Category: surveillance

First is the news about the compromise of a SAS network as hackers disrupted Scandinavian airlines computer network and accessed information related to thousands of customers. Karin Nyman, the in-charge spokesperson of SAS, stated that his company was working on remediating the effects of the digital attack and urged customers to stay away from the mobile app for now.

Second is the news that seems to be more interesting as a new hacking group from India has been discovered by the security researchers of Group-IB and the threat actors gang is named as “Side Winder”.

According to the experts of the Singapore-based cybersecurity firm the group of threat actors are from India and were super active between June and November 2021, thus attacking government, military and law enforcement organizations in Afghanistan, Pakistan, Bhutan, Bangladesh, Nepal and Sri Lanka.

Currently, there is no evidence that SideWinder aka Rattlesnake, Hardcore Nationalist and T-APT4 have any links to the Indian military or the government. However, as evidenced, the cyber threat group has so far managed to hack into the networks of over 71 organizations from different parts of Asia and, for now, seem to be primarily ignoring firms operating in the west for some specific reason.

Third is the news related to CLOP ransomware gang that has mass attacked 130 organizations in January this year. One such target is a US hospital network of Community Health Systems (CHS) having a network chain of 80 hospitals in 16 states. Investigations reveal hackers infiltrated the hospital network to steal personal records of over 1 million patients and the hack occurred when hackers exploited a zero-day flaw hidden on the file transfer software named GoAnyWhere MFT, developed by Fortra.

Fourth is the news related to a China sponsored hacking gang that started targeting South American diplomats through a ShadowPad Trojan known as PoisonPlug. Microsoft Threat analysis team discovered the campaign taken up by Dev-0147 treat team and confirmed that the criminals are interested in breaching database related to government agencies, NGOs and think tanks functioning in Europe and Asia for now.

Fifth is the news related to a report compiled by Kaspersky. The cybersecurity firm headquartered in Russia has concluded that 14% of Americans have witnessed ransomware attacks on schools while their children were studying. The study also covered that while the parent’s child was a student, the victimized schools made a ransom payment of $887,360 on an average and in the year 2021 was recorded as $996,000, witnessing a jump of 9%.

Last but not the least is the news related to Chinese devices being used in London. According to Fraser Sampson, of the UK, almost all the devices and drones manufactured in Beijing and being operated by Britain’s police forces should be labeled as spying machines. Meaning, the politicians and think tanks of Britain should be more worried about the devices operating just 7-8 feet above their heads, rather than focusing on flying objects in the sky.

Now the big question- is the technology improving our lives or making it more complicated?

 

The post Cyber Attack news headlines trending on Google appeared first on Cybersecurity Insiders.

Australian Defense Ministry has issued a ban on the use of Chinese surveillance cameras and products inside all government buildings from now on. Meaning, all new purchases will be halted and the existing hardware and related software will be replaced in a phased manner.

The issue resumed significance when certain fears were raised in Britain regarding surveillance software and hardware being discovered inside the cars used by UK Government officials and elected members.

Richard Marles, the deputy, confirmed the ban and added that the decision was taken out of concern that the CCTV cameras were sending sensitive data to servers operating in China.

Going deep into the details, an audit was conducted by Shadow Cyber Security Ministry to find a shocking number (969) of Chinese devices being used in government buildings related to defense, foreign affairs, finance and attorney-general office.

And on January 6th of this year, an alarm was raised against the practice of using CCTV devices by the Anthony Albanese administration.

After taking certain factors into account, the Albanese government has now imposed a ban on surveillance devices manufactured by the Xi Jinping led nation. Hikvision and Dahua cameras, that are reported to be business-funded by the government, will top the list of bans followed by other low-cost OEMs.

NOTE- Any device that has a silicon wafer embedded in it can conduct surveillance. So, are all such devices harmful to National Security? Only time can give an apt answer to this question….!

 

The post Australia issues ban on Chinese surveillance cameras and products appeared first on Cybersecurity Insiders.

Just another obscure warrantless surveillance program.

US law enforcement can access details of money transfers without a warrant through an obscure surveillance program the Arizona attorney general’s office created in 2014. A database stored at a nonprofit, the Transaction Record Analysis Center (TRAC), provides full names and amounts for larger transfers (above $500) sent between the US, Mexico and 22 other regions through services like Western Union, MoneyGram and Viamericas. The program covers data for numerous Caribbean and Latin American countries in addition to Canada, China, France, Malaysia, Spain, Thailand, Ukraine and the US Virgin Islands. Some domestic transfers also enter the data set.

[…]

You need to be a member of law enforcement with an active government email account to use the database, which is available through a publicly visible web portal. Leber told The Journal that there haven’t been any known breaches or instances of law enforcement misuse. However, Wyden noted that the surveillance program included more states and countries than previously mentioned in briefings. There have also been subpoenas for bulk money transfer data from Homeland Security Investigations (which withdrew its request after Wyden’s inquiry), the DEA and the FBI.

