StoryThe Coming Internet-Of-Things Horror Show
Bureau of Statistics and government deny cyberattack took place, instead blaming it on a ‘confluence of events’The federal government and Australian Bureau of Statistics (ABS) have explained the outage of the online census was the result of a systems failure and an “overcautious” response to a denial of service attack.At a press conference on Wednesday to explain the outage since about 7.30pm on Tuesday, the small business minister, Michael McCormack, blamed the failure on a “confluence of events” but said the system had not been breached and no data was lost. Continue reading...
Jesse Johnson, writing for The Japan Times: The ongoing dispute over the South China Sea has apparently spilled over into cyberspace recently, as hackers believed to be from China have attacked government and private-sector organizations linked to the row over the key waterway, a new analysis has found. Using malicious software, hackers have tried to swipe sensitive information from the Philippines and other targets, according to a report released last week by Finnish cybersecurity firm F-Secure. Notable targets included the Philippines Department of Justice, the organizers of the Asia-Pacific Economic Cooperation (APEC) Summit and an unidentified major international law firm involved in last month's landmark South China Sea arbitration decision at The Hague, the report said. The Department of Justice played a key role in the case and reports ahead of a November 2015 APEC event in the Philippines had said leaders attending the summit would discuss the South China Sea issue. Read more of this story at Slashdot.
from on (#1PPAX)
Auch Privacy International und andere Organisationen haben jetzt in Straßburg Beschwerde eingelegt gegen die Internet- und Computerspionage des britischen Geheimdiensts GCHQ. In London waren sie zunächst nicht erfolgreich.
Julian Assange made headlines Friday when talk-show host Bill Maher asked him why Wikileaks wasn't hacking into Donald's Trump's tax returns. "Well, we're working on it," Assange replied. But it was apparently the culmination of a larger back-and-forth. An anonymous reader quotes Slate: Earlier in the interview, Maher said it sure looked like Assange was "working with a bad actor, Russia" to hurt "the one person who stands in the way of us being ruled by Donald Trump." Assange then tried to move the conversation toward what he thought was a smoking gun against Maher, saying he had found there was a "William Maher" who "gave a Clinton-affiliated entity $1 million." Maher explained he had famously given President Obama $1 million in 2012 and he never tried to hide it. When Assange pressed on whether he had also given money to Clinton, Maher shot back: "Fuck no." Slate has a video of the entire interview, and while Friday WikiLeaks was publicizing Assange's appearance on the show on Twitter, Saturday they were tweeting a clarification. "WikiLeaks isn't 'working on' hacking Trump's tax-returns. Claim is a joke from a comedy show. We are 'working on' encouraging whistleblowers." Read more of this story at Slashdot.
Here's the highlight reel from the DARPA-sponsored "Cyber Grand Challenge" competition. Slashdot reader alphadogg writes:Cyber-reasoning platform Mayhem pulled down the $2 million first prize in a competition...that pitted entrants against each other in the classic hacking game Capture the Flag, never before played by programs running on supercomputers. A team from Carnegie Mellon University spin-out All Secure entered Mayhem in the competition against six other programs played in front of thousands in the ballroom of the Paris hotel in Las Vegas. Most of the spectators were in town for the DEF CON hacker conference starting Friday at the same site. The Electronic Frontier Foundation wrote "We think that this initiative by DARPA is very cool, very innovative, and could have been a little dangerous." Sharing their blog post about automated security research, the EFF's staff technologist Peter Eckersley writes: EFF is asking, does research like that need a safety protocol? Read more of this story at Slashdot.
Joseph Cox, reporting for Motherboard: On Friday, activist group Privacy International and five internet and communications providers lodged an application before the European Court of Human Rights to challenge the UK's use of bulk hacking powers abroad. "The European Court of Human Rights has a strong track record of ensuring that intelligence agencies act in compliance with human rights law. We call on the Court to hold GCHQ accountable for its unlawful bulk hacking practices," Scarlet Kim, legal officer at Privacy International, said in a statement. The application has been made with UK-based non-profit GreenNet, the Chaos Computer Club from Germany, Jibonet from South Korea, US internet service provider May First, and communications provider Rise Up. In 2014, Privacy International filed a complaint over the country's bulk hacking powers with the UK's Investigatory Powers Tribunal, a court which determines if public authorities have unlawfully used covert techniques. In February of this year, the IPT concluded that GCHQ's hacking was legal under the UK's Intelligence Service Act 1994. Privacy International is now challenging whether the UK's interpretation of the Intelligence Service Act for using bulk hacking powers complies with the European Convention of Human Rights (ECHR). Read more of this story at Slashdot.
