Australia suspected to have PRISM data: Ludlam

Stephanie McDonald

https://www.computerworld.com.au/article/465152/australia_suspected_prism_data_ludlam/?

Excerpt:

“Greens senator Scott Ludlam believes the US National Security Agency (NSA) has handed information it has collected from its PRISM system to the Australian government.”

 


 

Officials: Edward Snowden took NSA secrets on thumb drive

Ken Dilanian

http://www.latimes.com/news/politics/la-pn-snowden-nsa-secrets-thumb-drive-20130613,0,791040.story

Excerpt:

“Former National Security Agency contract employee Edward Snowden used a computer thumb drive to smuggle highly classified documents out of an NSA facility in Hawaii, using a portable digital device supposedly barred inside the cyber spying agency, U.S. officials said. Investigators “know how many documents he downloaded and what server he took them from,” said one official who would not be named while speaking about the ongoing investigation.”

 


 

Bits Of Freedom: Dutch Spooks Must Stop Use Of PRISM

https://www.bof.nl/2013/06/11/bits-of-freedom-dutch-spooks-must-stop-use-of-prism/

Excerpt:

“Today reveals that also the Dutch intelligence services make use of PRISM, the controversial US intelligence program that was exposed by the newspaper The Guardian. Dutch digital rights organization Bits of Freedom demands the immediate halt of this practice and a thorough investigation into the use by the Dutch intelligence services of PRISM and comparable programs.”

 


 

Former NSA Chief: The Agency Has ‘Very Good Idea’ Which Secrets Snowden Swiped

Hunter Walker

http://tpmdc.talkingpointsmemo.com/2013/06/former-nsa-boss-likely-scope-snowden-leak.php

Excerpt:

“With the promise of more news stories to come based on National Security Agency contractor Edward Snowden’s unprecedented leak, NSA brass are probably fully aware of what’s coming next, according to a former top official. Retired Gen. Michael Hayden, who was the director of the NSA from 1995 until 2005, told TPM Tuesday that agency officials likely know exactly which classified files were accessed and potentially leaked by Snowden. Hayden also said it’s possible the number of documents leaked by Snowden number in the thousands and he’s “surprised” at the sensitive nature of the material that’s been leaked so far.”

 


 

Europe Rattles Its Sabres Over Prism’s ‘Bulk Transfer’ Of EU Citizen Data

Mike Butcher

http://techcrunch.com/2013/06/11/europe-rattles-its-sabres-over-prisms-bulk-transfer-of-eu-citizen-data/

Excerpt:

“The European Commission today outlined its concerns regarding the widely reported Prism surveillance programme run by the NSA. The Commission plans to raise the Prism matter with US authorities “at the earliest possible opportunity” and will “request clarifications as to whether access to personal data within the framework of the Prism program is limited to individual cases and based on concrete suspicions, or if it allows bulk transfer of data.”

 


 

Shoot The PRISM-Gate Messenger: Obama To Launch Criminal Probe Into NSA Leaks

Tyler Durden

http://www.zerohedge.com/news/2013-06-07/shoot-prism-gate-messenger-obama-launch-criminal-probe-nsa-leaks

Excerpt:

“Suddenly embroiled in too many scandals to even list, and humiliated by a publicly-exposed (because everyone knew about the NSA superspy ambitions before, but with one major difference: it was a conspiracy theory....  now it is a conspiracy fact) surveillance scandal that makes Tricky Dick look like an amateur, earlier today, as expected, Obama came out and publicly declared "I am not a hacker" and mumbled something about "security", "privacy" and "inconvenience." He went on to explain how the government "welcomes the debate" of all three in the aftermath of the public disclosure that every form of electronic communication is intercepted and stored by the US government (now that said interception is no longer secret, of course) but more importantly how it is only the government, which is naturally here to help, that should be the ultimate arbiter in deciding what is best for all.”

 


 

PRISM: Just how much do the spooks know?

Jane Wakefield

http://www.bbc.co.uk/news/technology-22811580

Excerpt:

“News that the US government's national security agency has been allegedly tapping into the phone records of Verizon customers quickly escalated into reports that it also had backdoor access to the major technology companies, including Apple, Google and Facebook. The so-called PRISM programme tapped into the servers of nine internet firms, according to leaked documents obtained by the Washington Post. The leaked documents, supposedly supplied by a discontented spy, claim that the project gives the NSA access to email, chat logs, any stored data, voice traffic, file transfers and social networking data.”

