Phone-cracking firm Cellebrite hacked

Source: BBC

Information about the customers of Cellebrite, an Israeli firm that markets hacking tools, has been stolen in a cyber-attack.

 

The breach was first reported by tech site Motherboard, which said it was sent 900 gigabytes of data by a hacker.

Cellebrite confirmed some information had been taken but said it was not aware of any “increased risk” to clients.

The firm added that it was now notifying affected customers.

Motherboard said the data – which was not distributed online – included “what appears to be evidence files from seized mobile phones, and logs from Cellebrite devices”.

However, Cellebrite did not respond to this in its statement.

When contacted by the BBC, a spokesman said its investigation was ongoing and it had no further information to add.

The firm did say that it recently detected “unauthorised access” on an external web server – activity it described as “illegal” – and that it had launched an investigation into the incident.

It added that the data taken related to an older user account system.

Last year, Cellebrite was linked to the FBI’s attempt to hack an iPhone used by San Bernardino killer Syed Rizwan Farook. The firm has neither confirmed nor denied involvement.

“The information accessed includes basic contact information of users registered for alerts or notifications on Cellebrite products and hashed passwords for users who have not yet migrated to the new system,” the company said.

Cellebrite advised users of the my.Cellebrite system to change their passwords.

“The sort of people who use Cellebrite products don’t necessarily want others to know that they’re using it,” said Prof Alan Woodward, a cybersecurity expert at the University of Surrey.

“Law enforcement agencies and perhaps security services will be using it.”

In 2015, hackers stole data from Italian surveillance company Hacking Team and released it on to the web.

The dump included information on countries that had bought Hacking Team products.

“It’s a direct analogy I would say,” Prof Woodward told the BBC. “The embarrassment factor is going to be the same.”

Shadow brokers’ farewell

Separately, 58 hacking tools for Windows PCs were released on to the web by a group calling itself “Shadow Brokers”.

The group announced the release in a farewell message, having attempted to auction the malware online last year. At the time, Shadow Brokers claimed it had been stolen from the NSA.

Besides the newly released files, Shadow Brokers said a full cache of exploits had been left online at a price of 750 bitcoins (£500,000).

Many of the exploits were not “zero days” – attack methods that have not yet been uncovered – but ones that had already been detected by cybersecurity firm Kaspersky, according to one analyst.

“Nobody was willing to pay them,” said Prof Woodward. “They sort of stomped off in a huff, basically.”

Prof Woodward added that while some of the exploits looked “sophisticated” there was no proof that any of the data had been taken from the NSA.

Act will not censor social media: NICTA

Source: Looppng

The Cybercrime Act will not be used to gag public complaints in the media.

Charles Punaha, the National Information and Communication Technology Authority (NICTA) CEO, said the Act, passed by Parliament in 2016, will not be a form of censorship on mainstream and social media.

“We respect freedom of information and speeches as provided for under the Constitution, but let me also specify that those freedom are referred to by law as qualified rights, meaning that people should not abuse those freedom to commit (crimes) against other people,” Punaha said.

“Our code will be developed within the confines of the law, the existing legislation and mindful to facilitate and respect the freedom provided for.”

However, many of Loop PNG readers think the Act is a smokescreen by the government to protect them from public scrutiny, especially on Facebook.

These are some of the comments on our news site.

“It is censorship your highness. You are telling us to watch our mouths when criticising public, elected officials – a norm in any democracy. Isn’t that the same as prohibiting people from watching certain movies, etc?” wrote a reader.

“People or so-called leaders are pushing around to have media under their control. (It) is to protect themselves from their corrupt practises so where does this freedom of speech come in play, shame on you leaders for pushing this agenda around to pass that law,” Arnold Mara commented.

“We need freedom of speech in our country! We all know that the media in PNG is being controlled by the Government, we need social media to expose corruption and the truth on our Parliamentarians and senior public servants’ immoral and unethical behaviours,” another reader commented.

Meanwhile, under the new Act, the three mobile phone operators must register all their users before the end of 2017.

“We remind subscribers that the number of days has been reduced, and we have 12 months left and they must register now,” Punaha said.

He added that they are in constant dialogue with the mobile operators and are confident with the current progress of SIM card registration.

Is Cybercrime Act, a form of censorship?

Source: Looppng

Many Loop PNG readers think the Cybercrime Act is a National Government plot to censor public comments on social media.

The National Parliament in 2016 passed the Act making it a crime to make unproven allegations about individuals using any information technology medium.

However, the National Information and Communication Technology Authority (NICTA) CEO Charles Punaha brush aside the censorship claims.

Punaha said the new Cybercrime Act is not a form of censorship in Papua New Guinea.

These are some of the comments on our news site.

