Tag Archives: hackers

Clinton Campaign Sent Fake Phishing Emails to Its Own Staff

Mother Jones

Hillary Clinton’s run for the White House will be remembered for many things, but information security isn’t likely to be one of them. Her campaign was buffeted by two major hacking episodes. First, the contents of Democratic National Committee servers were stolen and disseminated through WikiLeaks and other news organizations. Then campaign chairman John Podesta had his personal email account hacked and its contents passed to WikiLeaks, which subsequently released the 50,000-email set in chunks over a period of weeks as the presidential election reached fever pitch. The US government’s intelligence community went on to assert that the hacks had been orchestrated at the behest of the Russian government as a deliberate attempt to hurt Clinton’s chances and boost Donald Trump.

But Robby Mook, the Clinton campaign manager, said this week that the hacks didn’t hit the campaign itself, and that’s because the campaign conducted regular security training for staffers, including sending them fake phishing emails to see how they’d be handled.

“We sent out phishing emails of our own to test people and communicate back to team to see how far they were clicking, to educate people, and show their vulnerability and how much their choices matter,” Mook told Dark Reading, a cybersecurity news website, while attending an information security conference in San Francisco.

Mook said there were at least three phishing tests sent out to staffers, and there were also regular emails sent to staff preaching good IT practices. There were signs in the bathrooms “about not sharing passwords and ‘Don’t clink that link, stop and think,'” Mook said.

The Dark Reading piece doesn’t address when the training took place or whether Podesta and his aides were involved. Podesta and Mook did not respond to requests for comment about the IT training during the campaign.

A phishing attack is an attempt to trick a victim into giving up personal information, including logins for email accounts, bank accounts, and other sensitive information. In Podesta’s case, hackers sent a phony warning from Google alerting him that his Gmail password needed to be reset. According to the New York Times, a campaign IT staffer inadvertently advised Podesta and his aides that the warning was legitimate. By using the fake password reset page, Podesta gave the hackers access to his Gmail account and years’ worth of political communications that eventually found their way to WikiLeaks via the Russian operation, according to the US government.

Excerpt from:  

Clinton Campaign Sent Fake Phishing Emails to Its Own Staff

Posted in Cyber, FF, GE, LAI, LG, ONA, Radius, Uncategorized, Venta | Tagged , , , , , , , , , , , | Comments Off on Clinton Campaign Sent Fake Phishing Emails to Its Own Staff

Read the US Intelligence Report on Russian Hacking

Mother Jones

<!DOCTYPE html PUBLIC “-//W3C//DTD HTML 4.0 Transitional//EN” “http://www.w3.org/TR/REC-html40/loose.dtd”>

The Office of the Director of National Intelligence on Friday released its declassified report on Russia’s efforts to influence the outcome of the 2016 election by hacking Democratic outfits during the campaign.

The report comes a day after top intelligence officials, including Director of National Intelligence James Clapper and National Security Agency Director Michael Rogers, testified before the Senate Armed Services Committee on the issue. During the hearing, Clapper said the intelligence community has grown more “resolute” in its assessment that Russian intelligence was involved in the hacks aimed at the Democratic National Committee and Hillary Clinton campaign chairman John Podesta. On Friday, Clapper, Rogers, FBI Director Jim Comey, and CIA Director John Brennan briefed President-elect Donald Trump on the classified evidence linking Russia to the hacks and the leaking of the swiped emails. After the briefing, Trump released a statement noting that Russia is one of many actors that try to hack US targets, but the statement did not acknowledge the US intelligence community conclusion that Moscow had mounted the cyberattack against the United States as part of an operation to help elect Trump president.

