surveillance | Breaking Cybersecurity News | The Hacker News

Last week, we reported about a so-called 'vigilante hacker' who hacked into at least 10,000 vulnerable 'Internet of Things' devices, such as home routers and Internet-connected cameras, using a botnet malware in order to supposedly secure them. Now, that vigilante hacker has already trapped roughly 300,000 devices in an IoT botnet known as Hajime , according to a new report published Tuesday by Kaspersky Lab, and this number will rise with each day that passes by. The IoT botnet malware was emerged in October 2016, around the same time when the infamous Mirai botnet threatened the Internet last year with record-setting distributed denial-of-service (DDoS) attacks against the popular DNS provider Dyn. How the Hajime IoT Botnet Works Hajime botnet works much like Mirai by spreading itself via unsecured IoT devices that have open Telnet ports and uses default passwords and also uses the same list of username and password combinations that Mirai is programm

As part of its Vault 7 series of leaked documents, whistleblowing website WikiLeaks today released a new cache of 27 documents allegedly belonged to the US Central Intelligence Agency (CIA). Named Grasshopper , the latest batch reveals a CLI-based framework developed by the CIA to build "customised malware" payloads for breaking into Microsoft's Windows operating systems and bypassing antivirus protection. All the leaked documents are basically a user manual that the agency flagged as "secret" and that are supposed to be only accessed by the members of the agency, WikiLeaks claims. Grasshopper: Customized Malware Builder Framework According to the leaked documents, Grasshopper framework allows the agency members to easily create custom malware, depending upon the technical details, such as what operating system and antivirus the targets are using. The Grasshopper framework then automatically puts together several components sufficient for attack

Identities now transcend human boundaries. Within each line of code and every API call lies a non-human identity. These entities act as programmatic access keys, enabling authentication and facilitating interactions among systems and services, which are essential for every API call, database query, or storage account access. As we depend on multi-factor authentication and passwords to safeguard human identities, a pressing question arises: How do we guarantee the security and integrity of these non-human counterparts? How do we authenticate, authorize, and regulate access for entities devoid of life but crucial for the functioning of critical systems? Let's break it down. The challenge Imagine a cloud-native application as a bustling metropolis of tiny neighborhoods known as microservices, all neatly packed into containers. These microservices function akin to diligent worker bees, each diligently performing its designated task, be it processing data, verifying credentials, or

Ukraine has once again been a target of a potential hacking attack that infected computer systems from dozens of Ukrainian businesses with highly sophisticated malware, allowing hackers to exfiltrate sensitive data and eavesdrop on their network. Late last year, the country also suffered a power outage caused by the same group of hackers that targeted Ukraine's power grid with the BlackEnergy malware in late 2015, causing 225,000 residents to lose electricity. Now security researchers from threat intelligence firm CyberX have uncovered an advanced malware-based operation that has already siphoned over 600 gigabytes of data from about 70 victim organizations, including critical infrastructure, news media, and scientific research. Operation BugDrop: Damages and Modus Operandi Dubbed " Operation BugDrop ," the large-scale malware campaign has been perpetrated against targets in the Ukraine, though targets from other countries include Russia, Saudi Arabia, and Austr

A group of highly sophisticated state-sponsored hackers is spying on the Israeli military by hacking into the personal Android phones of individual soldiers to monitor their activities and steal data. A newly released research by Lookout and Kaspersky suggests that more than 100 Israeli servicemen from the Israeli Defense Force (IDF) are believed to have been targeted with spyware. Dubbed ViperRAT , the malware has specifically been designed to hijack Israeli soldiers' Android-based smartphones and remotely exfiltrate data of high value, including photos and audio recordings, directly from the compromised devices. Modus Operandi Identified According to the security firms, IDF personnel had been compromised by social engineering techniques — where the soldiers were lured via Facebook Messenger and other social networks into entering communications with hackers who posed as attractive women from various countries like Canada, Germany, and Switzerland. The soldiers were th

