Sign up for our Technology Newsletter 
Are Teens Giving The CIA A Headache?
Comments Off on Are Teens Giving The CIA A Headache?
Teenage hackers are making merry with the online world of CIA director of national intelligence James Clapper.
This is the second bout of attacks from the group of technology tearaways, according to Motherboard, which reports on the Clapper problem and its connection to a group known as Crackas With Attitude.
A member of the group, a young chap called Cracka, told Motherboard that access to a range of Clapper accounts had been seized, and that Clapper and the CIA haven’t a clue what’s going on.
“I’m pretty sure they don’t even know they’ve been hacked. You asked why I did it. I just wanted the gov to know people aren’t fucking around, people know what they’re doing and people don’t agree #FreePalestine,” he said.
The claims were supported by the Office of the Director of National Intelligence, which confirmed that something has happened and that the authorities are looking into it.
“We’re aware of the matter and we reported it to the appropriate authorities,” said spokesman Brian Hale, before going mute.
Cracka, representing himself on Twitter as @dickreject, is less quiet. He has tweeted a number of confirmatory and celebratory messages that are not particularly flattering about the CIA and its abilities.
This is the group’s second bite at the CIA cherry. The teenagers walked into the personal email account of CIA director John Brennan last year and had a good look around. Some of the impact of this was washed away when it was discovered that Brennan used an AOL account for his communications.
“A hacker, who describes himself as an American high school student, has breached the CIA boss’s AOL email account and found a host of sensitive government files that one assumes a government official shouldn’t be sending to his personal email address,” said security comment kingpin Graham Cluley at the time.
“I’m not sure what’s more embarrassing. Being hacked or having an AOL email account.”
Courtesy-TheInq
Can Corporations Be Easily Hacked?
Hacking a major corporation is so easy that even an elderly grannie could do it, according to technology industry character John McAfee.
McAfee said that looking at the world’s worst hacks you can see a common pattern – they were not accomplished using the most sophisticated hacking tools.
Writing in IBTImes said that the worst attack was in 2012 attack on Saudi Aramco, one of the world’s largest oil companies. Within hours, nearly 35,000 distinct computer systems had their functionality crippled or destroyed, causing a massive disruption to the world’s oil supply chain. It was made possible by an employee that was fooled into clicking a bogus link sent in an email.
He said 90 per cent of hacking was social engineering, and it is the human elements in your organization that are going to determine how difficult, or how easy, it will be to hack you.
The user is the weakest link in the chain of computing trust, imperfect by nature. And all of the security software and hardware in the world will not keep a door shut if an authorized user can be convinced to open it, he said.
“Experienced hackers don’t concern themselves with firewalls, anti-spyware software, anti-virus software, encryption technology. Instead they want to know whether your management personnel are frequently shuffled; whether your employees are dissatisfied; whether nepotism is tolerated; whether your IT managers have stagnated in their training and self-improvement.”
Muct of this information can be picked up on the dark web and the interernet underground, he added.
“”Are you prepared for a world where grandma or anyone else can quickly obtain, on the wide open web, all of the necessary information for a social engineering hack? Is your organization prepared.
Source- http://www.thegurureview.net/computing-category/can-corporations-be-easily-hacked.html
Was The Hilton Hotel Chain Hacked In April?
Comments Off on Was The Hilton Hotel Chain Hacked In April?
The Hilton organization is reportedly trying to work out whether it has been hacked and, if so, what it should do about it.
We say reportedly as we have not been able to contact Hilton ourselves and can rely only on reports. They are pretty solid reports, however, and they concern a problem at the company that happened between 21 April and 27 July.
Brian Krebs, of KrebsOnSecurity, started this off with a report about a payment card breach. Krebs said that he had heard about the breach from various sources, and that Visa – the card provider – has mailed potentially affected parties with a warning, and the news that it is the fault of a bricks and mortar company.
Visa did not name the company, but affected parties, or banks to be more precise, have uttered it to Krebs. Its name is Hilton.
“Sources at five different banks say they have now determined that the common point-of-purchase for cards included in that alert had only one commonality: they were all were used at Hilton properties, including the company’s flagship Hilton locations as well as Embassy Suites, Doubletree, Hampton Inn and Suites, and the upscale Waldorf Astoria Hotels & Resorts,” he wrote.
“It remains unclear how many Hilton properties may be affected by this apparent breach. Several sources in the financial industry told KrebsOnSecurity that the incident may date back to November 2014, and may still be ongoing.”
Krebs has a statement from the Hilton organisation in which the firm defended its security practices, and revealed that it is aware of the potential problem and is looking into it. This is a common theme among the breached, and should soon become part of mission statements.