DV.load(“https://www.documentcloud.org/documents/3254229-ICA-2017-01.js”,
width: 630,
height: 550,
sidebar: false,
text: false,
container: “#DV-viewer-3254229-ICA-2017-01”
);

ICA 2017 01 (PDF)

ICA 2017 01 (Text)

Jump to original:  

Read the US Intelligence Report on Russian Hacking

Posted in Cyber, FF, GE, LG, ONA, Radius, Uncategorized, Venta | Tagged , , , , , , , | Comments Off on Read the US Intelligence Report on Russian Hacking

President Obama to Putin: "We Can Do Stuff to You"

Mother Jones

<!DOCTYPE html PUBLIC “-//W3C//DTD HTML 4.0 Transitional//EN” “http://www.w3.org/TR/REC-html40/loose.dtd”>

In response to alleged Russian hacking of US political targets, President Barack Obama said during a press conference on Friday that the US government will “continue to send a message to Russia to not do this to us because we can do stuff to you.”

Obama, in his last press conference of 2016, defended his administration’s response to the hacks, saying that in the “hyperpartisan atmosphere” of the US presidential election “my primary concern was making sure that the integrity of the election process wasn’t damaged.” He told reporters that he wanted to ensure that the election proceeded without the impression that his administration was trying to tip the scales in favor of either candidate. “The truth of the matter is that everybody had the information,” he said. “It was out there, and we handled it the way we should have.”

Now that the election is over, Obama said his administration will fashion a response to the hacking that will send a message to the Russian government. He said some of this response would be public, but that part would play out “in a way they know but not everybody will.”

“At a point in time where we’ve taken certain actions that we can divulge properly, we will do so,” Obama said.

Obama also downplayed the value of an overt response: “The idea that somehow public shaming is going to be effective I think doesn’t read the thought process in Russia very well,” Obama said.

The press conference comes on the heels of numerous media reports, citing unnamed intelligence officials, detailing Russia’s alleged role in hacking US political targets, including the Democratic National Committee and Clinton campaign chairman John Podesta. Last week, the Washington Post reported that the CIA had concluded that the Russian government had mounted the hacks in an effort to sway the election in favor of Donald Trump. The New York Times has laid out how the US government thinks the hacks played out. NBC has reported that intelligence officials believe that Vladimir Putin himself oversaw the hacking operation. Just before Obama spoke, the Post reported that the FBI now agrees with the CIA’s assessment that the Russian hacks were designed to help Trump.

Obama said the intelligence community will produce a final assessment on the hacks before he leaves office, and that he doesn’t want to get ahead of the report’s conclusions. But, when pressed, he alluded to Putin’s direct involvement.

“Not much happens in Russia without Vladimir Putin,” he said. “This is a pretty hierarchical operation. Last I checked, there’s not a lot of debate and democratic deliberation, particularly when it comes to policies directed at the United States.”

Trump has consistently downplayed the accusations against Putin and Russia, calling the CIA assessment “ridiculous,” and he has claimed the allegations of Russian political interference in the presidential election are politically driven.

At a dinner with donors on Thursday, Hillary Clinton said Putin directed the hacks “because he had a personal beef against me,” one that originated after she questioned the fairness of parliamentary elections held in Russia in 2011. “Putin publicly blamed me for the outpouring of outrage by his own people,” she said, “and that is a direct line between what he said back then and what he did in this election.” On Thursday night, Podesta published an op-ed in the Washington Post arguing that something is “deeply wrong with the FBI” and calling for an airing of as much evidence as can safely be made public about the hacks, along with a full, independent investigation into the matter.

In an interview with NPR’s Steve Inskeep on Thursday, Obama vowed to retaliate against Russia.

“I think there is no doubt that when any foreign government tries to impact the integrity of our elections, that we need to take action,” he said in the interview. “And we will at a time and place of our own choosing. Some of it may well be explicit and publicized, some of it may not be.” Obama said his administration has “been working hard to make sure that what we do is proportional, that what we do is meaningful.”

It’s unclear what form US retribution could take. Michael Daniel, a special assistant to the president and the White House cybersecurity coordinator, told Cyber Scoop on Friday that “the US government is still pulling together” a response to the hacks.

