Facebook harmed America and is ‘living, breathing crime scene’ over 2016 U.S. election, insiders say

“Making you angry, making you afraid, is really good for Facebook's business. It is not good for America.”

Read the rest

NSA employee pleads guilty of taking classified info that was later stolen by hackers

Former National Security Agency employee Nghia H. Pho said in a Baltimore courtroom today he'd illegally taken home classified documents from NSA that are understood to have later “been stolen from his home computer by hackers working for Russian intelligence,” the NYT reports.

Nghia H. Pho, 67, of Ellicott City, Md., pleaded guilty to one count of removal and retention of national defense information, an offense that carries a possible 10-year sentence. Prosecutors agreed not to seek more than eight years, however, and Mr. Pho’s attorney, Robert Bonsib, will be free to ask for a more lenient sentence. He remains free while awaiting sentencing.

Mr. Pho had been charged in secret, though some news reports had given a limited description of the case. Officials unsealed the charges on Friday, resolving the long-running mystery of the defendant’s identity.

Mr. Pho, who worked as a software developer for N.S.A., was born in Vietnam but is a naturalized United States citizen. Prosecutors withheld from the public many details of his government work and of the criminal case against him, which is linked to a continuing investigation of Russian hacking.

Read the rest

Reimplementing an Apple ][+ on an FPGA

1977's Apple ][+ was the first successful personal computer, inspiring a generation of hackers and makers and coders; famously, it shipped with a schematic that showed how the boards and their components worked together, to allow hobbyists to improve and service their PCs (hardware-hacking legend Bunnie Huang credits these schematics with igniting his interest in electronics and computing). Read the rest

Deloitte got comprehensively hacked in March and didn't tell anyone

Big Four accounting firm Deloitte, with $37B in annual revenues, found out that it had been hacked in March, and the hackers appear to have been inside its systems (supplied by Microsoft through its Azure cloud) since the previous October or March. Read the rest

DHS informs 21 states that Russian hackers attacked their voting systems in 2016 election

The Department of Homeland Security today revealed which states were targeted by Russian hackers trying to break into voting systems during the 2016 election cycle. DHS said "most" states were unsuccessfully attacked, but didn't make clear how and where the hackers were successful, or whether the sustained cyberattacks helped Donald Trump win the presidency.

Read the rest

Hackers may have traded using stolen insider information, SEC admits

The head of the U.S. Securities and Exchange Commission said this week that hackers accessed the SEC's corporate disclosure database and likely profited by trading on that stolen insider information.

Read the rest

CCleaner, popular computer-cleaning tool, contained malware

CCleaner is a clean-your-computer app beloved of people who own inexplicably slow PCs. If you installed recent editions of it, you were installing malware. But the company behind it hasn't gone rogue, reports Reuters. Hackers compromised their systems.

A version of CCleaner downloaded in August included remote administration tools that tried to connect to several unregistered web pages, presumably to download additional unauthorized programs, security researchers at Cisco’s (CSCO.O) Talos unit said.

Talos researcher Craig Williams said it was a sophisticated attack because it penetrated an established and trusted supplier in a manner similar to June’s “NotPetya” attack on companies that downloaded infected Ukrainian accounting software.

“There is nothing a user could have noticed,” Williams said, noting that the optimization software had a proper digital certificate, which means that other computers automatically trust the program.

The infected version is 5.33, and you likely have it if you installed the Windows version of CCleaner between August 15 and September 13. That's 2.3 million installs, admits Avast.

CCleaner's owner, Avast-owned Piriform, has sought to ease concerns. Paul Yung, vice president of product at Piriform, wrote in a post Monday: "Based on further analysis, we found that the 5.33.6162 version of CCleaner and the 1.07.3191 version of CCleaner Cloud was illegally modified before it was released to the public, and we started an investigation process.

"The threat has now been resolved in the sense that the rogue server is down, other potential servers are out of the control of the attacker.

"Users of CCleaner Cloud version 1.07.3191 have received an automatic update.

Read the rest

North Korea has been hacking the U.S. since 2009, warn DHS and FBI—and they're not stopping

A rare joint alert from the U.S. Department of Homeland Security and the Federal Bureau of Investigation explicitly blames the government of North Korea for a series of hacking attacks on various American targets, dating as far back as 2009. The government alert warns that more such ”state-sponsored cyberattacks,” as they're known in security jargon, are likely to come.

Read the rest

Crosby, Stills & Nash's unused theme song for War Games (1983)

Crosby, Stills & Nash recorded this theme song for War Games, the seminal hacker film of 1983. The tune was heard in movie trailers and in this promotional video that aired on MTV but was apparently pulled from the film. The song, "War Games," was included on the band's album Allies. From the lyrics:

I am not so sure What you want me for Either your machine Is a fool, or me

Now there is no time to wait No time to think it over Take the path, believe the math You'll tell me when it's over

Read the rest

How a fishing guide's WordPress site became home to half a million fraudulent pages

Ned Desmond shares the scary story of how a small site he managed that advertised fishing expeditions ended up with 565,192 scam pages. He also suggests five ways to avoid the same fate. Read the rest

Trump to sign yet another trash executive order, this time on 'the cyber'

'President' Donald Trump is expected to sign an executive order addressing cybersecurity today, Reuters reports in an item that cites "two sources familiar with the situation.” The EO is expected to be Trump's first action to address what he called a top priority of his administration during the Presidential campaign.

