Defend Our Freedoms from the Absense of Privacy
Defend Our Freedoms From the Absense of Privacy

Brian Krebs on Cybersecurity, Crime, Identity Theft - Russia and Target Corp.

http://money.cnn.com/video/technology/2014/04/17/n-brian-krebs-cyber-security-crime-identity-theft-russia-target.cnnmoney/index.html

 

 

Heartbleed affects everyone on the Internet - Norton by Symantec



You’ve likely heard of Heartbleed over the past week. We wanted to share a bit about what it is, steps we have taken to protect our customers and steps you can take to protect yourself across the Web.

Some versions of Norton AntiVirus, Norton Internet Security and Norton 360 were impacted. On April 10th, we distributed updates to these impacted products to stop and block Heartbleed. Norton Accounts used to sign into Norton.com were not impacted. Please refer to our FAQ for more information on how we’re defending against this vulnerability.

Why Heartbleed affects everyone on the Internet

Heartbleed is a bug in some versions of OpenSSL, a set of software tools used widely across the Web for security. This bug may reveal your name, passwords and other private information.

If you visited a website that uses a vulnerable version of OpenSSL during the last two years, your personal information may be compromised. You can use this tool: http://safeweb.norton.com/heartbleed to check if a particular website is currently impacted.

How to protect yourself

Due of the complex nature of this vulnerability, changing your passwords before sites update their version of OpenSSL won’t fully protect you. Here are some simple steps you can take as a precaution:

Change your passwords on any website that contains sensitive information about you. You should first confirm that the site does not contain the Heartbleed vulnerability by using this tool.
If you’ve reused passwords on multiple sites, it’s especially important to change them. To change your Norton Account password, visit manage.norton.com and click Account Information.
Beware of phishing emails and type website addresses directly in your browser instead of clicking on a link through an email.
Monitor your bank and credit card accounts for unusual activity.

It may take an extended period of time for all the sites affected by Heartbleed to fix this vulnerability. To determine if a website is vulnerable to Heartbleed using this tool. We recommend you only exchange personal or sensitive information such as your credit card number if the site is not affected by Heartbleed.

You can learn more about Heartbleed and its impact to consumers by checking out our FAQ or by following the Norton Protection Blog.

Stay Safe Online

Norton

Subcommittee Field Hearing: Protecting Your Personal Data: How Law Enforcement Works With the Private Sector to Prevent Cybercrime




http://docs.house.gov/meetings/HM/HM08/20140416/102141/HHRG-113-HM08-Wstate-RhoadesM-20140416.pdf


 

Subcommittee on Cybersecurity, Infrastructure Protection, and Security Technologies | Paul Peck Alumni Center, Drexel University, 3142 Market Street Philadelphia , Pennsylvania 19104 | Apr 16, 2014 10:00am

Chairman Meehan, Ranking Member Clarke, members of the Committee: thank you for inviting me to appear today to discuss how the public and private sectors can work together to increase cybersecurity. Currently, I serve as the Director of the Cyberspace and Security Program at the Truman National Security Project and Center for National Policy.

Chairman Meehan, Ranking Member Clarke, members of the Committee: thank you for inviting me to appear today to discuss how the public and private sectors can work together to increase cybersecurity.

Currently, I serve as the Director of the Cyberspace and Security Program at the Truman National Security Project and Center for National Policy. Together, these two organizations represent more than thirteen hundred members with an expertise in numerous security issues--including cybersecurity--and a dedication to forging strong, smart, and principled national security policy for America.

The rapid development of information networks over the past thirty years has allowed individuals and nations to grow and prosper. Today, our small businesses are global enterprises--reaching markets and customers on the other side of the world with the click of a mouse. The Internet invigorates economic progress and helps people rise out of a cycle of poverty in the developing world.

These tools also enable the expansion of America's mutually supportive ideals: human rights, freedom, and opportunity. Using the Internet, democracy activists in nations ruled by oppressive regimes can organize to petition for their fundamental rights; vulnerable populations in conflict-ravaged areas can show the world the brutality of their own governments; and individuals can seek out new ideas to challenge their own beliefs.

New technologies are providing hope to millions by creating the conditions for innovation and human prosperity to flourish. Unfortunately, they are also being exploited by a variety of actors to further nefarious national, criminal, and ideological objectives.