Discussing the impact of the hacks during his press conference on Friday, Obama said Russia can only weaken the United States if Americans let it happen. “The Russians can’t change us or significantly weaken us,” Obama said. “They are a smaller country, they are a weaker county, their economy doesn’t produce anything that anyone wants to buy except oil, gas, and arms, they don’t innovate. But they can impact us if we lose track of who we are, if we abandon our values.”

This is a developing story.

See the original article here – 

President Obama to Putin: "We Can Do Stuff to You"

Posted in alo, Cyber, FF, GE, LAI, LG, ONA, Radius, Uncategorized, Venta | Tagged , , , , , , , , | Comments Off on President Obama to Putin: "We Can Do Stuff to You"

This Is How We Know Congress Isn’t Really Serious About Election Fraud

Mother Jones

<!DOCTYPE html PUBLIC “-//W3C//DTD HTML 4.0 Transitional//EN” “http://www.w3.org/TR/REC-html40/loose.dtd”>

The debate over possible Russian meddling in US elections was a major theme in a US House hearing Tuesday on protecting the 2016 elections from cyberattacks and machine-voting attacks. Even though election preparations have been underway for months around the country and early voting in many states begins soon, committee chairman Lamar Smith (R-Texas) said the hearing was to review the security of the election system.

“This discussion is timely as many concerns have been raised in recent months about the vulnerabilities of electronic voting machines, voting over the internet, and online voter registration,” Smith said.

Concerns about the security of the US voting system have been heightened after the recent hacking of the Democratic National Committee, the Democratic Congressional Campaign Committee, and some high-profile Democratic politicians. The DNC, along with several US government officials and security research firms, have fingered Russian intelligence as responsible for the hacks of Democratic targets. Add to that the recent revelation that state election databases in Arizona and Illinois had been hacked, although the degree of success in each attack, and the ultimate purpose, remains unclear. Even though the Russian government has denied being involved, Democrats within Congress have called on the Obama administration to publicly accuse Russia of trying to interfere with US elections.

None of the witnesses—Dr. Charles Romine of the National Institute of Standards and Technology, Louisiana Secretary of State Tom Schedler, David Becker of the Center for Election Innovation and Research, and Dr. Dan Wallach of the Baker Institute for Public Policy at Rice University—suggested Russians were attempting to hack election infrastructure, only that they, too, had received this information specific to the DNC and the DCCC from press accounts.

“The nature of the threat is that they don’t want you to see them there,” said Wallach. “So we can’t assume that if we haven’t seen them that they’re absent. What we do know is that we’ve established motive. The attack on the DNC’s email server is motive—it shows that they did it for explicit partisan purposes.”

Rep. Zoe Lofgren (D-Calif.) said the Russians’ goal might not necessarily be to manipulate vote counts or tamper with voter registration databases, but to create chaos in the system and undermine confidence. “The focus of this hearing is on the voting systems, but really the question is about the election,” she said. “It’s pretty clear that the Russians have attacked, have engaged, in a cyberattack on the DNC and the DCCC.”

For Rep. Dana Rohrbacher (R-Calif.), Russian involvement in trying to hack or access actual election systems around the country lacked any evidence. “We have seen article after article after article about how Russia is compromising the integrity of our election system, and Mr. Chairman, the panelists are just saying that is false,” Rohrbacher said. “We want our country to be safe, but we also don’t want to just continually vilify Russia and turning them into the bad guys. If we’re going to have integrity of our system, I think we have to look at home for real threats to the integrity of our voting system.”

Lofgren disagreed. “To downplay the role that the Russians have had in this is a huge mistake, when you take a look at what they did to the DNC and the DCCC,” Lofgren said, urging members to avoid making the discussion about hacking partisan. “If you attack one of the major parties, somehow that’s okay if it could be to your advantage,” she said. “I like to think if the Russians had attacked the Republican National Committee, Democrats would be as outraged as Republicans. It’s an attack on America. It’s not an attack on a party.”

