Rilek1Corner

Tag: cyber security

  • WikiLeaks Claims Publication Of Secret CIA Hacking Tools

    WikiLeaks Claims Publication Of Secret CIA Hacking Tools

    Anti-secrecy group WikiLeaks on Tuesday (March 7) said it had obtained a secret trove of hacking tools used by the CIA to break into or circumvent the security of phones, communication apps and other devices, and published confidential documents describing those programmes.

    Among the most noteworthy WikiLeaks claims are that the Central Intelligence Agency, in partnership with other US and foreign agencies, has been able to bypass the encryption on popular messaging apps such as WhatsApp, Telegram and Signal, by hacking phones that use Google Inc’s Android platform to collect audio and message traffic before encryption is applied.

    Reuters could not immediately verify the contents of the published documents, but several contractors and private cyber security experts said the materials, dated between 2013 and 2016, appeared to be legitimate.

    The information in what WikiLeaks said were 7,818 web pages with 943 attachments appears to represent the latest in a string of breaches in recent years of classified material from US intelligence agencies.  Experts differed over how much the disclosures will damage US cyber espionage.

    Many said that, while harmful, they do not compare to former National Security Agency contractor Edward Snowden’s revelations in 2013 of intrusive NSA surveillance.

    Stuart McClure, CEO of Cylance, an Irvine, California, cyber security firm, said that one of the most significant disclosures shows how CIA hackers cover their tracks by leaving trails suggesting they are from Russia, China and Iran rather than the United States.

    Other revelations show how the CIA took advantage of vulnerabilities that are known, if not widely publicised.

    In one case, the documents say, U.S. and British personnel, under a programme known as Weeping Angel, developed ways to take over a Samsung smart television, making it appear it was off when in fact it was recording conversations in the room.

    “You thought your technology was safe. It’s never been safe,” said James Lewis, cybersecurity expert at the Center for Strategic and International Studies think tank.

    The CIA and White House declined comment.

    “We do not comment on the authenticity or content of purported intelligence documents,” CIA spokesman Jonathan Liu said in a statement.

    Google declined to comment on the reported hacking of its Android platform, but said it was investigating the matter.

    Snowden on Twitter said the files amount to the first public evidence that the US government secretly buys software to exploit technology, referring to a table published by WikiLeaks that appeared to list various Apple iOS flaws purchased by the CIA and other intelligence agencies.

    An Apple Inc spokesman could not immediately be reached for comment.

    The documents refer to means for accessing phones directly in order to catch messages before they are protected by end-to-end encryption tools like Signal.  Signal inventor Moxie Marlinspike said he took that as“confirmation that what we’re doing is working.”

    Signal and the like are “pushing intelligence agencies from a world of undetectable mass surveillance to a world where they have to use expensive, high-risk, extremely targeted attacks.”

    CIA CYBER PROGRAMMES

    The CIA in recent years underwent a restructuring to focus more on cyber warfare to keep pace with the increasing digital sophistication of foreign adversaries. The spy agency is prohibited by law from collecting intelligence that details domestic activities of Americans and is generally restricted in how it may gather any US data for counterintelligence purposes.

    The documents published on Tuesday appeared to supply specific details to what has been long-known in the abstract: US intelligence agencies, like their allies and adversaries, are constantly working to discover and exploit flaws in any manner of technology products.

    Unlike the Snowden leaks, which revealed the NSA was secretly collecting details of telephone calls by ordinary Americans, the new WikiLeaks material did not appear to contain material that would fundamentally change what is publicly known about cyber espionage.

    WikiLeaks, led by Julian Assange, said its publication of the documents on the hacking tools was the first in a series of releases drawing from a data set that includes several hundred million lines of code and includes the CIA’s “entire hacking capacity.”

    The documents do not include actual computer code needed to conduct the cyber exploits they describe.

    WikiLeaks said it published the CIA documents “while avoiding the distribution of ‘armed’ cyber weapons until a consensus emerges on the technical and political nature of the CIA’s programme and how such ‘weapons’ should be analysed, disarmed and published.”

