WebProNews

Tag: Hacks

  • Amazon’s Ring Fires Employees For Improperly Accessing User Videos

    Amazon’s Ring Fires Employees For Improperly Accessing User Videos

    In the wake of reports of Ring devices being hacked, Amazon has informed senators of four incidents where employees improperly accessed user videos, according to Ars Technica.

    Amazon was replying to several senators who have sent inquiries to the company regarding their Ring business. Originally, the inquiries centered around Amazon’s relationship with hundreds of law enforcement agencies to promote Ring’s cameras. As news of Ring’s security woes became widely known, a group of senators sent a follow-up inquiry regarding those breaches.

    In their response, Amazon admitted there have been four employees in the last four hears who have improperly accessed user videos. In each case, according to the company, the employees did have legitimate access to user videos, however “the attempted access to that data exceeded what was necessary for their job functions.”

    Amazon says swift action was taken to fire the employees involved and “take appropriate disciplinary action in each of these cases.” In addition, “Ring periodically reviews the access privileges it grants to its team members to verify that they have a continuing need for access to customer information for the purpose of maintaining and improving the customer experience.”

    Even with these steps, this is unwelcome attention for a company trying to prove its products can be trusted.

  • CES 2020: Ring Adds Privacy Control Center In Wake Of Hacks

    CES 2020: Ring Adds Privacy Control Center In Wake Of Hacks

    In the wake of multiple hacks and a subsequent lawsuit, Ring is off to a promising start at CES 2020, unveiling a new privacy Control Center, according to CNN.

    Ring has had a tough few weeks as multiple incidents surfaced of strangers accessing customers’ camera feeds. In one incident, a strange man talks to an 8 year-old girl via the camera in her room, while in another case a man subjected a couple to racist comments about their son.

    While Ring said these incidents were not the result of a breach of their systems, and were instead indicative of people refusing passwords that may have been hacked or accessed elsewhere, VICE tested Ring’s security and found it was abysmal. In particular, Ring offered no way of knowing who else may be accessing a camera feed—or if anyone else has ever accessed it.

    The announcement of the Control Center should go a long way toward addressing these concerns. The new tab provides a way to see who is accessing feeds, as well as whether a camera is being shared in the Neighbors app. The new feature will give users the ability to adjust the privacy settings for all of their Ring devices from a central location.

    The company plans to continue giving users more control and simplifying the interface as the Control Center evolves.

  • Ashley Madison Head Noel Biderman Has Resigned

    Noel Biderman, the CEO of Ashley Madison parent company Avid Life Media, is resigning.

    According to a statement from Avid Life Media, senior management will captain the company until a new CEO can be appointed.

    “This change is in the best interest of the company and allows us to continue to provide support to our members and dedicated employees. We are steadfast in our commitment to our customer base,” said the company.

    Last month, Ashley Madison, a website which purported to connect married people with other married people for the purposes of stepping out on said marriages, fell victim to an enormous hack that saw millions upon millions of user records and company document leaked.

    The most damning revelation from the info released in the hack was that Ashley Madison had far fewer women on the site than we thought – far fewer.

    In fact, one analysis showed the the database contained just over 31 million men and 5.5 million women. But most of the latter accounts were inactive or worse, fake.

    “We are actively adjusting to the attack on our business and members’ privacy by criminals. We will continue to provide access to our unique platforms for our worldwide members, says Avid Life.”We are actively cooperating with international law enforcement in an effort to bring those responsible for the theft of proprietary member and business information to justice.”

    The company has put up a $377,000 reward for the capture of those responsible.

    Earlier this year, Ashley Madison was looking to go public in Europe.

  • Ashley Madison Hack Has Been Cleaned Up, Says Company

    Online dating site for married people Ashley Madison fell victim to a hack over the weekend, putting the personal information of over 37 million users in jeopardy.

    Now, the company says it has scrubbed all leaked info.

    “Using the Digital Millennium Copyright Act (DMCA), our team has now successfully removed the posts related to this incident as well as all Personally Identifiable Information (PII) about our users published online. We have always had the confidentiality of our customers’ information foremost in our minds and are pleased that the provisions included in the DMCA have been effective in addressing this matter,” says the company.

    According to security researcher Brian Krebs, who first reported the hack, those responsible laid out a manifesto for their actions, claiming that Ashley Madison mislead customers, and that was the impetus behind the hack:

    From Krebs:

    In a long manifesto posted alongside the stolen ALM data, The Impact Team said it decided to publish the information in response to alleged lies ALM told its customers about a service that allows members to completely erase their profile information for a $19 fee.