Your government is spying on you! Businesses are spying on you! Your phone and browser are constantly spying on you! Even your TV is spying on you! Yes, you should also worry about your "smart" TV, as one of the world's biggest smart TV makers Vizio has been caught secretly collecting its consumers' data through over 11 Million smart TVs and then selling them to third-parties without the user's explicit consent. But the good news is that the home entertainment hardware maker has been fined heavily for this practice. The US Federal Trade Commission (FTC) announced on Monday that Vizio had spied on almost every customer from its Vizio smart TVs through its Smart Interactivity feature, and rather than fighting back the accusation any longer, the company has agreed to pay a $2.2 Million fine to settle the lawsuit. "To settle the case, Vizio has agreed to stop unauthorized tracking, to prominently disclose its TV viewing collection practices, and to g

In this world of global mass surveillance by not the only US, but also intelligence agencies across the world, every other country wants tech companies including Google, Apple, and Microsoft to set-up and maintain their servers in their country to keep their citizen data within boundaries. Last year, Microsoft won a case which ruled that the US government cannot force tech companies to hand over their non-US customers' data stored on servers located in other countries to the FBI or any other federal authorities. However, a new notable ruling just goes against the court judgment last year, raising concerns regarding people's privacy. A US magistrate reportedly ruled Friday that Google has to comply with FBI search warrants seeking customer emails stored on servers outside of the United States, according to RT . U.S. Magistrate Judge Thomas Rueter in Philadelphia noted that transferring emails from outside servers so FBI could read them locally as part of a domestic f

Just days before the inauguration of President Donald Trump, cyber criminals infected 70 percent of storage devices that record data from feds surveillance cameras in Washington D.C. in a cyber attack. Any guess, What kind of virus could have hit the storage devices? Once again, the culprit is Ransomware, which has become a noxious game of Hackers to get paid effortlessly. Ransomware is an infamous piece of malware that has been known for locking up computer files and then demanding a ransom in Bitcoins in order to help victims unlock their files. But over time, the threat has changed its way from computers and smartphones to Internet-of-Thing (IoT) devices. Ransomware Infected 70% Surveillance Cameras in Washington D.C. This time the hackers managed to plant ransomware in 123 of its 187 network video recorders, each controlling up to four CCTVs used in public spaces throughout Washington D.C, which eventually left them out from recording anything between 12 and 15 Jan

Texas-based Encrypted Email Service ' Lavabit ,' that was forced to shut down in 2013 after not complying with a court order demanding access to SSL keys to snoop on Edward Snowden's emails , is relaunching on Friday. Lavabit CEO Ladar Levison had custody of the service's SSL encryption key that could have helped the government obtain Snowden's password. Although the FBI insisted it was only after Snowden's account, that was the key to the kingdom that would have helped the FBI agents obtain other users' credentials as well. But rather than complying with the federal request that could compromise the communications of all of its customers, Levison preferred to shut down his encrypted email service, leaving its 410,000 users unable to access their email accounts. Now, Levison has announced that he is reviving Lavabit with a new architecture that fixes the SSL problem — which according to him, was the biggest threat — and includes other privacy-enhancin

It's not always necessary to break into your computer or smartphone to spy on you. Today all are day-to-day devices are becoming more connected to networks than ever to add convenience and ease to daily activities. But here's what we forget: These connected devices can be turned against us because we are giving companies, hackers, and law enforcement a large number of entry points to break into our network. These connected devices can also be a great boon for law enforcement that can listen and track us everywhere. Let's take the recent example of 2016 Arkansas murder case where Amazon was asked to hand over audio recordings from a suspect's Echo. However, that was not the first case where feds asked any company to hand over data from a suspect's connected device, as they have long retrieved such information from connected cars. According to court documents obtained by Forbes , United States federal agencies have a 15-year history of " Cartapping &qu

Have you considered the possibility that someone could be watching you through your webcam? Or Listening to all your conversations through your laptop's microphone? Even a bit of thought about this probability could make you feel incredibly creepy. But most people think that they have a solution to these major issues i.e. simply covering their laptop's webcam and microphone with tape, just like Facebook CEO Mark Zuckerberg and FBI Director James Comey . But it's 2016, and a piece of tape won't help you, as a new experiment has proved that how easily hackers can turn your headphones into a microphone to spy on all your conversations in the background without your knowledge. A group of Israeli security researchers at Ben Gurion University have created a proof-of-concept code (malware) that converts typical headphones into microphones and then use them to record all your conversations in the room just like a fully-featured spying device. Speake(a)r Malware Weaponize

