Category Archives: hacking

Apple iPhone unlocking manoeuvre likely to remain secret

Reuters reports: The company that helped the FBI unlock a San Bernardino shooter’s iPhone to get data has sole legal ownership of the method, making it highly unlikely the technique will be disclosed by the government to Apple or any other entity, Obama administration sources said this week.

The White House has a procedure for reviewing technology security flaws and deciding which ones should be made public. But it is not set up to handle or reveal flaws that are discovered and owned by private companies, the sources said, raising questions about the effectiveness of the so-called Vulnerabilities Equities Process.

The secretive process was created to let various government interests debate about what should be done with a given technology flaw, rather than leaving it to agencies like the National Security Agency, which generally prefers to keep vulnerabilities secret so they can use them. [Continue reading…]

Facebooktwittermail

FBI paid professional hackers one-time fee to crack San Bernardino iPhone

The Washington Post reports: The FBI cracked a San Bernardino terrorist’s phone with the help of professional hackers who discovered and brought to the bureau at least one previously unknown software flaw, according to people familiar with the matter.

The new information was then used to create a piece of hardware that helped the FBI to crack the iPhone’s four-digit personal identification number without triggering a security feature that would have erased all the data, the individuals said.

The researchers, who typically keep a low profile, specialize in hunting for vulnerabilities in software and then in some cases selling them to the U.S. government. They were paid a one-time flat fee for the solution. [Continue reading…]

Facebooktwittermail

British authorities demand encryption keys in case with ‘huge implications’

encryption

The Intercept reports: British authorities are attempting to force a man accused of hacking the U.S. government to hand over his encryption keys in a case that campaigners believe could have ramifications for journalists and activists.

England-based Lauri Love was arrested in October 2013 by the U.K.’s equivalent of the FBI, the National Crime Agency, over allegations that he hacked a range of U.S. government systems between 2012 and 2013, including those of the Department of Defense, the Environmental Protection Agency, the Department of Energy, and NASA.

The U.S. Justice Department is seeking the extradition of Love, claiming that he and a group of conspirators breached “thousands of networks” in total and caused millions of dollars in damages. But Love has been fighting the extradition attempt in British courts, insisting that he should be tried for the alleged offenses within the U.K. The 31-year-old, who has been diagnosed with Asperger’s syndrome, has argued that he would not get a fair trial in the U.S., where his legal team says he could face a sentence of up to 99 years in jail. [Continue reading…]

Facebooktwittermail

How to hack an election

Bloomberg Businessweek reports on the confessions of Andrés Sepúlveda, a political hacker who rigged elections throughout Latin America for almost a decade: His teams worked on presidential elections in Nicaragua, Panama, Honduras, El Salvador, Colombia, Mexico, Costa Rica, Guatemala, and Venezuela. Campaigns mentioned in this story were contacted through former and current spokespeople; none but Mexico’s PRI and the campaign of Guatemala’s National Advancement Party would comment.

As a child, he witnessed the violence of Colombia’s Marxist guerrillas. As an adult, he allied with a right wing emerging across Latin America. He believed his hacking was no more diabolical than the tactics of those he opposed, such as Hugo Chávez and Daniel Ortega.

Many of Sepúlveda’s efforts were unsuccessful, but he has enough wins that he might be able to claim as much influence over the political direction of modern Latin America as anyone in the 21st century. “My job was to do actions of dirty war and psychological operations, black propaganda, rumors — the whole dark side of politics that nobody knows exists but everyone can see,” he says in Spanish, while sitting at a small plastic table in an outdoor courtyard deep within the heavily fortified offices of Colombia’s attorney general’s office. He’s serving 10 years in prison for charges including use of malicious software, conspiracy to commit crime, violation of personal data, and espionage, related to hacking during Colombia’s 2014 presidential election. He has agreed to tell his full story for the first time, hoping to convince the public that he’s rehabilitated — and gather support for a reduced sentence.