     

    According to the hackers, although the “full delete” feature that Ashley Madison advertises promises “removal of site usage history and personally identifiable information from the site,” users’ purchase details — including real name and address — aren’t actually scrubbed.

    “Too bad for those men, they’re cheating dirtbags and deserve no such discretion,” the hackers continued. “Too bad for ALM, you promised secrecy but didn’t deliver. We’ve got the complete set of profiles in our DB dumps, and we’ll release them soon if Ashley Madison stays online. And with over 37 million members, mostly from the US and Canada, a significant percentage of the population is about to have a very bad day, including many rich and powerful people,” they said.

    In a statement from Avid Life Media, Ashley Madison’s parent company confirmed the attack soon after Krebs’ report, saying,

    “We apologize for this unprovoked and criminal intrusion into our customers’ information. The current business world has proven to be one in which no company’s online assets are safe from cyber-vandalism, with Avid Life Media being only the latest among many companies to have been attacked, despite investing in the latest privacy and security technologies.”

    Earlier this year, dating site Adult Friend Finder was hacked, exposing more than three million users.

  • Dating Site Hack Exposes Users’ Sexual Preferences, Account Data

    Data breaches that reveal email address, usernames, passwords, and other account information are common and pretty serious in their own right – but when a hack reveals even more sensitive personal information it’s downright scary.

    According to a report from Channel4, a data breach has exposed nearly four million users of Adult FreindFinder, a dating website. you’ve probably seen its ads all over the internet.

    And alongside the usual account information, hackers reportedly leaked info like users’ sexual orientation and “which ones might be seeking extramarital affairs.”

    Yikes.

    “The stolen data reveals the sexual preferences of users, whether they’re gay or straight, and even indicates which ones might be seeking extramarital affairs. In addition, the hackers have revealed email addresses, usernames, dates of birth, postal codes and unique internet addresses of users’ computers,” reports Channel4.

    “Online crime experts believe the after the initial spam email campaign, hackers will now begin trawling through the data for potential blackmail targets. The spreadsheets contain addresses linked to dozens of government and armed services personnel, including members of the British Army.”

    Adult FriendFinder’s parent company confirmed the data breach in a statement to the BBC, but didn’t provide a lot of details:

    FriendFinder Networks Inc. has only just been made aware of this potential issue and understands and fully appreciates the seriousness of the issue,” the firm said in an emailed statement.

    We have already begun working closely with law enforcement and have launched a comprehensive investigation with the help of leading third-party forensics expert, Mandiant.

    Until the investigation is completed, it will be difficult to determine with certainty the full scope of the incident, but we will continue to work vigilantly to address this potential issue and will provide updates as we learn more from our investigation.

    We cannot speculate further about this issue, but rest assured, we pledge to take the appropriate steps needed to protect our customers if they are affected.

    There are reports that the hacker attempted to blackmail the site before publishing the data on the dark web. Apparently, Adult FriendFinder wasn’t too keen on that.

  • Starbucks: Bad Passwords, Not Hackers to Blame for App Thefts

    Starbucks: Bad Passwords, Not Hackers to Blame for App Thefts

    If you use the Starbucks app to pay for your morning coffee, you might want to check your bank account. And then strengthen your password.

    After reports emerged saying hackers had gained access to user accounts and used its app to siphon money away from unsuspecting customers, Starbucks has hit back, saying that these reports are false.

    Blogger Bob Sullivan first reported the issue, telling the stories of multiple victims. What these “hackers” are doing is accessing a Starbucks customer’s account, using the balance to buy a gift card, and waiting for the app to auto-load more money onto the card. This way, they can draw funds directly from someone’s bank account or PayPal account.

    From Bob Sullivan:

    Maria Nistri, 48, was a victim this week. Criminals stole the Orlando women’s $34.77 in value she had loaded onto her Starbucks app, then another $25 after it was auto-loaded into her card because her balance hit 0. Then, the criminals upped the ante, changing her auto reload amount to $75, and stealing that amount, too. All within 7 minutes.

    CNN confirmed that this was happening to other people:

    It happened to Jean Obando on the Saturday evening of December 7. He had just stopped by a Starbucks in Sugar Land, Texas and paid with his phone app. Then while driving on the highway, his phone chimed with a barrage of alerts. PayPal repeatedly notified him that his Starbucks card was being automatically reloaded with $50.

    Then came the email from Starbucks.