Hacktivists -- or online demonstrators -- use information networks to target opponents and draw attention to a political cause. Terrorists use information networks to spread their propaganda and recruit others to help commit acts of violence. Criminal organizations use the Internet to steal from individuals and organizations all over the world and turn another's loss into their financial gain. Finally, nation states leverage these capabilities to spy on, steal from, and potentially attack their adversaries.

Frequently, these groups -- hacktivists, terrorists, criminal organizations, and nation states--also overlap, working together towards complimentary interests while utilizing the inherent anonymity of cyberspace to make attribution even more difficult.

With each new day, the number of actors with access to these tools increases and, as a result, so does the number of potential victims. Roughly 90% of the world's data has been generated in the last two years. n1 As more information is generated, confidentiality and privacy grow more vulnerable. Governments are losing once closely-held state secrets; companies are finding their intellectual property suddenly in the hands of competitors on the other side of the world; and individuals are losing control over their private information.

According to Symantec's "Internet Security Threat Report 2014," the number of breaches increased by 62% in 2013 with a total of over 552 million identities compromised. n2 Additionally, targeted attacks grew by 91% and are increasingly aimed at small businesses.

And as we are all aware, the recent, highly-publicized breach at Target--the second largest retailer in the United States--compromised personal information on 70 million customers by using software that may have cost less than $2,500 at an online marketplace. n4 Today, cyber criminals can use relatively easy-to-find software to make outsized gains.

The Target example shows that even the largest companies with vast resources are vulnerable. Frequently, they are unaware that a breach has even occurred. One security provider recently announced that in 2013 the median number of days attackers were present in a network prior to discovery was 229 days. That is actually 14 days less than the 2012 median.

In short, today's technologies provide an unprecedented opportunity for humans to reach their full potential while simultaneously increasing individual and collective security risks.

These are facts that the members of this Committee know well, and they are broader than the scope of this hearing. But they are worth mentioning in this context because in cyberspace, the difference between espionage, crime, and attack can be as simple as intent, or just a few keystrokes.

Gaining and maintaining access to a network are the most difficult phases of a cyber incident. Adversaries spend a great amount of time, energy, and resources to seek out and secure vulnerabilities that provide access. But once they are in the network, whether they spy, steal, or destroy is a matter of choice.

Furthermore, criminals are developing new tools that are more sophisticated and more intuitive than previous generations, and then selling them in online marketplaces. This reality is lowering the barriers to network entry and giving more malicious actors the capability to threaten critical systems, in both the private and public sectors.

Cyber crime, therefore, is linked to national security and the protection of private information. All of the actors using cyberspace for illegitimate means need vulnerabilities to exploit, and no single entity--whether government or business--can secure a domain that extends beyond traditional geographic boundaries. In cyberspace, one weak link can compromise the security of the entire system. Cybersecurity is a shared responsibility.

To ensure our Nation is safe, the government must coordinate the protection of our country's most critical assets against sophisticated, destructive attacks while law enforcement agencies impose the criminal laws of the United States in the cyber domain. Through the development of new tools and the continued maturation of the National Cybersecurity and Communications Integration Center (NCCIC), the Department of Homeland Security (DHS) is addressing this responsibility.

But more can be done. For example, the effectiveness of the NCCIC is directly tied to the level of participation by other Federal Agencies. Yet, those agencies are not currently required to share information with DHS. If we are going to task DHS with the responsibility for leading the protection of federal civilian agencies, then we must give them the authorities required to be successful.

Governments must also find ways to cooperate with one another on investigations. Cyber crimes are often intentionally routed through multiple countries, particularly those who provide sanctuaries against international investigations. When an investigation leads to a new jurisdiction, the investigators are suddenly at the mercy of another government. More must be done in the international arena to build the capacity of nations that do not want to be criminal sanctuaries and to discourage others that are complicit in criminal activities originating in their territory.

Private companies must do their part as well. Most of this country's critical infrastructure is privately owned and operated, but market forces alone have yet to incentivize broad scale use of cyber risk management strategies. Many companies are working to protect their networks, but too many are not doing enough. And in sectors where there is no choice in the consumer market--where a public good is being provided by a private actor--the government should play a larger role in ensuring the security of critical networks.

Additionally, many companies are collecting, storing, and analyzing information on U.S. citizens. This information deciphers everything from our travel habits to our personal interests. Securing our most important networks and protecting our personal information requires the private sector to take better responsibility for their own security.

