Sydney teen arrested as hacking hoaxster sends SWAT team to his house
JUNE 4th 2014
A teenager from Sydney, Australia, was arrested on Wednesday morning after a hoax message led 20 police officers in bulletproof vests to an address in the suburb of Arncliffe.
Having been told that residents were tied up inside the home, and that shots had been fired, the officers swooped on the address at 4.40 am.
Mathew McGrath, 18, surrendered immediately and was taken to Kogarah police station where he was questioned and subsequently released without charge, having told officers that he did not make the prank call.
Apple ransomware strikes Australia - pay Oleg $100 or else
MAY 27th 2014
This morning, a number of Australian iPad and iPhone users woke up to a strange sight.
A message, saying something like this:
Device hacked by Oleg Pliss. For unlock device...
We haven't seen a screenshot of the whole message, but some reports say that Mr Pliss is asking for $50, while others report that he wants $100 or €100 via Paypal "for unlock device."
11 arrested as Europol busts Bulgarian carding gang
MAY 26th 2014
A joint operation between French and Bulgarian law enforcement backed by Europol's European Cybercrime Centre (EC3) has brought down a carding gang operating out of Bulgaria and targeting victims in France and other European countries.
11 people were arrested and 29 properties searched on 20 May 2014.
That was the "action day" for a plan referred to as Operation Echo, the result of over a year investigating and tracking the gang.
Google's vision: ads on cars, refrigerators, watches, thermostats, and yes, glasses MAY 26th 2014
Imagine how your advertising-fueled Google refrigerator might greet you in the morning:
° Good morning from your Google fridge. I see you have chosen Orange with your breakfast. Are you aware that Tescos is having a [buy one, get one free] offer on Orange?
° Good morning from your Google fridge. I see you have chosen milk. Are you aware.......
That scenario comes to us courtesy of stnluk, a commenter on a story from The Guardian about how Google's eyeing a future of ads in cars, refrigerators, watches, glasses and thermostats.
Over 100 arrested in FBI Blackshades RAT raids
MAY 19th 2014
Over 100 people have been arrested as part of a global operation against a popular Remote Access Trojan (RAT) known as Blackshades.
According to officials who spoke to Time Magazine, law enforcement agencies swooped on Blackshades users in Europe, Asia and the US.
Blackshades, which can be used for legitimate purposes such as accessing a work machine from home, is better known for the shady things that hackers have used it for including keystroke logging and the taking over of webcams.
Android "police warning" ransomware - how to avoid it, and what to do if you get caught MAY 19th 2014
Ransomware has become a hot topic in recent years.
One sort, such as the Reveton family, leaves your data intact but locks you out of your computer, and demands a fee to let you back in.
The other main sort of ransomware, such as CryptoLocker, leaves your computer running fine but scrambles your data and demands a fee for the decryption key to get it back.
Patch Tuesday for May 2014 - 8 bulletins, 2 critical, 0/zero/zilch/zip for XP
MAY 13th 2014
A quick note to remind you that tomorrow is Patch Tuesday, so here's what to expect.
The scorecard is "2 from 8", with eight security bulletins due, two of which are rated Critical.
Top of the list, literally and figuratively, is the usual Internet Explorer (IE) cumulative rollup, with all supported versions of IE getting patches.
US Navy sailor allegedly led team that hacked government computers
MAY 12th 2014
A US Navy systems administrator stationed on the nuclear aircraft carrier USS Harry S. Truman acted as ringleader for a gang of anti-government cyber crooks, prosecutors alleged last week.
According to a charging document filed in federal court in Tulsa, Oklahoma on 5 May, the enlisted serviceman, 27-year-old Nicholas Paul Knight, was an alleged hacker since the age of 16.
He was also the self-professed leader of the gang, which called itself Team Digi7al.
"Open the iPhone door, Siri!" - Apple's digital helper coughs up another lock screen hole
MAY 12th 2014
A hacker has found a way to bypass the iPhone 5's lock screen to get at your contacts.
Ironically, he got in by asking Siri, Apple's voice-activated "helper."
In a video posted to YouTube, hacker Sherif Hashim demonstrated tricking Siri into opening the contact list without entering the passcode.
This latest lock screen loophole means that anyone who gets their hands on your iPhone 5 could exploit this bug to make.
Cops get serious about cybercrime, and not before time
MAY 6th 2014
The world's police forces are, it seems, starting to appreciate the scale and significance of the cybercrime problem.
The director of the FBI, James Comey, told journalists last week that cyber threats were a major priority for his agency.
