Tuesday, August 30, 2016

Operation Ghoul: The Dangerous Myth of Authenticity

Criminally Yours: How do you judge who's an idiot ...

Toppest (sic) Secret: What to do if google guys and gals neglect to index your MEdia Dragon website

Least low secret?: chinese hackers behind defence Austrade security breaches 

Cyber security incidents increasing

The nation's top spy agencies warn that the number of cyber security threats facing Australia is growing by the day

At a Glance: The Australian Broadcasting Corporation’s Four Corners' Cyber War program, aired tonight, highlighted  (thousand of computer log-ins of Australians for sale on the dark net)  the personal, commercial and national threats posed by hackers and a general preparedness on all things cyber security. Are things really as bad as the ABC Four Corners cyber war documentary makes out - Conversations, Yammer are peppered with smart NASA scientist to shed light on the topic ...

Greed Report: Tax hack—how to protect yourself from a crime that won’t go away via cnbc.com  Law enforcement officials knew him only as "The Hacker" — a mysterious person (or was it more than one?) who was stealing millions of dollars in IRS tax refunds, then vanishing like the wind — along with the money — after threatening death to anyone who crossed him. Greed Report: Tax Hack

Hacking the hackers: everything you need to know about Shadow Brokers' attack on the NSA

Government Hackers Caught Using Unprecedented iPhone Spy Tool

C.B. George: “It is a mindset that can mock a rapper who fabricates a criminal background and idolize the authenticity of a convicted felon. Seriously? Me, if I must choose between someone who pretends to have shot people and someone who’s shot people, I go for the fantasist every time. It is a mindset that holds dear an essentialist view of “indigenous culture” even as it disdains the same essentialism in the nationalist intolerance currently blighting the US and much of Europe.” The Dangerous Myth of Authenticity 

ICAC Findings liberal party slush fund eight by five handed down

“Lochte’s story shows one good reason why we should not uncritically believe people who claim to be crime survivors.” [Andrew Fleishman, Fault Lines]
Accenture buying spree continues with Redcore MEdia Dragon cybersecurity acquisition

Thousands of Soros docs released by alleged Russian-backed hackers

The Two Tales of Russia Hacking NYT Marcy Wheeler

Hillary’s Secret Kremlin Connection Is Quickly Unraveling

Ramen is displacing tobacco as most popular US prison currency, study finds Guardian

“[Blockchain] raises questions, and possibilities, over a fundamental market structure principle: who can have access to central bank money and how.” 
Suits join the hoodies with blockchain push, the FT informed us on Tuesday, adding, on Wednesday, in case we missed it, pretty much the same article again: “Big banks push forward with blockchain technology“... Big Banks Blockchain - Boondoggle

DHS doubles down on rubbery myGov numbers only a minister could love. Once a spark of innovation, then a white elephant, the online service portal is at last showing signs of user-focused renewal
10 million myGov users? Nay, Australia exaggerates its digital take-up 
We can now trace where bitcoin transactions end up, so there is hope, because bitcoin transactions are not as much of a black hole for law enforcement as they used to be... ~Turning the tide - Troels Oerting, group chief security and information security officer, Barclays
Cyber criminals are always likely to be better resourced than law enforcement. Now, national and regional police forces in Europe are switching tactics to even the odds.
Fighting fire with fire: European law enforcement seeking smart ways to fight cyber crime 

Antipodean Data breach alerts legislation to hit Parliament

Researchers say they have uncovered an industrial hacking scheme that struck 130 organizations in 30 countries. Kaspersky Lab, which discovered the scheme, is calling the group “Operation Ghoul.” According to the security services provider, Operation Ghoul targets bank accounts and intellectual property from primarily small to medium-sized industrial businesses. The attackers, Kaspersky said, use largely an off-the-shelf, commercial malware program known as Hawkeye that is capable of recording keystrokes, monitoring browser and email data, and stealing FTP server credentials. Kaspersky noted that more than a quarter of the infected organizations were from Spain and Pakistan. Companies in those countries — along with India, Egypt, and the United Arab Emirates — accounted for more than half of those affected. Kaspersky

The federal government has started a three-month public consultation on updating its cyber security strategy, asking security pros and citizens for input on how it should not only strengthen the national IT systems and critical infrastructure in the private sector but also help businesses and residents. Public Services Minister Ralph Goodale said Tuesday the consultation, which ends Oct. 15, will help identify gaps and opportunities, bring forward new ideas to shape Canada’s renewed approach to cyber security and capitalize on the advantages of new technology and the digital economy. “We need to get really good at cyber security – across our personal, business, infrastructure and government sectors – so we can take full advantage of the digital economy, while protecting the safety and security of Canadians, and selling our valuable cyber skills and products into a booming market throughout the rest of the world.” 

