Tag Archive for: surveillance

Security Roundup: Leak of Top-Secret US Intel Risks a New Wave of Mass Surveillance

/in


US defense secretary Lloyd Austin on Thursday said he was considering “additional measures necessary to safeguard our nation’s secrets,” and he ordered a review of “our intelligence access, accountability, and control procedures within the department to inform our efforts to prevent this kind of incident from happening again.”

Hackers who claim to have breached data storage company Western Digital earlier this month say they are holding 10 terabytes of stolen data hostage and are ready to publish it unless the company pays a “minimum 8 figure” ransom, TechCrunch reports. 

An individual who says they carried out the hack spoke to TechCrunch on Thursday, claiming to have reams of customer information. While the hacker showed TechCrunch screenshots of internal emails and contact information of Western Digital’s employees, it’s still unclear exactly what data has been stolen.

“Cut the crap, get the money, and let’s both go our separate ways,” the hackers wrote in an email to several company executives. “Simply put, let us put our egos aside and work to find a resolution to this chaotic scenario.” 

A secretive Israeli spyware company’s hacking tools have been used to target politicians and journalists in at least 10 countries, according to research by Microsoft and the University of Toronto’s Citizen Lab made public Tuesday. 

The company, QuaDream, is a small, low-profile Israeli firm that develops smartphone hacking tools intended for government clients. The firm was established in 2016 by former employees of NSO Group, the maker of the Pegasus spyware.

The QuaDream spyware targeted older versions of Apple’s iOS phone software, and it worked by sending malicious calendar invites that would not be seen by the targets, researchers say.

According to the report, Citizen Lab has located QuaDream servers in Bulgaria, the Czech Republic, Hungary, Ghana, Israel, Mexico, Romania, Singapore, the United Arab Emirates, and Uzbekistan. 

WhatsApp has introduced a new security feature that makes it harder for scammers to steal users’ accounts. The feature will require individuals who download WhatsApp to a new device to use their old device to confirm their account….

Source…

India: Government’s pursuit of new surveillance technology heightens human rights concerns 

/in


Responding to a report by the Financial Times that India is searching for alternative spyware technology to replace NSO Group’s Pegasus surveillance software, Donncha Ó Cearbhaill, Head of the Security Lab at Amnesty International, said:  

“It is chilling that instead of respecting human rights and ensuring accountability for those targeted by Pegasus, that the Indian government is instead looking for alternative spyware to further its surveillance capabilities. 

The spyware industry continues to spiral out of control globally with dozens of companies offering similar products to Pegasus.

Donncha Ó Cearbhaill, Head of the Security Lab at Amnesty International

“It is shameful that although spyware technology has been used to commit grave human rights violations, crush dissent, and stifle freedom of assembly and expression, governments across the world continue to recklessly advance these methods to unlawfully target dissidents and critics.”  

New research from Amnesty International’s Security Lab this week has uncovered evidence of a spyware hacking campaign targeting Google’s Android operating system and impacting billions of users worldwide.  

“The spyware industry continues to spiral out of control globally with dozens of companies offering similar products to Pegasus. We urgently need a global moratorium on the sale, transfer, and use of spyware until robust human rights regulatory safeguards are in place.”  

Background:  

On March 30, 11 governments issued a joint statement committing to joint action to counter the proliferation and misuse of commercial spyware. 

On March 27, United States President Joe Biden signed an executive order restricting the government’s use of commercial spyware technology that has been used to intimidate civil society around the globe. 

In 2021, following revelations by Amnesty International in the Pegasus Project about the spyware produced by the Israeli company NSO, the Supreme Court of India set up a technical committee to investigate abuses involving the software. In 2022, the committee concluded their investigation, but the court has not made the findings of the report public….

Source…

How to Connect Your Security Cameras to the Internet

/in



Railways’ video surveillance system project stumped by lack of cyber security clearance

/in


After facing hurdles in the implementation of CCTV surveillance systems at major railway stations across the country, the Ministry of Railways has flagged a critical cyber safety issue involving national security with the NITI Aayog.

As part of enhanced security measures, the railways are implementing a Video Surveillance System at hundreds of railway stations in a phased manner. The project is being financed through the Nirbhaya Fund controlled by the Ministry of Women & Child Development.

Though funds were sanctioned and tenders finalised, there has been an inordinate delay in commencing the work since the Original Equipment Manufacturers (OEMs) of the surveillance cameras are reluctant to get cyber security testing done by the Standardisation Testing & Quality Certification (STQC) Directorate, Ministry of Electronics and Information Technology.

Also read: Four years on, mission to install CCTVs at railway stations derails

Despite constant reminders and follow-up by the Ministry of Railways with the service providers after the contract agreements were placed, not a single camera manufacturer got cyber security clearance from the STQC Directorate, sources in the railways told The Hindu.

“The OEMs are reluctant to get the testing done for reasons best known to them and not showing interest in the CCTV projects of the railways since only we are insisting on cyber security clearance of cameras and its components to ensure security. However, the cyber security clearance is not being insisted on for other surveillance camera projects funded by the Union Government like the smart cities,” a senior railway official said.

Security audit mandatory

In a meeting convened by NITI Aayog on July 30, 2019, involving top officials of the Ministry of Railways, Research Designs & Standard Organisaton, RailTel Corporation of India Ltd. etc., it was decided to make security auditing and testing mandatory for data protection.

To ensure the security of the camera and network from vulnerabilities & breaches and discourage false undertaking from OEMs, it was decided that security auditing and testing be carried out by reputed agencies like CERT-IN or STQC at the time of Proof of Concept (POC) as…

Source…