    “Your eGift Just Made Someone’s Day,” the email said. “It’s a great way to treat someone — whether it’s to say Happy Birthday, Thank you or just ‘this one’s on me.’”

    He got 10 more just like it — in just five minutes.

    Sounds bad. And it is. But according to Starbucks – this isn’t a hack. This is simply bad password practices.

    “Like all major retailers, the company has safeguards in place to constantly monitor for fraudulent activity and works closely with financial institutions. To protect the integrity of these security measures, Starbucks will not disclose specific details but can assure customers their security is incredibly important and all concerns related to customer security are taken seriously,” said Starbucks.

    “Occasionally, Starbucks receives reports from customers of unauthorized activity on their online account. This is primarily caused when criminals obtain reused names and passwords from other sites and attempt to apply that information to Starbucks. To protect their security, customers are encouraged to use different user names and passwords for different sites, especially those that keep financial information.”

    Starbucks is right in that your passwords do suck. But the company can do more to help prevent this sort of scheme (two-step authentication wouldn’t fix everything but could help). Also, Starbucks doesn’t have a perfect record when it comes to app security.

    Image via Starbucks

  • Florida Sheriff Charging Teen with ‘Hacking’: Change the Law If You’re Mad

    Sheriff Chris Nocco of the Pasco County, Florida, Sheriff’s office isn’t all that concerned that his department is being mocked across the country.

    Last week, we told you about the department’s decision to charge a 14-year-old hacker mastermind with a felony after he infiltrated his school’s network and put hundreds of lives in danger.

    And what I mean by that is he figured out the password by looking over a teacher’s shoulder, logged in, and set some softcore porn as a teacher’s desktop background.

    More context from our previous coverage:

    Hacker extraordinaire Domanik Green, 14, has been charged with offense against a computer system and unauthorized access after he “logged onto the school’s network on March 31 using an administrative-level password without permission. He then changed the background image on a teacher’s computer to one showing two men kissing.

    The sophisticated hack that allowed Green access to the impregnable system involved looking over a teacher’s shoulder and watching her type the password. It turned out to be the last name of a teacher at the school. Edward Snowden weeps.

    One of the main points of contention for authorities is that one of the computers Green ‘hacked’ contained FCAT questions on it. Green didn’t access or alter these files, however.

    “Even though some might say this is just a teenage prank, who knows what this teenager might have done,” Pasco County Sheriff Chris Nocco said.

    Thoughtcrimes leader and amateur future teller Chris Nocco is standing by his decision, despite ridicule from all corners of the internet.

    From the Tampa Bay Times:

    Nocco is sticking to his guns. Green was suspended from school for three days for similar activity back in October, and the sheriff said it was obvious he hadn’t learned his lesson.

    “I think, unfortunately, when the story’s being told in other (publications), they’re not talking about the fact that he committed this crime previously,” Nocco said Monday. “We enforce the law. And if we don’t enforce the law, nobody else will.”

    Also, he said, the crime with which Green is charged is deemed a felony by the state Legislature. If people want to change it, they can write lawmakers, he said.

    Write your congressperson, folks. Nothing we can do about it now. Change the law if you’re mad.

    People are mad, for sure. Here’s a sampling of posts currently sitting on the Pasco County Sheriff’s Facebook page:

    Felony charges because of what a 14 year old kid ‘might have done?’ Since when do we charge people based on the seriousness of crimes they ‘might’ commit. Your county sucks.

    What has become of our society when felony charges are given for a harmless prank? We don’t live in the realm of “what if”. “who knows what this teenager MIGHT have done” -Sheriff Chris Nocco. I sincerely hope that this gets laughed out of court.

    Missing children. Unsolved murders. And yet, you guys are arresting a kid for being a kid. Pigs

    This is why even us law abiding Americans hates the police.. You people should really be ashamed of yourselves.. I mean, how do you sleep at night? Oh.. come to think of it… I’ll bet you sleep quite well.

    I think it’s hilarious how you can charge a 8th grader with a felony and quite possibly ruin his life over a prank. When your own jackholes can just resign when they commit felonies. The double standards you have created in this country does not go over looked. You expect the public to show you respect and to trust you when you do the exact opposite. History will remember a ti.e in this country when our law enforcement were corrupt and could not be trusted. Shame on you.

    This kid is 14 and the sheriff wants him to have a felony conviction on his record for the rest of his life. Despicable.

    I’m embarrassed for you Chris.

    It’s probably unlikely the kid will see the inside of a courtroom – but the complications from this, and the legal bills likely to be incurred by his family – will not be inconsequential.

