Monday 31 October 2016

Report: NSA hushed up zero-day spyware tool losses for three years

NSA
Investigation shows staffer screw-up over leak
Sources close to the investigation into how NSA surveillance tools and zero-day exploits ended up in the hands of hackers has found that the agency knew about the loss for three years but didn’t want anyone to know.
Multiple sources told Reuters last night that the investigation into the data dump released by a group calling itself the Shadow Brokers had determined that the NSA itself wasn't directly hacked and the software didn't come from exiled whistleblower Edward Snowden. Instead it appears one of the NSA staffers got sloppy.
It appears at this stage that the staffer, who has since left the NSA for other reasons, stashed the sensitive tools on an outside server – likely a bounce box – after an operation. Miscreants then found that machine, raided it and hit the jackpot. The staffer informed his bosses after the incident, but rather than warning companies like Cisco that their customers were at risk, the NSA kept quiet.
The reasoning for this secrecy seems to have been that the NSA wanted to see who was going to use them. It monitored the world's internet traffic to try and catch sight of the tools or someone using the software or the holes it exploited. Since no signs appeared the agency didn’t tell anyone of the loss.
According to US government guidelines the NSA is supposed to assess the seriousness of zero-day flaws it finds and inform companies if it feels they are serious enough. Documents obtained by the EFF stated that the NSA told manufacturers about 91 per cent of the flaws it found.
That didn't happen, and a lot of security people are going to be asking why not.

Vote of confidence for IT security made in Germany

Where is your IT manufacturer based? What used to be a trivial matter of image has now become a security issue. Three years after Edward Snowden’s revelations, CEOs understandably feel uncomfortable when their IT infrastructure consists of routers and switches from Cisco and Juniper. Both companies are known to have been affected by the efforts of the American National Security Agency (NSA) either through code manipulation or backdoors in certain products. In relation to these developments, the quality label of IT security made in Germany carries even more weight. The chance of buying a product which has been compromised by government agencies is significantly lower with devices which have been developed and manufactured in Germany rather than abroad. In IT security, the country of origin has become a critical factor.
Foreign companies are already noticing this trend. In the first half of 2016, the export of communications equipment from Germany grew significantly. The digital association Bitkom reported that exports of communications equipment, telephone systems and network technology have risen by 2.8 percent to EUR 6.6 billion. “Germany has taken a strong international role in the field of communication technology,” says Bitkom President Thorsten Dirks. The main buyers of ICT products from Germany in the first half of the year were France (EUR 1.30 billion), the Netherlands (EUR 1.29 billion) and Poland (EUR 1.27 billion). There are still many opportunities in this market. “Only 55 percent of ICT SMEs in Germany are active abroad,” says Dirks. “SMEs are often limited to local business; even national markets can be too much of a challenge for them”.
IT security is no longer a peripheral task in the IT department. In many industries, IT security has become the central concern of digital infrastructure. Beyond legal and industry requirements, companies have become almost completely dependent on their information systems and this has spiked high demand for IT security. While little attention has been paid in the past to the manufacturer as a potential security risk, many managers are now concerned about unwittingly allowing NSA code into their data centers. Nobody really believes that the USA is the only country who are willing to get their hands dirty. China and Russia also have active intelligence services and a strong interest in the innovative technology of German companies. Incidentally, the mission of the Canadian intelligence service is quite revealing “Protect our secrets, uncover theirs”.
Policies and procedures are also a key part of IT security along with products and devices. Sensitive data must be identified and classified, risks assessed and security measures prioritized. However, all of this cannot be achieved without devices and technology. Sadly, it is no longer to dismiss the belief that IT security products may no longer be secure as paranoia. The representative study by Pierre Audoin Consultants “IT Made in Germany – What do German companies want?” shows that two thirds of IT decision makers in German companies want to use strengthened IT solutions “Made in Germany” as a result of the ongoing security scandals surrounding the NSA wiretapping affair. German technology companies such as NCP engineering GmbH were a good choice for IT security long before Edward Snowden and the present increased awareness of IT security. The Nuremberg-based company is one of the world’s leading remote access vendors. For NCP, the German location attracts highly skilled employees. They secure NCP’s leading position through developing innovative technology which is reliable and secure. Small and large companies are in safe hands at NCP and it goes without saying that NCP solutions are free from backdoors ­­­− true to the concept of IT security made in Germany.

Celebgate hack: Collins sentenced over nude photos theft

US actress Jennifer Lawrence poses before the Christian Dior 2017 Spring/Summer ready-to-wear collection fashion show, on September 30, 2016 in Paris. 
A Pennsylvania court has sentenced a man to 18 months in jail for hacking into the accounts of celebrities and stealing nude photos and videos.
Ryan Collins, 36, pleaded guilty to the charges in May.
He had stolen the usernames and passwords of more than 600 people.
Collins tricked his victims - including actresses Jennifer Lawrence, Kate Upton, Scarlett Johansson, and Kirsten Dunst - by sending emails appearing be from Google or Apple.
Collins was charged with accessing the photos between 2012 and 2014, in a case known as "celebgate". But was not charged with releasing them.
A statement by prosecutors said: "Investigators have not uncovered any evidence linking Collins to the actual leaks or that Collins shared or uploaded the information he obtained."
Collins accessed at least 50 iCloud accounts and 72 Gmail accounts.
Court filings said he had used fraudulent email addresses designed to look like security accounts from service providers, including email.protection318@icloud.com, noreply_helpdesk0118@outlook.com and secure.helpdesk0119@gmail.com.
Collins was originally charged in Los Angeles, but sentenced in Pennsylvania, his home state.

Shadow Brokers dump reveals NSA targets

Accompanying gibberish encourages disrupting US election

Shadow trio, image via ShutterstockThe Shadow Brokers hacking group has posted a fresh dump containing a list of servers compromised by an NSA-linked group.
The list contains historic targets of the Equation Group. Mail providers, universities and targets in China make up the bulk of the roster. Each were targets of INTONATION and PITCHIMPAIR, codenames for cyber-spy hacking programmes.
Documents leaked by whistleblower Edward Snowden provide strong evidence that previous dumps by the Shadows Brokers feature malware and exploits that originated at the NSA, as previously reported. The latest Shadow Brokers dump was signed using the same key as the initial dump of NSA exploits, which the Shadow Brokers unsuccessfully tried to auction off. A message accompanying the latest dump somewhat incoherently calls for attempts to disrupt the forthcoming US presidential election.
This poorly argued rabble-rousing has been met with some derision. Security experts have questioned the value of the leaked target list, at least outside the realm of cyber-espionage historians. "The list of servers is nine years old. [Many] likely no longer exist or [are] reinstalled," said security researcher Kevin Beaumont, in an update on Twitter.