Tuesday, July 30, 2013

Elite hacker Barnaby Jack dies ahead of Black Hat event..

An elite hacker who was due to demonstrate how heart implants could be hacked has died unexpectedly in San Francisco.

Barnaby Jack died on Thursday, the city's medical examiner's office told Reuters, but did not give more details.He had been due to give a presentation into medical device vulnerabilities at the Black Hat security conference in Las Vegas taking place next week.

He had said one technique could kill a man from 30 feet (nine metres) away.
IOActive, the security firm at which Mr Jack was director of embedded devices, said it was preparing a statement. In a tweet, the company said: "Lost but never forgotten our beloved pirate, Barnaby Jack has passed."

His sister Amberleigh Jack, who lives in New Zealand, told Reuters news agency he was 35.
Mr Jack became one of the most famous hackers on the planet after a 2010 demonstration in which he hacked a cashpoint, making it give out money. The technique was dubbed "Jackpotting".

Moscow Metro says new tracking system is to find stolen phones..

On Monday, a major Russian newspaper reported that Moscow’s metro system is planning what appears to be a mobile phone tracking device in its metro stations—ostensibly to search for stolen phones.
According to Izvestia (Google Translate), Andrey Mokhov, the operations chief of the Moscow Metro system’s police department, said that the system will have a range of five meters (16 feet). “If the [SIM] card is wanted, the system automatically creates a route of its movement and passes that information to the station attendant,” Mokhov said.
Many outside experts, both in and outside Russia, though, believe that what local authorities are actually deploying is a “stingray,” or “IMSI catcher”—a device that can fool a phone and SIM into reading from a fake mobile phone tower. (IMSI, or an International Mobile Subscriber Identity number, is a 15-digit unique number that sits on every SIM card.) Such devices can be used as a simple way to see what phone numbers are being used in a given area or even to intercept the audio of voice calls.
The Moscow Metro did not immediately respond to our request for comment.
“Many surveillance technologies are created and deployed with legitimate aims in mind, however the deploying of IMSI catchers sniffing mobile phones en masse is neither proportionate nor necessary for the stated aims of identifying stolen phones,” Eric King of Privacy International told Ars.
“Likewise the legal loophole they claim to be using to legitimize the practice—distinguishing between tracking a person from a SIM card—is nonsensical and unjustifiable. It's surprising it's being discussed so openly, given in many countries like the United Kingdom, they refuse to even acknowledge the existence of IMSI catchers, and any government use of the technology is strictly national security exempted.”

Friday, July 26, 2013

Is Your Cable Box Spying On You?

“Watching the watchers” is taking on a whole new meaning.
News that Google Inc. (NASDAQ:GOOG) may be developing a television set-top box with a motion sensor and video camera has rekindled the debate over technology that can record so-called ambient action. Should a TV-mounted box have the ability to track our movements, record our voices and monitor our behaviors? Should cable providers and tech companies be allowed to collect such information without our consent?
Lawmakers and privacy advocates are asking such questions as companies continue to experiment with data collection that will extend beyond our gadgets and into our living rooms and bedrooms. On Thursday, the Wall Street Journal reported that Google privately showed off a prototype device at the Consumer Electronics Show in Las Vegas last January. The company is one of many tech players looking to compete with pay-TV providers, who themselves have been exploring new ways to capture information about viewers’ behavior.
In November, Verizon Communications Inc. (NYSE:VZ) filed a patent application for a set-top box that delivers advertisements based on users’ behaviors. For instance, two people cuddling on sofa watching TV might see a commercial for a romantic Disney cruise, while an arguing couple might see a pitch for couples’ therapy. The device would use a combination of motion and audio sensors to collect information about what viewers are doing as they watch TV.

EXCLUSIVE: GPS flaw could let terrorists hijack ships, planes..

The world’s GPS system is vulnerable to hackers or terrorists who could use it to hijack ships -- even commercial airliners, according to a frightening new study that exposes a huge potential hole in national security.
Using a laptop, a small antenna and an electronic GPS “spoofer” built for $3,000, GPS expert Todd Humphreys and his team at the University of Texas took control of the sophisticated navigation system aboard an $80 million, 210-foot super-yacht in the Mediterranean Sea.
“We injected our spoofing signals into its GPS antennas and we’re basically able to control its navigation system with our spoofing signals,” Humphreys told Fox News.
By feeding counterfeit radio signals to the yacht, the UT team was able to drive the ship far off course, steer it left and right, potentially take it into treacherous waters, even put it on a collision course with another ship. All the time, the ship’s GPS system reported the vessel was calmly moving in a straight line, along its intended course. No alarms, no indication that anything was amiss.
Capt. Andrew Schofield, who invited Humphreys and his team aboard to conduct the experiment told Fox News he and his crew were stunned by the results.

