Tag Archive for: claiming

Claiming a ‘computer crime’ shouldn’t give police a free pass to raid newspapers

/in


This month, police officers in Marion, Kan., crashed into the newsroom of the Marion County Record, a weekly newspaper, and the home of its publisher to seize computers, cellphones and documents. After several days of public outcry, the county attorney ordered the material returned.

Newsroom searches are rare today because a 1980 federal law makes them almost always illegal. But the outcry goes back to colonial days, when British-loyalist redcoats raided revolutionary American pamphleteers. Such searches were seen as the ultimate attack on the free press. In the infamous 1971 search of the Stanford Daily, for example, Palo Alto police were seeking photographs to tie Vietnam War protesters to a violent clash on campus. After the Supreme Court refused to offer protection from such raids, Congress passed the 1980 statute, making newsroom searches far less of a threat.

Read more: Editorial: Raid on Kansas newspaper was possibly illegal — and definitely troubling

Instead, the Marion case highlights a separate, systemic threat to press freedom: vague and sweeping computer crime laws, which exist in all 50 states. These laws can be readily used to intimidate reporters and suppress reporting without raiding their offices.

The Marion raid appears to be the first time public officials have searched a newspaper under the claim of enforcing a computer crime law. The search warrant in that case listed violations of statutes covering identity theft and “unlawful acts concerning computers.”

Read more: Opinion: We’ve defended Trump’s 1st Amendment rights. But his latest claims about the Jan. 6 indictment are nonsense

The state computer crime statute applies when someone breaks into a computer network with malware or uses another person’s information to steal money from their bank account. But these laws are so vague that they can be deployed to penalize reporters for using computers to find information online as part of routine journalism.

In Missouri, for instance, a reporter for the St. Louis Post-Dispatch discovered a serious flaw in a state website that put the security of thousands of Social Security numbers at risk. He alerted the state agency so it could fix the issue before he published…

Source…

Panasonic Admits Suffering a Second Cyber Attack in 6 Months With Conti Ransomware Gang Claiming Responsibility

/in


Japanese tech company Panasonic disclosed that it was the victim of a “targeted cyber attack” on its Canadian operations. According to malware analysis group VX Underground, the Conti ransomware group claimed responsibility for the attack. The group claims to have stolen 2.8 gigabytes of data from Panasonic Canada.

The February attack was the second to devastate the company within six months. In November 2021, Panasonic Japan disclosed that a third party had breached its network and accessed files on its servers.

The company disclosed in January 2022 that the attack leaked the personal information of job candidates and interns.

According to the Japanese media outlet NHK, the illegal access lasted from June to November 2021.

Similarly, Panasonic Corporation India suffered a cyber attack in December 2020, leaking 4 GB of financial information.

Conti ransomware group leaks files allegedly stolen from Panasonic

Conti ransomware group started sharing allegedly stolen documents on its leak site. The dump includes files and spreadsheets reportedly stolen from the HR and accounting departments. Some of the documents had names like “HR Global Database” and “Budget.”

Panasonic hasn’t disclosed the hacking group’s identity or ransomware demands, the intrusion method, the nature of the information stolen, or the number of potential victims.

However, the company says the attack affected the Canadian operation, which employs 400 people and is part of the North American segment.

Panasonic spokesperson Airi Minobe told TechCrunch that the company “took immediate action to address the issue with assistance from cybersecurity experts and our service providers.”

Its response “included identifying the scope of impact, containing the malware, cleaning and restoring servers, rebuilding applications and communicating rapidly with affected customers and relevant authorities.” This description perfectly resembles a ransomware attack response.

Minobe added that efforts to restore operations were still in progress, although the top priority was to mitigate the impacts of the suspected Conti ransomware attack.