He admitted that there is a serious shortage of digital skills in law enforcement, and said the FBI's specialists were constantly being called on by police forces working on cyber offences to cover that skills gap.
Can we trust anyone with our personal info?
MAY 6th 2014
In the last few weeks, two very different criminal cases have concluded on opposite sides of the Atlantic, each of them showing how vulnerable our personal information is to those eager to exploit it.
In the US, a man was sentenced to more than nine years in jail, and ordered to pay over $600,000 in restitution, for his part in a scam using the identities of prison inmates to make tax refund claims.
Harvey James was part of an Alabama-based gang which gathered stolen identity data from a range of sources, including an unnamed co-conspirator with access to information on prison inmates stored by the Alabama Department of Corrections.
Target CEO resigns, latest executive fallout from card breach
MAY 6th 2014
Target CEO Gregg Steinhafel managed to hold onto his job for nearly six months after the disclosure that more than 110 million records had been stolen by hackers in December 2013.
Unfortunately for Target, 40 million of those records were credit card details. The total impact of the attack is estimated to be nearly $18 billion.
Without going into the details or reviewing the surveillance footage from the board room, I think there are some valuable lessons to be learned from this attack.
THe internet of everything - bringing more risk to more places
APR 28th 2014
The Internet of Things (IoT) is a ubiquitous buzz-phrase these days.
The idea that just about everything we make or use could eventually be connected, allowing anything to be remotely controlled or monitored, inspires excitement and trepidation in equal measure.
The applications of a completely connected world are immense, letting us control all aspects of our lives and our environments from anywhere.
Anonymous takes on Boston Children's Hospital in #opJustina
APR 28th 2014
Since 14 February 2013, 15-year-old Justina Pelletier has been held in custody as a ward of the state in Massachusetts, at the order of a Boston hospital that decided her illness was all in her head, aggravated by what they perceived to be medical abuse doled out by her parents.
The public and patients' rights advocates have been outraged over Justina's ordeal, which has entailed strictly limited visitation with her parents, restriction of discussions of her medical issues in front of Justina, plus a gag rule imposed on her father (he broke it in order to tell the media her story; contempt charges were subsequently filed against him).
Microsoft acknowledges "in the wild" Internet Explorer zero-day
APR 28th 2014
Microsoft has published a security advisory of the heart-dropping sort.
An "in the wild" exploit has been spotted that can cause RCE, or remote code execution, in Internet Explorer.
RCE means a drive-by install, where simply looking at booby-trapped content such as a web page or image file can trick IE into launching executable code sent from outside your network.
Don't share your location with your friends on WhatsApp
APR 21st 2014
A group of budding security researchers at the University of New Haven (UNH) in Connecticut, USA, recently taught themselves a handy lesson about the difference between liking something and trusting it.
The starting point of this story is a public admission, by students in the UNH Cyber Forensics Research & Education Group, that they "think WhatsApp is a great application."
Facial recognition - coming soon to a shopping mall near you
APR 21st 2014
Technology giant NEC's Hong Kong branch is promoting a small, "easy to install" appliance which will enable businesses to monitor their customers based on facial recognition.
From a recent NEC press release:
The new Mobile Facial Recognition Appliance enables organizations in any industry to offer an ultra-personalized customer experience by recognizing the face of each and every customer as soon as they set foot on the premises.
Face recognition is becoming ever more sophisticated and accurate, bringing automated detection and tracking of people by the way they look within reach of all sorts of people.
New iOS malware with a funky name: "Unflod Baby Panda"
APR 21st 2014
You may have heard mention, over the past few days, of some curiously-named new iOS malware.
You'll hear it called Unflod, because of the name of the file in which is was found, as well as Baby Panda.
The company that refers to it as Baby Pandaoffers a possible explanation for the name "Unflod," suggesting a deliberate misspelling of a non-malicious utility known as "Unfold."
The reason for the name Baby Panda, however, remains a mystery.
Obama leaves loophole open for NSA to exploit zero-day vulnerabilities
APR 14th 2014
No, the US White House didn't know about Heartbleed and didn't exploit the OpenSSL bug to snoop, it said on Friday.
According to a statement from the Office of the Director of National Intelligence, the government has a "bias" toward responsible bug disclosure:
This Administration takes seriously its responsibility to help maintain an open, interoperable, secure and reliable Internet. If the Federal government, including the intelligence community, had discovered this vulnerability prior to last week, it would have been disclosed to the community responsible for OpenSSL.
But that approach is squishy. The notion of responsible disclosure is more of a bias than a requirement, senior administration officials said on Saturday.