    Image via Pasco Sheriff’s Office, Facebook

  • Google Maps Exposes Snowden’s Snow Den Inside the White House

    One minute he’s in Russia – the next he’s set up shop inside The White House. This Edward Snowden sure is a character.

    If you check out the White House on Google Maps right now, you’ll see an interesting listing nestled between the Rose Garden and the Jacqueline Kennedy Garden. Tucked inside the front of the Presidential home is a shop called “Edwards Snow Den”.

    Is the NSA whistleblower hiding in plain sight?

    Edwards Snow Den, according to its Google+ page, is a snowboard shop located at 1600 Pennsylvania Ave NW, Washington, District of Columbia 20500. The phone number listed is for area code (206), which is Seattle, Washington.

    Ok, so what happened here?

    Someone pulled a prank, of course.

    Google told Marketing Land:

    Google says that a user gamed its system by altering a verified Google business description after it was live on Google Maps. It said the vast majority of edits are positive in nature but a few bad actors do get through. It said this listing has now been removed, though it’s still showing up for me, at the moment. No doubt it will disappear shortly.

    And it’s pretty easy to game the system and prank Google Maps, once you have a verified listing. Just a few steps over, in the West Wing, there’s a listing for an “CCross law firm” – a business which most certainly does not exists inside the White House.

    It’s clear that Google is taking steps to remove Edwards Snow Den from the premises. The shop is no longer verified and its comical reviews – things like “Top notch info on the cheap” and “I felt so exposed, 10/10 would NSA again – are gone. But as of right now, you can still see Edwards Snow Den inside the White House.

  • 14-Year-Old Hacker Mastermind Infiltrated School Network, Charged with Felony

    A Florida eighth-grader is facing felony charges after accessing his middle school’s computer network and changing a teacher’s background.

    Hacker extraordinaire Domanik Green, 14, has been charged with offense against a computer system and unauthorized access after he “logged onto the school’s network on March 31 using an administrative-level password without permission. He then changed the background image on a teacher’s computer to one showing two men kissing,” according to the Tampa Bay Times.

    The sophisticated hack that allowed Green access to the impregnable system involved looking over a teacher’s shoulder and watching her type the password. It turned out to be the last name of a teacher at the school. Edward Snowden weeps.

    One of the main points of contention for authorities is that one of the computers Green ‘hacked’ contained FCAT questions on it. Green didn’t access or alter these files, however.

    “Even though some might say this is just a teenage prank, who knows what this teenager might have done,” Pasco County Sheriff Chris Nocco said.

    And he’s right. He most certainly could’ve hacked the mainframe and accessed the terminal. There he could’ve swapped out the launch codes for Microsoft Paint pictures of penises.

    It’s a good thing Green was caught when he was, as he appears to be a serial offender. According to the Times, he was once part of a criminal enterprise that involved logging into school computers and snapping selfies with the webcams.

    “You have somebody that clearly doesn’t learn their lesson. You have somebody who had the ability and if they had the intent could mess around with the FCAT system,” Sheriff Nocco told WTSP.

    If Green beats this rap, word on the street is Anonymous is looking to recruit.

    Image via Thinkstock

  • Uber Denies Breach After User Info Goes Up for Sale

    Uber says that it has found no evidence of a security breach following reports that user data has popped up for sale on dark web sites.

    Motherboard reports that thousands of active Uber accounts are currently for sale on sites like AlphaBay market – some for as cheap as $1 and up for $5. Of course, having one’s Uber login credentials would give you access to their email address, phone number, home address, and travel history.

    Uber accounts also show partial credit card numbers. There’s also the possibility that people share their Uber login/password with other services.

    From Motherboard:

    Motherboard received a sample of names and passwords available and verified that at least some of the accounts were active by contacting those users. The data includes names, usernames, passwords, partial credit card data, and telephone numbers for Uber customers.

    Despite the report, Uber is claiming an investigation has yielded no evidence of any sort of security breach.

    “We investigated and found no evidence of a breach. Attempting to fraudulently access or sell accounts is illegal and we notified the authorities about this report. This is a good opportunity to remind people to use strong and unique usernames and passwords and to avoid reusing the same credentials across multiple sites and services,” said the company in a statement.

    This isn’t the first time Uber has been involved in a possible hack. The company admitted that up to 50,000 users may have been affected by a breach back in May. This also isn’t the first time Uber’s been under fire for possibly employing lax security practices.

    Uber recently reiterated its mission to make the service safer.