The hearing came the same day that Guccifer 2.0, the hacker or hackers who have publicly taken credit for the hack of the DNC, issued a rambling statement about information security at a London cybersecurity conference where he was supposed to appear (he didn’t), according to Motherboard. Guccifer did release roughly 600 megabytes of documents containing information about DNC fundraising efforts and other Democratic planning documents at the conference, according to Politico.*

Correction: An earlier version of this article incorrectly stated that the documents released today by the hacker Guccifer 2.0 came from a Democratic contracting firm. We regret the error.

Source: 

This Is How We Know Congress Isn’t Really Serious About Election Fraud

Posted in alo, Cyber, FF, G & F, GE, LAI, LG, ONA, Prepara, PUR, Radius, Ultima, Uncategorized, Venta | Tagged , , , , , , , , , , | Comments Off on This Is How We Know Congress Isn’t Really Serious About Election Fraud

Hackers Stole Voter Registration Data in at Least Two States

Mother Jones

<!DOCTYPE html PUBLIC “-//W3C//DTD HTML 4.0 Transitional//EN” “http://www.w3.org/TR/REC-html40/loose.dtd”>

The FBI believes hackers tried to get data from the State Board of Elections in at least two states in July and August, according to a notice sent to elections officials around the country and published by Yahoo News Monday morning. It’s unclear what data the hackers were able to get, but the information suggests they scanned the state elections boards’ websites looking for vulnerabilities. They found several and attempted to enter the systems, and some “exfiltration”—which refers to theft of data—occurred.

On August 18, state elections officials received a “Flash,” a notice sent by the FBI to various relevant parties, titled “Targeting Activity Against State Board of Election Systems.” The FBI reported that it had received reports of an additional IP address—a unique series of numbers that identifies every device that connects to the internet—within the logs of one state’s board of election’s system in July, and then another attempt at breaking into a separate state’s system in August. The IP address numbers can be easily masked to hide an attacker’s true origin, but the flash included detailed information about the methods used by the hackers. The FBI asked state election officials to scan their own network logs for similar activities.

The FBI didn’t identify the states involved, but Yahoo News, citing “sources familiar with” the FBI flash, reports that the attacks likely targeted voter registration databases in Arizona and Illinois. In Illinois, state election officials shut down the state’s voter registration system for 10 days in late July, Yahoo News reports, while the attack in Arizona was more limited.

The FBI flash does not attribute the attacks to anyone specifically, but the revelation comes following recent hacks of the Democratic National Committee and other major Democratic Party organizations and officials that, the US government says, implicated hackers working with or on behalf of Russia. The hacker who has claimed responsibility for the DNC hacks, Guccifer 2.0, has told Mother Jones and others that he was born in Eastern Europe and is not at all connected to Russia, a claim doubted by outside security officials. Russian officials have repeatedly denied that the Russian government had anything to do with the hacks.

The IP addresses provided by the FBI in the flash point to computer systems in the Netherlands and Delaware, according to online IP tracking tools, but Wired says further analysis shows at least one of the IP addresses appears to be linked to a website linked with the Turkish AKP political party. The Yahoo News report cites a cybersecurity expert saying one of the IP addresses has “surfaced before in Russian criminal underground hacker forums,” and the attack methods resemble a hack of the World Anti-Doping Agency earlier this month. Others have blamed that hack on Russia as well. But the types of attacks, methods, and tools detailed by the FBI flash are quite common in the hacking world. That means blaming Russia or anybody else at this point is only speculative.

The hack, combined with other vulnerabilities in the American election infrastructure, including voting machines that produce no verifiable paper audit trail, reinforces the notion that the US election system is vulnerable to disruption.

“This is a big deal,” Rich Barger, the head of cybersecurity firm ThreatConnect, told Yahoo News. “Two state election boards have been popped and data has been taken. This certainly should be concerning to the common American voter.”

