Tag Archives: cybersecurity

Hackers Just Brought the Internet to Its Knees—And No One Knows Why

by kelliemclendon Posted on October 21, 2016

Mother Jones

A number of websites—including Twitter, Netflix, and PayPal—were disrupted today by an early morning cyberattack against a key company responsible for routing internet traffic. The company, Dyn, has been posting a series of updates throughout the day, claiming that it came under multiple Distributed Denial of Service (DDoS) attacks. A DDoS attack floods a website or server with traffic from multiple sources, slowing the targeted site or shutting it down altogether.

In this case, the target was Dyn, a major provider of Domain Name Servers (DNS), which allow internet traffic to get routed properly. (Gizmodo has an excellent breakdown of how DNS servers work, and why an attack on a major provider of them would impact so many sites at once.) The attack started at about 7:10 a.m. on the East Coast of the United States, and the company was initially able to restore service. But later in the morning a second and more widespread attack ensued, and service disruption might have spread to Western Europe, according to Reuters.

Today’s attack is being investigated by the US government as a “criminal act,” Reuters reports, and it could be just the latest in what the Department of Homeland Security has characterized as increasingly powerful DDoS attacks. In an October 14 message posted on the DHS Computer Emergency Readiness Team page, the agency warned of “increased risks” of massive DDoS attacks because of poorly secured internet-connected devices such as cameras and home routers. “Recently, Internet of Things devices have been used to create large-scale botnets—networks of devices infected with self-propogating malware—that can execute rippling distributed denial-of-service (DDoS) attacks,” the warning read.

Although it’s unclear who is behind the attack, in an early Friday evening tweet, WikiLeaks told its supporters:

By the way, here’s what a DDoS attack looks like when it’s visualized (via Gizmodo):

Link – 

Hackers Just Brought the Internet to Its Knees—And No One Knows Why

Posted in Cyber, FF, GE, LAI, LG, ONA, Radius, Uncategorized, Venta | Tagged , , , , , , , | Comments Off on Hackers Just Brought the Internet to Its Knees—And No One Knows Why

FBI Now Pretty Sure Russia Is Behind Anti-Clinton Hacking

by ThaddeuPoupinel Posted on September 28, 2016

Mother Jones

The Wall Street Journal reports that the FBI is increasingly convinced that the recent hacks of the DNC and other organizations are being led by Russia:

A fuller picture of the operation has come into focus in the past several weeks. U.S. officials believe that at least two hacking groups with ties to the Russian government, known as Fancy Bear and Cozy Bear, are involved in the escalating data-theft efforts, according to people briefed on the Federal Bureau of Investigation’s probe of the cyberattacks.

Following successful breaches, the stolen data are apparently transferred to three different websites for publication, these people say. The websites—WikiLeaks, DCLeaks.com and a blog run by Guccifer 2.0—have posted batches of stolen data at least 42 times from April to last week.

WikiLeaks has published U.S. secrets for years but has recently taken an overtly adversarial tone toward Democratic presidential nominee Hillary Clinton. Cybersecurity experts believe that DCLeaks.com and Guccifer 2.0 often work together and have direct ties to Russian hackers.

Most of these leaks have been designed to hurt Hillary Clinton, who Vladimir Putin apparently hates. Meanwhile, Trump advisor Carter Page has left the Trump campaign over accusations that he’s a little too chummy with the folks in Russia responsible for all this hacking. Page says the whole thing is ridiculous, but apparently his erstwhile friends in Trumpland are throwing him under the bus anyway:

The Trump campaign has been distancing itself from Page. Although Page was one of Trump’s originally announced foreign policy advisers, campaign manager KellyAnne Conway told CNN on Sunday that Page is not really involved at with the campaign at this point.

I have not spoken with him at all, in fact, meaning he’s not part of our national security or foreign policy briefings that we do now at all, certainly not since I have become campaign manager,” she said….Other Trump campaign sources told me that Page was never really part of Trump’s inner circle….Page has never met with Trump one on one and hasn’t been deeply involved in Trump foreign policy speeches or events, they said.

So…he was just some guy whose name they used so they’d look like they had some advisors. Apparently they’d rather publicly fess up to lying about their campaign announcements than take a chance that Page might become a liability. What nice folks.

Link:  

FBI Now Pretty Sure Russia Is Behind Anti-Clinton Hacking

Posted in Cyber, FF, GE, LG, ONA, Uncategorized, Venta | Tagged , , , , , , , , , | Comments Off on FBI Now Pretty Sure Russia Is Behind Anti-Clinton Hacking

Info About the Sex Lives and Medical Histories of Millions of Federal Workers Is in Hackers’ Hands

by Rhys7064baa Posted on July 9, 2015

Mother Jones

<!DOCTYPE html PUBLIC “-//W3C//DTD HTML 4.0 Transitional//EN” “http://www.w3.org/TR/REC-html40/loose.dtd”>

The federal government announced on Thursday that—yet again—the huge hacks of sensitive government personnel records revealed last month are even bigger than previously thought.