Finally, individuals have to take responsibility for our online behavior as well. Although there are sophisticated hackers at work, most compromises take advantage of existing vulnerabilities that have not been patched but could have been. The more hardened a target becomes, the more likely a hacker will look for a less secure, peripheral target as a means to get in. This is likely the reason that targeted attacks are increasingly focused on small businesses. We must contribute to a culture of security that is respectful of the rights of others, while contributing to the security of the whole system.

Universities across the country, including Drexel University here in Philadelphia, are developing educational programs to ensure the next generation is prepared to combat cybersecurity threats. These are important initiatives that warrant support. However, it will take a generation for them to fully bear fruit. More also needs to be done to make today's users aware of the risks associated with their online behavior.

Getting this model of collaborative security correct is dependent upon trust. Governments and private entities must work together to mitigate threats. Both, however, are collecting vast quantities of information on individuals. The more information they store in their databases, the more attractive those databases become to criminals. What they share and how they share has serious privacy and civil liberties consequences for individual consumers.

While information sharing programs do not offer a cybersecurity panacea, they can contribute to collective security by creating a fuller picture of the threat landscape. That said, there is a right way to share information and a wrong way to share information. All irrelevant personally identifiable information should be removed before the information is given to the federal government or another private actor. Information coming into the federal government should have previously defined acceptable uses and be given to a civilian agency. And those who participate in the program and exhibit negligent behavior should be held responsible. Getting this right matters: the way we build our domestic programs will have privacy and civil liberties consequences for Americans and for human rights activists and dissidents overseas.

The reality is that given enough time, resources, sophistication, and motivation, an attacker will gain access to a network. And as people become more dependent upon technology, the opportunities for crime, espionage, and physical disruption will only increase. But with collaboration built upon trust, I believe we can reduce our vulnerabilities. By implementing commonly held best practices, we can protect the great majority of our networks, secure our personal information, and allow our security agencies to focus on preventing sophisticated attacks against our most critical networks. And, in the end, we can more fully realize the potential of new technologies to expand freedom and opportunity at home and abroad.

Thank you for the opportunity to join you today, I look forward to answering any of your questions.

Man Involved with Major Cybercrime Group to Be Extradited to US or Russia



http://news.softpedia.com/news/Man-Involved-with-Major-Cybercrime-Group-to-Be-Extradited-to-US-or-Russia-Bloomberg-438379.shtml
Man Involved with Major Cybercrime Group to Be Extradited to US or Russia

Excerpt:

Vladimir Drinkman, a Russian national accused of being part of a major cybercriminal ring, could be extradited to either Russia or the United States.

According to Bloomberg, Drinkman was arrested in the Netherlands in June 2012. Both Russia and the United States have filed extradition requests.

Earlier this week, a Rotterdam court ruled that both requests were admissible. The final decision lies in the hands of the Dutch minister of justice, who will decide which country Drinkman will be extradited to.

In the case of the United States, it’s clear why the government wants him. Drinkman, 33, was indicted in the US in July 2013 along with four others suspected of being involved in one of the largest data thefts in history. On the other hand, it’s uncertain why Russia wants the alleged hacker.

The group is said to have stolen financial information from a large number of major organizations, including Nasdaq, 7-Eleven, Carrefour, JCP, Hannaford, Heartland, Wet Seal, Commidea, Dexia, JetBlue, Dow Jones, Euronet, Visa Jordan, Global Payment, Diners Singapore, and Ingenicard.

A few days ago, it came to light that the same group might also be responsible for the attack on Neiman Marcus.

(snip)

Read full coverage by @EduardKovacs at Softpedia.com 

U.S. Agent Lures Romanian Hackers in Subway Data Heist


Wow!  Must read interview with U.S. Secret Service Agent Matt O’Neill by Bloomberg.com!  Too much good stuff to excerpt.


http://www.bloomberg.com/news/2014-04-17/u-s-agent-lures-romanian-hackers-in-subway-data-heist.html
U.S. Agent Lures Romanian Hackers in Subway Data Heist

The ONE Lifeboat Deloyed....



Was the CAPTAIN'S!!!!!?????????

http://abcnews.go.com/International/deeply-ashamed-ferry-captain-abandon-ship/story?id=23357650
'Deeply Ashamed' Ferry Captain Among First to Abandon Ship


Excerpt:

The captain of a ferry that sank off the coast of South Korea Wednesday, leaving nearly 300 people missing, is under investigation as a possible criminal and was one of the first people to escape the doomed vessel, Coast Guard officials said.

Lee Joon-seok, 69, left the ferry on a lifeboat 32 minutes after reporting an accident, officials said.

