Tag Archive for: doors

Behind the doors of a Chinese hacking company, a sordid culture fueled by influence, alcohol and sex

/in


BEIJING — The hotel was spacious. It was upscale. It had a karaoke bar. The perfect venue, the CEO of the Chinese hacking company thought, to hold a Lunar New Year banquet currying favor with government officials. There was just one drawback, his top deputy said.

“Who goes there?” the deputy wrote. “The girls are so ugly.”

So goes the sordid wheeling and dealing that takes place behind the scenes in China‘s hacking industry, as revealed in a highly unusual leak last month of internal documents from a private contractor linked to China’s government and police. China’s hacking industry, the documents reveal, suffers from shady business practices, disgruntlement over pay and work quality, and poor security protocols.

Private hacking contractors are companies that steal data from other countries to sell to the Chinese authorities. Over the past two decades, Chinese state security’s demand for overseas intelligence has soared, giving rise to a vast network of these private hackers-for-hire companies that have infiltrated hundreds of systems outside China.

Though the existence of these hacking contractors is an open secret in China, little was known about how they operate. But the leaked documents from a firm called I-Soon have pulled back the curtain, revealing a seedy, sprawling industry where corners are cut and rules are murky and poorly enforced in the quest to make money.

Leaked chat records show I-Soon executives wooing officials over lavish dinners and late night binge drinking. They collude with competitors to rig bidding for government contracts. They pay thousands of dollars in “introduction fees” to contacts who bring them lucrative projects. I-Soon has not commented on the documents.

Mei Danowski, a cybersecurity analyst who wrote about I-Soon on her blog, Natto Thoughts, said the documents show that China’s hackers for hire work much like any other industry in China.

“It is profit-driven,” Danowski said. “It is subject to China’s business culture — who you know, who you dine and wine with, and who you are friends with.”

China’s hacking industry rose from the country’s early hacker culture, first appearing in the 1990s as citizens bought computers and went…

Source…

IAEA Training Centre for Nuclear Security Opens Doors to Build Expertise in Countering Nuclear Terrorism

/in


The International Atomic Energy Agency (IAEA) opened today a unique nuclear security training centre, the first international facility of its type, to support the growing efforts to tackle global nuclear terrorism.

IAEA Director General Rafael Mariano Grossi officially opened the IAEA Nuclear Security Training and Demonstration Centre during a ceremony at the Agency’s Seibersdorf laboratories in Austria, attended by representatives from 45 countries and territories.

The centre will provide more than 2000 square meters of specialized technical infrastructure and equipment for course participants to learn about the physical protection of nuclear and other radioactive material, as well as detection and response to criminal acts involving nuclear material and facilities.

“Nuclear security is one of the most important areas of our work to make sure that nuclear material never falls into the wrong hands,” IAEA Director General Rafael Mariano Grossi. “The international nuclear security centre of excellence – opened today – is where experts on nuclear security and the physical protection of nuclear material from all over the world will be trained to hone their skills.”

Requests to the Agency for training in nuclear security have increased in recent years as more countries embark on nuclear power programmes and after the 2016 entry into force of the Amendment of the Convention on the Physical Protection of Nuclear Material (CPPNM) – the only legally binding international instrument in the area of physical protection of nuclear material.

Over two floors, the new centre contains simulated environments, virtual reality tools and advanced software. It will provide hands on practice on nuclear security systems for the physical protection of nuclear facilities, information and computer security, nuclear forensics, major public events and other nuclear security areas of work.

“We are giving countries the tools to do nuclear better, safer and in a secure way”, added Director General Grossi.

The centre will welcome the first trainees next week for a course on security management of radioactive material, one of the 23 training courses and workshops to be offered.

“By…

Source…

Nexx Ignores Vulnerabilities Allowing Hackers to Remotely Open Garage Doors

/in


Texas-based smart home product provider Nexx appears to have ignored repeated attempts to report serious vulnerabilities that can be exploited by hackers to remotely open garage doors, and take control of alarms and smart plugs. 

Nexx offers smart alarms, garage door controllers, and smart plugs, all of which can be controlled remotely from a dedicated mobile application. 

Researcher Sam Sabetan discovered that these products are affected by serious vulnerabilities in late 2022 and disclosed their details on Tuesday. 

The US Cybersecurity and Infrastructure Security Agency (CISA) has also released an advisory to warn individuals and organizations using Nexx products about the flaws identified by the researcher. The agency said the impacted products are used by commercial facilities worldwide.

Sabetan and CISA said their attempts to report the vulnerabilities to Nexx were ignored. SecurityWeek has also reached out to Nexx for comment.

The researcher has discovered five types of vulnerabilities, most of which have been assigned ‘high’ or ‘critical’ severity ratings. The list of issues includes the use of hardcoded credentials, authorization bypass flaws that can be leveraged to execute unauthorized actions, information disclosure issues, and improper authentication.

In a real world attack scenario, an attacker can exploit these vulnerabilities to open or close garage doors remotely over the internet, hijack any alarm system, and turn on/off smart plugs connected to household appliances. 

In order to conduct an attack, the hacker only needs the targeted user’s device ID, email address, name, or MAC address, depending on the type of device they are targeting.  

A video demo made by the researcher shows how a hacker can obtain the information of hundreds of users.

“It is estimated that over 40,000 devices, located in both residential and commercial properties, are impacted. Furthermore, I determined that more than 20,000 individuals have active Nexx accounts,” Sabetan explained. 

Related: Aiphone Intercom System Vulnerability Allows Hackers to Open Doors

Related: Vulnerabilities in HID Mercury Access…

Source…

Iraq: Online portal opens doors for women in business

/in


The country’s online system is making it easier for women entrepreneurs to access the benefits of registering their company with the government.

© International Labour Organization | An Iraqi entrepreneur develops her business idea.

Saja al-Bayati has been fascinated by information technology and news since she can remember.

While pursuing a master’s degree in computer engineering, she merged her tech and cyber-security interests with a budding freelance journalism career to start digital awareness campaigns – beginning a journey that would combine her two passions into a business endeavour.

“The field of information technology in Iraq is quite important. We have high rates of digital illiteracy – and that can put people at risk,” Ms. al-Bayati says.

The 29-year-old from Baghdad now runs a company of security experts that keeps people and organizations safe from cyberattacks.

“I help protect individuals and institutions from hacking, and drive awareness on how to protect private, confidential information,” she says.

When Ms. Al-Bayati registered her company, Al-Baydaq (Pawn) Information Technology, with the government in October 2022, she found the process much easier than expected thanks to a new online registration portal.

From 35 steps to a few clicks

On 8 November 2021, the Iraqi government set up business.mot.gov.iq – an online “single window” for business registration – with support from UNCTAD, the United States government and the Global Entrepreneurship Network, a non-profit organization.

The portal simplifies a process that used to entail 35 steps and long hours waiting in line at different government offices. Ms. al-Bayati was able to register her company in just a few clicks and in a matter of minutes.

“I submitted all my papers and paid the registration fees online without needing a lawyer,” she says. “It was the first government e-service I ever experienced, and it was great.”

Unlocking important benefits

According to a recent joint UNDP report, Iraq’s private sector, which accounts for 40% to 50% of employment, is mainly informal. And women in the country generally face more hurdles than…

Source…