Bureau of Statistics and government deny cyberattack took place, instead blaming it on a â€˜confluence of eventsâ€™The federal government and Australian Bureau of Statistics (ABS) have explained the outage of the online census was the result of a systems failure and an â€œovercautiousâ€ response to a denial of service attack.At a press conference on Wednesday to explain the outage since about 7.30pm on Tuesday, the small business minister, Michael McCormack, blamed the failure on a â€œconfluence of eventsâ€ but said the system had not been breached and no data was lost. Continue reading...
Kepler Communications has raised $5 million in seed funding to create a network of small, easily replaced satellites to create a real-time network through with internet of things (IoT) devices can communicate, essentially building a cellular network in space through which machinery and equipment can talk to one another and to its handlers. â€œYou can think of it as a cell phone towerâ€¦ Read More
Privacy rights organization Privacy International has filed another legal challenge to the UK governmentâ€™s use of bulk hacking against foreigners. The filing, with the European Court of Human Rights, follows Privacy Internationalâ€™s attempt earlier this year to challenge the use of bulk hacking against foreigners via the local oversight court for the UKâ€™s intelligenceâ€¦ Read More
Auch Privacy International und andere Organisationen haben jetzt in StraÃŸburg Beschwerde eingelegt gegen die Internet- und Computerspionage des britischen Geheimdiensts GCHQ. In London waren sie zunÃ¤chst nicht erfolgreich.
Uber-nerd Tarah Wheeler aims to build bridges DEF CON Hardcore hackers and the corporate security industry have never really got on that well. Symantec is looking to change that after hiring Tarah Wheeler to act as its cybersecurity czar.â€¦
Brit overseers not interested, so groups ask ECHR instead Having failed in its bid to block GCHQ's hacking activities at the UK's Investigatory Powers Tribunal, advocacy group Privacy International says it will now take its fight with the UK government to the European Court of Human Rights.â€¦
Various degrees of hand-wringing (and hasty resignations) have greeted the news that our old Cold War foe -- the Russkies -- were behind the hacking of the Democratic National Committee's computers. (And the eventual embarrassment of those caught on unofficial record jumping on the Hillary Clinton bandwagon well before it became clear Bernie Sanders wasn't going to land the nomination.)Certainly, Vladimir Putin gives absolutely no indication that he cares at all what the rest of the world thinks of him, much less the United States. And if the US government feels the Russian government can't be trusted, a) it's probably right and b) Putin will remain unperturbed. There are indications this was done to assist Trump in his presidential run, but I imagine it makes little difference to those handing down hacking orders -- just as long as it embarrassed US government officials and political leaders.But if there's a high road to be had, the US government can't really claim it. As James Bamford explains in his commentary piece for Reuters, US spy agencies haven't exactly stayed out of world affairs, including local elections.
Malware Learnings Make Hideous Detriment People of Kazakhstan Black Hat The Electronic Frontier Foundation (EFF) has accused the Kazakhstan Government of sending malware-laced phishing emails to two investigative journalists in the country, along with activists, and family members to help spy, locate and extradite targets.â€¦
myDevices announced Arduino support for its web- and mobile-based, Raspberry Pi compatible â€œCayenneâ€ drag-and-drop IoT development and management platform. Cayenne, with which developers, designers, and engineers can â€œquickly prototype and share their connected device projects,â€ has expanded support beyond the Raspberry Pi to Arduino boards, says myDevices.
During what was likely the first presidential campaign fundraiser held at the Black Hat security conference in Las Vegas, campaigners made their case for Hillary Clinton as the cyber candidate.Last night, Jeff Moss, the founder of Black Hat, and Jake Braun, a former Obama campaign staffer and security consultant to the Department of Homeland Security, pitched Clinton to the security prosâ€¦ Read More
Published at LXer: myDevices announced Arduino support for its web- and mobile-based, Raspberry Pi compatible â€œCayenneâ€ drag-and-drop IoT development and management platform. Cayenne, with which...