Read the rest

Software platform for 1,000 cannabis businesses crashed over the weekend

Last week a software platform used by 1,000 cannabis businesses crashed. The CEO of MJ Freeway says the outage was caused by an "unprecedented, malicious attack."

From Fortune:

An MJ Freeway spokesperson told the Globe last week that the attack was specifically targeted at MJ Freeway, which is based in Denver. The company reports that it has received no ransom demands, suggesting that the attack could have been personally or politically motivated.

MJ Freeway, which serves more than 1,000 clients, is one of the most prominent startups providing technical infrastructure for the booming legal marijuana industry. In a 2015 Bloomberg profile, the company’s services were described as something like SAP or Oracle for weed, with features like automatic sales reports, staff scheduling, and crop data tracking.

(Thanks, Julian!) Read the rest

How one guy lost millions of dollars of bitcoin to a hacker

A hacker called up T-Mobile and convinced the customer service representative that he was Jared Kenna. T-Mobile believed the hacker and transferred Kenna's phone number from T-Mobile to another carrier. Once the hacker had Kenna's phone number he took over about 30 of Kenna's accounts, which had been protected with 2-factor authentication. The accounts included "two banks, PayPal, two bitcoin services — and, crucially, his Windows account, which was the key to his PC." In short order the hacker stole "millions" of dollars worth of Kenna's bitcoin.

From Laura Shin's article in Forbes:

Kenna was so early in bitcoin that he remembers when he would plug his computer into the network and see only four other computers running it. Now, there are more than 5,000. Computers supporting the network are slated into a competition to win bitcoin roughly every 10 minutes. In the early days, the payout was 50 bitcoin each time; now it’s 12.5. Kenna recalls that at a certain point, when he was “only” winning 50 bitcoins a day, he stopped supporting the network, thinking it wasn’t worth it. At today’s price, he was giving up on $40,000 a day.

Though he did have some bitcoins in online services, particularly since his businesses accept bitcoin as payment, he kept almost all his bitcoins on an encrypted hard drive. “It was essentially my never-sell-this-until-it-goes-to-a-billion-dollars nest egg,” he says. He had kept it offline for most of the past several years, but had connected that device in recent weeks to move them somewhere more secure and sell some.

Read the rest

Watch "Terminal Madness," 1980 TV special about personal computers

In 1980, WMTV in Madison, Wisconsin produced this feature about early personal computers and the geeks who loved them. I enjoyed the discussion of The Source, which was the first online experience I ever had.

George Martin, who posted the video to YouTube, writes: "About halfway through the video there is a segment filmed at my home showing how I had programmed a Cromemco Z-2 computer to control lights and appliances."

(Thanks, UPSO!)

Read the rest

Why are hackers so political?

Gabriella Coleman is the "hacker anthropologist" whose book on the anthropology of Anonymous is among the best books on hacking I've ever read; her new paper in Current Anthropology, From Internet Farming to Weapons of the Geek, poses a fascinating question: given that hackers are as well-paid and privileged as doctors, lawyers and academics, how come hackers are so much more political than other members of the professional elites? Read the rest

NSA contractor Harold Thomas Martin to face espionage charges over 50TB of "stolen code"

A former Booz Allen Hamilton contractor who worked with the National Security Agency will face charges of espionage in a case involving 50 terabytes or more of highly sensitive NSA data the government says were stolen.

Read the rest

A second hacker group is targeting SWIFT bank system users with malware, Symantec warns

Cybersecurity firm Symantec said today a second hacking group has been trying to rob banks with phony SWIFT messages. That same method nabbed $81 million in a high-profile attack on the central bank of Bangladesh earlier this year.

Jim Finkle at Reuters reports:

Symantec said that a group dubbed Odinaff has infected 10 to 20 organizations with malware that can be used to hide fraudulent transfer requests made over SWIFT, the messaging system that is a lynchpin of the global financial system.

Symantec's research provided new insight into ongoing hacking that has previously been disclosed by SWIFT. SWIFT Chief Executive Gottfried Leibbrandt last month told customers about three hacks and warned that cyber attacks on banks are poised to rise.

SWIFT and Symantec have not identified specific victims beyond Bangladesh Bank. Symantec said that most Odinaff attacks occurred in the United States, Hong Kong, Australia, the United Kingdom and Ukraine.

Symantec promises to share technical information about Odinaff with banks, governments and other security firms involved in the SWIFT system. Read the rest

More posts