Usually, he says, he was on the payroll of Juan José Rendón, a Miami-based political consultant who’s been called the Karl Rove of Latin America. Rendón denies using Sepúlveda for anything illegal, and categorically disputes the account Sepúlveda gave Bloomberg Businessweek of their relationship, but admits knowing him and using him to do website design. “If I talked to him maybe once or twice, it was in a group session about that, about the Web,” he says. “I don’t do illegal stuff at all. There is negative campaigning. They don’t like it — OK. But if it’s legal, I’m gonna do it. I’m not a saint, but I’m not a criminal.” While Sepúlveda’s policy was to destroy all data at the completion of a job, he left some documents with members of his hacking teams and other trusted third parties as a secret “insurance policy.”

Sepúlveda provided Bloomberg Businessweek with what he says are e-mails showing conversations between him, Rendón, and Rendón’s consulting firm concerning hacking and the progress of campaign-related cyber attacks. Rendón says the e-mails are fake. An analysis by an independent computer security firm said a sample of the e-mails they examined appeared authentic. Some of Sepúlveda’s descriptions of his actions match published accounts of events during various election campaigns, but other details couldn’t be independently verified. One person working on the campaign in Mexico, who asked not to be identified out of fear for his safety, substantially confirmed Sepúlveda’s accounts of his and Rendón’s roles in that election.

Sepúlveda says he was offered several political jobs in Spain, which he says he turned down because he was too busy. On the question of whether the U.S. presidential campaign is being tampered with, he is unequivocal. “I’m 100 percent sure it is,” he says. [Continue reading…]

Facebooktwittermail

FBI backs off from its day in court with Apple this time – but there will be others

By Martin Kleppmann, University of Cambridge

After a very public stand-off over an encrypted terrorist’s smartphone, the FBI has backed down in its court case against Apple, stating that an “outside party” – rumoured to be an Israeli mobile forensics company – has found a way of accessing the data on the phone.

The exact method is not known. Forensics experts have speculated that it involves tricking the hardware into not recording how many passcode combinations have been tried, which would allow all 10,000 possible four-digit passcodes to be tried within a fairly short time. This technique would apply to the iPhone 5C in question, but not newer models, which have stronger hardware protection through the so-called secure enclave, a chip that performs security-critical operations in hardware. The FBI has denied that the technique involves copying storage chips.

So while the details of the technique remain classified, it’s reasonable to assume that any security technology can be broken given sufficient resources. In fact, the technology industry’s dirty secret is that most products are frighteningly insecure.

Continue reading

Facebooktwittermail

FBI signed $15 million contract with Apple vendor, Cellebrite; parent company’s stock soars

Fortune reports: The U.S. government’s announcement Monday that it hacked into the San Bernardino terrorist’s iPhone ended the FBI’s legal feud with Apple. But while many observers thought the incident left both the FBI and Apple looking foolish, there does appear to be a winner emerging from the case.

Shares of Suncorp, a Japanese technology company traded on the Tokyo stock exchange (ticker: 6736), soared 17% on Tuesday following the government’s court declaration that it “successfully accessed the data stored on [Syed] Farook’s iPhone.” In all, Suncorp’s shares have more than doubled in the six weeks since February 16, when Apple published its letter refusing to help the FBI.

Suncorp, which specializes in mobile data transfer as well as equipment for a popular Japanese pinball-like game called pachinko, owns Cellebrite, the Israel-based company that reportedly helped the FBI crack the iPhone.

Apple’s stock, meanwhile, was up just about 2% Tuesday afternoon, despite the fact that it is now free of legal expenses relating to the FBI case as well as the technological burden the government tried to impose.

Suncorp’s shares started rising last month, and really took off after the government said last Wednesday that an “outside party” had demonstrated “a possible method for unlocking” the iPhone. An Israeli newspaper quickly identified the unnamed company as Cellebrite, a government contractor that makes a mobile forensic device for extracting and decoding data from smartphones and tablets. Since then, Suncorp’s stock has risen nearly 40%, while Japan’s Nikkei 225 stock market index has been basically flat, and fell slightly on Tuesday.

