spying
Latest
Researchers find another smart toy that's easy to hack
A team of security researchers that has warned of the dangers of smart toys has found another that can be used to spy on your children. Pen Test Partners examined the Teksta Toucan, finding that it's easy to hack the device's microphone and speaker. According to The Register, the device is built by Genesis Industries, makers of the iQue and My Friend Cayla, two devices that are already feeling the heat from regulators. Both are currently being looked at in the US and Europe, while the latter has been withdrawn from sale in Germany.
White House lets NSA's warrantless surveillance continue until April
The Foreign Intelligence Surveillance Act's Section 702, which authorizes the NSA's warrantless data gathering, is supposed to expire on New Year's Eve. Don't tell that to the White House, though. Lawyers for the executive branch have determined that FISA Section 702 surveillance can legally continue until April 26th, 2018. The rationale comes down to a technicality. As the FISA Amendments Act says orders issued under 702 can continue for a year, and the last year-long certification was issued on April 26th, 2017... well, you do the math.
Germany bans children’s smartwatches over privacy concerns
Germany's telecommunications regulator, the Federal Network Agency, announced a ban today on the sale of kids' smartwatches, the BBC reports, and encouraged parents to destroy the ones they already own. The agency appears to be taking particular issue with the devices' abilities to transmit audio from its surroundings. Jochen Homann, the agency's president, said today, "Via an app, parents can use such children's watches to listen unnoticed to the child's environment and they are to be regarded as an unauthorised transmitting system."
NSA once spied on your *NSYNC downloads from Kazaa
A nostalgic new cache of Edward Snowden files shows the National Security Agency (NSA) has been snooping online for a lot longer than you may think. While you were listening to Enya on your state-of-the-art iPod, the agency was looking into peer-to-peer encryption sites like Napster, Limewire and Kazaa, according to a report by The Intercept. Its crowning achievement was to crack the encryption used by at least two sites, Kazaa and eDonkey, exposing search queries and shared files.
'Shadow Brokers' give away more NSA hacking tools
The elusive Shadow Brokers didn't have much luck selling the NSA's hacking tools, so they're giving more of the software away -- to everyone. In a Medium post, the mysterious team supplied the password for an encrypted file containing many of the Equation Group surveillance tools swiped back in 2016. Supposedly, the group posted the content in "protest" at President Trump turning his back on the people who voted for him. The leaked data appears to check out, according to researchers, but some of it is a couple of decades old and focused on platforms like Linux.
London police allegedly used hackers to target activists
If it wasn't already clear why it's a problem when police surveillance goes wrong, it is now. An independent investigator is looking into claims that London's Metropolitan Police used an illegal, roundabout way to access the emails of activists and journalists. An anonymous former worker alleges that a Met intelligence unit took advantage of India "counterparts" that used hackers to obtain email logins for innocent people ranging from Greenpeace protesters to Guardian reporters. The snooping had been going on for a "number of years," according to the insider, and there was reportedly widespread document shredding to cover up the monitoring.
WikiLeaks won't share CIA exploits unless companies meet terms
WikiLeaks offered to work with tech companies to patch the CIA's leaked security exploits, but there has been a whole lot of silence ever since. Why? That depends on who you ask. Motherboard sources claim that WikiLeaks "made demands" of the companies before it would hand over necessary details of the vulnerabilities, including a requirement that they promise to issue security patches within 90 days. Potential fixes are reportedly stuck in legal limbo, the tipsters say, as the companies are worried about writing patches based on leaked info, not to mention the origins of the leak. They're worried that Russia might have been responsible for forwarding the info.
Russian spies indicted in massive Yahoo account breach
When Yahoo claimed that state-sponsored hackers were behind the 2014 breach that exposed 500 million accounts, it may have been understating the significance of what happened. The Justice Department is indicting four Russians over the intrusion, two of which (Dmitry Dokuchaev and Igor Sushchin) work for the country's FSB intelligence agency -- yes, the US believes two spies were directly involved. This represents the first time that the US has directly charged Russian officials with cybercrimes, rather than targeting professional crooks.
Russia used a cybercriminal's botnet for a spying campaign
It's no secret that the lines between state-sponsored hacking and cybercrime are fuzzy. After all, relying on professional crooks offers plausible deniability if the intruders are ever caught. However, it's now apparent that those lines sometimes disappear altogether. The New York Times reports that Russian intelligence 'piggybacked' on criminal hacker Evgeniy Bogachev's now-defunct botnet, GameOver ZeuS, to conduct spying campaigns in the US and abroad. Between 2011 and 2014, infected computers were asked to search for documents that clearly reflected Russian political interests, including US support for Syrian rebels, Ukrainian operations and English searches for "top secret" and "Department of Defense." Those last queries suggest that there were at least some American government or contractor systems that had been compromised, and they're definitely not what you'd expect from an outfit siphoning bank accounts.
