It’s a cyber catastrophe. Yahoo on Thursday confirmed a massive security breach that saw hackers steal personal information for over 500 million accounts. Yahoo YHOO says a foreign government is to blame. The incident is a big deal, since so many have a Yahoo account of some type or other — for email or finance…
The FBI warned states to check the security of their election systems after hackers stole voter data from one state election board earlier this summer and attempted to access another this month. The attacks were revealed in an FBI bulletin sent to the agency’s private industry partners and obtained by Yahoo News. One state’s election…
France and Germany are asking the European Union for new laws that would require mobile messaging services to decrypt secure communications on demand and make them available to law enforcement agencies.
French and German interior ministers this week said their governments should be able to access content on encrypted services in order to fight terrorism, the Wall Street Journal reported.
French interior minister Bernard Cazeneuve went on to say that the encrypted messaging apps like Telegram and WhatsApp “constitute a challenge during investigations,” making it difficult for law enforcement to conduct surveillance on suspected terrorists.
The proposal calls on the European Commission to draft a law that would “impose obligations on operators who show themselves to be non-cooperative, in particular when it comes to withdrawing illegal content or decrypting messages as part of an investigation.”
The proposed laws would force major technology companies including Apple, WhatsApp, Facebook, Telegram, and many others, to build encryption backdoors into their messaging apps.
The European Union has always been a strong supporter of privacy and encryption, but the recent series of terrorist attacks across both France and Germany this summer, including Normandy church attack carried out by two jihadists who reportedly met on Telegram, which made the countries shout for encryption backdoors loudly.
Although the proposal acknowledges encryption to be a critical part in securing communications and financial transactions, it says that solutions must be found to “enable effective investigation” while protecting users’ privacy.
Privacy advocates have been alarmed by the new proposals, as recent NSA hack just recently proved all of us that no system is hack-proof for hackers with right hacking skills and sufficient resources.
Related Read: Microsoft handed over encrypted messages and Skype calls to NSA
So, what happened to the NSA, which is the highly sophisticated intelligence agency of the world, could happen to encrypted messaging services that would feature an encryption backdoor for law enforcement.
The European Commission is believed to come up with new laws on privacy and security for telecom operators this fall, which would include third-party services such as WhatsApp or Telegram.
Krstic announced that Apple was launching a bug bounty program, offering $50,000 for zero-day vulnerabilities that allow malicious code exploits in the kernel, among other rewards. The thinking behind the bug bounty, according to Apple, is that discovering zero-day vulnerabilities — security problems that are unknown by a company but exploited by an attacker —…
Source: Broader Perspectives
A Cybersecurity and Privacy Hub
Spies are constantly trying to steal things from foreign governments, and the development of hacking tools has allowed them to swipe sensitive records from thousands of miles away.
But when are hacks more than traditional spying?
Is there a line? And if so, when does one cross it?
The theft of sensitive and embarrassing records from the Democratic Party by hackers—or a hacker—is forcing U.S. officials to confront new questions about when cyber espionage poses a national security threat.
The hackers stole emails. They stole personal cellphone numbers and email addresses of lawmakers, some of whom have security clearances that give them access to top secret information.
The records weren’t just stolen. It also has been leaked to the public in a way that has proven damaging to political careers and even the security of officials. And more stolen information is expected to be released in the coming weeks and months.
It is the release of this information that is roiling—and embarrassing—U.S. officials. They are trying to understand the intent of the leaks of information about members of the Democratic Party.
Is it to shine a spotlight on the messy U.S. political process? Or is it an attempt to influence the election by damaging Democrats with voters?
“It appears to be the latest example of geopolitical ‘hacktivist’ harassment,” said Steve Grobman, chief of technology for Intel Security, a computer security company.
In 2013, Edward Snowden, a former National Security Agency contractor, stole information and then leaked it, saying he did it because the American public had the right to know the extent that the government was collecting information about ordinary Americans.
In recent weeks, a person or entity self-named Guccifer 2.0 has released stolen records from the Democratic National Party and the Democratic Congressional Campaign Committee, claiming to have done this to expose corruption in the Democratic Party.
The hacker, who many Democrats and some cybersecurity companies accuse of having ties to the Russian government, has obtained sensitive information, records that foreign spies could use to intercept communications from lawmakers.
Russia has denied involvement in the hackings.
If Guccifer 2.0 really is a spy network for a foreign country, wouldn’t the information be more valuable if it was held in secret and not shared with anyone with internet access? Wouldn’t that make it easier to eavesdrop on phone calls or monitor email accounts?
Democratic lawmakers are now changing their phone numbers, passwords, and maybe ditching their Gmail accounts.
Much could change if and when Guccifer 2.0’s real identity and motives are revealed. Is it a true-believer hacking group or a foreign government trying to embarrass the Democratic Party? Perhaps Guccifer 2.0 is someone else.
The Federal Bureau of Investigation is taking the lead in the probe of the stolen records, though the National Security Agency also is likely playing some role if a foreign country is involved. Many people have a theory as to who Guccifer 2.0 actually is, but the FBI and intelligence community are so far providing few details and the investigation remains at a sensitive stage.
It is unclear exactly how sensitive of a stage this is. Guccifer 2.0’s Twitter account, used to communicate about the hack, was suspended on Saturday. Then it was “unsuspended” several hours later.
This article was licensed through Dow Jones Direct. This article was previously published in the Wall Street Journal on August 14, 2016.
The federal government is now looking into this week’s hack of comedian Leslie Jones’s personal website, in which hackers posted the Ghostbusters star’s personal information and nude photos stolen from her iCloud account. The Department of Homeland Security is investigating the incident, which took place on Wednesday. In addition to explicit photos, hackers posted images…