The next president will face a cybercrisis in the first 100 days of their presidency, research firm Forrester predicts in a new report.The crisis could come as a result of hostile actions from another country or internal conflict over privacy and security legislation, said Forrester analyst Amy DeMartine, lead author of the firm’s top cybersecurity risks for 2017 report, due to be made public Tuesday.
- Apple Watch Banned From Cabinet Meetings Over Spy Fears. From TechWeek Europe. Ministers have been forbidden to wear the Apple Watch during cabinet meetings due to the risk they could be hacked by Russian agents, according to a report.
Prime minister Theresa May imposed the new rules following several high-profile hacks that have been blamed on Russia, according to The Telegraph, which cited unnamed sources.
Cybercriminals’ Superior Business Savvy Keeps Them Ahead. From Dark Reading. Rick Holland of Digital Shadows visits the Dark Reading News Desk at Black Hat to explain how the attackers’ superior business agility, faster change management, specialized job force, lower barriers to entry and bulletproof hosting keeps them ahead of the good guys.
Guccifer 2.0 and Russia’s hidden agenda. From SC Magazine.
Among the routine stream of network compromises and dumped login credentials this year, one attack stands head and shoulders above the rest for intrigue – the Democratic National Committee (DNC) breach. The hack led to political uproar, a high-level resignation, damaging leaks and, in a complete reversal of the norm, the nation state hackers have become more public since being discovered.
It is worth starting with a recap. The FBI alerted the DNC to the presence of attackers on their network in April this year, but incident response specialists CrowdStrike found that there were two state-sponsored attackers with access to sensitive emails and data. The investigators assessed the network was first breached in the summer of 2015 and established the attackers had stolen large quantities of emails, campaign documents and donor information. Before the hack was publicly disclosed in mid-June, WikiLeaks founder Julian Assange announced the whistle-blowing website had ‘enough evidence’ to indict Hillary Clinton.
The Democratization of Censorship. From KrebsOnSecurity.
John Gilmore, an American entrepreneur and civil libertarian, once famously quipped that “the Internet interprets censorship as damage and routes around it.” This notion undoubtedly rings true for those who see national governments as the principal threats to free speech.
However, events of the past week have convinced me that one of the fastest-growing censorship threats on the Internet today comes not from nation-states, but from super-empowered individuals who have been quietly building extremely potent cyber weapons with transnational reach.
Yahoo Confirms At Least 500 Million Accounts Were Hacked. From Fortune.
Yahoo said on Thursday that information for at least 500 million user accounts was stolen from its network in 2014 by what it believed was a state-sponsored actor, a theft that appeared to the biggest cyber breach ever.
Yahoo said data stolen may have included names, email addresses, telephone numbers, dates of birth, and encrypted passwords but that unprotected passwords, payment card data, and bank account information did not appear to have been compromised, the company said.
“This is the biggest data breach ever,” said well-known cryptologist Bruce Schneier.
- Missed Opportunities Detailed Ahead of Personnel Agency Hack. From ABC.com.
t was time to purge the hacker from the U.S. government’s computers.
After secretly monitoring the hacker’s online movements for months, officials worried he was getting too close to critical information, so they devised a plan, called the “Big Bang,” to expel him.
Trouble was, with all their attention focused in that case, they missed the other hacker entirely.
A congressional report provides previously undisclosed details and a behind-the-scenes chronology of one of the worst-ever cyberattacks on the United States. It lays out missed opportunities before the break-in at the Office of Personnel Management exposed security clearances, background checks and fingerprint records. That intrusion — widely blamed on China’s government — compromised personal information of more than 21 million current, former and prospective federal employees; led to the resignation of the OPM director; and drew outrage over changing explanations about its severity.
Israeli Online Attack Service ‘vDOS’ Earned $600,000 in Two Years. From KrebsOnSecurity.
vDOS — a “booter” service that has earned in excess of $600,000 over the past two years helping customers coordinate more than 150,000 so-called distributed denial-of-service (DDoS) attacks designed to knock Web sites offline — has been massively hacked, spilling secrets about tens of thousands of paying customers and their targets.
The vDOS database, obtained by KrebsOnSecurity.com at the end of July 2016, points to two young men in Israel as the principal owners and masterminds of the attack service, with support services coming from several young hackers in the United States.
- US Suspects Russia Behind Computer Hacking in 2 State Election Databases. From Voice Of America.
U.S. officials suspect Russian hackers were responsible for breaking into two state election databases earlier this month.
“This is the closest we’ve come to tying a recent hack to the Russian government,” one official told NBC News on Monday.
The FBI has not identified the two U.S. states whose data bases were attacked, but Yahoo News, which first reported the breaches, quoted sources who say Arizona and Illinois were targeted.
According to Yahoo News, an Illinois election board official said the voter registration system was shut down for 10 days last month after hackers stole personal information on approximately 200,000 voters.
Government Hackers Caught Using Unprecedented iPhone Spy Tool. From Motherboard. Since its founding in 2010, [Israeli vendor] NSO has developed a reputation for providing sophisticated malware to governments that need to target cellphones in their investigations, although the use of its tools has never been documented before. The company claims that its products are completely stealthy, like a “ghost.” The company has been so guarded about its wares that it’s never had a website, and has rarely given interviews or any comments to the press. But some information has leaked out, including an investment for $120 million by a US-based venture capital firm in 2014 and a subsequent reported valuation of $1 billion.