  • Target OKs $10M Settlement over Massive Data Breach

    Target OKs $10M Settlement over Massive Data Breach

    Target has agreed to pay $10 million to settle a class-action lawsuit brought by victims of the company’s 2013 data breach – a massive hack that exposed up to 70 million people.

    According to CBS News, the settlement has been OK’ed, but awaits final approval from a federal district court. The settlement is large enough to offer up to $10,000 to each individual victim – but as usual with this type of case, a lot will depend on how many injured parties wind up in the claim.

    “We are pleased to see the process moving forward and look forward to its resolution,” Target spokesperson Molly Snyder told CBS News.

    In December of 2013, Target announced an unknown intrusion into its systems, including payment card data. At the time, Target said that 40 million credit and debit cards had been impacted.

    A month later, the number of affected parties had risen to 70 million. The breach, which Target said was aided by foreign software installed on payment machines, affected customers who shopped at Target from November 27, 2013, to December 15, 2013.

    Talk about a Black Friday. The breach was so massive that it even became the focus of a congressional probe. In May of 2014, Target CEO Gregg Steinhafel stepped down.

    More recently, Target announced it would be restructuring – including making some jobs cuts at its corporate offices in Minneapolis.

    Image via Wikimedia Commons

  • Ramen Noodles Hacks: the Ultimate Frugal Food Reinvented

    Ramen Noodles may not be the most healthful thing to survive on when you’re in college — or otherwise strapped for cash — but they sure can be a real asset in a broke person’s portfolio.

    Ramen noodles were honored recently by none other than Google. More specifically, the inventor of Ramen instant noodles — Momofuku Ando — was the subject of a Google Doodle on the Google front page. It took Ando 48 years to “perfect” his instant Ramen recipe.

    But Momofuku Ando’s brainchild is the real star. Broke folks from points all over know that you can grab a whole case of Ramen — that’s 12 packs — for around $2.00, putting a lunch at less than 20¢. That’s surviving. And when you consider that you can get a variety of flavors at most stores that carry instant Ramen — including chick, beef, pork, and “Oriental flavor” — you can get a flavor rotation going and stand to eat Ramen multiple times in a week, or even in a day.

    Prep couldn’t be simpler for stock Ramen noodles. Open the pack; drop the block of noodles into a small pot and just cover with water; dump in the spice pack that came in the pack; bring to a boil; kill burner and wait about 2 minutes. Done. The whole thing takes maybe 5-6 minutes. College students not allowed hot plates can use a microwave. Failing that, dorm inhabitants have been making Ramen with a coffee pot for decades.

    But eventually the tolerance for straight-from-the-pack Ramen noodles runs out. That’s when you need a few simple add-ons to hack your Ramen back to a somewhat more interesting level.

    Here are a few of the best Ramen hacks, with a particular eye toward the cheap or even free. Find your own combinations or spins on these.

    Spices and condiments: Hang on to spice and condiment packs from restaurants, takeout, and food court islands. Hoard up on soy sauce, black or white pepper, pepper flakes, or even lemon and lime juices. Pizza joints are great for packs of pepper flakes, Parmesan cheese, and even some spice blends. Get ginger from sushi deli packs. Or go nuts and actually buy some stuff. Experiment with different flavor additions and combinations.

    Veggies: You can get frozen vegetables real cheap. Add some broccoli, snow peas, edamame, shredded carrot, and other veg you might like. Others don’t even need to be frozen. Baby spinach, green onions, and other leafy items can be wilted right in to your Ramen just before eating.

    Egg: Swirl in beaten raw egg, a la egg drop soup. Or just dump in some scrambled egg, or even top your bowl off with a boiled egg for a more authentic approach.

    Meat: Here’s a new level. Microwave up some leftover meat, chop it up, and dump it in. This could be anything from pieces of steak to leftover wings. Maybe Ramen noodles and soggy chicken nuggets is going too far, but you get the idea.

    Forget the flavor pack: Most of the above tips can be used with the provided Ramen flavor pack. But you can also set that thing aside altogether and just use the quick-cook noodles with your own spices and add-ins. Hang on to the pack to flavor rice, scrambled eggs, or your own fake Rice-a-Roni mix. You can also use them to sprinkle on buttered bread, toast it up, and have a garlic bread alternative (or addition).

    If you have access to a stove top and pan, pull the Ramen out of the water just a little early and stir-fry it with any of the above elements.

    So don’t despair over the limitations of that quarter-a-pack of unhealthy subsistence. You can hack it.