 


 

Tech Giants Built Segregated Systems For NSA Instead Of Firehoses To Protect Innocent Users From PRISM

Josh Constine

http://techcrunch.com/2013/06/08/cooperation-methods-protected-innocents-from-prism/#

Excerpt:

“The NSA may have wanted full firehoses of data from Google, Facebook and other tech giants, but the companies attempted to protect innocent users from monitoring via compliance systems that created segregated data before securely handing it over as required by law, according to individuals familiar with the systems used by the tech companies targeted by PRISM. The widely criticized corroboration with the NSA therefore may have benefited citizens rather than being to their detriment.”

 


 

PRISM Spying Denials From Tech Companies Baffle Security Experts

http://www.huffingtonpost.com/2013/06/07/prism-spying-denials_n_3405467.html

Excerpt:

“When Mark Klein went to work as a technician at an AT&T communications center in San Francisco in the fall of 2003, his company entrusted him with a key to every door but one: room 641A. Access to that room, he later testified in a court deposition, was restricted to employees who had security clearances from the National Security Agency, the vast government department that scans the world's communications.”

 


 

PRISM: Here's how the NSA wiretapped the Internet

ZDNet Community and Zack Whittaker

http://www.zdnet.com/prism-heres-how-the-nsa-wiretapped-the-internet-7000016565/

Excerpt:

“A secret court known as the Foreign Intelligence Surveillance Court (FISC), created under the Foreign Intelligence Surveillance Act 1978 and subsequently amended by the Patriot Act in 2001, forced Verizon to hand over "tangible things" to the U.S. National Security Agency (NSA). The news was first reported by London, U.K.-based newspaper The Guardian. A day later, another leak pointed to a surveillance program known only as PRISM, which was funded by the NSA. A classified document in form of a PowerPoint deck, designed to train new operatives, was published online. Only four out of 41 slides were published in The Washington Post.”

 


 

U.S. security expert says surveillance cameras can be hacked

Jim Finkle

http://www.reuters.com/article/2013/06/17/us-surveilance-hackers-idUSBRE95G10520130617

Excerpt:

“A U.S. security expert says he has identified ways to remotely attack high-end surveillance cameras used by industrial plants, prisons, banks and the military, something that potentially would allow hackers to spy on facilities or gain access to sensitive computer networks. Craig Heffner, a former software developer with the National Security Administration who now works for a private security firm, said he discovered the previously unreported bugs in digital video surveillance equipment from firms including Cisco Systems Inc, D-Link Corp and TRENDnet.”

 


 

5 Looming Threats That Keep Security Experts Up at Night

Sammy O. U.

http://techtelling.com/2013/05/30/5-looming-threats-that-keep-security-experts-up-at-night/

Excerpt:

“New cyberattacks are constantly brewing, and one of the most troubling things is that in some cases, new techniques don’t even require an evil, tech-savvy hacker mentality to mastermind. Modern malware comes with easy-to-use control-panel interfaces and operator manuals call it Cybercrime for Dummies and the results can be quite chilling for the security good guys, who are constantly looking far ahead for new threats.”

 


 

Cyberespionage Operators Work In Groups, Process Enormous Data Workloads

Robert Lemos

http://www.darkreading.com/advanced-threats/cyberespionage-operators-work-in-groups/240156664/

Excerpt:

“In a study of the life cycle of cyberespionage attacks, a group of researchers at a Taiwanese security startup have found that the nation's major government agencies encounter a dozen such attacks each day and that the operators behind the attacks have virtual data centers that appear to be processing enormous workloads."

 


 

U.S. FDA urges protection of medical devices from cyber threats

Ransdell Pierson and Jim Finkle

http://www.reuters.com/article/2013/06/13/devices-cybersecurity-fda-idUSL2N0EP24E20130613?

Excerpt:

“The U.S. Food and Drug Administration on Thursday urged medical device makers and medical facilities to upgrade security protections to protect against potential cyber threats that could compromise the devices or patient privacy. It released that advisory in coordination with a separate alert from the Department of Homeland Security, which disclosed vulnerability in a wide variety of medical equipment that can make those devices vulnerable to remote attacks from hackers.”

