Hackers charged with stealing Xbox, 'Call of Duty,' and US Army secrets worth over $100... - 0 views
-
Four hackers have been jointly charged with conspiracies to commit computer fraud, copyright infringement, wire fraud, mail fraud, identity theft, and theft of trade secrets. Individually, they have been charged with counts of aggravated identity theft, unauthorized computer access, copyright infringement, and wire fraud.
-
The defendants, aged between 18 and 28, are believed to have stolen more than $100 million in intellectual property and other proprietary data from the likes of Microsoft Corporation, Epic Games, Valve, and even the US Army. This includes pre-release versions of Gears of War 3 and Call of Duty: Modern Warfare 3, Apache helicopter simulation software developed for the US army, and information about the Xbox One console. Two of the suspects have pleaded guilty, one of which is 22-year old David Pokora. His plea represents what may be the first conviction of a foreign-based individual for hacking into US businesses to steal trade secret information.
-
18-count superseding indictment
Hackers Using 'Shellshock' Bash Vulnerability to Launch Botnet Attacks - 0 views
-
Researchers on Thursday discovered a critical remotely exploitable vulnerability in the widely used command-line shell GNU Bourne Again Shell (Bash), dubbed "Shellshock" which affects most of the Linux distributions and servers worldwide, and may already have been exploited in the wild to take over Web servers as part of a botnet that is currently trying to infect other servers as well.
-
the vulnerability is already being used maliciously by the hackers.
-
There is as of yet no official patch that completely addresses both vulnerabilities, including the second, which allows an attacker to overwrite files on the targeted system.
- ...3 more annotations...
-
"Researchers on Thursday discovered a critical remotely exploitable vulnerability in the widely used command-line shell GNU Bourne Again Shell (Bash), dubbed "Shellshock" which affects most of the Linux distributions and servers worldwide, and may already have been exploited in the wild to take over Web servers as part of a botnet that is currently trying to infect other servers as well."
Uroburos Rootkit: Most sophisticated 3-year-old Russian Cyber Espionage Campaign - The ... - 0 views
-
The researchers claimed that the malware may have been active for as long as three years before being discovered and appears to have been created by Russian developers.
-
The two main components of Uroburos are - a driver and an encrypted virtual file system, used to disguise its nasty activities and to try to avoid detection. Its driver part is extremely complex and is designed to be very discrete and very difficult to identify.
-
The virtual file system can’t be decrypted without the presence of drivers, according to the Gdata’s analysis explained in the PDF.
- ...2 more annotations...
2 million Facebook, Gmail and Twitter passwords stolen in massive hack - Dec. 4, 2013 - 0 views
-
The massive data breach was a result of keylogging software maliciously installed on an untold number of computers around the world,
-
The virus was capturing log-in credentials for key websites over the past month and sending those usernames and passwords to a server controlled by the hackers.
-
Of all the compromised services, Miller said he is most concerned with ADP. Those log-ins are typically used by payroll personnel who manage workers' paychecks. Any information they see could be viewed by hackers until passwords are reset.
- ...1 more annotation...
Inside NZ Police Megaupload files: US investigation began in 2010 | Ars Technica - 0 views
-
Further evidence of overeager and illegal police work emerged Thursday in New Zealand as Inspector General of Security and Intelligence Paul Neazor released a report on the illegal bugging of Kim Dotcom and Megaupload programmer Bram van der Kolk. Two GCSB officers were present at a police station nearby Dotcom’s mansion as the raid took place.
-
Police weighed several options for the raid named “Operation Debut,” undertaken at the behest of US authorities, and sought to take Dotcom and associates with the “greatest element of surprise” and to minimise any delays the in executing the search and seizure operation should the German file sharing tycoon’s staff be uncooperative or even resist officers on arrival.
-
The police planners also noted that “Dotcom will use violence against person’s [sic] and that he has several staff members who are willing to use violence at Dotcom’s bidding” after a U.S. cameraman, Jess Bushyhead, reported the Megaupload founder for assaulting him with his stomach after a dispute. Based on Dotcom’s license plates such as MAFIA, POLICE, STONED, GUILTY, and HACKER, police said this indicates the German “likes to think of himself as a gangster” and is “described as arrogant, flamboyant and having disregard for law enforcement.” However, the documents show that Dotcom had only been caught violating the speed limit in New Zealand. The request for assistance from the STG notes that the US investigation against Mega Media Group and Dotcom was started in March 2010 by prosecutors and the FBI. According to the documents, US prosecutors and FBI “discovered that the Mega Media Group had engaged in and facilitated criminal copyright infringement and money laundering on a massive scale around the world.” FBI in turn contacted NZ Police in “early 2011," requesting assistance with the Mega Media Group investigation as Dotcom had moved to New Zealand at the time.