  • Three Men Charged in Biggest Email Data Breach in History

    Three Men Charged in Biggest Email Data Breach in History

    An unsealed indictment reveals that the US Justice Department has charged three men in what it is calling “one of the largest reported data breaches in US history. It is, in fact, that biggest email data breach ever.

    “These men — operating from Vietnam, the Netherlands, and Canada — are accused of carrying out the largest data breach of names and email addresses in the history of the Internet,” said Assistant Attorney General Caldwell. “The defendants allegedly made millions of dollars by stealing over a billion email addresses from email service providers. This case again demonstrates the resolve of the Department of Justice to bring accused cyber hackers from overseas to face justice in the United States.”

    The indictment alleges that between February 2009 and June 2012, two Vietnamese citizens hacked at least eight email service providers. This netted them access to over a billion email addresses, from which they stole personal information. Twenty eight-year-old Viet Quoc Nguyen and 25-year-old Giang Hoang Vu allegedly made millions spamming “tens of millions” of email users.

    “In August 2012, the FBI, with the assistance of its legal attaches stationed abroad and in conjunction with Dutch law enforcement officials, executed a search warrant in the Netherlands that disrupted continued compromises of those companies while allowing U.S. authorities to advance its investigation,” explains the FBI’s Special Agent in Charge J. Britt Johnson.

    Vu has already pleaded guilty to the charges. Nguyen is on the run. The third man in this specific indictment is Canadian David-Manuel Santos Da Silva, 33, who is accused of helping Nguyen and Vu launder their ill-gotten money. He’s currently sitting in jail awaiting trial.

    “This case reflects the cutting-edge problems posed by today’s cybercrime cases, where the hackers didn’t target just a single company; they infiltrated most of the country’s email distribution firms,” said Acting U.S. Attorney Horn. “And the scope of the intrusion is unnerving, in that the hackers didn’t stop after stealing the companies’ proprietary data—they then hijacked the companies’ own distribution platforms to send out bulk emails and reaped the profits from email traffic directed to specific websites.”

    “Our success in this case and other similar investigations is a result of our close work with our law enforcement partners,” said Special Agent in Charge Moore. “The Secret Service worked closely with the Department of Justice and the FBI to share information and resources that ultimately brought these cyber criminals to justice. This case demonstrates there is no such thing as anonymity for those engaging in data theft and fraudulent schemes.”

    Speaking of cyber crime, The US Government just created a brand new agency for organizing and disseminating information regarding cyber threats.

    Image via Thinkstock

  • Obama Creates New Cyber Intelligence Agency

    It’s official – the US has a new agency to help combat cyber attacks.

    Through a new memorandum, President Obama has established the Cyber Threat Intelligence Integration Center (CTIIC), a brand new agency tasked with centralizing and organizing intelligence related to cyber threats. The CTIIC was first announced earlier this month by Assistant to the President for Homeland Security and Counterterrorism Lisa Monaco.

    “Cyber threats are among the gravest national security dangers to the United States. Our citizens, our private sector, and our government are increasingly confronted by a range of actors attempting to do us harm through identity theft, cyber-enabled economic espionage, politically motivated cyber attacks, and other malicious activity,” says The White House. “As with our counterterrorism efforts, the United States Government is taking a “whole-of-government” approach to defend against and respond to these threats. In creating the CTIIC, the Administration is applying some of the hard-won lessons from our counterterrorism efforts to augment that “whole-of-government” approach by providing policymakers with a cross-agency view of foreign cyber threats, their severity, and potential attribution.”

    The CTIIC will not be an intelligence-gathering agency, instead it’ll act in a supporting role (hence the “integration”).

    “The CTIIC will not be an operational center,” says The White House. “It will not collect intelligence, manage incident response efforts, direct investigations, or replace other functions currently performed by existing departments, agencies, or government cyber centers. Instead, the CTIIC will support the National Cybersecurity and Communications Integration Center (NCCIC) in its network defense and incident response mission; the National Cyber Investigative Joint Task Force (NCIJTF) in its mission to coordinate, integrate, and share information related to domestic cyber threat investigations; and U.S. Cyber Command in its mission to defend the nation from significant attacks in cyberspace. The CTIIC will provide these entities, as well as other departments and agencies, with intelligence needed to carry out their cybersecurity missions.”

    The new agency will start off with a $35 million budget and about 50 people on staff, and will fall under the Office of the Director of National Intelligence.

