Tag Archive for: treat

‘Treat it like China’: How U.S. officials stay safe, and have fun, at the world’s biggest hacking conference

/in


When you spend three days with 30,000 people who love cracking code, you’re always just one errant click away from sheep-dom. In fact, fending off the maze of Wi-Fi sniffers, hardware hackers and social engineers at DEF CON is a little like going toe-to-toe with elite, state-backed cyber spies, according to one senior State Department official.

“Almost treat it like going to China,” said the official, granted anonymity to offer frank and colorful advice to a DEF CON first-timer. “Really treat it like going to a technologically sophisticated peer competitor.”

At this year’s conference, which wraps up Sunday, the Wall of Sheep was located in a dimly lit auditorium off the main conference floor. It included, for the first time ever, a live feed with the location of individuals who were leaking data. As of Friday afternoon, there were at least 2,000 sheep at DEF CON, per the floor-to-ceiling projection. Their personal information was, mercifully, partly blacked out for privacy reasons.

Since the first-ever convention in 1993, DEF CON has brought some of the world’s most talented computer security wizards into the Las Vegas desert to scour software, hardware and networking equipment in search of vulnerabilities.

Operating under the principle that the best way to secure computer code is to expose it, attendees have demonstrated some truly jaw-dropping research over the last three decades. They’ve taken over the controls of cars, tricked ATMs to spew out cash and sent insulin pumps into overdrive, to name a few memorable hacks.

Feats like that have turned the convention into an increasingly common pit stop for top U.S. government officials, dozens of whom are in attendance this year. DHS Secretary Alejandro Mayorkas, CISA Director Jen Easterly and Acting National Cyber Director Kemba Walden are all in Las Vegas for DEF CON and Black Hat, its more corporate-friendly counterpart.

But the convention didn’t earn its reputation as “the world’s most hostile network” just because of what happens on the main stage.

“There is a criminal ecosystem out there,” said Marc Rogers, the conference’s head of security. “You probably don’t want to access your…

Source…

Boulder County buys phone-hacking tech using money meant to treat, prevent drug addiction

/in


Last month, Boulder County spent the first of what it hopes will be millions of dollars for the treatment and prevention of drug addiction, courtesy of lawsuits against the drug manufacturers, distributors and pharmacies that helped fuel America’s opioid epidemic.

Among the spending was money for controversial yet widely used technology to gain access to locked cell phones and computers. Law enforcement officials argue such products are necessary to find and prosecute drug dealers, whose illegal enterprises have produced an ever-mounting body count.

Yet the increasing usage of such products has occurred largely without public knowledge and debate, or corresponding evolution of regulation to protect against potential abuse — a chief concern of privacy experts and human rights groups who warn the tools are an unprecedented, unchecked expansion of police power.

“There’s this really remarkable power that police have that can be used quietly and silently,” said John Davisson, senior counsel for Washington, D.C.-based Electronic Privacy Information Center. “It’s really putting a lot of power into the hands of law enforcement.”

Crucial tool for catching drug dealers

Spending on mobile device forensics tools, or MDFTs, as they’re known, represents just a sliver of Boulder County’s opioid settlement spending so far: $81,250 — 4.5% of an $1.8 million total first funding round — went to purchase products from Cellebrite and GrayKey, which unlock Android and Apple/iOS products, respectively, and Nighthawk and Magnet Forensics, which assembles extracted data into a readable format and “puts it all together in a pattern,” according to Boulder County Sheriff’s Office Sergeant Jeff Pelletier, who presented on the purchases at a December meeting of Boulder County’s Regional Opioids Council.

The equipment will go to Longmont Police Department’s Special Investigations Unit, which handles narcotics investigations and Boulder County’s Drug Task Force, which serves the same function for most of the county, excluding Longmont and Louisville. A third Cellebrite device will go to Boulder County’s Digital Forensics Lab, which aids…

Source…

We must treat cyber wars the same as we treat conventional military encounters

/in


Pictures and videos emanating from Ukraine show the widespread destruction wrought by Russian troops during a year-long war that continuously generates news coverage. But there is another side to this conflict that is lesser known and harder to see.

A parallel war has been running alongside Russia’s conventional ground invasion, one that involves unrelenting cyber attacks across various segments of Ukrainian society, if with less success than many experts initially anticipated. Mixed results aside, this cyber warfare at times has been significant enough that lines are being blurred between where cyber attacks stop and conventional warfare begins.

Since the start of the invasion in late February 2022, Russian actors have attacked Ukraine with two primary goals: to damage critical infrastructure and to exfiltrate or destroy data. According to Ukraine’s Computer Emergency Response Team, more than 2,000 cyber attacks plagued Ukraine in 2022 alone. Taking it a step further, at least eight different forms of malware have been used by Russian saboteurs in the past year, according to Microsoft, 40 percent of which were targeted at “critical infrastructure sectors.” Other targets included Ukrainian government websites, financial institutions, energy and communication service providers, and media outlets.

Russia’s intense use of cyber attacks in Ukraine predates its ground invasion by at least eight years. When Russia invaded the Crimean Peninsula in 2014, suspected Russian hackers knocked out power to 230,000 customers in western Ukraine. Two years later, suspected Russian hackers used malware to disrupt Ukrainian airports, railways and banks. One month before its ground invasion last February, Russia launched a massive cyber attack targeting government institutions in an attempt to weaken Ukraine’s position ahead of the impending military action.

These types of crimes aren’t unique to Ukraine and exist in the absence of active war. In 2007, hackers attacked Estonia in what is believed to be the first major cyberattack on an entire country, crippling banks, government websites and media companies. Closer to home, a ransomware attack in 2021 disabled the…

Source…

Trick or treat? Stay so cyber‑safe it’s scary – not just on Halloween

/in


Gather around, folks, to learn about some of the ghastliest tricks used by criminals online and how you can avoid security horrors this Halloween and beyond

Trick or treat, it is Halloween! The day has come when children knock on your door dressed in scary costumes and ask for a treat. Be ready…or a spooky spell will be cast upon you!

The real danger, however, doesn’t knock on the door. Hackers, imposters and scammers of all ilk are looking for you in all corners of the internet, and all they want is to trick you into giving away your personal data or money.

With Cybersecurity Awareness Month ending on the last day of October, it’s a good time to look at some common ways your personal information could be at risk (not just this Hallow’s eve!) and offer up some sweet treats to help you and your family avoid falling for hackers’ tricks.

Self-defense against scammers’ tricks

Trick #1: Fake websites

vs.

Treat #1: Recognizing phishing attacks

So someone messaged you on Instagram about an amazing Bitcoin deal. Awesome! And is it just as simple as clicking a link? Even better. Or not? Let me guess, it will take you to a site that looks super professional and convincing and there’s a place to enter your credit card details to get started? Yes? Then that’s most certainly a scam. And it becomes even harder to tell right away if a website is real or when it’s a fraudulent version of well-known crypto exchanges.

In order to avoid falling for scams involving fake websites, especially those that request your personal information or banking details, make sure to:

  • Avoid clicking on links in unsolicited messages, doubly if the message came out of the blue and uses a generic salutation.
  • Don’t ever feel rushed into taking an action.
  • Watch out for misspelled domains and once on a website, use common sense to look out for other red flags, such as suspicious grammar mistakes or low-resolution images.
  • Consider manually typing out the website’s address into the browser bar and/or try Google’s  Safe Browsing site status tool or VirusTotal’s URL checker to…

Source…