Violating a company rule is not -- and should not be -- a computer crime, that was the ruling of the Oregon Supreme Court in State v. Nascimento file. The Oregon's highest court ruled that while a convenience store clerk was guilty of stealing lottery tickets through the store's computer system, she did not violate the state's anti-hacking law while doing so. ArsTechnica shares more details: The Electronic Frontier Foundation, which appeared on Caryn Nascimento's behalf during the case as an amicus curae (friend of the court), announced the narrow victory on Tuesday. According to the Supreme Court's decision, the case dates back to 2007, when Nascimento began working at Tiger Mart, a small convenience store in Madras, Oregon, about 120 miles southeast of Portland. In late 2008 and early 2009, a company vice president began investigating what appeared to be cash shortages at that store, sometimes about $1,000 per day. After reviewing video recordings that correlated with Nascimento's work schedule, this executive began to suspect that she was buying lottery tickets but not paying for them. Eventually, Nascimento was charged not only with aggravated first-degree theft but also of violating the state's computer crime law, which includes language that "any person who knowingly and without authorization uses, accesses or attempts to access any computer, computer system, computer network, or any computer software, program, documentation or data contained in such computer, computer system or computer network, commits computer crime." She was convicted on both charges at trial. On appeal before the Oregon Supreme Court, Nascimento's lawyers argued that while their client may have violated a company policy to not print lottery tickets that she did not receive payment for, she was, in fact, authorized to access the lottery printing computer. Read more of this story at Slashdot.
From a Reuters report: The FBI is investigating a cyber attack against another U.S. Democratic Party group, which may be related to an earlier hack against the Democratic National Committee, four people familiar with the matter told Reuters. The previously unreported incident at the Democratic Congressional Campaign Committee, or DCCC, and its potential ties to Russian hackers are likely to heighten accusations, so far unproven, that Moscow is trying to meddle in the U.S. presidential election campaign to help Republican nominee Donald Trump. The Kremlin denied involvement in the DCCC cyber-attack. Hacking of the party's emails caused discord among Democrats at the party's convention in Philadelphia to nominate Hillary Clinton as its presidential candidate. The newly disclosed breach at the DCCC may have been intended to gather information about donors, rather than to steal money, the sources said on Thursday. Read more of this story at Slashdot.
An anonymous reader writes: "Five employees from cybersecurity firm Quadsys have admitted to hacking into a rival company's servers to allegedly steal customer data and pricing information," ZDNet is reporting. After a series of hearings, five top-ranking employees "admitted to obtaining unauthorised access to computer materials to facilitate the commission of an offence," including the company's owner, managing director, and account manager. Now they're facing 12 months in prison or fines, as well as additional charges, at their sentencing hearing in September. The headline at ZDNet gloats, "Not only did the Quadsys staff reportedly break into servers, they were caught doing it." Read more of this story at Slashdot.
SrLnclt writes:As you may recall, the FBI has investigated a scouting director of the St. Louis Cardinals. He pleaded guilty in January to five counts of "hacking" the Houston Astros player database in 2013 and 2014, a time period in which he was promoted to director of baseball development with the Cardinals.Today Christopher Correa has been sentenced to nearly four years in prison for hacking the Houston Astros' player personnel database and email system in an unusual case of high-tech cheating involving two Major League Baseball clubs. He was fired last summer and now faces 46 months behind bars and a court order to pay $279,038 in restitution. He had faced up to five years in prison on each count.Major League Baseball could still discipline the Cardinals, possibly with a fine or a loss of draft picks, but has so far said only that it looked forward to getting details on the case from federal authorities.Original SubmissionRead more of this story at SoylentNews.
New submitter yzf750 quotes a report from ESPN: A federal judge sentenced the former scouting director of the St. Louis Cardinals [Christopher Correa] to nearly four years in prison Monday for hacking the Houston Astros' player personnel database and email system in an unusual case of high-tech cheating involving two Major League Baseball clubs. "The data breach was reported in June 2014 when Astros general manager Jeff Luhnow told reporters the team had been the victim of hackers who accessed servers and proceeded to publish online months of internal trade talks," reports ESPN. "Luhnow had previously worked for the Cardinals. The FBI said Correa was able to gain access using a password similar to that used by a Cardinals employee who 'had to turn over his Cardinals-owned laptop to Correa along with the laptop's password' when he was leaving for a job with the Astros in 2011. Prosecutors have said Correa in 2013 improperly downloaded a file of the Astros' scouting list of every eligible player for that year's draft. They say he also improperly viewed notes of trade discussions as well as a page that listed information such as potential bonus details, statistics and notes on recent performances and injuries by team prospects. Authorities say that after the Astros took security precautions involving [a database called Ground Control] following a Houston Chronicle story about the database, Correa was able to still get into it. Authorities say he hacked the email system and was able to view 118 pages of confidential information, including notes of trade discussions, player evaluations and a 2014 team draft board that had not yet been completed. Federal prosecutors say the hacking cost the Astros about $1.7 million, taking into account how Correa used the Astros' data to draft players. Christopher Correa had pleaded guilty in January to five counts of unauthorized access of a protected computer from 2013 to at least 2014, the same year he was promoted to director of baseball development in St. Louis. He was fired last summer and now faces 46 months behind bars and a court order to pay $279,038 in restitution. He had faced up to five years in prison on each count." Read more of this story at Slashdot.