Ex-Yahoo employees have spoken anonymously to Motherboard about the news that Yahoo had built an "email scanner" for a US security agency, likely the FBI or the NSA. These sources — at least one of whom worked on the security team — say that in actuality, the NSA or FBI had secretly installed a "rootkit" on Yahoo's mail servers and that this was discovered by the Yahoo security team (who had not been apprised of it), who, believing the company had been hacked, sounded the alarm, only to have the company executives tell them that the US government had installed the tool.
Following the release of the sourcecode for the Mirai botnet, which was used to harness DVRs, surveillance cameras and other Internet of Things things into one of the most powerful denial-of-service attacks the internet has ever seen, analysts have gone over its sourcecode and found that the devastatingly effective malware was strictly amateur-hour, a stark commentary on the even worse security in the millions and millions of IoT devices we've welcomed into our homes.
In 2014, an Indian company called Aglaya brought a 20-page brochure to ISS World (AKA the Wiretappers' Ball — the annual trade fair where governments shop for surveillance technology): the brochure laid out the company's offerings, which ranged from mobile malware for Ios and Android to a unique "Weaponized Information" selection that combined denial-of-service with disinformation to "discredit a target" online.
Someone captured and leaked a live presentation by an RCS sales tech, demonstrating his company's cyber-weapon for spying on dissidents, criminals, and whomever else the customer wanted to infect.
The Shadow Brokers, a previously unknown hacker group, has announced that it has stolen a trove of ready-to-use cyber weapons from The Equation Group (previously), an advanced cyberweapons dealer believed to be operating on behalf of, or within, the NSA.
Last week, Andrew Tierney and Ken Munro from Pen Test Partners demoed their proof-of-concept ransomware for smart thermostats, which relies on users being tricked into downloading malware that then roots the device and locks the user out while displaying a demand for one bitcoin.
A team led by Ang Cui (previously) — the guy who showed how he could take over your LAN by sending a print-job to your printer — have presented research at Defcon, showing that malware on your computer can poison your monitor's firmware, creating nearly undetectable malware implants that can trick users by displaying fake information, and spy on the information being sent to the screen.
In Hacking Team Malware Para La Vigilancia en América Latina, a new report from Derechos Digitales, we learn how Hacking Team, the hacked-and-disgraced cyber-arms dealer (previously) supplied weapons to corrupt state actors in latinamerica who used them to spy on political opposition, journalists and academics.
CNBC's Big Crunch blog put up a well-intentioned, but disastrously designed tutorial on secure password creation, which invited users to paste their passwords into a field to have them graded on how difficult it would be to guess them.
Last December, Vtech, a crapgadget/toy company, suffered a breach that implicated the data of 6.3 million children, caused by its negligence toward the most basic of security measures.
Remember the Hong Kong-based crapgadgeteer Vtech, who breached 6.3 million kids' data from a database whose security was jaw-droppingly poor (no salted hashes, no code-injection countermeasures, no SSL), who then lied and stalled after they were outed? They want to make home security devices that will know everything you say and do in your house.
The @internetofshit account posts sardonic observations about the Internet of Things, which is filled with the most depressing array of useless, dangerously insecure, exploitative junk imaginable.
Back in July, a hacker dumped the emails and other files from Hacking Team, Italy's notorious cyber-arms dealer. Coincidentally, Vice had recently filed a Freedom of Information Act request with the FBI, asking if they were buying cyberweapons from Hacking Team.
The Hong Kong-based toymaker/crapgadget purveyor didn't even know it had been breached until journalists from Vice asked why data from its millions of customers and their families were in the hands of a hacker, and then the company tried to downplay the breach and delayed telling its customers about it.
Reporters and press freedom advocates from around the world have signed on to support Netzpolitik and condemn the German government's outrageous investigation.
As the astonishing news that the NSA spent $250M/year on a sabotage program directed against commercial security systems spreads, more details keep emerging. A long and interesting story on Mashable includes an interview with Peter Biddle, an ex-Microsoft security engineer who worked extensively on BitLocker, a full-disk encryption tool with a good reputation that was called into question by the latest leaks. — Read the rest