“It is censorship your highness. You are telling us to watch our mouths when criticizing publicly elected officials – a norm in any democracy. Isn’t that the same as prohibiting people from watching certain movies, etc?” a reader stated.

“People or so called leaders are pushing around to have media under their control is to protect themselves from their corrupt practises so where does this freedom of speech comes in play, shame on you leaders for pushing this agenda around to pass that law,” Arnold Mara commented.

“We need freedom of speech in our country!! We all know that the media in PNG is being controlled by the Government, we need social media to expose corruption and the truth on our Parliamentarians and Senior Public servants’ immoral and unethical behaviours,” another reader commented.

Massive web attack hits security blogger

Source: BBC

ddos

One of the biggest web attacks ever seen has been aimed at a security blogger after he exposed hackers who carry out such attacks for cash.

The distributed denial of service (DDoS) attack was aimed at the website of industry expert Brian Krebs.

At its peak, the attack aimed 620 gigabits of data a second at the site.

Text found in attack data packets suggested it was mounted to protest against Mr Krebs’ work to uncover who was behind a prolific DDoS attack.

Web protest

In a blogpost, Mr Krebs detailed the attack, which began late on Tuesday night and quickly ramped up to its peak attack rate.

DDoS attacks are typically carried out to knock a site offline – but Mr Krebs’ site stayed online thanks to work by security engineers, who said the amount of data used was nearly twice the size of the largest attack they had ever seen.

“It was among the biggest assaults the internet has ever witnessed,” added Mr Krebs.

Security firm Akamai said the attack generated such a huge volume of data by exploiting weak or default passwords in widely used net-connected cameras, routers and digital video recorders. Once in control of these “smart” devices the attackers used them to swamp the site with data requests.

“These new internet-accessible devices can bring great benefits, but they are also an increasingly easy and lucrative targets for cybercriminals,” said Nick Shaw from security firm Symantec.

The security firm has carried out research which shows swift growth in the number of malware families scouring the net for vulnerable devices. Typically, said Mr Shaw, malicious hackers who take over gadgets are not interested in stealing personal data.

“Cybercriminals are interested in cheap bandwidth to enable bigger attacks,” he said.

Mr Krebs speculated that the attack could have been prompted by an article he published, in early September, that named two young men allegedly associated with a service called vDos that carried out DDoS attacks for cash.

Soon after the article was published, Israeli police arrested the two men named by Mr Krebs. Released on bail, the pair were barred from using the net for 30 days.

Buried inside many of the data packets despatched towards Mr Krebs’ site was text calling for the release of one of the men named in that article.

“I can’t say for sure, but it seems likely (to be) related,” said Mr Krebs.

Michelle Obama’s passport leaked — MEMENEWS.ME

GET THE FULL STORY

via Michelle Obama’s passport leaked — MEMENEWS.ME

FBI Director Says You Should Cover Your Webcam With Tape! Here’s Why!

Sources:The Daily Mail, Global News, BBC, Engadget

James Comey’s computer must be equipped with some pretty heavy security software. But that doesn’t stop the FBI director from covering his webcam with tape. Why? Because he knows, perhaps better than anyone on the planet, what hackers can do.

“There’s some sensible things you should be doing, and that’s one of them,” Comey said.

“You go into any government office and we all have the little camera things that sit on top of the screen. They all have a little lid that closes down on them. You do that so people who don’t have authority don’t look at you.”

Wait, what? That’s just a conspiracy, isn’t it? Can people actually do that?

Oh yes they can. For several years now, technology has existed that allows people to discretely access and turn on your webcam from anywhere on the planet. Thousands of people learned about this the hard way in 2014, when hackers set up a website showcasing a multitude of live webcam streams from around the world.

Just this month, hackers broke into a Canadian couple’s webcam as they were cuddling and watching Netflix. The hackers bypassed their webcam’s ‘on’ light completely.

“We obviously had no idea it was taking place in the moment, but retroactively it was like a really, really deeply creepy feeling,” one of the victims told Global News. “It was very unnerving. I mean it does feel like there’s someone just in your home with you.”

This also happened to Miss Teen USA, who was tormented for more than a year by a webcam hacker who tried to blackmail her with nude images.

This stuff is real, folks. Have a look at the video below to hear more from FBI director James Comey on the topic of webcam security.

What are your thoughts on this? Do you cover your webcam? Let us know in the comments!

 

How Facebook Is Revamping Its Fight to End Online Hate Speech — Fortune

Facebook is amping up its own anti-hate speech campaign this week after launching the program earlier this year, the company announced Wednesday. The tech titan’s Online Civil Courage Initiative (OCCI) has been working with at least 84 activist groups and non-governmental organizations (NGOs) in Germany, France, and the UK since January. Now Facebook fb wants…

via How Facebook Is Revamping Its Fight to End Online Hate Speech — Fortune