Link to article: 

Hackers Stole Voter Registration Data in at Least Two States

Posted in bigo, Cyber, FF, G & F, GE, LAI, LG, ONA, Oster, Radius, Uncategorized, Venta | Tagged , , , , , , , , , , , | Comments Off on Hackers Stole Voter Registration Data in at Least Two States

How a DNC Staffer’s Murder Unleashed a Perfect Storm of Right-Wing Conspiracy Theories

Mother Jones

<!DOCTYPE html PUBLIC “-//W3C//DTD HTML 4.0 Transitional//EN” “http://www.w3.org/TR/REC-html40/loose.dtd”>

The July 12 shooting of Seth Rich, a 27-year-old staffer at the Democratic National Committee, was likely a robbery gone wrong, according to Washington, DC, police. But to the dismay of Rich’s family, his death has become fodder for dark anti-Hillary Clinton conspiracy theories that have been circulated widely on social media and amplified by longtime Donald Trump adviser Roger Stone.

The main theory speculates that Rich was murdered because he was a source for WikiLeaks, which published nearly 20,000 of the DNC’s hacked emails and other files last month. That theory has brewed on the internet, including in a popular pro-Trump subreddit, and WikiLeaks founder Julian Assange lent it credence on Tuesday when he hinted during an interview on Dutch television that Rich might have been a WikiLeaks source. Yet he refused to confirm whether Rich had any links to WikiLeaks, saying only, “I am suggesting that our sources take risks and they become concerned to see things occurring like that.” The site offered a $20,000 reward on Tuesday for any information that would help solve Rich’s murder.

Assange said during the interview that the shooting was a “concerning situation” and stressed that the motive was still unknown, but police say there is no evidence that Rich’s death was politically motivated. “At this time, there is no indication that Seth Rich’s death is connected to his employment at the DNC,” the DC Metropolitan Police Department said in a statement on Wednesday to Mother Jones.

The statement also said the police “are pleased when any outside contributors help us generate new leads.” But Rich’s family has criticized Assange for his comments. Brad Bauman, a spokesman for the family, told Business Insider on Wednesday that the family wanted talk of conspiracy theories to stop. “For the sake of finding Seth’s killer, and for the sake of giving the family the space they need at this terrible time, they are asking for the public to refrain from pushing unproven and harmful theories about Seth’s murder,” Bauman said.

Assange is not the only person to float wild theories about Rich’s killing. Stone, a longtime Republican strategist and close ally of Trump, has used the death to promote the right-wing “Clinton body count” theory that claims the Clintons have been responsible for numerous political murders dating back to the 1980s.

Stone, who has admitted to communicating with Assange, spent much of Tuesday and Wednesday tweeting links to Assange’s “confirmation” that Rich was a WikiLeaks source, as well as other messages in support of the body count theory. Others on the right have been pushing the conspiracy talk in recent weeks, claiming that recent deaths—including those of Rich, a Tim Kaine aide named Joe Montano, and even anti-Clinton and Holocaust-denial author Victor Thorn—were orchestrated by Clinton.

Rachel Alexander, a columnist at the right-wing website Townhall, wrote a piece on Tuesday laying out the theory. “What is comes down to is this: how many other politicians have you heard of who have had so many mysterious deaths associated with them?” Alexander wrote. “You don’t hear of a Bush body count—not even an Obama body count.” Jared Wyand, who runs a popular pro-Trump Twitter account called Watch Clinton Cash, tweeted a video roundup of alleged Clinton murder plots. Even Curt Schilling, the former Red Sox pitcher turned right-wing internet celebrity, got in on the act.

