“It looked very suspicious,” M says of an anonymous e-mail she and several other journalists received late in 2014. It promised a scoop about a government scandal, but something just didn’t sit right with her. Soon after, strange things started happening on her computer. “I remember clearly not being able to connect via Skype to give an interview about torture,” she says. “There was somehow interference and I had to use someone else’s phone.” After passing a file attached to the e-mail to security experts, M learned that she and her coworkers had been targeted with Remote Control System (RCS), a sophisticated piece of spying software developed by a small Italian company called Hacking Team. Later, she would find out that it was being used against her by her own government, which likely objected to her reporting. M spoke on condition of anonymity because she fears further reprisals.M is just one of probably thousands of people who have … [Read more...] about The Growth Industry Helping Governments Hack Terrorists, Criminals—and Political Opponents
The security industry authority
Diversifying to stay afloatJared Mees, a musician himself and manager of the Portland, Oregon-based record label Tender Loving Empire, struck out on an ambitious online system similar to Kroogi earlier this year, called The Priceless Music Project. He reached out to would-be supporters on IndieGoGo, attempting to raise $48,000 to fund an online site that would allow fans pay whatever amount they considered fair, using a subtle guilt-factor by showing related costs bands have for producing a record, the ongoing expenses the band has for touring, and how much money the most supportive fan had ever donated. The Priceless Music Project raised less than $4,000, well under its needed goal. Still, Mees says he and the rest of the team are planning to move forward to incorporate the model into the Tender Loving Empire website sometime next year, at which point local-favorites like Y La Bamba’s recently released Court The Storm (currently available for a $7.99 digital download), … [Read more...] about Can pay-what-you-want downloads save the music industry?
If privacy rights weren’t reason enough to curb the NSA’s surveillance program, the economic implications of the program may offer an even more compelling argument. According to the Information Technology and Innovation Foundation (ITIF), a Washington DC-based think tank, the NSA’s programs is hitting the country where it really hurts — its collective pocketbook, by costing U.S. tech companies up to $35 billion in foreign business by 2016. This may be the most persuasive ammunition to date for critics of the NSA’s programs.According to the report, “The economic impact of U.S. surveillance practices will likely far exceed ITIF’s initial $35 billion estimate. Foreign companies have seized on these controversial policies to convince their customers that keeping data at home is safer than sending it abroad, and foreign governments have pointed to U.S. surveillance as justification for protectionist policies that … [Read more...] about NSA’s surveillance programs may be costing the tech industry up to $35 billion in lost revenue
Almost all cyberattacks these days require an element of social engineering. Spammers are always looking for that hot button to induce a click on a link or an attachment. Drive-by artists continually experiment with poisoned banner ads designed to steer the curious into an online dark alley. Spearphishers put together persuasive pitches pretending to be friends or a trusted institution.What makes social engineering maddening to system defenders is there are no technology quick fixes to combat it. No matter how many spam mails or websites you block, some form of malicious enticement is bound to land in front of a pair of eyeballs unable to resist temptation.While that may make some in the security industry throw up their hands in surrender, Rohyt Belani, CEO and cofounder of PhishMe, isn't one of them.PhishMe uses simulated phishing attacks to train employees to avoid the kind of social engineering pitfalls found in email. The first time an organization is hit with a simulated attack, … [Read more...] about SPOTLIGHT ON SECURITY Reengineering Human Behavior Can Foil Phishing
The hackers have gone too far now. When they were defacing Web sites and launching denial-of-service attacks against eBay and the like, they were annoying, but the general public still gave them a grudging amount of respect. After all, to take down well-protected networks and hack firewalls and intrusion detection systems, they had to be pretty smart.But now hacking has hit home -- literally. Hundreds of thousands of regular computer users, who never did a thing to provoke a hack attack, have found themselves scurrying to fix their infected machines in the wake of the Blaster worm.No longer is information security a distant idea. No longer is the damage wrought by hacking just a dollar sign tucked inside a news story, money that big corporations can suck up. Hackers have made it personal, and it's going to cost them. Just ask Jeffrey Lee Parson, who was arrested last week and charged with authoring a Blaster variant.Sure, home users machines' have been infected by annoying viruses in … [Read more...] about OPINION Will Security Matter More After Hackers Hit Home?