How is it that Arizona can be in charge of this?

Wall Street Journal podcast—with transcript—on the program. I think the original reporting was from last March, but I missed it back then.

No details, though:

According to the complaint against him, Al-Azhari allegedly visited a dark web site that hosts “unofficial propaganda and photographs related to ISIS” multiple times on May 14, 2019. In virtue of being a dark web site—­that is, one hosted on the Tor anonymity network—­it should have been difficult for the site owner’s or a third party to determine the real IP address of any of the site’s visitors.

Yet, that’s exactly what the FBI did. It found Al-Azhari allegedly visited the site from an IP address associated with Al-Azhari’s grandmother’s house in Riverside, California. The FBI also found what specific pages Al-Azhari visited, including a section on donating Bitcoin; another focused on military operations conducted by ISIS fighters in Iraq, Syria, and Nigeria; and another page that provided links to material from ISIS’s media arm. Without the FBI deploying some form of surveillance technique, or Al-Azhari using another method to visit the site which exposed their IP address, this should not have been possible.

There are lots of ways to de-anonymize Tor users. Someone at the NSA gave a presentation on this ten years ago. (I wrote about it for the Guardian in 2013, an essay that reads so dated in light of what we’ve learned since then.) It’s unlikely that the FBI uses the same sorts of broad surveillance techniques that the NSA does, but it’s certainly possible that the NSA did the surveillance and passed the information to the FBI.

Eufy cameras claim to be local only, but upload data to the cloud. The company is basically lying to reporters, despite being shown evidence to the contrary. The company’s behavior is so egregious that ReviewGeek is no longer recommending them.

This will be interesting to watch. If Eufy can ignore security researchers and the press without there being any repercussions in the market, others will follow suit. And we will lose public shaming as an incentive to improve security.

Update:

After further testing, we’re not seeing the VLC streams begin based solely on the camera detecting motion. We’re not sure if that’s a change since yesterday or something I got wrong in our initial report. It does appear that Eufy is making changes—it appears to have removed access to the method we were using to get the address of our streams, although an address we already obtained is still working.

An AI chatbot is causing a stir - both impressing and terrifying users in equal measure. A security researcher discovers that a "smart" cam that doesn't use the internet is err.. using the internet. And university students revolt over under-the-belt surveillance. All this and much more is discussed in the latest edition of the award-winning "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by Host Unknown's Thom Langford.

Here in 2022, we have a newly declassified 2016 Inspector General report—”Misuse of Sigint Systems”—about a 2013 NSA program that resulted in the unauthorized (that is, illegal) targeting of Americans.

Given all we learned from Edward Snowden, this feels like a minor coda. There’s nothing really interesting in the IG document, which is heavily redacted.

News story.

EDITED TO ADD (11/14): Non-paywalled copy of the Bloomberg link.

This technique measures device response time to determine distance:

The scientists tested the exploit by modifying an off-the-shelf drone to create a flying scanning device, the Wi-Peep. The robotic aircraft sends several messages to each device as it flies around, establishing the positions of devices in each room. A thief using the drone could find vulnerable areas in a home or office by checking for the absence of security cameras and other signs that a room is monitored or occupied. It could also be used to follow a security guard, or even to help rival hotels spy on each other by gauging the number of rooms in use.

There have been attempts to exploit similar WiFi problems before, but the team says these typically require bulky and costly devices that would give away attempts. Wi-Peep only requires a small drone and about $15 US in equipment that includes two WiFi modules and a voltage regulator. An intruder could quickly scan a building without revealing their presence.

Research paper.

It’s Iran’s turn to have its digital surveillance tools leaked:

According to these internal documents, SIAM is a computer system that works behind the scenes of Iranian cellular networks, providing its operators a broad menu of remote commands to alter, disrupt, and monitor how customers use their phones. The tools can slow their data connections to a crawl, break the encryption of phone calls, track the movements of individuals or large groups, and produce detailed metadata summaries of who spoke to whom, when, and where. Such a system could help the government invisibly quash the ongoing protests ­—or those of tomorrow ­—an expert who reviewed the SIAM documents told The Intercept.

[…]

SIAM gives the government’s Communications Regulatory Authority ­—Iran’s telecommunications regulator ­—turnkey access to the activities and capabilities of the country’s mobile users. “Based on CRA rules and regulations all telecom operators must provide CRA direct access to their system for query customers information and change their services via web service,” reads an English-language document obtained by The Intercept. (Neither the CRA nor Iran’s mission to the United Nations responded to a requests for comment.)

Lots of details, and links to the leaked documents, at the Intercept webpage.