Read more: http://www.foxnews.com/tech/2013/07/26/exclusive-gps-flaw-could-let-terrorists-hijack-ships-planes/#ixzz2aBpGxGjI

Wednesday, July 24, 2013


A report released last week by the State Department’s inspector general blasted its office tasked with cybersecurity as being mismanaged and not doing its primary functions, which at the time of the inspection were actually being performed by other offices within the department. But so far, it’s garnered little attention.

Titled Inspection of the Bureau of Information Resource Management, Office of Information Assurance, the little publicized report evaluates the office tasked with providing “information technology and services the Department needs to successfully carry out its foreign policy mission by applying modern IT tools, approaches, systems, and information products.” As part of this, it also needs to address information security of the systems as directed by Title III of the E-Government Act of 2002.
What the inspector general found though was that IRM/IA “does not fulfill all those requirements” laid out in Title III. In fact, “the majority of the required functions are performed by Department of State (Department) offices other than IRM/IA,” the report states.

More here: http://www.theblaze.com/stories/2013/07/24/the-report-on-govt-cybersecurity-causing-major-concerns-that-you-might-not-have-heard-of-yet/

Tuesday, July 23, 2013

Apple Developer site hack: Turkish security researcher claims responsibility

Turkish security researcher claims to have found flaw in system, which has been offline since Thursday as company 'rebuilds and strengthens' security around databases.

Apple says its Developer portal has been hacked and that some information about its 275,000 registered third-party developers who use it may have been stolen.
The portal at developer.apple.com had been offline since Thursday without explanation, raising speculation among developers first that it had suffered a disastrous database crash, and then that it had been hacked.
A Turkish security researcher, Ibrahim Balic, claims that he was behind the "hack" but insisted that his intention was to demonstrate that Apple's system was leaking user information. He posted a video on Youtubewhich appears to show that the site was vulnerable to an attack, but adding "I have reported all the bugs I found to the company and waited for approval." A screenshot in the video showed a bug filed on 19 July - the same day the site was taken down - saying "Data leaks user information. I think you should fix it as soon as possible."
More here: http://www.guardian.co.uk/technology/2013/jul/22/apple-developer-site-hacked

Wednesday, July 10, 2013

Experts: Obama’s plan to predict future leakers unproven, unlikely to work

In an initiative aimed at rooting out future leakers and other security violators, President Barack Obama has ordered federal employees to report suspicious actions of their colleagues based on behavioral profiling techniques that are not scientifically proven to work, according to experts and government documents.
The techniques are a key pillar of the Insider Threat Program, an unprecedented government-wide crackdown under which millions of federal bureaucrats and contractors must watch out for “high-risk persons or behaviors” among co-workers. Those who fail to report them could face penalties, including criminal charges.
Obama mandated the program in an October 2011 executive order after Army Pfc. Bradley Manning downloaded hundreds of thousands of documents from a classified computer network and gave them to WikiLeaks, the anti-government secrecy group. The order covers virtually every federal department and agency, including the Peace Corps, the Department of Education and others not directly involved in national security.
Under the program, which is being implemented with little public attention, security investigations can be launched when government employees showing “indicators of insider threat behavior” are reported by co-workers, according to previously undisclosed administration documents obtained by McClatchy. Investigations also can be triggered when “suspicious user behavior” is detected by computer network monitoring and reported to “insider threat personnel.”

Monday, July 8, 2013

NSA/GCHQ metadata reassurances..

The public is being told that the NSA and GCHQ have 'only' been collecting metadata, not content. That's nothing to be thankful for..

Over the past two weeks, I have lost count of the number of officials and government ministers who, when challenged about internet surveillance by GCHQ and the NSA, try to reassure their citizens by saying that the spooks are "only" collecting metadata, not "content". Only two conclusions are possible from this: either the relevant spokespersons are unbelievably dumb or they are displaying a breathtaking contempt for their citizenry.
In a way, it doesn't matter which conclusion one draws. The fact is that,as I argued two weeks ago, the metadata is what the spooks want for the simple reason that it's machine-readable and therefore searchable. It's what makes comprehensive internet-scale surveillance possible.
Why hasn't there been greater public outrage about the cynicism of the "just metadata" mantra?

Thursday, July 4, 2013

Ecuador Accuses UK Security Firm of Bugging London Embassy

Ecuador has accused one of the United Kingdom's leading private security and surveillance firms of bugging its London embassy where WikiLeaks publisher Julian Assange is lodged.
WikiLeaks has denounced the electronic espionage operation as an instance of "imperial arrogance."
"Aside from the gross violation of the integrity of Ecuador's embassy, no candidate in Australian election should be subject to covert surveillance," Mr Assange told Fairfax Media today.  