Source: 

How a DNC Staffer’s Murder Unleashed a Perfect Storm of Right-Wing Conspiracy Theories

Posted in Casio, FF, GE, Jason, LAI, LG, ONA, oven, Radius, Uncategorized, Venta | Tagged , , , , , , , , | Comments Off on How a DNC Staffer’s Murder Unleashed a Perfect Storm of Right-Wing Conspiracy Theories

The FBI Spent More Than $1 Million to Hack One Potentially Useless Phone

Mother Jones

<!DOCTYPE html PUBLIC “-//W3C//DTD HTML 4.0 Transitional//EN” “http://www.w3.org/TR/REC-html40/loose.dtd”>

It turns out the FBI’s 11-hour solution to its huge public fight with Apple didn’t come cheap.

FBI director James Comey said on Thursday that the agency paid more than $1 million to unnamed private-sector hackers for help in unlocking the iPhone of one of the San Bernardino shooters. The FBI first attempted to make Apple write software that would allow law enforcement to unlock the phone quickly, but the company refused and said the request could unconstitutionally expand government authority. The case sparked an uproar over digital privacy as well as a major court battle, which stopped only when the FBI announced it had received the hackers’ help and withdrew its order to Apple.

Comey, speaking at the Aspen Security Forum, didn’t give a specific price for the hack, but said it cost the agency more than he would make in the next seven years of his term as director. The FBI director makes at least $181,500 a year by law, putting the cost of the hack at a minimum of $1.27 million, by Comey’s estimate. An FBI press officer could not confirm the accuracy of Comey’s estimate or provide a specific cost.

“It was worth it,” Comey told the audience in Aspen. But it’s not clear how much value the hacking method or the phone actually has. Comey has repeatedly said that the method used to break into the phone would work only on an iPhone 5C running iOS 9, like the San Bernardino phone, and that Apple could discover and fix the security flaw that allowed the hack to work. And on Tuesday, CNN reported that the phone “didn’t contain evidence of contacts with other ISIS supporters or the use of encrypted communications during the period the FBI was concerned about.” The FBI argues the lack of information is valuable evidence in and of itself.

Link to original: 

The FBI Spent More Than $1 Million to Hack One Potentially Useless Phone

Posted in Anchor, cannabis, Casio, Everyone, FF, G & F, GE, LAI, LG, ONA, Radius, Uncategorized, Venta | Tagged , , , , , , , , , , , | Comments Off on The FBI Spent More Than $1 Million to Hack One Potentially Useless Phone

Info About the Sex Lives and Medical Histories of Millions of Federal Workers Is in Hackers’ Hands

Mother Jones

<!DOCTYPE html PUBLIC “-//W3C//DTD HTML 4.0 Transitional//EN” “http://www.w3.org/TR/REC-html40/loose.dtd”>

The federal government announced on Thursday that—yet again—the huge hacks of sensitive government personnel records revealed last month are even bigger than previously thought.

Officials now say that information on 21.5 million people was stolen—more than 19 million security clearance applications, plus other sensitive data such as fingerprint records from another 2 million people who know or are related to the applicants. They told the Washington Post it’s now “highly likely” that the hackers, likely working for China, stole every such application submitted since 2000 to the Office of Personnel Management, which conducts security clearance investigations for almost all government agencies. Intelligence agencies like the CIA and National Security Agency do their own checks into potential clearance holders.

Even before Thursday’s announcement, current and former government officials were calling the stolen applications, which include highly personal and potentially damaging data such as medical histories, records of drug use, and the names of foreign contacts, an intelligence goldmine for China or other potential perpetrators. “That they have all this clearance information is a disaster,” Joel Brenner, a former top U.S. counterintelligence official, told the Associated Press last month. FBI director James Comey told the Senate Intelligence Committee on Wednesday that the hack is a “huge deal.”

Officials previously admitted the hackers had taken up to 18 million of the applications, in addition to 4.2 million social security numbers that were stolen in a separate data breach. But even with the new, higher numbers revealed on Thursday, OPM Director Katherine Archuleta told reporters that she would not resign her post.