    US intelligence agencies have said that Wikileaks has ties to Russia’s security services.

    During the 2016 US presidential campaign, Wikileaks published internal emails of top Democratic Party officials, which the agencies said were hacked by Moscow as part of a coordinated influence campaign to help Donald Trump win the presidency.  WikiLeaks has denied ties to Russian spy agencies.

    US officials, speaking on condition of anonymity, said they did not know where WikiLeaks might have obtained the material.

    In a press release, the group said, “The archive appears to have been circulated among former US government hackers and contractors in an unauthorised manner, one of whom has provided WikiLeaks with portions of the archive.”

    US intelligence agencies have suffered a series of major security breaches, including Snowden’s.

    In 2010, US military intelligence analyst Chelsea Manning provided more than 700,000 documents, videos, diplomatic cables and battlefield accounts to Wikileaks. President Barack Obama shortened her prison sentence in January.

    Last month, former NSA contractor Harold Thomas Martin was indicted on charges of taking highly sensitive government materials over a course of 20 years, storing the trove of secrets in his home.

    A longtime intelligence contractor with expertise in US hacking tools said that people in the CIA and the NSA were “furious” about the apparent new breach.

    “This is not a Snowden-type situation,” he said. “This was taken over a long term and handed over to WikiLeaks.”

     

    Source: ST

  • Singtel Acquired US-Based IT Security Firm, Trustwave for US$810 Million

    Singtel Acquired US-Based IT Security Firm, Trustwave for US$810 Million

    Singapore telco Singtel has acquired US-based information security firm Trustwave for US$810 million in its bid to strengthen its cyber security capabilities globally.

    In a news release on Wednesday (Apr 8), Singtel said it will own a 98 per cent stake, while Trustwave chairman and CEO Robert J McCullen will hold the balance 2 per cent equity interest.

    Following the acquisition, Trustwave is set to continue operating as a standalone business unit, while leveraging Singtel Group’s assets and marketing presence to broaden its portfolio in the Asia Pacific region.

    The acquisition will expand the telco’s existing portfolio of cloud-based solutions, said Singtel, adding that it will leverage Trustwave to meet the demand for managed security services in North America and the Asia Pacific region.

    The enterprise value of Trustwave is US$850 million, and the transaction is expected to be EBITDA positive from the second year of acquisition, said Singtel.

    Singtel added that the transaction is subject to approval from regulatory authorities and other third parties, and is expected to be completed in three to six months.

     

    Source: www.channelnewsasia.com

  • Personal And Banking Information of 240 Nanyang Polytechnic Alumni Leaked Online After Hack

    Personal And Banking Information of 240 Nanyang Polytechnic Alumni Leaked Online After Hack

    The personal and bank information of 240 Nanyang Polytechnic alumni has been stolen and leaked online.

    Chinese evening daily Lianhe Wanbao reported on Monday that one of the alumni affected, Mr Ho, was informed of the security breach last week through a letter from the school.

    The letter says that there was “unauthorised access” into the polytechnic’s computer system. According to the letter, names and bank account numbers linked to GIRO payments were copied. It also says that the school has managed to delete the information from the website that carried the leaked information. It is not known which website it was.

    Mr Ho is wary although he thinks that nothing can be done using the information stolen.

    “If they have the ability to steal these information, they may have the ability to steal even more. The information they released may not be all the information they have,” Mr Ho was quoted as saying.

    The hackers retrieved information of those who were enrolled between 1994 and 1999, Wanbao reported. The school advised the affected parties to check with the bank on any aunthorised transaction.

    Nanyang Polytechnic has reported the matter to the police. In the letter, the school wrote that it takes the matter “very seriously”.

    “We are conducting a thorough internal investigation and are also working with a leading third party forensics firm to conduct an independent investigation into this matter so as to strengthen our processes and systems,” it added.

     

    Source: www.straitstimes.com