    Image via dni.gov

  • Newsweek Twitter Account Hacked, Posts Obama Threats

    Newsweek is the latest major publication to fall victim to a Twitter hack. It appears that a group calling itself Cyber Caliphate took over the magazine’s account around 11am EST, and began tweeting out threats, supposed leaked documents, and general propaganda relating to Islamic terrorism.

    “#CyberCaliphate Bloody Valentine’s Day #MichelleObama! We’re watching you, you girls, and your husband,” read one tweet.

    The hackers also published a purported organizational chart from the DCITA, or the Defense Cyber Investigations Training Academy.

    Twitter shut this one down pretty fast, and the tweets have since been deleted. But Newsweek has yet to fully restore the page:

    Image via Twitter, CNBC screenshot

  • The US Is Getting a New Anti-Cyberattack Agency

    Today, Assistant to the President for Homeland Security and Counterterrorism Lisa Monaco will give a speech at the Wilson Center at an event on cyber threats. According to the Center, Monaco will “preview plans for preventing the most pernicious state and non-state digital intrusions and Administration efforts to provide early warning about cyber attacks.”

    And apparently, one way to prevent these sort of attacks, which are becoming more and more prevalent, is to create a new government agency devoted to the sharing of intelligence on cyberattacks.

    The Washington Post is reporting that Monaco will announce the creation of the Cyber Threat Intelligence Integration Center.

    “The cyberthreat is one of the greatest threats we face, and policymakers and operators will benefit from having a rapid source of intelligence,” Monaco told the Post. “It will help ensure that we have the same integrated, all-tools approach to the cyberthreat that we have developed to combat terrorism.”

    According to the Post, the new agency will start off with a $35 million budget and about 50 people on staff, and will fall under the Office of the Director of National Intelligence.

    The idea behind the creation of a specialized cyber threat agency is to make sure the government has a centralized place to share intelligence. Apparently, the Cyber Threat Intelligence Integration Center is “modeled after the National Counterterrorism Center, which was launched in the wake of the Sept. 11, 2001, attacks amid criticism that the government failed to share intelligence that could have unraveled the al-Qaeda plot.”

    The recent hack of Sony Pictures most likely had an impact on the decision to create the new agency. According to the FBI, there was enough evidence to suggest that North Korea was, at least in part, responsible for the attack.

    Image via dni.gov

  • Madonna Hacker Arrested: Israeli Man Allegedly Leaked Tracks from Upcoming Album

    Israeli police have confirmed that they have arrested a man in connection with several computer hacks and data leaks – the most notable of which involved Madonna.

    In December more than a dozen new tracks, many off Madonna’s upcoming album Rebel Heart, were leaked online. Madonna had a bit of a freakout on Instagram, calling the intrusion “artistic rape” and “a form of terrorism”. She later deleted those posts.

    According to the BBC, the unidentified man was found by private investigators. After they were able to find the culprit, he was turned over to police.

    “He is suspected of computer hacking, copyright violation and fraudulent receipt of goods,” a police spokesman told Reuters. “During the investigation it appeared the suspect had broken into the computers of a number of international artists, stole unreleased demos and final tracks and sold them over the internet.”

    Rebel Heart is due out on March 10.

    Rebel Heart explores two very distinct sides of my personality, the rebellious renegade side of me and the romantic side of me” says Madonna. The new album features collaborations with Nicki Minaj, Kanye West, Nas, Chance the Rapper and Mike Tyson.

    Madonna is expected to perform music from the new album live at the Grammys on February 8.

  • Florida Man Posts Stolen Nude Photos to Victim’s Mom’s Facebook Page

    Florida Man, the world’s worst superhero, is at it again. This time he’s engaging in some real top-shelf creepster activity, “hacking” Facebook accounts and posting nude photos to his victim’s mom’s wall.

    30-year-old Michael Rubens has been arrested on 31 counts, including hacking and stalking, for a series of attacks that spanned multiple victims.

    The Tallahassee Democrat details Rubens’ exploits, which are lengthy and sordid.

    One woman said the password to her Florida State University email account was hacked five times over a period of five months. The unknown person would then send emails to the woman’s sister and boyfriend asking for “sexy pictures,” court documents said.

    and …

    Authorities tracked down another victim who said her Facebook page was hacked and that the suspect posted a picture of one of her friends performing a sexual act. The detective found evidence that Rubens’ laptop and iPad had logged into the woman’s Facebook account, court documents said.