'Many' Android exploits in WikiLeaks CIA files are already fixed
Apple isn't the only company scrambling to reassure the public that it has fixed most of the CIA exploits revealed in WikiLeaks' latest disclosure. Google tells CNET it's "confident" that security patches and safeguards already protect you against "many" of the exploits in both Android and the Chrome web browser. The internet giant will also "implement any further necessary protections" for flaws that have yet to be patched.
CIA reveals new guidelines for collecting data on Americans
There's no question that the US government's approach to handling sensitive data could stand an update to acknowledge the online age, and the CIA is taking a stab at it. The agency has published new procedures that govern how it collects, keeps and shares information on Americans under Executive Order 12333. The guidelines acknowledge that it's much, much easier to collect large volumes of data than when the Order surfaced in the 1980s, and that the nature of the internet requires restrictions that hadn't even been considered before.
The year of Yahoo's undoing
It's not often that we're able to quantify the crappiness of a particular year, but Yahoo's 2016 was so tragic that it ended with a hefty, widely publicized price tag: $1 billion. That's the size of the discount that Verizon requested on its purchase of Yahoo, just three months after the $4.83 billion acquisition went public. That deal (and the discount) is still in the works, and it's expected to close early next year, but Verizon clearly feels it has the upper hand in negotiations. And, after Yahoo's year of hacking disclosures, government spying and security issues, it's easy to see why.
Twitter cracks down on developers making surveillance tools
If it wasn't already clear that Twitter wants to keep police and spies out of your tweets, it is now. Twitter is warning developers that it won't let them use public programming kits or Gnip data for surveillance reasons, whether the clients are law enforcement or anyone else. Just because many tweets are public doesn't mean it's acceptable to harvest them, Twitter says. To that end, it's promising "expanded" efforts to crack down on developers who use the data for surveillance reasons. Get caught and you'll either have limited access or lose it entirely.
FBI using Twitter's raw 'firehose' data to monitor users
The FBI is using a Twitter tool called Dataminr to track criminals and terrorist groups, according to documents spotted by The Verge. In a contract document, the agency says Dataminr's Advanced Alerting Tool allows it "to search the complete Twitter firehose, in near real-time, using customizable filters." However, the practice seems to violate Twitter's developer agreement, which prohibits the use of its data feed for surveillance or spying purposes.
The consequences of the Trump presidency on cybersecurity
Hacking and cybersecurity played a huge role in the presidential election. So much so that Donald Trump, America's new president-elect, was helped greatly by the acts of criminal hackers in his journey to the White House, and is now an outspoken WikiLeaks fan.
UK spies paid a New Zealand firm to help tap key internet lines
It's no longer a secret that the UK's GCHQ was expanding its mass surveillance in the years before Edward Snowden's leaks. However, it hasn't really been clear as to who was helping it upgrade its spying campaign... until today. The Intercept and Television New Zealand have obtained documents showing that GCHQ purchased large amounts of "data acquisition" systems and "probes" from Endace, a New Zealand company that specializes in network data recording. The agency wanted to step up its monitoring of high-speed internet cables from 87 10Gbps lines in 2009 to 800 by 2013, and buying loads of Endace technology helped it edge closer to that goal.
UK spies violated privacy laws with bulk data collection
Ever since Edward Snowden's leaks came to light, UK spy agencies have responded to accusations of surveillance overreach with a common boilerplate statement: that their activities are lawful, necessary and proportionate. However, they can't always use that justification any more. The Investigatory Powers Tribunal has ruled that key GCHQ, MI5 and MI6 bulk data collection programs violated privacy protections in the European Convention on Human Rights. Both a Bulk Communications Data effort (which covers data such as visited websites, email metadata and GPS locations) and a Bulk Personal Datasets initiative (covering biographical details like your communications and financial activities) didn't have proper oversight until 2015, when some safeguards came into place. That's particularly damning when BCD was had been in place since 1998, and BPD since 2006.
The FBI recommends you cover your laptop's webcam, for good reason
FBI director James Comey recently recommended that we all cover our webcams with tape for security reasons. Comey believes that doing so is a simple step for people to "take responsibility for their own safety and security."
New Snowden leaks unravel mystery behind NSA's UK base
Just when you thought you couldn't be shocked by the NSA's snooping anymore, new leaked documents show the agency's reach extends far beyond American borders. According to files obtained by The Intercept from NSA whistleblower Edward Snowden, a US base in the UK has been eavesdropping on satellite and other wireless communications around the world.
Here's how the NSA spied on Cisco firewalls for years
Edward Snowden leaks revealed that the NSA had the ability to spy on Cisco firewall traffic for years, but just how did the agency do it? We now have a clearer idea. An analysis of data from the Equation Group hack shows that the NSA used a specialized tool, BenignCertain, that uses an exploit in Cisco's Internet Key Exchange implementation to extract encryption keys and read otherwise secure virtual private network data. Cisco has confirmed that the attack can compromise multiple versions of its old PIX firewalls, which were last supported in 2009.