“We’ve found that Yammer facilitates spontaneous conversations among employees—sparking innovative ideas that help us operate more efficiently and improve customer service.”
—Adrian Steel, Global head of IT operations International Airlines Group
  Schmoozy Yammer Not Yet ...

Australian authorities hacked Tor users in the US as part of a child pornography investigation, Motherboard has learned. The contours of this previously-unreported hacking operation have come to light through recently-filed US court documents. The case highlights how law enforcement around the world are increasingly pursuing targets overseas using hacking tools, raising legal questions around agencies’ reach. In one case, Australian authorities remotely hacked a computer in Michigan to obtain the suspect’s IP address. “I think that's problematic, because they've got no jurisdiction,” Greg Barns, an Australian barrister who practices criminal and human rights law who's also a former national president of the Australian Lawyers Alliance, told Motherboard in a phone call.

The cybersecurity business runs on fear, so it is appropriate that investors have learned to be afraid. While hacking seems like a long-term growth industry, security hasn’t turned out to be the surefire bet many thought it was. It has underperformed many other tech segments since hitting a peak last summer. 

Identity theft wasn’t supposed to be part of writing checks to the Democratic National Committee. The massive data breach that drove the DNC’s chairwoman out the door has now swept up the party’s biggest donors too, their Social Security numbers and personal information compromised by hackers and forcing fundraisers to spend money to protect themselves. “All my shit was hacked,” said a major donor, who has given to the Democrats for years. “Now, I’ve got to have LifeLock on my 6-year-old daughter’s Social Security number.”  

Sage, which provides accounting, payroll and payments software for businesses, has released a statement saying that an internal login had been used to gain unauthorised access to the data of some of its British customers. The personal details of the employees of about 280 British companies were potentially exposed in the breach, a company source said. “We are investigating unauthorised access to customer information using an internal login,” the company said in a statement.  

The chain that owns Starwood, Marriott, Hyatt, and Intercontinental hotels—HEI Hotels & Resorts—said this weekend that the payment systems for 20 of its locations had been infected with malware that may have been able to steal tens of thousands of credit card numbers and corresponding customer names, expiration dates, and verification codes.

The Social Security Administration is relaxing a recent security directive requiring beneficiaries to use two-factor authentication to log into personal accounts after complaints that the new restrictions hindered user access. The agency had established a policy of requiring My Social Security account holders to confirm their identities via a text-enabled mobile device. The move was in keeping with an executive order on improving security in consumer financial transactions. The policy, announced July 30, met with complaints from users

The Commerce, Energy and Justice departments received generally positive cybersecurity assessments from their respective inspectors general offices. The Cybersecurity Act of 2015 requires department OIG to submit to Congress reviews of internal cyber practices, including the "logical access" policies under which some users are granted or denied permission to view certain information.  

When an anonymous group calling itself Shadow Brokers put up for auction a collection of data it said it stole from the NSA, the group wrote that it would make the information public if it received the truly absurd “Dr. Evil” sum of one million bitcoins—at current exchange rates, about $576 million. So far, however, it’s achieved a more modest payday: $937.15. Over twenty-four hours have passed since the Shadow Brokers publicized its auction of a collection of encrypted information it claimed to have obtained from hacking the Equation Group, an elite team of hackers linked last year to the NSA.  

Inside Facebook’s (Totally Insane, Unintentionally Gigantic, Hyperpartisan) Political-Media Machine How a strange new class of media outlet has arisen to take over our news feeds Inside Facebook’s (Totally Insane, Unintentionally Gigantic, Hyperpartisan) Political-Media Machine 

...Must all directors make a Cold War River  movie before being considered truly epic?

… Clive James on The way we weren’t: what “Mad Men” got wrong | Prospect Magazine

“I don’t blame the poor people at the ABS, I blame successive governments which have denied investment in the ABS, and also in this case the foolishness of outsourcing so much of the collection task to the private sector without equipping the ABS to be as strong and informed a client of those companies as it needed to be in a very complex area like IT.
Is the Australian Public Service competent? Lessons from #CensusFail Antipodean data breach alerts bill to hit parliament