Mr. Robot is a show built on hacks. The mother of all hacks serves as the big cliffhanger at the end of the show's first season, and nearly every plot development leading up to it was nudged along by some kind of exploit. Itâ€™s rare to get through an episode without at least one digital intrusion, often drawn from real life. Each week, we'll be running through Mr. Robot's C Y B E R activities â€” who got hacked, why, and how much magic would be required to make them actually work.* * * S P O I L E R S F O L L O W * * * Continue readingâ€¦
The EFF has put a lot of thought into how we should deal with the issue of government hacking and how it impacts digital security, and so we're reposting Andrew Crocker's excellent article here.In our society, the rule of law sets limits on what government can and cannot do, no matter how important its goals. To give a simple example, even when chasing a fleeing murder suspect, the police have a duty not to endanger bystanders. The government should pay the same care to our safety in pursuing threats online, but right now we don't have clear, enforceable rules for government activities like hacking and "digital sabotage." And this is no abstract questionâ€”these actions increasingly endanger everyone's security.The problem became especially clear this year during the San Bernardino case, involving the FBI's demand that Apple rewrite its iOS operating system to defeat security features on a locked iPhone. Ultimately the FBI exploited an existing vulnerability in iOS and accessed the contents of the phone with the help of an "outside party." Then, with no public process or discussion of the tradeoffs involved, the government refused to tell Apple about the flaw. Despite the obvious fact that the security of the computers and networks we all use is both collective and interwovenâ€”other iPhones used by millions of innocent people presumably have the same vulnerabilityâ€”the government chose to withhold information Apple could have used to improve the security of its phones.Other examples include intelligence activities like Stuxnet and Bullrun, and law enforcement investigations like the FBI's mass use of malware against Tor users engaged in criminal behavior. These activities are often disproportionate to stopping legitimate threats, resulting in unpatched software for millions of innocent users, overbroad surveillance, and other collateral effects.That's why we're working on a positive agenda to confront governmental threats to digital security. Put more directly, we're calling on lawyers, advocates, technologists, and the public to demand a public discussion of whether, when, and how governments can be empowered to break into our computers, phones, and other devices; sabotage and subvert basic security protocols; and stockpile and exploit software flaws and vulnerabilities.Smart people in academia and elsewhere have been thinking and writing about these issues for years. But it's time to take the next step and make clear, public rules that carry the force of law to ensure that the government weighs the tradeoffs and reaches the right decisions.This long post outlines some of the things that can be done. It frames the issue, then describes some of the key areas where EFF is already pursuing this agendaâ€”in particular formalizing the rules for disclosing vulnerabilities and setting out narrow limits for the use of government malware. Finally it lays out where we think the debate should go from here.Recognizing That Government Intrusion and Subversion of Digital Security Is a Single IssueThe first step is to understand a wide range of government activities as part of one larger threat to security. We see the U.S. government attempt to justify and compartmentalize its efforts with terms like "lawful hacking" and "computer network attack." It is easy for the government to argue that the FBI's attempts to subvert the security of Apple iOS in the San Bernardino case are entirely unrelated to the NSA's apparent sabotage of the Dual_EC_DRBG algorithm. Likewise, the intelligence community's development of the Stuxnet worm to target the Iranian nuclear program was governed by a set of rules entirely separate from the FBI's use of malware to target criminals using Tor hidden services.These activities are carried out by different agencies with different missions. But viewing them as separateâ€”or allowing government to present it that wayâ€”misses the forest for the trees. When a government takes a step to create, acquire, stockpile or exploit weaknesses in digital security, it risks making us all less safe by failing to bolster that security.Each of these techniques should involve consideration of the tradeoffs involved, and none of them should be viewed as risk-free to the public. They require oversight and clear rules for usage, including consideration of the safety of innocent users of affected technologies.There is hope, albeit indirectly. In the United States, high-ranking government officials have acknowledged that "cyber threats" are the highest priority, and that we should be strengthening our digital security rather weakening it to facilitate government access. In some cases, this is apparently reflected in government policy. For instance, in explaining the government's policy on software vulnerabilities, the cybersecurity coordinator for the White House and the Office of the Director of National Intelligence have both stated in blog posts that the there is a "strong presumption" in favor of disclosing these vulnerabilities to the public so they can be fixed.But the government shouldn't engage in "policy by blog post." Government action that actively sabotages or even collaterally undermines digital security is too important to be left open to executive whim.Finding Models for Transparency and Limits on When Government Can Harm Digital SecurityWhile government hacking and other activities that have security implications for the rest of us are not new, they are usually secret. We should demand more transparency and real, enforceable rules.Fortunately, this isn't the