(snip)


http://www.cnn.com/2014/04/17/world/asia/south-korea-ship-sinking/
South Korea ferry sinking: 'I am sorry,' captain says as 287 still missing

Excerpt:

 There were 46 lifeboats attached to the South Korean ferry that sank in frigid waters, but only one lifeboat was deployed, CNN affiliate YTN reported Thursday.

(snip)


Illegals Program




http://en.wikipedia.org/wiki/Illegals_Program
Wikipedia Overview of Illegals Program

The Illegals Program, as it was called by the United States Department of Justice, was a network of Russian sleeper agents under non-official cover whose investigation by the Federal Bureau of Investigation (FBI) culminated in the arrest of ten agents and a prisoner swap between Russia and the United States on July 9, 2010.

The spies were planted in the United States by the Russian Foreign Intelligence Service (known by its Russian abbreviation, SVR). Posing as ordinary American citizens, they tried to build contacts with academics, industrialists, and policymakers to gain access to intelligence. They were the target of a multi-year investigation by the U.S. Federal Bureau of Investigation. The FBI investigation, called Operation Ghost Stories, culminated at the end of June 2010 with the arrest of ten individuals in the U.S. and an eleventh suspect in Cyprus. Ten sleeper agents were charged with "carrying out long-term, 'deep-cover' assignments in the United States on behalf of the Russian Federation."[1][2][3]

The suspect arrested in Cyprus skipped bail the day after his arrest.[4] A twelfth person, a Russian national who worked for Microsoft, was also apprehended about the same time and deported on July 13, 2010.[5] The Moscow legal court documents made public on June 27, 2011 revealed that another two Russian agents managed to flee the U.S. without being arrested.[6]

Ten of the agents were flown on July 9, 2010, to Vienna soon after pleading guilty to charges of failing to register as a representative of a foreign government. The same day, the agents were exchanged for four Russian nationals, three of whom were convicted and imprisoned by Russia on espionage (high treason) charges.[7]

On October 31, 2011, the FBI publicly released several dozen still images, clips from surveillance video, and documents related to its investigation in response to Freedom of Information Act requests.[1][8]

Read full overview at Wikipedia


Image created from Wikipedia Illegals Program page
 

 

 

London teen charged in Heartbleed breach of taxpayer data



http://www.lfpress.com/2014/04/16/london-teen-charged-in-heartbleed-breach-of-taxpayer-data
London teen charged in Heartbleed breach of taxpayer data

Excerpt:

A 19-year-old London, Ontario computer science student has been charged with using the destructive Heartbleed bug to swipe Canadian taxpayer data.

Stephen Arthuro Solis-Reyes was arrested Tuesday and faces a charge of unauthorized use of a computer and one count of mischief, the RCMP said Wednesday.

Solis-Reyes’ home was searched and his computer seized, the Mounties said.

He’s to appear in an Ottawa court July 17.


(snip)

M&M Hair Academy in west London is Awesome! Mocks Kim Jong-un

If I'm ever in London, I will definitely support Mo Nabbach's business, M&M Hair Academy!!

http://fashion.telegraph.co.uk/videos/TMG10769616/Hair-advert-mocking-Kim-Jong-un-upsets-North-Korean-officials.html
Hair advert mocking Kim Jong-un upsets North Korean officials

A West London barber's poster poking fun at the North Korean dictator's hairstyle upsets country's officials

Excerpt:

A London salon received a visit from North Korean officials after it mocked their leader's unusual hairstyle.

Staff at M&M Hair Academy in South Ealing, west London, put up a poster with "Bad Hair Day?" emblazoned across a picture of Kim Jong-un, with details of a special offer on men's haircuts in April.

The dictator sports a striking hairdo which is shaved around the sides and longer on top.

Barber Karim Nabbach, 26, said that salon manager Mo Nabbach was confronted by two men claiming to be officials from the country, demanding to know his name.

(snip)

Read full story at:   telegraph.co.uk

Boston Strong!


At your side!

From 9/11 Strong!


Any contributions welcomed and needed

Excellent Quote

Protecting a person’s privacy is also as critical to one’s safety, dignity and identity as is protecting a person’s property. With no privacy, one is de-humanized like an animal in a zoo and much more susceptible to the control of others. Scott Cleland, 01/24/2013

President Obama, Defender of Privacy!

Try the MP3 Cloud Player

Category Archives

Tag Cloud

Subscribe