After being outed for massive hack and installing an NSA "rootkit," Yahoo cancels earnings call


What do you do if your ailing internet giant has been outed for losing, and then keeping silent about, 500 million user accounts, then letting American spy agencies install a rootkit on its mail service, possibly scuttling its impending, hail-mary acquisition by a risk-averse, old economy phone company? Just cancel your investor call and with it, any chance of awkward, on-the-record questions. (via /.) Read the rest

The coming fight over "nonlethal neuroweapons"


The Chemical Weapons Convention has a giant loophole in that it allows for the stockpiling and use of chemical agents in law-enforcement; with the Eighth Review Conference of the Biological and Toxin Weapons Convention (BTWC) coming up next month, there's an urgent question about whether "neuroweapons" (chemical agents intended to pacify or disperse people) will become tools of law-enforcement and "defensive warfare." Read the rest

Yahoo secretly built a tool to scan all email in realtime for US spies


In 2015, Yahoo CEO Marissa Meyer ordered the company's engineers to build a tool that scanned Yahoo Mail messages in realtime for "characters" of interest to a US security agency, either the FBI or the NSA. Read the rest

Xiaomi phones are pre-backdoored; your apps can be silently overwritten


Thijs Broenink audited the AnalyticsCore.apk app that ships pre-installed on all Xiaomi phones (Xiaomi has their own Android fork with a different set of preinstalled apps) and discovered that the app, which seemingly serves no useful purpose, allows the manufacturer to silently install other code on your phone, with unlimited privileges and access. Read the rest

In a leaked "weaponized information" catalog, Indian cyberarms dealer offers blackest-ever SEO


In 2014, an Indian company called Aglaya brought a 20-page brochure to ISS World (AKA the Wiretappers' Ball -- the annual trade fair where governments shop for surveillance technology): the brochure laid out the company's offerings, which ranged from mobile malware for Ios and Android to a unique "Weaponized Information" selection that combined denial-of-service with disinformation to "discredit a target" online. Read the rest

The DoJ is using a boring procedure to secure the right to unleash malware on the internet


The upcoming Rule 41 modifications to US Criminal Justice procedure underway at the Department of Justice will let the FBI hack computers in secret, with impunity, using dangerous tools that are off-limits to independent scrutiny -- all without Congressional approval and all at a moment at which America needs its law-enforcement community to be strengthening the nation's computers, not hoarding and weaponizing defects that put us all at risk. Read the rest

Leaked catalog from UK surveillance arms-dealer full of gadgets sold to US cops

050 056c026d-1c66-4d42-9fae-a8e96df290c5-1020x1173

Cobham PLC is a surveillance vendor who sells to some of the world's most egregious human rights abusing governments; in 2014, they provided a catalog of cyberweapons and spy tools to Florida Department of Law Enforcement, from whom it leaked. Read the rest

Watch: leaked demo of malware offered to spying governments


Someone captured and leaked a live presentation by an RCS sales tech, demonstrating his company's cyber-weapon for spying on dissidents, criminals, and whomever else the customer wanted to infect. Read the rest

1 billion computer monitors vulnerable to undetectable firmware attacks


A team led by Ang Cui (previously) -- the guy who showed how he could take over your LAN by sending a print-job to your printer -- have presented research at Defcon, showing that malware on your computer can poison your monitor's firmware, creating nearly undetectable malware implants that can trick users by displaying fake information, and spy on the information being sent to the screen. Read the rest

EFF and partners reveal Kazakh government phished journalists, opposition politicians


At Defcon, researchers from the Electronic Frontier Foundation, First Look Media and Amnesty International, revealed their findings on a major phishing attack through which the government of Kazakhstan was able to hack opposition journalists and arrange for an opposition politician's extradition from exile in Italy to Kazakhstan. Read the rest

Russian bill mandates backdoors in all communications apps


A pending "anti-terrorism" bill in the Duma would require all apps to contain backdoors to allow the secret police to spy on the country's messaging, in order to prevent teenagers from being "brainwashed" to "murder police officers." Read the rest

United Arab Emirates hacked UK journalist


A new research report from Citizenlab painstaking traces the origins of a series of sophisticated hacking attacks launched at Rori Donaghy, a UK journalist for Middle East Eye who founded the Emirates Center for Human Rights, which reports critically on the autocratic regime that runs the UAE, and 27 other targets. Read the rest

The UK government's voice-over-IP standard is designed to be backdoored


GCHQ, the UK's spy agency, designed a security protocol for voice-calling called MIKEY-SAKKE and announced that they'll only certify VoIP systems as secure if they use MIKEY-SAKKE, and it's being marketed as "government-grade security." Read the rest

If the FBI can force decryption backdoors, why not backdoors to turn on your phone's camera?


Eddy Cue, Apple's head of services, has warned that if the FBI wins its case and can force Apple to produce custom software to help break into locked phones, there's nothing in principle that would stop it from seeking similar orders for custom firmware to remotely spy on users through their phones' cameras and microphones. Read the rest

Racial justice organizers to FBI vs Apple judge: crypto matters to #blacklivesmatter


Phenomena like the Harlem Cryptoparty demonstrate the connection between racial justice and cryptography -- civil rights organizers remember that the FBI spied on and blackmailed Martin Luther King, sending him vile notes encouraging him to kill himself. Read the rest

DoD wants $660M to respond to Freedom of Information request on "Hotplugs"


The Department of Defense sent Muckrock a demand for $660 million as a requirement for fulfilling a Freedom of Information Act request for records about the Hotplug, a gadget that allows you to transport computers without shutting them down -- used by law enforcement to move suspect computers to forensic facilities without shutting them down and potentially parking drives in an encrypted state. Read the rest

Wanting it badly isn't enough: backdoors and weakened crypto threaten the net

As you know, Apple just said no to the FBI's request for a backdoor in the iPhone, bringing more public attention to the already hot discussion on encryption, civil liberties, and whether “those in authority” should have the ability to see private content and communications -- what's referred to as “exceptional access.”[1]

More posts