Jake Williams awoke last April in an Orlando, Fla., hotel where he was leading a training session. Checking Twitter, Mr. Williams, a cybersecurity expert, was dismayed to discover that he had been thrust into the middle of one of the worst security debacles ever to befall American intelligence.
Mr. Williams had written on his company blog about the Shadow Brokers, a mysterious group that had somehow obtained many of the hacking tools the United States used to spy on other countries. Now the group had replied in an angry screed on Twitter. It identified him — correctly — as a former member of the National Security Agency’s hacking group, Tailored Access Operations, or T.A.O., a job he had not publicly disclosed.Read more
Moscow-based antivirus software maker Kaspersky Lab said on Wednesday that its security software had taken source code for a secret American hacking tool from a personal computer in the United States.
In September, U.S. officials ordered Kaspersky’s products removed from government computers, saying the firm was vulnerable to Kremlin influence and that using the software could jeopardize national security. After that announcement, the Wall Street Journal reported on Oct. 5 that hackers working for the Russian government appeared to have targeted a National Security Agency (NSA) worker by using Kaspersky software to identify classified files in 2015.Read more
Digital activists linked to the Anonymous collective, a disparate cohort of hackers from around the world, have claimed responsibility for a fresh wave of cyberattacks against a number of Spanish government websites as part of a pro-Catalonia protest campaign.
Multiple accounts with Anonymous' signature Guy Fawkes masks have been tweeting hashtags in recent weeks including #opCatalunya, #FreeCatalonia and #OpSaveCatalonia. They claimed to have taken several state websites offline. The website of Spain's Ministry of Public Works and Transport was hacked to display a "Free Catalonia" slogan.Read more
Christopher Wray said encryption on devices was "a huge, huge problem" for FBI investigations. The agency had failed to access more than half of the devices it targeted in an 11-month period, he said. One cyber-security expert said such encryption was now a "fact of life".
Many smartphones encrypt their contents when locked, as standard - a security feature that often prevents even the phones' manufacturers from accessing data. Such encryption is different to end-to-end encryption, which prevents interception of communications on a large scale.Read more
The NSA’s hackers have a problem. Last week, multiple outlets reported that its elite Tailored Access Operations unit—tasked with breaking into foreign networks—suffered another serious data breach.
The theft of computer code and other material by an employee in 2015 allowed the Russian government to more easily detect U.S. cyber operations. It’s potentially the fourth large-scale incident at the NSA to be revealed in the last five years. Now, sources with direct knowledge of TAO’s security procedures in the recent past tell just how porous some of the defenses were to keep workers from stealing sensitive information.Read more
North Korea has reportedly stolen a large amount of joint US-South Korean war plans, including details on how Kim Jong-un is to be assassinated during a potential conflict.
Pyongyang’s secret army of hackers broke into the intranet of South Korea’s Defence Ministry in August and September last year and compromised a large cache of classified documents, Rhee Cheol-hee, a local politician said. Defence officials had previously admitted the breach but said no significant information had been stolen. However, Mr Rhee said the hackers had accessed OPLAN 5015, which is part of the most recent blueprint for war with North Korea that was drawn up by Seoul and Washington in 2015.Read more
Hackers are joining forces with U.S. governors and academics in a new group aimed at preventing the manipulation of voter machines and computer systems to sway the outcome of future U.S. elections, a source familiar with the project said on Monday.
The anti-hacking coalition’s members include organizers of last summer’s Def Con hacking conference in Las Vegas, the National Governors Association and the Center for Internet Security, said the source, who asked not to be identified ahead of a formal announcement due to be made on Tuesday. The Washington-based Atlantic Council think tank and several universities are also part of the project, the source said.Read more
Disqus has confirmed its web commenting system was hacked. The company, which builds and provides a web-based comment plugin for news websites, said that hackers stole more than 17.5 million email addresses in a data breach in July 2012.
About a third of those accounts contained passwords which has largely been deprecated in recent years in favor of stronger password scramblers. The data also contained sign-up dates and the date of the last login. Some of the exposed user information dates back to 2007. Many of the accounts don't have passwords because they signed up to the commenting tool using a third-party service.Read more
Russian hackers stole documents detailing how US agencies defend their networks against cyberattacks, how they breach foreign networks and the computer code they use to do so.
The stolen files were identified through Kaspersky security software used by an NSA contractor that had taken classified material from the NSA and saved it on his computer. The theft, discovered last spring, occurred in 2015 and those familiar with the incident told that having this information could help inform Russian officials how to protect their networks against the NSA and possibly how to break into US networks.Read more
Equifax said hackers might have stolen the personal information of 2.5 million more U.S. consumers than it initially estimated, bringing the total to 145.5 million.
The company said the additional customers were not victims of a new attack but rather victims who the company had not counted before. Equifax hired the forensic security firm Mandiant to investigate the breach, and it finished its report on Sunday. News of the new victims comes on the eve of congressional testimony to be given by Equifax’s former CEO Richard Smith, who will address a House subcommittee on Tuesday. He was forced into retirement last week in the wake of the attack.Read more
110 Reykjavik, Iceland