 


 

Iranians Targeted In Massive Phishing Campaign

Kelly Jackson Higgins

http://www.darkreading.com/attacks-breaches/iranians-targeted-in-massive-phishing-ca/240156593

Excerpt:

“Google says it has detected and derailed several email-based phishing attacks targeting tens of thousands of Iranian users during the past few weeks in what appears to be a politically motivated campaign. Eric Grosse, vice president of security engineering at Google, said in a blog post that for three weeks Google has been spotting and disrupting the phishing emails, which contain a link to a Web page that spoofs a Google account maintenance option. "If the user clicks the link, they see a fake Google sign-in page that will steal their username and password," Grosse said in the post.”

 


 

Cyber war 'could kill millions'

http://www.computerworld.com.my/resource/industries/cyber-war-could-kill-millions/

Excerpt:

“A global cyber war could cause destruction on the scale of an atomic war and lead to the death of millions, an online expert says. US cyber security expert Scott Borg has told a conference cyber attackers could completely destroy power generators using malicious software code.”

 


 

Feds Bust Cybercrime Ring Targeting Payroll, Financial Firms

Chris Brook

https://threatpost.com/feds-bust-cybercrime-ring-targeting-payroll-financial-firms/

Excerpt:

“Federal officials charged eight members of a Ukrainian cybercrime ring this week after they allegedly tried to illegally access the networks of a number of financial institutions including Citibank, JP Morgan Chase, TD Ameritrade and PayPal, along with the U.S. Department of Defense’s Finance and Accounting Services service, among others. The gang allegedly stole in excess of $15 million via money laundering and identify theft after extracting customer account information from 15 different payment processors, banks and online brokers.”

 


 

Gezi protests turn to 'cyber warfare' in Turkey

http://www.worldbulletin.net/?ArticleID=111010&aType=haber

Excerpt:

“Hackers have targeted Turkey’s Is Bank, which is said to be among the supporters of the Taksim Gezi Park protests. The banking system of Is Bank has come to a halt.It is indicated that a group named “Crescent and Star Team” is behind the hacking. It has been claimed that the error results from the computer system. However, the bank’s system had completely collapsed for a period."

 


 

Gov't to establish Cyber Emergency Response Team

Karyl Walker

http://www.jamaicaobserver.com/news/Gov-t-to-establish-Cyber-Emergency-Response-Team-_14465047

Excerpt:

“THE Jamaican Government, in an effort to boost the island's cybercrime fighting capabilities, is moving to establish a Cyber Emergency Response Team (CERT) to deal with an emerging global threat. The CERT is expected to be fully operational by year-end, State Minister in the Ministry of Science, Technology, Energy and Mining Julian Robinson.”

 


 

Connecting the Dots on PRISM, Phone Surveillance, and the NSA’s Massive Spy Center

James Bamford

http://www.wired.com/threatlevel/2013/06/nsa-prism-verizon-surveillance/

Excerpt:

“Physically, the NSA has always been well protected by miles of high fences and electrified wire, thousands of cameras, and gun-toting guards. But that was to protect the agency from those on the outside trying to get in to steal secrets. Now it is confronting a new challenge: those on the inside going out and giving the secrets away. While the agency has had its share of spies, employees who have sold top-secret documents to foreign governments for cash, until the last few years it has never had to deal with whistleblowers passing top-secret information and documents to the press because their conscience demanded it. This in a place where no employee has ever written a book about the agency (unlike the prolific CIA, where it seems that a book contract is included in every exit package).”

 


 

Why Insiders, Not Hackers, Are Biggest Threat to Cybersecurity

http://mashable.com/2013/06/10/insiders-hackers-cybersecurity/

Excerpt:

“The NSA leaks perpetrated by Edward Snowden will easily go down as one of the biggest revelations of the year, if not the decade. But the episode also raises new questions about the risk that insiders pose to government and corporate cybersecurity, in spite of the attention lavished on foreign hackers. Snowden's case is unique in that it uncovered a previously unknown surveillance apparatus that's massive in size and scope. It's not unique, however, in the way the whistleblower did his deed. Two-thirds of all reported data breaches involve internal actors wittingly or unwittingly bringing sensitive information to outsiders, according to industry analysts."