Officials now say that information on 21.5 million people was stolen—more than 19 million security clearance applications, plus other sensitive data such as fingerprint records from another 2 million people who know or are related to the applicants. They told the Washington Post it’s now “highly likely” that the hackers, likely working for China, stole every such application submitted since 2000 to the Office of Personnel Management, which conducts security clearance investigations for almost all government agencies. Intelligence agencies like the CIA and National Security Agency do their own checks into potential clearance holders.

Even before Thursday’s announcement, current and former government officials were calling the stolen applications, which include highly personal and potentially damaging data such as medical histories, records of drug use, and the names of foreign contacts, an intelligence goldmine for China or other potential perpetrators. “That they have all this clearance information is a disaster,” Joel Brenner, a former top U.S. counterintelligence official, told the Associated Press last month. FBI director James Comey told the Senate Intelligence Committee on Wednesday that the hack is a “huge deal.”

Officials previously admitted the hackers had taken up to 18 million of the applications, in addition to 4.2 million social security numbers that were stolen in a separate data breach. But even with the new, higher numbers revealed on Thursday, OPM Director Katherine Archuleta told reporters that she would not resign her post.

Continue at source:

Info About the Sex Lives and Medical Histories of Millions of Federal Workers Is in Hackers’ Hands

Posted in alo, Anchor, Casio, Cyber, FF, GE, LG, ONA, Radius, Uncategorized, Venta | Tagged , , , , , , , , , , | Comments Off on Info About the Sex Lives and Medical Histories of Millions of Federal Workers Is in Hackers’ Hands

5 Flaws in Obama’s New Cybersecurity Plan

by NicolasRoller Posted on January 14, 2015

Mother Jones

<!DOCTYPE html PUBLIC “-//W3C//DTD HTML 4.0 Transitional//EN” “http://www.w3.org/TR/REC-html40/loose.dtd”>

Following a string of high-profile corporate hacks at companies such as Target, Home Depot, and Sony, President Obama is now urging Congress to improve how companies respond to data breaches. He wants to require them to disclose consumer data breaches within 30 days of discovering them, make it easier for companies to share information about hacking threats with one another and the federal government, and criminalize the sale of botnets, programs used to coordinate attacks.

But while those may sound like good ideas, they’re not winning universal support from top digital rights groups. “President Obama’s cybersecurity legislative proposal recycles some old ideas that should remain where they’ve been since May 2011: on the shelf,” writes the Electronic Frontier Foundation (EFF).

Here are the top five concerns with Obama’s proposals:

1. They may allow companies to share your personal data with the NSA: Companies would receive legal immunity in connection with sharing information about threats with a cybersecurity center headed by the Department of Homeland Security, which could immediately pass it along to the National Security Agency and other federal agencies. The proposed disclosure law, which would trump other state or federal data-privacy laws, would require companies to take unspecified “reasonable” steps to strip information that could identify a specific person before sharing it, but only for individuals “reasonably believed to be unrelated to the cyber threat.”

2. Private companies and the government already share information about security threats: The sharing happens through the nonprofit Information Sharing and Analysis Centers and Homeland’s Enhanced Cybersecurity Services. “The question is what gap this bill is trying to fill when we already have a robust information sharing machine,” says EFF legislative analyst Mark Jaycox.

3. The reforms would increase penalties under the draconian Computer Fraud and Abuse Act: The notoriously broad and stringent CFAA is best known as the tool used by the feds to prosecute digital rights activist Aaron Swartz, who killed himself in 2013 while facing 35 years in jail and $1 million in fines in connection with downloading copyrighted scientific articles. “We’ve repeatedly seen government prosecutions that use the CFAA’s tough penalties to bully people,” says Jaycox. In a press release, the White House says it wants to ensure the act isn’t used to target “insignificant conduct.” But a close reading of its proposed reforms appears to tell a different story: One provision increases the penalty for stealing data from any “protected computer” from one year to three, even if it wasn’t done for commercial gain.

4. They supersede state laws: The White House’s consumer data breach law would supersede at least 38 state data-breach laws, some of which are more stringent than the proposed federal standard. The law proposed by the White House would apply only to businesses that store information on more than 10,000 individuals, but California, Florida and some other states have disclosure laws that apply to any company that experiences a data breach affecting more than 500 people. “Any such proposal should not become a back door for weakening transparency or state power,” the EFF said in a statement, “including the power of state attorneys general and other nonfederal authorities to enforce breach notification laws.”

5. They could limit online civil disobedience: There are plenty of legitimate reasons to curtail the sale of botnets, but they’ve also been used by activists to carry out distributed denial of service (DDOS) attacks against repressive governments and corporate ne’er-do-wells. Last year, the hactivist collective Anonymous posted a petition on Whitehouse.gov asking that DDOS attacks be recognized as a legal form of protest similar to the Occupy protests. Under the CFAA, carrying out a DDOS attack can already land you in jail for many years, but now the White House wants to further clamp down on the practice by specifically allowing the Attorney General to go after botnets that help enable them.

Jump to original – 

5 Flaws in Obama’s New Cybersecurity Plan

Posted in alo, Anchor, Cyber, FF, GE, LG, ONA, Radius, Uncategorized, Venta | Tagged , , , , , , , , , , | Comments Off on 5 Flaws in Obama’s New Cybersecurity Plan