Tag Archive: Spyware


Russian Researchers Expose Breakthrough U.S. Spying Program

 

 

 

 

 

 

” The U.S. National Security Agency has figured out how to hide spying software deep within hard drives made by Western Digital, Seagate, Toshiba and other top manufacturers, giving the agency the means to eavesdrop on the majority of the world’s computers, according to cyber researchers and former operatives.

  That long-sought and closely guarded ability was part of a cluster of spying programs discovered by Kaspersky Lab, the Moscow-based security software maker that has exposed a series of Western cyber-espionage operations.

  Kaspersky said it found personal computers in 30 countries infected with one or more of the spying programs, with the most infections seen in Iran, followed by Russia, Pakistan, Afghanistan, China, Mali, Syria, Yemen and Algeria. The targets included government and military institutions, telecommunication companies, banks, energy companies, nuclear researchers, media, and Islamic activists, Kaspersky said. (http://reut.rs/1L5knm0)

  The firm declined to publicly name the country behind the spying campaign, but said it was closely linked to Stuxnet, the NSA-led cyber-weapon that was used to attack Iran’s uranium enrichment facility. The NSA is the agency responsible for gathering electronic intelligence on behalf of the United States.”

 

Lots more on the latest State spying revelations at Yahoo News

 

 

 

 

 

 

 

 

 

 

 

 

Researchers Uncover Government Spy Tool Used To Hack Telecoms And Belgian Cryptographer

 

 

Regin-Architecture

 

 

” It was the spring of 2011 when the European Commission discovered it had been hacked. The intrusion into the EU’s legislative body was sophisticated and widespread and used a zero-day exploit to get in. Once the attackers established a stronghold on the network, they were in for the long haul. They scouted the network architecture for additional victims and covered their tracks well. Eventually, they infected numerous systems belonging to the European Commission and the European Council before being discovered.

  Two years later another big target was hacked. This time it was Belgacom, the partly state-owned Belgian telecom. In this case, too, the attack was sophisticated and complex. According to published news reports and documents leaked by Edward Snowden, the attackers targeted system administrators working for Belgacom and used their credentials to gain access to routers controlling the telecom’s cellular network. Belgacom publicly acknowledged the hack, but has never provided details about the breach.

  Then five months after that announcement, news of another high-profile breach emerged—this one another sophisticated hack targeting prominent Belgian cryptographer Jean-Jacques Quisquater. “

 

 

 

 

 

” Now it appears that security researchers have found the massive digital spy tool used in all three attacks. Dubbed “Regin” by Microsoft, more than a hundred victims have been found to date, but there are likely many others still unknown. That’s because the espionage tool—a malicious platform capable of taking over entire networks and infrastructures—has been around since at least 2008, possibly even earlier, and is built to remain stealth on a system for years.

  The threat has been known since at least 2011, around the time the EU was hacked and some of the attack files made their way to Microsoft, who added detection for the component to its security software. Researchers with Kaspersky Lab only began tracking the threat in 2012, collecting bits and pieces of the massive threat. Symantec began investigating it in 2013 after some of its customers were infected. Putting together information from each, it’s clear the platform is highly complex and modulated and can be customized with a wide range of capabilities depending on the target and the attackers’ needs. Researchers have found 50 payloads so far for stealing files and other data, but have evidence that still more exist.

“ It’s a threat that everyone has detected for some time, but no one has exposed [until now],” says Eric Chien, technical director of Symantec’s Security Technology and Response division.

  The researchers have no doubt that Regin is a nation-state tool and are calling it the most sophisticated espionage machine uncovered to date—more complex even than the massive Flame platform, uncovered by Kaspersky and Symantec in 2012 and crafted by the same team who created Stuxnet. “

 

The whole story may be read at Wired

 

 

 

 

 

 

 

 

 

ComputerCOP: The Dubious ‘Internet Safety Software’ That Hundreds Of Police Agencies Have Distributed To Families

 

 

 

 

 

 

” For years, local law enforcement agencies around the country have told parents that installing ComputerCOP software is the “first step” in protecting their children online.

 Police chiefs, sheriffs, and district attorneys have handed out hundreds of thousands of copies of the disc to families for free at schools, libraries, and community events, usually as a part of an “Internet Safety” outreach initiative. The packaging typically features the agency’s official seal and the chief’s portrait, with a signed message warning of the “dark and dangerous off-ramps” of the Internet.

  As official as it looks, ComputerCOP is actually just spyware, generally bought in bulk from a New York company that appears to do nothing but market this software to local government agencies.

  The way ComputerCOP works is neither safe nor secure. It isn’t particularly effective either, except for generating positive PR for the law enforcement agencies distributing it. As security software goes, we observed a product with a keystroke-capturing function, also called a “keylogger,” that could place a family’s personal information at extreme risk by transmitting what a user types over the Internet to third-party servers without encryption. That means many versions of ComputerCOP leave children (and their parents, guests, friends, and anyone using the affected computer) exposed to the same predators, identity thieves, and bullies that police claim the software protects against.”

 

 

Read the entire , exhaustively comprehensive dissection of this “child protecting” scam at EFF 

 

 

 

 

 

 

 

 

 

 

 

Google Glasses: Wave Goodbye To Your Privacy

 

 

 

 

” Last week, Seattle’s 5 Point Café, a funky bar in the city’s Belttown neighborhood, posted notice of its ban on Google Glass, adding: “ass kickings will be encouraged for violators.” The owner’s reason? “People want to go [to my bar] and be not known … and definitely don’t want to be secretly filmed or videotaped and immediately put on the Internet.”

If you haven’t already heard, Google Glass is the next big thing in tech, poised to transform our lifestyles. Think smartphones had an impact? They’ve got nothing on this new product, set for release next year. Essentially, Google Glass is a computer-device in the form of (you guessed it) glasses. While wearing the glasses, calendar reminders, directions, emails, iChat conversations — and basically anything you can currently do via your smartphone — display on your lens. Commands are easily executed via a quick verbal instruction. It’s all hands-free; you don’t even have to look down at a phone’s screen.

Provided you don’t mind wearing the Tron-looking headgear (it’s a toss-up whether it’s a dorky look or a cutting-edge, hipster status symbol) or the hefty $1,500 initial price tag, this all sounds pretty cool, right?”