Continue at source:

Info About the Sex Lives and Medical Histories of Millions of Federal Workers Is in Hackers’ Hands

Posted in alo, Anchor, Casio, Cyber, FF, GE, LG, ONA, Radius, Uncategorized, Venta | Tagged , , , , , , , , , , | Comments Off on Info About the Sex Lives and Medical Histories of Millions of Federal Workers Is in Hackers’ Hands

All About Blackshades, the Malware That Lets Hackers Watch You Through Your Webcam

Mother Jones

<!DOCTYPE html PUBLIC “-//W3C//DTD HTML 4.0 Transitional//EN” “http://www.w3.org/TR/REC-html40/loose.dtd”>

On Monday, US officials announced the arrest of more than 90 people allegedly connected to an organization called Blackshades, which sold software that allows hackers to easily take over a Microsoft Windows computer remotely. Last year, a college student used the tool to take nude photos of Miss Teen USA via her personal computer’s webcam. According to the FBI and law enforcement officials, the program has been sold and distributed to “thousands” of people in more than 100 countries since 2010, affecting some 700,000 victims. Here’s why you might want to update your anti-virus software, or, if you’re prone to dancing around your room naked, at least put a piece of tape over your webcam.

What is Blackshades?
Blackshades is the name of an organization allegedly owned by a Swedish 24-year-old named Alex Yücel. According to government officials, Yücel and Michael Hogueâ&#128;&#139;, a 23-year-old US citizen who was arrested in 2012 as part of the feds’ tangential investigation into Blackshades, codeveloped the Blackshades remote access tool (RAT). This tool, which sold for as little as $40 at bshades.eu and other sites, essentially allowed buyers to act as peeping Toms on strangers’ computers. The organization made more than $350,000 between September 2010 and April 2014, according to the FBI.

How does the Blackshades Remote Access Tool (RAT) work?
The Blackshades RAT isn’t any different than what your IT person at work uses to get remote access to your computer, explains Runa Sandvik, staff technologist at the Center for Democracy & Technology (CDT). But if your IT department were accessing your computer, “you’d have a heads up,” she says. “In this case you won’t even know the hacker is on your computer.”

After buying a copy of the RAT software, a hacker has to install the program on a target’s computer, by, say, deceiving a person into clicking on a malicious link. Then, once the hacker has access to a computer, he or she can then use the RAT software to easily record a person’s keystrokes or passwords, take screenshots, rummage through computer files, or turn on the person’s web camera, according to the feds. Anything you can do on your computer, the hacker can do, too. And the software makes it all super easy. In fact, it’s “marketed principally for buyers who wouldn’t know how to hack their way out of a paper bag,” writes Krebson Security. Here’s what the command and control panel looks like:

Symantec

The program also includes “spreaders,” which help hackers send out malicious links from peoples’ social-media accounts, and a file hijacker tool. That tool, according to the FBI press release, allows users “to encrypt, or lock, a victim’s files and demand a ‘ransom’ payment to unlock them. The RAT even came with a prepared script demanding such a ransom.”

What do hackers use remote access tools for?
The FBI says the Blackshades RAT has been used to exploit credit cards, bank accounts, and personal information. But perhaps the creepiest way people can use remote accessing tools is to take photos and video via webcam. In November of last year, a college student pleaded guilty to hacking the webcam of Miss Teen USA Cassidy Wolf with the Blackshades software, and attempting to blackmail her. He allegedly said he had up to 40 other “slave computers,” according to the original criminal complaint.

Last year, Ars Technica wrote about a thread on a hacker forum that was more than 134 pages long and filled with images captured through unsuspecting women’s webcams. Hackers wielding remote accessing tools—it’s unknown whether they were using Blackshades or other software—called the women their “slaves” and wrote about picking out “the ‘good’ sexual stuff” and categorizing it using names and passwords, according to the news outlet. And last year, a 17-year-old boy in Detroit paid hackers in the Philippines more than $1,000 in blackmail money after they collected video of him via webcam. This tool has been used for political purposes as well. In 2012, the software was sent by alleged pro-government attackers to try and infect the computers of anti-government Syrian activists.