Foreign Minister Ricardo Patiño has confirmed a sophisticated listening device was found inside the office of then Ecuadorian ambassador to the United Kingdom, Ana Alban, two days before the Foreign Minister visited the embassy to meet with Mr Assange on June 16.

Mr Patiño added that the Ecuadorian authorities "have reason to believe that the bugging was being carried out by the company, the Surveillance Group Limited, ... one of the biggest private investigation and undercover surveillance companies in the United Kingdom."

The Surveillance Group is one of the UK's most prominent private security and intelligence firms. The company's website says that by "combining the practices, skills and experience of Special Forces, police and commercial surveillance, the Surveillance Group has forged an entirely new form of surveillance service."

During a press conference in Quito, Foreign Minister Patiño said the listening device, discovered on June 14, had been running for at least two months, had GSM activation and was camouflaged inside an electrical installation.
"At first glance, the device was an electrical outlet, but incorporated a camouflaged spy microphone, which did not require any previous installation and was very easy to operate through a phone call to the SIM card that [was] contained inside," Mr Patiño said.
"This device was designed to capture the conversations in the place where it was placed ... Analysing the scenario where found, we deduce that the main purpose intended with the placement of the unit to listen, is to have direct information from the talks held in the place where it has been installed, which is the office of our Ambassador."

Read more: http://www.smh.com.au/it-pro/security-it/uk-security-firm-bugged-our-embassy-ecuador-20130704-hv0pw.html#ixzz2Y76Mm6se

Wednesday, July 3, 2013

Hidden microphone found at Ecuador's embassy in UK, says foreign minister

A hidden microphone has been found inside the Ecuadorean embassy in London, where the WikiLeaks founder Julian Assange is holed up, according to the country's foreign minister.
Ricardo Patiño said the device had been discovered a fortnight ago inside the office of the Ecuadorean ambassador, Ana Alban, while he was in the UK to meet Assange and discuss the whistleblower's plight with the British foreign secretary, William Hague.
"We regret to inform you that in our embassy in London we have found a hidden microphone," Patiño told a news conference in Quito on Tuesday.
"I didn't report this at the time because we didn't want the theme of our visit to London to be confused with this matter," he said.
"Furthermore, we first wanted to ascertain with precision the origin of this interception device in the office of our ambassador."
He described the discovery of the device as "another instance of a loss of ethics at the international level in relations between governments" and said he would reveal more details as to who might have planted the microphone on Wednesday.
The Foreign Office declined to comment immediately on the allegation, while a No 10 spokesman said he did not comment on security issues.

Tuesday, July 2, 2013

Does using encryption make you a bigger target for the NSA?

Soon after the Guardian released the first of many whistleblower documents, describing NSA domestic spying activities in the United States, readers began asking, “Because of all the snooping, should I start encrypting my email?” The answer seemed simple….
Answering the question of whether to encrypt or not became significantly less simple a few weeks later when the Guardian released Minimization Procedures Used by the National Security Agency, a document gleaned from the U.S. Foreign Intelligence Surveillance Court by Edward Snowden. Section Five of the paper is of particular interest (courtesy of the Guardian).
Section Five’s ensuing paragraphs discuss what “that” is. Subsection One and Subsection Two lay out what content (foreign intelligence and criminal evidence) will flag domestic communications for retention and investigation by government agencies. Subsection Three, nicknamed the “encryption exception” is the real attention-grabber (courtesy of the Guardian).

Monday, July 1, 2013

Global Sweep of Diplomatic Missions after US Spying Reports

The European Union has ordered a worldwide security sweep of all its premises following reports US intelligence has bugged its offices in Washington, Brussels and the United Nations.

Jose Manuel Barroso, president of the EU's Executive Commission, "has instructed the competent commission services to proceed to a comprehensive ad hoc security sweep and check" in light of the most recent spying allegations leveled at the US, spokeswoman Pia Ahrenkilde Hansen told reporters.

The sweep follows a report by German weekly Der Spiegel, based on revelations by fugitive whistleblower Edward Snowden, that the National Security Agency [NSA] bugged EU offices and gained access to EU internal computer networks.

Ahrenkilde said allegations of US spying were “disturbing” and demanded “full clarification.”

"Clarity and transparency is what we expect from our partners and allies and this is what we expect from the United States," she continued.

Ahrenkilde added that commission premises are “regularly swept and communications networks are checked against spying and eavesdropping.”

However, a spokesman for Catherine Ashton, the EU's foreign policy chief who oversees EU offices abroad, said the EU diplomatic missions in Washington, DC, and New York had moved premises since 2010 – the year the reported spying took place – and had subsequently changed over to “completely new security systems,” European Voice reports.

The spokesman added the spying allegations were “news to us.”