The NSA’s hackers have a problem. Last week, multiple outlets reported that its elite Tailored Access Operations unit—tasked with breaking into foreign networks—suffered another serious data breach.
The theft of computer code and other material by an employee in 2015 allowed the Russian government to more easily detect U.S. cyber operations. It’s potentially the fourth large-scale incident at the NSA to be revealed in the last five years. Now, sources with direct knowledge of TAO’s security procedures in the recent past tell just how porous some of the defenses were to keep workers from stealing sensitive information.Read more
North Korea has reportedly stolen a large amount of joint US-South Korean war plans, including details on how Kim Jong-un is to be assassinated during a potential conflict.
Pyongyang’s secret army of hackers broke into the intranet of South Korea’s Defence Ministry in August and September last year and compromised a large cache of classified documents, Rhee Cheol-hee, a local politician said. Defence officials had previously admitted the breach but said no significant information had been stolen. However, Mr Rhee said the hackers had accessed OPLAN 5015, which is part of the most recent blueprint for war with North Korea that was drawn up by Seoul and Washington in 2015.Read more
Hackers are joining forces with U.S. governors and academics in a new group aimed at preventing the manipulation of voter machines and computer systems to sway the outcome of future U.S. elections, a source familiar with the project said on Monday.
The anti-hacking coalition’s members include organizers of last summer’s Def Con hacking conference in Las Vegas, the National Governors Association and the Center for Internet Security, said the source, who asked not to be identified ahead of a formal announcement due to be made on Tuesday. The Washington-based Atlantic Council think tank and several universities are also part of the project, the source said.Read more
Disqus has confirmed its web commenting system was hacked. The company, which builds and provides a web-based comment plugin for news websites, said that hackers stole more than 17.5 million email addresses in a data breach in July 2012.
About a third of those accounts contained passwords which has largely been deprecated in recent years in favor of stronger password scramblers. The data also contained sign-up dates and the date of the last login. Some of the exposed user information dates back to 2007. Many of the accounts don't have passwords because they signed up to the commenting tool using a third-party service.Read more
Russian hackers stole documents detailing how US agencies defend their networks against cyberattacks, how they breach foreign networks and the computer code they use to do so.
The stolen files were identified through Kaspersky security software used by an NSA contractor that had taken classified material from the NSA and saved it on his computer. The theft, discovered last spring, occurred in 2015 and those familiar with the incident told that having this information could help inform Russian officials how to protect their networks against the NSA and possibly how to break into US networks.Read more
Equifax said hackers might have stolen the personal information of 2.5 million more U.S. consumers than it initially estimated, bringing the total to 145.5 million.
The company said the additional customers were not victims of a new attack but rather victims who the company had not counted before. Equifax hired the forensic security firm Mandiant to investigate the breach, and it finished its report on Sunday. News of the new victims comes on the eve of congressional testimony to be given by Equifax’s former CEO Richard Smith, who will address a House subcommittee on Tuesday. He was forced into retirement last week in the wake of the attack.Read more
The FBI will not be forced to reveal details of a hacking tool used to break into a terrorist's iPhone, a case that sparked months of legal hostilities between Apple and the US government.
Vice News, USA Today, and the Associated Press filed a Freedom of Information lawsuit to reveal the name of the hacking tool's vendor and its price. The Justice Dept. launched legal action against Apple, which had refused to help unlock the phone, arguing the device's encryption could not be defeated -- even by the company. The FBI later obtained a hacking tool -- details of which the agency wants to keep secret.Read more
Moscow is adding facial-recognition technology to its network of 170,000 surveillance cameras across the city in a move to identify criminals and boost security. Since 2012, CCTV recordings have been held for five days after they’re captured, with about 20 million hours of video stored at any one time.
"We soon found it impossible to process such volumes of data by police officers alone," said Artem Ermolaev, head of the department of information technology in Moscow. "We needed an artificial intelligence to help find what we are looking for." Moscow says the city’s centralized surveillance network is the world’s largest of its kind.Read more
The U.S. National Security Agency conducted targeted surveillance over the past year against 106,000 foreigners suspected of being involved in terrorism and other crimes, using powers granted in a controversial section of law that’s set to expire at the end of this year.
The number of foreigners targeted under Section 702 of the Foreign Intelligence Surveillance Act rose from 94,000 in fiscal year 2015, according to U.S. intelligence officials, who asked not to be identified discussing the information. The program lets agencies collect the content of emails and other communications from suspected foreign criminals operating outside the U.S.Read more
An international group of cryptography experts has forced the US NSA to back down over two data encryption techniques it wanted set as global industry standards, reflecting deep mistrust among close US allies.
In interviews and emails, academic and industry experts from countries including Germany, Japan and Israel worried that the U.S. electronic spy agency was pushing the new techniques not because they were good encryption tools, but because it knew how to break them. The NSA has now agreed to drop all but the most powerful versions of the techniques - those least likely to be vulnerable to hacks - to address the concerns.Read more