    But the weirdest of Rubens stunts involved another victim and her mom. Apparently, Rubens obtained a woman’s nude photos from her hacked email account and wound up posting some of them on her mother’s Facebook wall. Police say they found images of his handiwork – the nude images residing on the Facebook page.

    He also sent the victim’s nude photos to her mom’s friends, which he obtained via her email contacts.

    In other news, ‘123456’ is still the most common password.

  • Crayola Facebook Hacked, Company Apologizes for Non-Family-Friendly Posts

    Crayola has been forced to apologize after its Facebook page was compromised earlier this week. The hack resulted in a handful of not-quite-family-friendly posts and some not-quite-happy families.

    “Our sincere apologies to our Facebook community for the inappropriate and offensive posts you may have seen here today. Please be assured the official Crayola page has been restored. We can’t thank our fans enough for the feedback and support we received while working to resolve the issue … you truly are the best and we look forward to an exciting and creative 2015!” said Crayola in a Facebook post.

    So, what were the inappropriate and offensive posts? Here’s a few:

    Nothing that’s going to scar someone for life – but definitely not the kind of stuff a brand like Crayola wants to have on its page.

    Guard your social media accounts, folks. This goes double for brands.

    Image via Peter Ogburn, Twitter

  • Sharyl Attkisson Sues DOJ Over Alleged Hacking

    Former CBS News correspondent Sharyl Attkisson has made her accusations against the Obama administration official, as she has sued the Justice Department over the alleged hacking of her computers. According to a press release, Attkisson has filed administrative claims under the Federal Tort Claims Act against the Department of Justice, the U.S. Postal Service, and certain unnamed employees and/or agents of the federal government.

    In June of 2013, CBS confirmed that Attkisson’s computer had indeed been “accessed by an unauthorized, external, unknown party on multiple occasions late in 2012,” but was unable to identify a culprit.

    “While no malicious code was found, forensic analysis revealed an intruder had executed commands that appeared to involve search and exfiltration of data.This party also used sophisticated methods to remove all possible indications of unauthorized activity and alter system times to cause further confusion,” said CBS at the time.

    From the beginning, Attkisson hinted that she thought the federal government could be behind the hacks. The Justice Department has denied the accusations, saying,

    “To our knowledge, the Justice Department has never compromised Ms. Attkisson’s computers, or otherwise sought any information from or concerning any telephone, computer, or other media device she may own or use.”

    “The personal rights secured by our Constitution have a long and accepted history. At the very core of those rights is the right to be free in our own homes from unreasonable governmental intrusion. Although I would have much preferred to have resolved this efficiently with dialogue and disclosure, until the government is open, honest, and fully truthful with my family about what transpired, we have chosen to use the only means available to us as citizens to try and force full disclosure and honest answers to the many questions that have been raised during the investigation conducted to date,” said Attkisson.

    According to Politico, there have been some inconsistencies in Attkisson’s story. In a book, published after the hacks occurred, Attkisson claims to know the person(s) responsible for the attack.

    From Politico:

    Yet in an interview with Huffington Post Live … Attkisson said she didn’t know who was responsible: “The forensics says that there was a government tie to this… [that] doesn’t mean I know who was on the other end or was it an organization or was it a person, a rogue person, I don’t have the answer to those questions, I just know that there’s that government tie.”

    Media Matters flagged the inconsistencies in Attkisson’s explanation … Yet when reached by email, she told POLITICO she would not address the matter because Media Matters was an unreliable, partisan organization.

    Attkisson worked for CBS until March of 2014

  • ‘Team America: World Police’ Is Also Getting Yanked from Theaters

    According to several theaters which had planned to screen the 2004 comedy Team America: World Police in lieu of the film The Interview, Paramount has put the kibosh on the whole thing.

    Texas regional theater group Alamo Drafthouse made headlines earlier when they announced a screening of the Trey Parker/Matt Stone film this Christmas to replace a screening of the new Seth Rogen/James Franco comedy The Interview.

    As you probably know, Sony Pictures pulled the theatrical release of The Interview following vague, terroristic threats were made on any and all theaters showing the film. The group behind the threats were also responsible for the embarrassing hack that compromised thousand of Sony’s documents. It’s still unknown if North Korea has any part in this.

    The group is reportedly upset over the film’s content, which depicts the assassination of North Korean dictator Kim Jong-un. Team America also pokes fun at North Korea and its leader – only it’s Kim Jong-il.

    Here’s Alamo Drafthouse, alongside various other theaters, announcing the cancellations over Twitter. A few blame Paramount specifically.

    America? F-ck yeah?

    Image via YouTube