The odd thing about the company’s dramatic stock rise is that neither the FBI nor Suncorp has confirmed the company was involved in unlocking the phone. In fact, the FBI has said very little so far about how it might have cracked the iPhone. [Continue reading…]

The Daily Beast reports: The FBI has said practically nothing about the “tool” that helped the FBI get inside the phone, as a U.S. law enforcement official called it in a hastily arranged press conference on Monday evening. Nor would the official say whether investigators might use it again on the dozen or so other iPhones the FBI is reportedly trying to gain access to, or whether the bureau would share the tool with local law enforcement agencies, who are believed to have hundreds of phones just waiting to be cracked.

“I think the best answer I can give you is it’s premature to say anything about our ability to access other phones,” said the official, who discussed the case with reporters on condition of anonymity and said almost nothing about where the FBI will go from here.

But he didn’t have to. Comey’s earlier remarks, coupled with the government’s decision to drop the warrant request, sent a message to other tech companies: Work with us, or don’t. We’ll get what we need without you.

Notably, the U.S. official didn’t say whether the FBI would disclose its newfound technique to Apple, which has a vested interest in protecting the security and privacy of its customers. But Cellebrite, an Israeli company, has been identified in some news accounts as the company that came to the FBI’s rescue. It signed a contract with the bureau worth more than $15 million last week.

In other words: The American government may have used foreign hackers to crack the signature product of America’s top technology company.

But it’s hard to imagine Apple didn’t have some idea what was coming. One of Cellebrite’s other clients is Apple itself. [Continue reading…]

Facebooktwittermail

Can a bunch of hackers really take on ISIS?

writes: For John Chase, the breaking point came on Jan. 7, when al Qaeda-linked militants gunned down 12 people at the Paris office of Charlie Hebdo. Subsequent attacks by a gunman affiliated with the Islamic State would take five more lives. Watching triumphant jihadi messages bounce across Twitter, the 25-year-old Boston native was incensed. They needed to be stopped.

Although Chase’s formal education ended with high school, computers were second nature to him. He had begun fiddling with code at the age of 7 and freelanced as a web designer and social media strategist. He now turned these skills to fighting the Islamic State, also known as ISIS. Centralizing other hacktivists’ efforts, he compiled a database of 26,000 Islamic State-linked Twitter accounts. He helped build a website to host the list in public view and took steps to immunize it against hacking counterattacks by Islamic State sympathizers. He even assumed an appropriately hacker-sounding nom de guerre, “XRSone,” and engaged any reporter who would listen. In doing so, Chase briefly became an unofficial spokesman for #OpISIS — and part of one of the strangest conflicts of the 21st century.

For more than a year, a ragtag collection of casual volunteers, seasoned coders, and professional trolls has waged an online war against the Islamic State and its virtual supporters. Many in this anti-Islamic State army identify with the infamous hacking collective Anonymous. They are based around the world and hail from every walk of life. They have virtually nothing in common except a passion for computers and a feeling that, with its torrent of viral-engineered propaganda and concerted online recruiting, the Islamic State has trespassed in their domain. The hacktivists have vowed to fight back.

The effort has ebbed and flowed, but the past nine months have seen a significant increase in both the frequency and visibility of online attacks against the Islamic State. To date, hacktivists claim to have dismantled some 149 Islamic State-linked websites and flagged roughly 101,000 Twitter accounts and 5,900 propaganda videos. At the same time, this casual association of volunteers has morphed into a new sort of organization, postured to combat the Islamic State in both the Twitter “town square” and the bowels of the deep web.

