk-manager’s worst nightmare to determine how they would survive. Luckily, it was all pretend.
In a staged simulation called Quantum Dawn 2, bank executives in charge of operations, technology and crisis planning were tasked with detecting how a massive cyber attack was unfolding in the markets – but each one only got to see a tiny red flag waving in a sea of information.
In some cases, a blue-chip stock started to plummet inexplicably. Soon, shocking news about the company hit the market, but unbeknownst to the participant, the news was fake.
For others, trading systems were on the fritz, or government websites stopped functioning. Even basic technology such as telephones and printers stopped working properly for some.
Individually, any of these problems would be reason to worry. The challenge for Quantum Dawn 2′s victims was not only spotting a problem, but communicating with rivals, exchanges and government authorities to conclude that markets were in the throes of a systemic crisis and needed to be shut down.

Monday, October 21, 2013

Federal Fusion Centers are Spying on You - A Search Warrant? What is That?

(Tenth Amendment Center)  -  In the midst of the never-ending NSA spying revelations, it is easy to lose track of all of the unconstitutional acts committed by the so-called intelligence community – and the ways that NSA spying, and mentality behind it, permeates law enforcement at all levels.

One  troubling aspect recently revealed is the fact that the feds give warrantless, illegally-collected information to local law-enforcement agencies for their investigations. This is done through something called “Special Operations Division,” and through Fusion Centers.

The Fusion Centers act as a conduit for Big Brother – they’re a place to simply receive data collected, with or without a warrant, by federal agencies like the NSA.  That information is passed on to local law enforcement and often used in day-to-day criminal investigations.

Fusion Centers were set-up under the "small government" Bush Administration to “help keep America safe” after 9/11. The Patriot Act removed barriers that prevented the feds from sharing intelligence information with local law enforcement. This was meant to facilitate communication between agencies so decisions could be made quickly in order to “prevent another terrorist attack.”  At least that’s how it was sold. Unfortunately, this practice has been abused and focused on the whole American population – not just terror suspects.

More here.

Saturday, October 12, 2013

Deutsche Telekom hopes to hide German internet traffic from spies

FRANKFURT (Reuters) - Germany's biggest telecoms operator is pushing to shield local internet traffic from foreign spies by routing it only through domestic connections, Deutsche Telekom said on Saturday.

Public outrage followed revelations that U.S. spy programs had accessed the private messages of German citizens. Deutsche Telekom had already said it would only channel local email traffic through servers within Germany.

The company aims to agree with other internet providers that any data being transmitted domestically would not leave German borders, a Deutsche Telekom spokesman said.

"In a next step, this initiative could be expanded to the Schengen area," the spokesman said, referring to the group of 26 European countries - excluding Britain - that have abandoned immigration controls.

Revelations of snooping by the secret services of the United States and Britain were based on documents leaked by fugitive former National Security Agency contractor Edward Snowden. News magazine Der Spiegel reported in June that the United States taps half a billion phone calls, emails and text messages in Germany in a typical month.

More here.

Friday, October 4, 2013

Adobe hacked, millions of customers' data compromised

A security breach targeting the source code used by software giant Adobe has compromised the information of nearly three million customers, the company confirmed this week.

Brad Arkin, Adobe’s chief security officer, announced in a blog post Thursday that a sophisticated cyber attack on the company’s network caused the source code for numerous programs to be illegally accessed by hackers, as well as the personal information of millions of Adobe users.

Founded in 1982, the Silicon Valley company is known for an array of products, including the PhotoShop editing software and the PDF, SWF and FLV file formats.

According to Arkin, Adobe believes the attackers pilfered customer names, encrypted credit and debit card numbers, expiration dates, and other information related to customer orders pertaining to roughly 2.9 million Adobe clients.

Arkin said the company does not believe the attackers accessed decrypted information, but stopped short of confirming that plain-text data wasn’t compromised.

“We’re working diligently internally, as well as with external partners and law enforcement, to address the incident,” he said.

He also stated that the theft of customer data and the source code for numerous Adobe products was likely related.

British spy chief snubs EU parliament over bugging inquiry

MEPs have described as "deplorable" Britain's decision to snub a European Parliament hearing on claims the UK bugged Belgium's top phone company, Belgacom.

Dutch MEP Sophie in 't Veld had invited Sir Iain Lobban, the director of British signals intelligence hub GCHQ, to attend the event in Brussels on Thursday.
But Sir Jon Cunliffe, the British ambassador to the EU, replied in a letter seen by The Daily Telegraph that she had no right to do so under the EU treaties.
"National security is the sole responsibility of member states. The activities of intelligence services are equally the sole responsibility of each member state and fall outside the competences of the Union. For that reason, and with respect, the UK must decline your invitation," he said.
Referring to the Belgacom allegations "it is my government’s consistent policy not to comment on intelligence matters".
A spokesman for the British embassy to the EU added that it was not a matter of "being nice or not" to the EU parliament. "It's a matter of national security, not a European matter," she said.

Tuesday, October 1, 2013

Chinese spies bugged the Nortel buildings


Note: Would it not have been more cost effective to have had regularly scheduled Cyber TSCM Inspections? How about your company? Contact ComSec, we can help. ~JDL
The Harper government has just learned that the future headquarters of National Defense and the armed forces is plugged with electronic spy bugs placed there by Chinese spies there years ago when it was still a big Nortel industrial complex.
The devices are hidden in the walls, the ceilings and even in the heating system. It could take years to find them all and the estimated cost to find every one of them is three-quarters of billion bucks!
The former head of our Canadian spy agency Richard Fadden lost his CSIS job last spring after he announced publicly that Chinese computer hackers had been spying on our politicians. Now we find out he was bang on.
Back in the days when the spy bugs went in, it was all about getting Nortel industrial secrets, not military secrets.
Only now are we finding out.
Despite contrary advice from electronic security experts -- and ironically – even the new Minister of National Defence, Peter MacKay, the Harper government went ahead and bought the entire Nortel complex for a pitance to house the Defense department.

SECURITY MOGUL REVEALS $100 DEVICE TO FOIL NSA SPYING AND MAKE INTERNET ‘HACK-PROOF’


A security company mogul revealed an idea for a device that would help users thwart online surveillance, like that conducted by the National Security Agency, and also make the Internet “hack-proof.”
John McAfee, founder of McAfee Inc., sat in cargo pants, a black hoodie and Nikes at the C2SV Technology Conference + Music Festival in San Jose over the weekend, talking about a pocket-size device that would cost less than $100. He said it would create a mobile, encrypted network that makes it impossible to tell “who is doing what, when or where.”
McAfee said he has been thinking about the product called D-Central made through his new company Future Tense Central for years.
“I can’t get out of security,” he said. “For some reason, it’s part of my brain, part of my thinking. And we don’t have much anymore, certainly not in the online world.
“The NSA helped create every single encryption algorithm that we use,” McAfee alleged, ” therefore, they can get access to whatever they want.”
The way McAfee explained it, the D-Central hardware device and app would not only protect against spying from government agencies but hackers as well.
“We live in a very insecure world with a very insecure communication platform,” he continued.