After taking it on the chin for its alleged attacks on U.S. media outlets -- and for its army reportedly backing hackers engaged in cyberespionage around the world -- China returned fire.The government claimed its defense and military ministries' websites are being bombarded with 144,000 hacking attacks a month from the U.S. However, China didn't try to link the attacks to the U.S. government -- for good reason."It's a fallacy that because an attack comes from an IP geolocated within a certain country, that country is then responsible for the attack," Jeffrey Carr, CEO of Taia Globaland author of "Inside Cyber Warfare: Mapping the Cyber Underworld," told TechNewsWorld.U.S. Internet service providers tolerate more malicious behavior on their systems than they should, Carr added. That makes it easy for foreign nationals to buy server time with bogus credentials, so the source of an attack stemming from the U.S. could be someone outside the country.It was revealed last week that Stuxnet, … [Read more...] about SPOTLIGHT ON SECURITY China on Cyberattacks: US Is Pot Calling the Kettle Black
Spyware is fast becoming the next generation of spam. It is software that installs onto a computer or local network, monitors computing habits and delivers the information to third parties. Usually, the user is unaware that the software exists on his or her computer.Much like spam, spyware is becoming more than just a nuisance; it's raising major red flags with privacy and security experts alike. At best, spyware activity monitors computer habits. The worst of the spyware breeds steal personal information and can contribute to an entire network being taken over.A major indicator pointing to this trend is legislation aimed at curbing spyware. Two states -- Utah and California -- are considering their own spy-blocking acts while federal authorities ponder the merits of a spyware version of the recently enacted Can-Spam Act.How much damage is spyware causing? A lot more than privacy invasion, said Edward English, CEO of InterMute, which makes SpySubtract, Spam Subtract and AdSubtract."At … [Read more...] about TECHNOLOGY SPECIAL REPORT Spyware: The Next Spam?
With the apparent resurgence of hacker community Anonymous, as well as concerns that cybercriminals may have recently penetrated the networks of a number of small utilities, two United States federal government initiatives to improve cybersecurity were launched this past week.As of Jan. 6, companies awarded contracts and orders by the U.S. General Services Administration (GSA) that include IT supplies, services and systems with security requirements will have 30 days to submit an IT security plan to the contracting officer or the officer's representative.The plan, now required under GSAR Amendment 2011-03, must describe IT security processes and procedures to be followed while working under the contract.Contractors will also submit written proof of IT security authorization six months after the award and verify annually that the plan remains valid.Meanwhile, the U.S. Department of Energy (DoE) and the U.S. Department of Homeland Security (DHS) have launched the Electric Sector … [Read more...] about SPOTLIGHT ON SECURITY Washington Does the Security Watusi
What do field sales employees, medical personnel and home-office workers connecting remotely to a central site have in common? A need for up-to-the-minute information. As a common method for near-instantaneous business communication, e-mail can be sent and received in many ways -- via pagers, cell phones and the like. One option that holds especial promise for increasing the timeliness of information flow is Web-based e-mail.However, many businesses choose not to deploy Web mail because of the perceived security risk of Web-based applications in general. Understandably, companies do not want to increase the risk of exposing corporate e-mail systems to external threats. Viruses, spam, worms and other events, both malicious and non-malicious, can bring e-mail infrastructures to their knees. And with recent government legislation in countries such as the United States, e-mail confidentiality has become a growing concern.So, what approaches can a company consider for deploying Web mail … [Read more...] about INDUSTRY INSIDER Tackling the Secure Web Mail Challenge
Las Vegas is arguably the gambling capital of the world, but it's also the king city for ransomware, based on recent research.Among the world's nations, the United States ranked highest in ransomware incidents, according to a Malwarebytes report on the prevalence and distribution of extortion apps. The area of the country that logged the most incidents was the Las Vegas-Henderson, Nevada, region.Nevada cities led the nation in overall ransomware detections, most detections per individual machine, and most detections per population, according to the report, which is based on an analysis of half a million ransomware incidents.Las Vegas' attraction to tourists and conference goers may be what attracts digital bandits."When people go to conferences, they're using their laptops on WiFi networks that may not be completely trusted," explained Adam Kujawa, head of malware intelligence at Malwarebytes.Coupled with the relaxed atmosphere of the city, that can make users more vulnerable to … [Read more...] about SPOTLIGHT ON SECURITY Las Vegas Captures Ransomware Crown