 


 

Inside America's $1.9billion data mine: How all your private details will soon be stored in this vast NSA nerve center in Utah Valley

Lydia Warren

http://www.dailymail.co.uk/news/article-2337420/Utah-Data-Center-The-million-square-foot-Utah-data-mining-facility-built-NSA.html

Excerpt:

“The personal data and private online conversations that the National Security Administration is accused of mining could be stashed in a one million square-foot, $1.9 billion facility in the Utah Valley. Concerns over what the government will store at the Utah Data Center have been reinvigorated by the revelation that U.S. intelligence agencies have been extracting audio, video, photos, e-mails, documents and other information to track people's movements and contacts. Apple, Facebook, Microsoft, Google, Yahoo, YouTube, Skype, AOL and the lesser known Internet company PalTalk are all involved with the PRISM program, which the government insists is for national security. The Utah Data Center which is being constructed on Camp Williams on the Salt Lake-Utah County line will be completed in October - but officials have been tight-lipped about what will be stored there."

 


 

Microsoft, FBI crack cybercrime ring

Charlie Osborne

http://www.zdnet.com/microsoft-fbi-crack-cybercrime-ring-7000016460/

Excerpt:

“Microsoft, the FBI and members of the financial services industry say they have disrupted a cybercrime network that is responsible for over half a billon dollars in fraud. Microsoft announced today that in cooperation with the U.S. financial services industry and leaders including the Financial Services Information Sharing and Analysis Center (FS-ISAC), NACHA -- The Electronic Payments Association, the American Bankers Association (ABA), a network accounting for over a thousand botnets has been disrupted.”

 


 

UK ministers defend Chinese deals after security risk warning

http://www.bbc.co.uk/news/uk-politics-22795226

Excerpt:

"The government has defended UK deals with Chinese firms - amid warnings that security risks in infrastructure contracts were being "overlooked". The intelligence and security committee has criticised the handling of a 2005 telecoms deal between BT and Huawei. It was "shocked" ministers had not been informed until a year later and warned security risks must be better assessed."

 


 

Chinese Internet Chief Hits Back At US Hacking Accusations

Tom Jowitt

http://www.techweekeurope.co.uk/news/chinese-internet-chief-us-hacking-accusations-118233

Excerpt:

“The finger pointing and name calling between American and Chinese officials over who is to blame for the cyber hacking between the two countries continues. Ever since early 2010 when Google complained of Chinese hacking, the perception is that China bears responsibility for a large number of hacking attacks against western nations. However. a top Chinese official has fired back and claims he has “mountains of data” that shows the US has hacked Chinese systems.”

 


 

Researchers: We can hack an iPhone through the charger

Doug Gross

http://edition.cnn.com/2013/06/03/tech/mobile/hack-iphone-charger/index.html

Excerpt:

“Apple devices, from Macs to iPhones, have always been able to boast of advanced safety from viruses, spam and the like. Now, apparently, not even your phone charger is safe. A team of researchers from Georgia Tech say they've discovered, and can demonstrate, a way to to hack into an iPhone or iPad in less than a minute using a "malicious charger." The team plans to demonstrate its findings at the Black Hat computer security conference, which begins July 27 in Las Vegas.”

 


 

Spamhaus-style DDoS attacks: All the hackers are doing it

John Leyden

http://www.theregister.co.uk/2013/06/03/dns_reflection_ddos_amplification_hacker_method/

Excerpt:

“Hackers are increasingly turning to DNS reflection to amplify the volume of distributed denial of service (DDoS) attacks. The technique has been known about for years but seldom used in anger, until the debilitating DDoS attack in March that peaked at 300 Gbps against anti-spam organisation Spamhaus and cloud-based DDoS mitigation firm CloudFlare. DNS reflection attacks involve sending a request for a large DNS zone file to a DNS server, with the details of the request forged so that they appear to come from the IP addresses of the intended victim.”

 


 

How 30million 'wi-fi' credit cards can be plundered by cyber identity thieves exploiting contactless payment technology

Ben Ellery

http://www.dailymail.co.uk/news/article-2334468/How-30million-wi-fi-credit-cards-plundered-cyber-identity-thieves-exploiting-contactless-payment-technology.html

Excerpt:

“Millions of debit and credit card holders are at risk of having their personal data mined by thieves exploiting a loophole in the latest ‘contactless’ payment technology. Card numbers and personal details can be read almost instantly by a remote device such as a mobile phone, according to cyber-crime experts. Contactless cards have been in use for five years and are becomingly increasingly popular as they save time for retailers and customers by speeding up transactions.”