Chase, who has since shifted his focus to other pursuits, boasts a story typical of those volunteers who work to track and counteract the Islamic State’s online propaganda apparatus. Few of these hacktivists are hood-wearing, network-cracking, Internet savants. Instead, they are part-time hobbyists, possessed of a strong sense of justice and a disdain for fundamentalists of all stripes. Many, but not all, are young people — some are more seasoned, former military or security specialists pursuing a second calling. The oldest is 50. These hacktivists speak of a desire to “do something” in the fight against the Islamic State, even if that “something” may sometimes just amount to running suspicious Twitter accounts through Google Translate.

This is something new. Anonymous arose from the primordial, and often profane, underground web forums to cause mischief, not to take sides in real wars. The group gained notoriety for its random, militantly apolitical, increasingly organized hacking attacks during the mid-2000s. Its first “political” operation was an Internet crusade against the Church of Scientology following its suppression of a really embarrassing Tom Cruise video.

In time, however, Anonymous operations became less about laughs and more about causes, fighting the establishment and guaranteeing a free and open Internet. [Continue reading…]

Facebooktwittermail

U.S. detects flurry of Iranian hacking

The Wall Street Journal reports: Iran’s powerful Revolutionary Guard military force hacked email and social-media accounts of Obama administration officials in recent weeks in attacks believed to be tied to the arrest in Tehran of an Iranian-American businessman, U.S. officials said.

The Islamic Revolutionary Guard Corps, or IRGC, has routinely conducted cyberwarfare against American government agencies for years. But the U.S. officials said there has been a surge in such attacks coinciding with the arrest last month of Siamak Namazi, an energy industry executive and business consultant who has pushed for stronger U.S.-Iranian economic and diplomatic ties.

Obama administration personnel are among a larger group of people who have had their computer systems hacked in recent weeks, including journalists and academics, the officials said. Those attacked in the administration included officials working at the State Department’s Office of Iranian Affairs and its Bureau of Near Eastern Affairs.

“U.S. officials were among many who were targeted by recent cyberattacks,” said an administration official, adding that the U.S. is still investigating possible links to the Namazi case. “U.S. officials believe some of the more recent attacks may be linked to reports of detained dual citizens and others.”

Friends and business associates of Mr. Namazi said the intelligence arm of the IRGC confiscated his computer after ransacking his family’s home in Tehran. [Continue reading…]

Facebooktwittermail

AP sues over access to FBI records involving fake news story

The Associated Press reports: The Associated Press sued the U.S. Department of Justice Thursday over the FBI’s failure to provide public records related to the creation of a fake news story used to plant surveillance software on a suspect’s computer.

AP joined with the Reporters Committee for Freedom of the Press to file the lawsuit in U.S. District Court for the District of Columbia.

At issue is a 2014 Freedom of Information request seeking documents related to the FBI’s decision to send a web link to the fake article to a 15-year-old boy suspected of making bomb threats to a high school near Olympia, Washington. The link enabled the FBI to infect the suspect’s computer with software that revealed its location and Internet address.

AP strongly objected to the ruse, which was uncovered last year in documents obtained through a separate FOIA request made by the Electronic Frontier Foundation. [Continue reading…]

Facebooktwittermail

Two-factor authentication phishing from Iran

The Daily Beast reports: Iranian hackers have now found a way to get around Google’s two-step verification system and infiltrate GMail’s most elaborate consumer security system, according to a new report.

The Citizen Lab’s John Scott-Railton and Katie Kleemola outlined a few new ways that Iranian hackers can compromise the accounts of political dissidents, or even everyday citizens.

“Their targets are political, and include Iranian activists, and even a director at the Electronic Frontier Foundation,” said Scott-Railton in an email, referring to the digital rights organization. “In some cases they even pretend to be Reuters journalists calling to set up interviews.”