Now that people have been arrested in connection with Blackshades, does this mean I’m in the clear?
Nope. While the sale of Blackshades software, whose main website has now been shut down, was already on the decline (there were more than 1,300 infections last spring, but fewer than 400 in April 2014, according to Symantec), there are other remote accessing tools out there. “Even if there are just 100 people using Blackshades, there are another 100 using a tool with a different name that works exactly the same way,” says CDT’s Sandvik. Additionally, it’s not clear that the FBI will be able to get the Blackshades charges to stick. As the Daily Beast notes, it may be hard for prosecutors to prove whether the defendants who possessed the software used it for illegal activity.

What should I do to keep my computer private?
Follow best security practices. The FBI and security experts recommend that you update your software, including anti-virus software, install a good firewall, don’t open suspicious email attachments or URLs—even if they come from people on your contact list—and create strong passwords. The FBI has also published a list of files that you can search for on your hard drive to see if your computer has been infected. “Regardless of the specific kind, if you get malware on your system, it’s bad,” says Christopher Budd, a spokesman for Trend Micro, a Japanese security software company. “But people shouldn’t worry about malware, they should take concrete steps.” And if you put tape over your webcam, too, no one will judge you. “I do,” says Sandvik.

Link:

All About Blackshades, the Malware That Lets Hackers Watch You Through Your Webcam

Posted in Anchor, Citizen, FF, GE, LAI, LG, ONA, Pines, PUR, Radius, Uncategorized, Venta | Tagged , , , , , , , , | Comments Off on All About Blackshades, the Malware That Lets Hackers Watch You Through Your Webcam

Here’s the Worst Part of the Target Data Breach

Mother Jones

<!DOCTYPE html PUBLIC “-//W3C//DTD HTML 4.0 Transitional//EN” “http://www.w3.org/TR/REC-html40/loose.dtd”>

You know what the most infuriating part of the massive data breach at Target is? This:

Over the last decade, most countries have moved toward using credit cards that carry information on embeddable microchips rather than magnetic strips. The additional encryption on so-called smart cards has made the kind of brazen data thefts suffered by Target almost impossible to pull off in most other countries.

Because the U.S. is one of the few places yet to widely deploy such technology, the nation has increasingly become the focus of hackers seeking to steal such information. The stolen data can easily be turned into phony credit cards that are sold on black markets around the world.

There’s really no excuse for this. The technology to avoid this kind of hacking is available, and it’s been in real-world use for many years. Every bank and every merchant in American knows how to implement it. But it would cost a bit of money, so they don’t. And who pays the price? Not the banks:

J.P. Morgan Chase & Co. Saturday told debit-card holders who shopped at Target during a 20-day data breach that the bank would be limiting cash withdrawals to $100 and putting on a $300 daily-purchasing cap, a move that shows how banks will try to limit exposure to potential fraud.

In a letter to debit card holders posted on its website, the bank said such limitations on spending would be temporary while it plans to reissue cards. The spending restrictions don’t affect credit card users, the bank said.

That’s right: it’s you who pays the price. Oh, these breaches are a pain in the ass for card-issuing banks and for Target itself, and it will end up costing them some money. But mainly it’s a pain in the ass for consumers. And if this breach causes you to be a victim of identity theft, you can be sure that neither Target nor your bank nor your credit rating agency will give you so much as the time of day. It’ll be up to you to reclaim your life even though it wasn’t your fault in any way. It’s a disgrace.

Credit – 

Here’s the Worst Part of the Target Data Breach

Posted in FF, GE, LAI, LG, ONA, PUR, Uncategorized, Venta | Tagged , , , , , , , , , , | Comments Off on Here’s the Worst Part of the Target Data Breach