Apple has launched a new privacy website to explain what it does and doesn’t do with user data. On the front page, a letter from CEO Tim Cook explains that Apple views privacy differently to other internet services who, he says, view users as products and not customers.
Naked Security – Sophos
New York Times |
Computer Security Firm Raises $ 35 Million From KKR and Others
New York Times Andre Durand, founder of the computer security firm Ping Identity.Credit Earl Wilson/The New York Times. With the news of hacking and data theft dominating headlines, there would seem to be no better time for a security software provider to raise new … |
Documents provided by former National Security Agency contractor Edward Snowden have revealed that the NSA and its partner, Great Britain’s GCHQ, have done a whole lot more than just passively monitor what passes over the Internet. Using their surveillance tools, the intelligence agencies have been able to identify and target individuals at organizations of interest—not just suspected terrorist cells.
The latest target of these “tailored access” efforts to come to light is OPEC, the Organization of Petroleum Exporting Countries. Brazil’s Petrobras, Belgium’s Belgacom, and many others have been targeted as well, based on documents provided by Snowden. According to a report in Der Spiegel, the NSA and GCHQ have had access to OPEC’s internal networks and systems since January of 2008, allowing the NSA to provide intelligence on individual members of OPEC and the countries’ negotiations and tactics. As with the GHCQ hack of engineers at Belgian telecom provider Belgacom, the infiltration of OPEC took advantage of partnerships with international telecommunications providers to reroute Internet traffic to and from targeted users within the organization, including Saudi Arabia’s OPEC governor, through network equipment controlled by the intelligence agencies. That allowed the NSA and GCHQ to perform “man-in-the-middle” attacks that let them install malware onto the target computers and gain access to OPEC’s internal network—even gaining administrative privileges for the network and access to file servers.
The attack, called a “Quantum insert,” is just part of an arsenal of network monitoring and attack tools that the NSA and GCHQ have created that have essentially turned the global Internet into a weapons system that can scan for, identify, target, and attack nearly anyone of interest who connects to Internet services across borders.
Read 14 remaining paragraphs | Comments
     |
Federal prosecutors have accused a UK man of hacking thousands of computer systems, many of them belonging to the US government, and stealing massive quantities of data that resulted in millions of dollars in damages to victims.
Lauri Love, 28, was arrested on Friday at his residence in Stradishall, UK following a lengthy investigation by the US Army, US prosecutors in New Jersey said. According to prosecutors, the attacks date back to at least October 2012. Love and other alleged hackers are said to have breached networks belonging to the Army, the US Missile Defense Agency, NASA, the Environmental Protection Agency, and others, in most cases by exploiting vulnerabilities in SQL databases and the Adobe ColdFusion Web application. The objective of the year-long hacking spree was to disrupt the operations and infrastructure of the US government by stealing large amounts of military data and personally identifying information of government employees and military personnel, a 21-page indictment said.
“You have no idea how much we can fuck with the US government if we wanted to,” Love told a hacking colleague in one exchange over Internet relay chat, prosecutors alleged. “This… stuff is really sensitive. It’s basically every piece of information you’d need to do full identity theft on any employee or contractor” for the hacked agency.
Read 6 remaining paragraphs | Comments
     |