first time that new techniques have required balancing public safety along with other values. Traditional surveillance law gives us models to draw from. The Supreme Court's 1967 decision in Berger v. New Yorkis alandmark recognition that electronic wiretapping presents a significant danger to civil liberties. The Court held that because wiretapping is both invasive and surreptitious, the Fourth Amendment required "precise and discriminate" limits on its use.Congress added considerable structure to the Berger Court's pronouncements with the Wiretap Act, first passed as Title III of the Omnibus Crime Control and Safe Streets Act of 1968. First, Title III places a high bar for applications to engage in wiretapping, so that it is more of an exception than a rule, to be used only in serious cases. Second, it imposes strict limits on using the fruits of surveillance, and third, it requires that the public be informed on a yearly basis about the number and type of government wiretaps.Other statutes concerned with classified information also find ways of informing the public while maintaining basic secrecy. For example, the USA Freedom Act, passed in 2015 to reform the intelligence community, requires that significant decisions of the FISA Court either be published in redacted form or be summarized in enough detail to be understood by the public.These principles provide a roadmap that can be used to prevent government from unnecessarily undermining our digital security. Here are a few areas where EFF is working to craft these new rules:Item 1: Rules for When Government Stockpiles VulnerabilitiesIt's no secret that governments look for vulnerabilities in computers and software that they can exploit for a range of intelligence and surveillance purposes. The Stuxnet worm, which was notable for causing physical or "kinetic" damage to its targets, relied on several previously unknown vulnerabilities, or "zero days," in Windows. Similarly, the FBI relied on a third party's knowledge of a vulnerability in iOS to access the contents of the iPhone in the San Bernardino case.News reports suggest that many governmentsâ€”including the U.S.â€”collect these vulnerabilities for future use. The problem is that if a vulnerability has been discovered, it is likely that other actors will also find out about it, meaning the same vulnerability may be exploited by malicious third parties, ranging from nation-state adversaries to simple thieves. This is only exacerbated by the practice of selling vulnerabilities to multiple buyers, sometimes even multiple agencies within a single government.Thanks to a FOIA suit by EFF, we have seen the U.S. government's internal policy on how to decide whether to retain or disclose a zero day, the Vulnerabilities Equities Process (VEP). Unfortunately, the VEP is not a model of clarity, setting out a bureaucratic process without any substantive guidelines in favor of disclosure, More concerning, we've seen no evidence of how the VEP actually functions. As a result, we have no confidence that the government discloses vulnerabilities as often as claimed. The lack of transparency fuels an ongoing divide between technologists and the government.A report published in June by two ex-government officialsâ€”relying heavily on the document from EFF's lawsuitâ€”offers a number of helpful recommendations for improving the government's credibility and fueling transparency.These proposals serve as an excellent starting point for legislation that would create a Vulnerabilities Equities Process with the force of law, formalizing and enforcing a presumption in favor of disclosure. VEP legislation should also:
Withdrawal limits mysteriously evaporated as someone lifted the loot One of the world's most popular Bitcoin exchanges Bitfinex has been torn apart with hackers making off with around US$65 million (Â£49 million, A$87 million) in the cryptocurrency.â€¦
This Thursday, seven teams of researchers will face off in a live hacking challenge at Defcon, competing for a grand prize of $2 million. Itâ€™s a common sight at the conference, but this challenge comes with a twist â€” instead of human teams, Thursdayâ€™s challenge will be entirely automated, with experimental software programs hacking, patching, and defending networks with no human intervention.Itâ€™s the end of a three-year project by DARPA, the experimental military research group that brought us stealth motorcycles, high-speed self-piloting drones, and the internet. This particular contest is one of DARPAâ€™s Grand Challenges, which have tasked researchers with building robots that can navigate obstacle courses and cars that can drive... Continue readingâ€¦
As the Internet of Things evolves into the Internet of Everything and expands its reach into virtually every domain, high-speed data processing, analytics and shorter response times are becoming more necessary than ever. Meeting these requirements is somewhat problematic through the current centralized, cloud-based model powering IoT systems, but can be made possible through fog computing. Read More
Speaking today in Ohio, Donald Trump moved from questioning the integrity of primary elections to questioning the integrity of the upcoming general election, which is not the most shocking thing he's done, but perhaps one of the most dangerous. "I'm afraid the election is going to be rigged," Trump said. Forget conspiracy theories about rigged voting machines and stolen elections â€” what Trump just said is the real danger.Trump has alarmed people of all political stripes for his ignorant and careless comments, so his latest throwaway remark is not surprising â€” but it is remarkably threatening nonetheless. US elections aren't plagued by fraud, but they are plagued by routine attempts by state and local governments to blockade minority... Continue readingâ€¦
After sparking a 1.4 million vehicle Chrysler recall, the security researchers offer a new lesson: It could have been---and could still be---much worse. The post The Jeep Hackers Are Back to Prove Car Hacking Can Get Much Worse appeared first on WIRED.