Caphaw Banking Malware Distributed via YouTube Ads - The Hacker News - 0 views
-
The Exploitation process relied upon a Java vulnerability (CVE-2013-2460) and after getting dropped into the target computer system, the malware detects the Java version installed on the operating system and based upon it requests the suitable exploit.
Exclusive: Secret contract tied NSA and security industry pioneer | Reuters - 0 views
-
Documents leaked by former NSA contractor Edward Snowden show that the NSA created and promulgated a flawed formula for generating random numbers to create a "back door" in encryption products, the New York Times reported in September. Reuters later reported that RSA became the most important distributor of that formula by rolling it into a software tool called Bsafe that is used to enhance security in personal computers and many other products.Undisclosed until now was that RSA received $10 million in a deal that set the NSA formula as the preferred, or default, method for number generation in the BSafe software, according to two sources familiar with the contract. Although that sum might seem paltry, it represented more than a third of the revenue that the relevant division at RSA had taken in during the entire previous year, securities filings show.
-
RSA, meanwhile, was changing. Bidzos stepped down as CEO in 1999 to concentrate on VeriSign, a security certificate company that had been spun out of RSA. The elite lab Bidzos had founded in Silicon Valley moved east to Massachusetts, and many top engineers left the company, several former employees said.And the BSafe toolkit was becoming a much smaller part of the company. By 2005, BSafe and other tools for developers brought in just $27.5 million of RSA's revenue, less than 9% of the $310 million total."When I joined there were 10 people in the labs, and we were fighting the NSA," said Victor Chan, who rose to lead engineering and the Australian operation before he left in 2005. "It became a very different company later on."By the first half of 2006, RSA was among the many technology companies seeing the U.S. government as a partner against overseas hackers.New RSA Chief Executive Art Coviello and his team still wanted to be seen as part of the technological vanguard, former employees say, and the NSA had just the right pitch. Coviello declined an interview request.An algorithm called Dual Elliptic Curve, developed inside the agency, was on the road to approval by the National Institutes of Standards and Technology as one of four acceptable methods for generating random numbers. NIST's blessing is required for many products sold to the government and often sets a broader de facto standard.RSA adopted the algorithm even before NIST approved it. The NSA then cited the early use of Dual Elliptic Curve inside the government to argue successfully for NIST approval, according to an official familiar with the proceedings.RSA's contract made Dual Elliptic Curve the default option for producing random numbers in the RSA toolkit. No alarms were raised, former employees said, because the deal was handled by business leaders rather than pure technologists.
-
Within a year, major questions were raised about Dual Elliptic Curve. Cryptography authority Bruce Schneier wrote that the weaknesses in the formula "can only be described as a back door."
FBI surveillance malware in bomb threat case tests constitutional limits | Ars Technica - 0 views
-
The FBI has an elite hacker team that creates customized malware to identify or monitor high-value suspects who are adept at covering their tracks online, according to a published report.
-
as the capability to remotely activate video cameras and report users' geographic locations—is pushing the boundaries of constitutional limits on searches and seizures
-
Critics compare it to a physical search that indiscriminately seizes the entire contents of a home, rather than just those items linked to a suspected crime. Former US officials said the FBI uses the technique sparingly, in part to prevent it from being widely known.
- ...1 more annotation...
The White House Big Data Report: The Good, The Bad, and The Missing | Electronic Fronti... - 0 views
-
the report recognized that email privacy is critical
-
one issue was left conspicuously unaddressed in the report. The Securities and Exchange Commission, the civil agency in charge of protecting investors and ensuring orderly markets, has been advocating for a special exception to the warrant requirement. No agency can or should have a get-out-of-jail-free card for bypassing the Fourth Amendment.
-
the algorithm is only as fair as the data fed into it.
- ...22 more annotations...
1 - 15 of 15
Showing 20▼ items per page