Thursday, June 16, 2016

‘Demonically Clever’ Cybercrime via Kaspersky

Microsoft news release, June 13, 2016: ” Microsoft Corp. (Nasdaq: MSFT) and LinkedIn Corporation (NYSE: LNKD) on Monday announced they have entered into a definitive agreement under which Microsoft will acquire LinkedIn for $196 per share in an all-cash transaction valued at $26.2 billion, inclusive of LinkedIn’s net cash

Neil MacFarquar – Moscow – “A sense of menace stirs right off the elevator on the fifth floor of Kaspersky Lab’s Moscow headquarters, where a small television screen displays cyberthreats occurring in real time around the world — a blinking, spinning, color-coded globebrimming with suspicious emails, malware and evil botnets that could be infecting a computer near you. That feeling of unease intensifies when Eugene V. Kaspersky — the stocky, garrulous, 50-year-old founder and chief executive of the global computer security company — begins to catalog possible threats: The computerized elevator you just left is vulnerable to cyberattacks, as are your smartphone and smartcar. Your bank, without question. Your electricity and water supplies could be at risk. Cybercriminals grow smarter, bolder and more elusive every year.
“We are living in the middle cyberage, the dark ages of cyber,” said Mr. Kaspersky, whose modest corner office with glass walls overlooks a stretch of canal and a boat club. He has longish salt-and-pepper hair, a trim beard and a ruddy, tanned complexion. “Right now, it is more functionality, more technology, more services, but not enough security.” Kaspersky Lab is most famous for being the home of the brainy geek squad that exposed Stuxnet and Flame, the American-Israeli cyberweapons that disrupted Iran’s nuclear program. Mr. Kaspersky and his company find themselves at the forefront of the battle against cybergangs, one of the largest emerging threats, for two rather simple reasons, he said: “Russian software engineers are the best; unfortunately Russian cybercriminals are the best, as well.” Hacking methods developed in the Russian-speaking world are going global, suggesting a thriving black market in malicious code. “They don’t just hack the victims, they trade the technology to other gangs,” he said. “Now there are hundreds of victims, in the United States and Asia.”….   

[Roger] was a risk-taker, never afraid to challenge the status quo or make bold moves to get ahead. He was tough as nails, always prepared to get the job done and beat the competition. At the same time, he had a true love for our people and a passion for empowering them to reach their full potential. Roger devoted more than 30 years of his life to PepsiCo and his leadership was instrumental in making us the company we are today Roger Enrico: Maverick

Oracle Whistleblower Suit Raises Questions Over Cloud Accounting Slashdot

When Adrian Ludwig describes the ideal approach to computer security, he pulls out an analogy. But it’s not a lock or a firewall or a moat around a castle. Computer security, he says, should work like the credit card business. A credit card company, he explains, doesn’t eliminate risk. It manages risk, using data describing the market as a whole to build a different risk profile (and a different interest rate) for each individual. Computer security, Ludwig believes, should work in much the same way. “The model of good and bad—white and black—that the security community prescribes?” he says. “It’s going to be all black unless we accept that there are going to be shades of gray.” This is pretty much what you’d expect him to say. Ludwig works at Google, where he oversees security for Android, a mobile operating system that always included as many phone makers, apps, and people as possible. But he and his colleagues aim to take this idea in a new direction. If the future of security lies in managing risk, he explains, then the future of security is machine learning, the same breed of artificial intelligence that has proven so successful in so many other parts of the Google empire. We shouldn’t code hard-and-fast digital rules that aim to stop all online attacks. As the internet grows more complex—as it reaches more people—this would end up shutting everyone out. Instead, we should build systems that can analyze the larger landscape and learn to identify potential problems on the fly

The technologies of writing and printing allowed for new conceptions of moral and intellectual life. What kinds of illuminations does the internet offer? Morality

How Hemingway became Hemingway. He gathered a group of friends, headed to Pamplona, and returned a middlebrow  Revolutionary  