The report says attacks on political targets are new. But the methodology of the hack has been going on for years, especially as reliance on so-called “two-factor authentication” — using something in addition to a password to get into your account — has gone up. [Continue reading…]

Facebooktwittermail

Why the fear over ubiquitous data encryption is overblown

Mike McConnell, former director of the National Security Agency and director of national intelligence, Michael Chertoff, former homeland security secretary, and William Lynn, former deputy defense secretary, write: More than three years ago, as former national security officials, we penned an op-ed to raise awareness among the public, the business community and Congress of the serious threat to the nation’s well-being posed by the massive theft of intellectual property, technology and business information by the Chinese government through cyberexploitation. Today, we write again to raise the level of thinking and debate about ubiquitous encryption to protect information from exploitation.

In the wake of global controversy over government surveillance, a number of U.S. technology companies have developed and are offering their users what we call ubiquitous encryption — that is, end-to-end encryption of data with only the sender and intended recipient possessing decryption keys. With this technology, the plain text of messages is inaccessible to the companies offering the products or services as well as to the government, even with lawfully authorized access for public safety or law enforcement purposes.

The FBI director and the Justice Department have raised serious and legitimate concerns that ubiquitous encryption without a second decryption key in the hands of a third party would allow criminals to keep their communications secret, even when law enforcement officials have court-approved authorization to access those communications. There also are concerns about such encryption providing secure communications to national security intelligence targets such as terrorist organizations and nations operating counter to U.S. national security interests.

Several other nations are pursuing access to encrypted communications. In Britain, Parliament is considering requiring technology companies to build decryption capabilities for authorized government access into products and services offered in that country. The Chinese have proposed similar approaches to ensure that the government can monitor the content and activities of their citizens. Pakistan has recently blocked BlackBerry services, which provide ubiquitous encryption by default.

We recognize the importance our officials attach to being able to decrypt a coded communication under a warrant or similar legal authority. But the issue that has not been addressed is the competing priorities that support the companies’ resistance to building in a back door or duplicated key for decryption. We believe that the greater public good is a secure communications infrastructure protected by ubiquitous encryption at the device, server and enterprise level without building in means for government monitoring. [Continue reading…]

Facebooktwittermail

Hackers remotely hijack a Jeep on the highway — with me in it

Andy Greenberg writes: I was driving 70 mph on the edge of downtown St. Louis when the exploit began to take hold.

Though I hadn’t touched the dashboard, the vents in the Jeep Cherokee started blasting cold air at the maximum setting, chilling the sweat on my back through the in-seat climate control system. Next the radio switched to the local hip hop station and began blaring Skee-lo at full volume. I spun the control knob left and hit the power button, to no avail. Then the windshield wipers turned on, and wiper fluid blurred the glass.

As I tried to cope with all this, a picture of the two hackers performing these stunts appeared on the car’s digital display: Charlie Miller and Chris Valasek, wearing their trademark track suits. A nice touch, I thought.

The Jeep’s strange behavior wasn’t entirely unexpected. I’d come to St. Louis to be Miller and Valasek’s digital crash-test dummy, a willing subject on whom they could test the car-hacking research they’d been doing over the past year. The result of their work was a hacking technique—what the security industry calls a zero-day exploit—that can target Jeep Cherokees and give the attacker wireless control, via the Internet, to any of thousands of vehicles. Their code is an automaker’s nightmare: software that lets hackers send commands through the Jeep’s entertainment system to its dashboard functions, steering, brakes, and transmission, all from a laptop that may be across the country.

To better simulate the experience of driving a vehicle while it’s being hijacked by an invisible, virtual force, Miller and Valasek refused to tell me ahead of time what kinds of attacks they planned to launch from Miller’s laptop in his house 10 miles west. Instead, they merely assured me that they wouldn’t do anything life-threatening. [Continue reading…]

Facebooktwittermail

Despite repeated alarms on hacking, U.S government computer systems remain vulnerable

The New York Times reports: In the month since a devastating computer systems breach at the Office of Personnel Management, digital Swat teams have been racing to plug the most glaring security holes in government computer networks and prevent another embarrassing theft of personal information, financial data and national security secrets.