“Since confirming this attack, we have worked diligently to restore operations and…

Source…

Saudi activist Loujain al-Hathloul files lawsuit claiming 3 former U.S. officials helped hack her iPhone before she was imprisoned, tortured

/in


Loujain al-Hathloul, a prominent Saudi political activist who pushed to end a ban on women driving in her country, is suing three former U.S. intelligence and military officials she says helped hack her cellphone so a foreign government could spy on her before she was imprisoned and tortured.

The nonprofit Electronic Frontier Foundation announced Thursday that it had filed a lawsuit in U.S. federal court on al-Hathloul’s behalf against former U.S. officials Marc Baier, Ryan Adams and Daniel Gericke, as well as a cybersecurity company called DarkMatter that has contracted with the United Arab Emirates.

In the lawsuit, al-Hathloul alleges that the trio oversaw a project for DarkMatter that hacked into her iPhone to track her location and steal information as part of broader surveillance efforts targeting dissidents within the UAE and its close ally Saudi Arabia. She said the hacking of her phone led to her “arbitrary arrest by the UAE’s security services and rendition to Saudi Arabia, where she was detained, imprisoned, and tortured.”

FILE PHOTO: Saudi women's rights activist Loujain al-Hathloul is seen in this undated handout picture
Saudi women’s rights activist Loujain al-Hathloul is seen in this undated handout picture. 

Handout . / REUTERS


“Companies that peddle their surveillance software and services to oppressive governments must be held accountable for the resulting human rights abuses,” said EFF Civil Liberties Director David Greene.

DarkMatter assigned her the codename of “Purple Sword,” the lawsuit says, citing a 2019 investigation by Reuters that first detailed the hacking of al-Hathloul.

The lawsuit is the latest legal challenge to the secretive private cyber-surveillance industry, which often sells pricey hacking services to authoritarian governments that are used to secretly break into phones and other devices of activists, journalists, political opponents and others. Tech giant Apple filed a lawsuit last month against Israel’s NSO Group seeking to block the world’s most infamous hacker-for-hire company from breaking into Apple’s products, like the iPhone.

Baier, Adams and Gericke admitted in September to providing sophisticated computer hacking…

Source…

Swiss hacker indicted after claiming credit for breaching Nissan, Intel

/in


By Paresh Dave

(Reuters) – A Swiss computer hacker who has claimed credit for helping steal or distribute proprietary data from Nissan Motor Co, Intel Corp and most recently security camera startup Verkada was indicted on Thursday, U.S. prosecutors announced.

Till Kottmann, 21, remains in Lucerne and has been notified about the pending charges, the U.S. attorney’s office in Seattle said in a statement.

Kottmann did not immediately respond to a request for comment following the announcement of the indictment, which came after midnight in Lucerne.

Kottmann over the last year allegedly working with a group accessed internal files belonging to at least eight parties, including six unnamed companies, the Washington State Department of Transportation and an undisclosed federal agency, according to the indictment.

“Kottmann, and others, accessed protected computers, including ‘git’ and source code repositories as well as internal infrastructure, through use of stolen access keys, credentials and exploits,” the indictment said.

It added Kottmann overall hacked dozens of businesses and government agencies and purportedly published leaked data from over 100 entities.

In social media posts and on a website, Kottmann allegedly shared some of the information and took credit for breaches, the document said.

Dates and descriptions in the indictment related to two of the alleged hacks match Kottmann’s past statements about Intel and Nissan.

Intel declined to comment. Nissan and Verkada did not immediately respond to requests for comment.

This month, Kottmann shared with Reuters recordings of live and archived surveillance footage Kottmann obtained from inside a Tesla factory, an Alabama jail and other facilities by gaining access to Verkada’s administrative system.

Prosecutors accused Kottmann of wire fraud, aggravated identity theft and conspiracy to commit computer fraud and abuse.

It was not immediately clear if or when Kottmann would be brought to the U.S. to face charges. Swiss authorities raided Kottmann’s residence last week.

(Reporting by Paresh Dave; additional reporting by Joseph Menn; Editing by Leslie Adler and Michael Perry)

Source…