The FBI is already having problems here at home with the hacking tool it deployed during its dark web child porn investigation. A few judges have ruled that the warrant used to deploy the Network Investigative Technique (NIT) was invalid because the FBI's "search" of computers around the United States violated Rule 41(b)'s jurisdictional limits.Now, we'll get to see how this stacks up against international law. It's already common knowledge that the FBI obtained user information from computers around the world during its two weeks operating as the site administrator for the seized Playpen server. More information is now coming to light, thanks (inadvertently) to a foreign government's inquiries into domestic anti-child porn efforts. Joseph Cox of Motherboard has the details:
We've been writing about the lack of security (and accountability) in electronic voting machines almost since Techdirt began. Our very first post on the subject, way back in 2000, declared that e-voting is not safe. Of course, over the years, we've seen more and more examples of this, from the Diebold debacle to Sequoia's security disaster. Basically e-voting is a complete clusterfuck. The machines have long been easily hackable, and the companies behind them don't really seem to care much. They frequently don't do common security practices, such as allowing for outside testing of their machines (or, even better, open sourcing their code for security testing). Instead, it's a big "trust us" and any time security researchers have gotten their hands on these things, they've discovered that the trust is totally and completely misplaced. The machines are a disaster.
The contest next week will be a true test of how well software can protect software. If the bots succeed, they could transform the way cybersecurity works. The post Security Bots Will Battle in Vegas for Darpa's Hacking Crown appeared first on WIRED.
RTL has published a tutorial about creating a secure IoT platform based on its free â€œSharkSSL-liteâ€ software, plus ARM mbed-enabled SBCs and a low cost VPS. Real Time Logic (RTL), which is known for its BarracudaDrive remote file manager and lightweight, embeddable Mako Server webserver, has released a set of instructions and videos for how [â€¦]
Hackers deface technology site while telling visitors attack is only a security test in latest high-profile breachVerizon-owned prominent technology site TechCrunch has become the latest victim of the OurMine hacking group.
The new PC game "Quadrilateral Cowboy" is a love letter to '80s cyberpunk and collaborative creation. The post Hacking Game Quadrilateral Cowboy Is a Bit Messy, But You Wonâ€™t Forget It appeared first on WIRED.
Bruce Schneier warns us that the Internet of Things security dumpster-fire isn't just bad laptop security for thermostats: rather, that "software control" (of an ever-widening pool of technologies); interconnections; and autonomy (systems designed to act without human intervention, often responding faster than humans possibly could) creates an urgency over security questions that presents an urgent threat the like of which we've never seen. (moreâ€¦)
In Silicon Valley the term â€œhackerâ€ has evolved to connote high praise for someone particularly creative, ingenious and adept at finding clever new ways to accomplish a difficult task. And itâ€™s with that framework in mind, rather than some of the other meanings that â€œhackâ€ has represented over time, that I suggested during my recent TEDx talk that Pope Francis andâ€¦ Read More
Iâ€™ve ranted before about lacking security on Internet of Things devices. General consumers are often left to decipher the black box of security on their own or just resign themselves to having faith that companies make it a priority. The internet itself can be pretty insecure, too, which is why some people turn to Tor to help mask their identity. (Although Torâ€™s been attacked as well.) Now, a non-profit called Guardian Project is taking Torâ€™s technique for obscuring and encrypting usersâ€™ identities and applying it to smart home devices.Guardian Project took a Raspberry Pi and turned it into a smart hub that runs its new HomeAssistant software. The software acts like a Tor hidden service, which keeps server IP addresses hidden.... Continue readingâ€¦