But senior cybersecurity officials, lawmakers and technology experts said in interviews that the 30-day “cybersprint” ordered by President Obama after the attacks is little more than digital triage on federal computer networks that are cobbled together with out-of-date equipment and defended with the software equivalent of Bubble Wrap.

In an effort to highlight its corrective actions, the White House will announce shortly that teams of federal employees and volunteer hackers have made progress over the last month. At some agencies, 100 percent of users are, for the first time, logging in with two-factor authentication, a basic security feature, officials said. Security holes that have lingered for years despite obvious fixes are being patched. And thousands of low-level employees and contractors with access to the nation’s most sensitive secrets have been cut off. [Continue reading…]

Facebooktwittermail

Hacks of OPM databases compromised 22.1 million people, federal authorities say

The Washington Post reports: Two major breaches last year of U.S. government databases holding personnel records and security-clearance files exposed sensitive information about at least 22.1 million people, including not only federal employees and contractors but their families and friends, U.S. officials said Thursday.

The total vastly exceeds all previous estimates, and marks the most detailed accounting by the Office of Personnel Management of how many people were affected by cyber intrusions that U.S. officials have privately said were traced to the Chinese government.

But even beyond the rising number of apparent victims, U.S. officials said the breaches rank among the most potentially damaging cyber heists in U.S. government history because of the abundant detail in the files. Officials said hackers accessed not only personnel records of current and former employees but also extensive information about friends, relatives and others listed as references in applications for security clearances for some of the most sensitive jobs in government. [Continue reading…]

Facebooktwittermail

A detailed look at Hacking Team’s emails about its repressive clients

The Intercept reports: Documents obtained by hackers from the Italian spyware manufacturer Hacking Team confirm that the company sells its powerful surveillance technology to countries with dubious human rights records.

Internal emails and financial records show that in the past five years, Hacking Team’s Remote Control System software — which can infect a target’s computer or phone from afar and steal files, read emails, take photos and record conversations — has been sold to government agencies in Ethiopia, Bahrain, Egypt, Kazakhstan, Morocco, Russia, Saudi Arabia, South Sudan, Azerbaijan and Turkey. An in-depth analysis of those documents by The Intercept shows Hacking Team’s leadership was, at turns, dismissive of concerns over human rights and privacy; exasperated at the bumbling and technical deficiency of some of its more controversial clients; and explicitly concerned about losing revenue if cut off from such clients.

Hacking Team has an unusually public profile for a purveyor of surreptitious technology, and it has drawn criticism because its malware has shown up on the computers of activists and journalists. Most of the countries identified in the leaked files have previously been connected to Hacking Team by human rights researchers working with computer forensics experts. The company has long denied any implication in human rights abuses, regularly pointing reporters to a policy on its website that says it only sells to governments, investigates allegations of human rights abuses and complies with international blacklists. [Continue reading…]

Facebooktwittermail

Theft of Saudi documents suggests an Iranian hack

The Washington Post reports: The purported theft of confidential Saudi documents that have been released by WikiLeaks bears the hallmarks of Iranian hackers linked to cyberattacks in more than a dozen countries, including the United States, according to cybersecurity experts and Middle East analysts.

Last week, WikiLeaks published about 70,000 of what it said were half a million documents obtained from Saudi Arabia’s Foreign Ministry. The transparency advocacy group promises more releases of the diplomatic cables, whose authenticity has not been independently verified.

Experts said that the cables, apparently stolen over the past year, paint an unflattering portrait of Saudi diplomacy as reliant on oil-wealth patronage and obsessed with Iran, the kingdom’s chief rival, but appeared to contain no shocking revelations. [Continue reading…]

Facebooktwittermail

Inside the hack of the century

Peter Elkind writes: On Monday, Nov. 3, 2014, a four-man team from Norse Corp., a small “threat-intelligence” firm based in Silicon Valley, arrived early for an 11:30 a.m. meeting on the studio lot of Sony Pictures Entertainment, in the Los Angeles suburb of Culver City. They were scheduled to see Sony’s top cybersecurity managers to pitch Norse’s services in defending the studio against hackers, who had been plaguing Sony for years.