“Hilton Worldwide is strongly committed to protecting our customers’ credit card information,” said the company in the statement to Krebs.
“We have many systems in place and work with some of the top experts in the field to address data security. Unfortunately the possibility of fraudulent credit card activity is all too common for every company in today’s marketplace. We take any potential issue very seriously, and we are looking into this matter.”
We have asked Visa and Hilton for their comments.
Source-http://www.thegurureview.net/computing-category/was-the-hilton-hotel-chain-hacked-in-april.html
Hackers Accessed 10M Records At Excellus
September 23, 2015 by admin
Filed under Around The Net
Comments Off on Hackers Accessed 10M Records At Excellus
Hackers have penetrated the IT systems of U.S. health insurer Excellus BlueCross BlueShield and gained access to personal, financial and medical information of more than 10 million people, the company has disclosed.
The initial attack occurred in December 2013, but the company did not learn about it until Aug. 5. Since then it has been working with the FBI and cybersecurity firm Mandiant to investigate the breach.
The hackers may have had access to customer records which include names, addresses, telephone
numbers, dates of birth, Social Security numbers, member identification numbers, financial accounts and medical claims information.
Records may contain all or just some of that information, depending on the customer’s relationship with the company. The breach doesn’t affect just Excellus members, but also members of other Blue Cross Blue Shield plans who sought medical treatment in the upstate New York area serviced by the company.
The information was encrypted, but the attackers gained administrative privileges to the IT systems, allowing them to potentially access it, the company said on a website that was set up to provide information about the incident.
No evidence has been found yet that the data was copied or misused by the attackers.
Excellus will send breach notification letters via mail to all affected persons throughout the month and is offering free credit monitoring and identity protection services for two years through a partner.
The company will not contact affected individuals via email or telephone, so any emails or phone calls claiming to be from the company in regard to this attack should be ignored as they are probably scams.
The incident comes after three other Blue Cross Blue Shield health insurers — Anthem, Premera and CareFirst — announced large data breaches this year as a result of cyberattacks.
Excellus said that it doesn’t have sufficient information about the Anthem, Premera and CareFirst investigations in order to comment about possible connections between those attacks and the one against its own systems.
Source-http://www.thegurureview.net/aroundnet-category/hackers-accessed-10m-records-at-excellus.html
Google Expands Malware Blocker
Google has expanded malware blocking in an early development build of Chrome to sniff out a wider range of threats than the browser already recognizes.
Chrome’s current “Canary” build — the label for very-early versions of the browser, earlier than even Chrome’s Dev channel — will post a warning at the bottom of the window when it detects an attempted download of malicious code.
Features added to the Canary build usually, although not always, eventually make it into the Dev channel — the roughest-edged of the three distributed to users — and from there into the Beta and Stable channels. Google did not spell out a timetable for the expanded malware blocking.
Chrome has included malware blocking for more than two years, since version 12 launched in June 2011, and the functionality was extended in February 2012with Chrome 17.
Chrome is now at version 30.
Canary’s blocking, however, is more aggressive on two fronts: It is more assertive in its alerts and detects more malware forms, including threats that pose as legitimate software and monkey with the browser’s settings.
“Content.exe is malicious, and Chrome has blocked it,” the message in Canary reads. The sole visible option is to click the “Dismiss” button, which makes the warning vanish. The only additional option, and that only after another click, is to “Learn more,” which leads to yet another warning.
In Canary, there is no way for the user to contradict the malware blocking.
That’s different than in the current Stable build of Chrome, which relies on a message that says, “This file is malicious. Are you sure you want to continue?” and gives the user a choice between tossing the downloaded file or saving it anyway.
As it has for some time, Chrome will show such warnings on select file extensions, primarily “.exe,” which in Windows denotes an executable file, and “.msi,” an installation package for Windows applications. Canary’s expansion, said Google, also warns when the user tries to download some less obvious threats, including payloads masquerading as legitimate software — it cited screen savers and video plug-ins in a blog posting — that hijack browser settings to silently change the home page or insert ads into websites to monetize the malware.
Google’s malware blocking is part of its Safe Browsing API (application programming interface) and service, which Chrome, Apple’s Safari and Mozilla’s Firefox all access to warn customers of potentially dangerous websites before they reach them.
In Chrome’s case, the malware warning stems not only from the Safe Browsing “blacklist” of dodgy websites, but according to NSS Labs, a security software testing company, also from the Content Agnostic Malware Protection (CAMP) technology that Google has baked into its implementation of Safe Browsing.