A probe into who discovered a years-long hack into background checks on U.S. national security workers might not be case closed after all. Security vendor CyTech now claims that during an April 21, 2015, product demonstration, its technology uncovered, for the first time, malware siphoning off the data. This allegation seems at odds with the side of the story that Oversight and Government Reform Committee ranking Democrat Rep. Elijah Cummings, D-Md., revealed last week in a letter to the House intelligence panel. Staff at the hacked agency, the Office of Personnel Management, already had discovered the malware using a tool from another contractor, Cylance, on April 15, 2015, Cummings said. There seems to be a disagreement over what the definition of "discover" is. CyTech CEO Ben Cotton says, "I’ve been on [site at] a lot of breaches, and it is extremely rare that you would allow malware to continue to exist inside of your organization for a full week after you discovered it’s there." The three pieces of malware were "actively executing in RAM" memory, he added. Republicans on the oversight committee did not sign Cummings' May 26 letter. The GOP members plan to release a more comprehensive report on the OPM incident in June, a committee staffer told Nextgov on background.

Security flaws in software can be tough to find. Purposefully planted ones—hidden backdoors created by spies or saboteurs—are often even stealthier. Now imagine a backdoor planted not in an application, or deep in an operating system, but even deeper, in the hardware of the processor that runs a computer. And now imagine that silicon backdoor is invisible not only to the computer’s software, but even to the chip’s designer, who has no idea that it was added by the chip’s manufacturer, likely in some farflung Chinese factory. And that it’s a single component hidden among hundreds of millions or billions. And that each one of those components is less than a thousandth of the width of a human hair. In fact, researchers at the University of Michigan haven’t just imagined that computer security nightmare; they’ve built and proved it works. In a study that won the “best paper” award at last week’s IEEE Symposium on Privacy and Security, they detailed the creation of an insidious, microscopic hardware backdoor proof-of-concept.

America Excels in Business of Death Consortium News

Lloyds Banking Group has seen an 80 to 90% drop in cyber attacks as online criminals and fraudsters have switched their attention to other industries. Banks have been under increasing pressure from hackers, driving even the Bank of England to include cyber attacks in reports on the key risks to the financial sector. Business group TheCityUK warned that 75% of fraud is now online, often through malicious email scams, indicating the scale of fraud shifting into the digital world. Yet Lloyds’ digital boss Miguel-Ángel Rodríguez-Sola said there has been a sudden drop in cyber attacks on banks. “There had been an increase in the UK in terms of cyber attacks, between June and February this year,” he said, noting that denial of service (DDOS) attacks became particularly common. “However, over the last two months I have had five-times less than at the end of last year.”

Russian authorities have arrested about 50 people in connection with an ongoing investigation into a hacker group that's suspected of unleashing malware-enabled hack attacks against customers of major Russian financial institutions. The gang allegedly stole 1.7 billion rubles ($25.5 million) from accounts at multiple Russian financial services firms over a five-year period, Russia's federal security service, known as the FSB, says in a June 1 statement. It adds that Sberbank - the largest bank in Russia and Eastern Europe - assisted with its investigation, but didn't name any of the other victim banks.  

IRS Employees Erased 422 Backup Tapes Containing 24,000 of Lois Lerner’s Emails. Government as criminal conspiracy

After slew of cyber-strikes, BDS movement points finger at Israel

Banks with the weakest cyber defences could be kicked off the Swift global bank payments system, its chief executive has warned as the organisation scrambles to restore faith in its security after several raids by hackers.  

Hacking laws are generally intended to punish, well, hacking—not the digital equivalent of destroying the office printer on the day you quit. But when IT administrator Michael Thomas deleted a collection of files before leaving his job at the auto dealership software firm ClickMotive in 2011, the 37-year-old Texan wasn’t merely charged with destruction of property or sued by his ex-employer for damages. Instead, he’s been charged with a felony count of violating the Computer Fraud and Abuse Act, (CFAA) a law passed in 1986 to prevent and prosecute malicious hacking. The charges could carry up to 10 years in prison and $250,000 in penalties—and have already led to the seizure of Thomas’s proceeds from the sale of his house. And as Thomas’s trial begins today in the Eastern District of Texas, his defense attorneys and some legal observers argue that his case represents yet another new form of prosecutorial overreach based on the CFAA’s long-controversial and overbroad measures.


Explore data Australia-China swap prisoner walks free