After a quick security check at the front gate and then proceeding to the George Burns Building on the east side of the Sony lot, the Norse group walked straight into the unlocked first-floor offices of the information security department, marked with a small sign reading info sec. There was no receptionist or security guard to check who they were; in fact, there was no one in sight at all. The room contained cubicles with unattended computers providing access to Sony’s international data network.

The visitors found their way to a small sitting area outside the office of Jason Spaltro, Sony’s senior vice president for information security, settled in, and waited. Alone. For about 15 minutes.

“I got a little shocked,” says Tommy Stiansen, Norse’s co-founder and chief technology officer. “Their Info Sec was empty, and all their screens were logged in. Basically the janitor can walk straight into their Info Sec department.” Adds Mickey Shapiro, a veteran entertainment attorney who helped set up the meeting and was present that day: “If we were bad guys, we could have done something horrible.”

Finally Spaltro, who’s worked at Sony since 1998, showed up and led them to a nearby conference room, where another studio information security executive was waiting. The meeting began, and as Stiansen described how Norse scopes out potential threats, Spaltro interrupted: “Boy, that could really help us with that North Korean film!” According to the four Norse representatives, Spaltro explained that he was worried about a Seth Rogen comedy called The Interview that the studio was preparing to release on Christmas Day. It featured a plot to assassinate Kim Jong-un, the country’s actual leader. Recalls Stiansen: “They said North Korea is threatening them.” (Sony denies any mention of a North Korean cyberthreat.)

After about an hour the Sony team declared the session “very productive,” according to the Norse team, and promised to be in touch. They departed, leaving the visitors to find their own way out.

Three weeks later — starting at about 7 a.m. Pacific time on Monday, Nov. 24 — a crushing cyberattack was launched on Sony Pictures. Employees logging on to its network were met with the sound of gunfire, scrolling threats, and the menacing image of a fiery skeleton looming over the tiny zombified heads of the studio’s top two executives.

Before Sony’s IT staff could pull the plug, the hackers’ malware had leaped from machine to machine throughout the lot and across continents, wiping out half of Sony’s global network. It erased everything stored on 3,262 of the company’s 6,797 personal computers and 837 of its 1,555 servers. To make sure nothing could be recovered, the attackers had even added a little extra poison: a special deleting algorithm that overwrote the data seven different ways. When that was done, the code zapped each computer’s startup software, rendering the machines brain-dead.

From the moment the malware was launched — months after the hackers first broke in — it took just one hour to throw Sony Pictures back into the era of the Betamax. The studio was reduced to using fax machines, communicating through posted messages, and paying its 7,000 employees with paper checks.

That was only the beginning of Sony’s horror story. [Continue reading…]

Facebooktwittermail

Why cyber war is dangerous for democracies

Moisés Naím writes: This month, two years after his massive leak of NSA documents detailing U.S. surveillance programs, Edward Snowden published an op-ed in The New York Times celebrating his accomplishments. The “power of an informed public,” he wrote, had forced the U.S. government to scrap its bulk collection of phone records. Moreover, he noted, “Since 2013, institutions across Europe have ruled similar laws and operations illegal and imposed new restrictions on future activities.” He concluded by asserting that “We are witnessing the emergence of a post-terror generation, one that rejects a worldview defined by a singular tragedy. For the first time since the attacks of Sept. 11, 2001, we see the outline of a politics that turns away from reaction and fear in favor of resilience and reason.”

Maybe so. I am glad that my privacy is now more protected from meddling by U.S. and European democracies. But frankly, I am far more concerned about the cyber threats to my privacy posed by Russia, China, and other authoritarian regimes than the surveillance threats from Washington. You should be too. [Continue reading…]

Facebooktwittermail