The world's largest online professional network LinkedIn could face a ban in Russia after the company has failed to comply with a Russian data localization law that compels companies to keep data on Russian users in their country. If you are not aware, LinkedIn is the only major social network which is not banned in China, because the company agreed to cooperate with the Chinese government and remove controversial content. However, LinkedIn could be the first social network in Russia to be blocked by the Russian state's federal media regulator, called Roskomnadzor, for not complying with the rules. In July 2014, the Russia approved amendments to the Russian Personal Data Law which came into force in 1st September 2015, under which foreign tech companies were required to store the personal data of its citizens within the country. However, Russia was not the first country to enforce such law on foreign tech companies. A few months ago, Iran also imposed new regulations

Just stop believing everything you see on your screen, as it turns out that even your computer monitor can be hacked. You have seen hackers targeting your computer, smartphone, and tablet, but now, it has been proved that they can even compromise your monitor and turn them against by just changing the pixels displayed on the screen. Although changing pixels is really hard and complicated, a team of security researchers at this year's DEF CON says that it is not impossible. Ang Cui and Jatin Kataria of Red Balloon Security has demonstrated a way to hack directly into the computer that controls monitor to see the pixels displayed on the monitor as well as manipulate the pixels in order to display different images. How to Hack Computer Monitors? According to the researchers, an attacker first needs to gain physical access to the monitor's USB or HDMI port which would then help the attacker access the firmware of the display. The duo said they discovered the hack by rev

We have heard a lot about data breaches nowadays. And if you think that switching to an encrypted messaging service may secure you and your data, then you may be wrong. No good deed today can help you protect yourself completely. Reuters and several media outlets are reporting that the phone numbers of 15 Million users in Iran and more than a dozen accounts on the Telegram instant messaging service have been compromised by Iranian hackers exploiting an SMS text message flaw. Telegram is a messaging app " with a focus on security " that promotes itself as an ultra secure instant messaging system as all data is end-to-end encrypted. The service claims to have 100 Million active subscribers. According to research conducted by two security researchers, Collin Anderson and Claudio Guarnieri, this attack has threatened the communications of activists, journalists and other people in Iran, where around 20 Million people use Telegram. The incident is even said to be the

An FBI electronics technician has pleaded guilty to acting as a Chinese secret agent and passing along sensitive information about the Feds to a Chinese government official. Kun Shan "Joey" Chun , 46, admitted in federal court in Manhattan on Monday that he violated his security clearance on several occasions between 2011 and 2016 in an effort to pass on secret information to China in exchange for money. Chun is a 19-year FBI veteran from Brooklyn who was born in China but was employed by the FBI in 1997. His duties with the FBI included " accessing sensitive and, in some instance, classified information ." The g-man, as a double agent, sent confidential government information – including the identity and travel plans of an FBI special agent, the internal structure of the FBI and spying technology used by the Bureau – to a Chinese official. Chun, who was initially arrested in March, got a top secret security clearance in 1998, at the time he did not reveal h

Facebook's legal war with Brazilian government seems to be never-ending. Facebook-owned cross-platform messaging service WhatsApp has already been blocked a total of three times in Brazil since December for failing to comply with a court order asking the company to access WhatsApp data under criminal investigation. But, now the Brazilian government has taken an even tougher step. On Wednesday, the public federal prosecutor in the Brazilian state of Amazonas said the court froze 38 Million real ( US $11.7 Million ) of funds held in Facebook's bank account, Reuters reports . The prosecutor has said that the decision to freeze Facebook funds was made after the social media giant failed to comply with the court order to hand over data of WhatsApp users who are under criminal investigation. Since WhatsApp communications are end-to-end encrypted , even the company would not be able to access any message exchanged between users. Facebook representatives weren't imme

We just cannot imagine our lives without smartphones, even for a short while, and NSA whistleblower Edward Snowden had not owned a smartphone since 2013 when he began leaking NSA documents that exposed the government's global surveillance program. Snowden fears that cellular signals of the smartphone could be used to locate him, but now, to combat this, he has designed an iPhone case that would detect and fight against government snooping. With help from renowned hardware hacker Andrew "Bunnie" Huang, Snowden has devised the design, which they refer to as an " Introspection Engine, " that would keep journalists, activists, and human rights workers from being tracked by their own devices leaking their location details. "This work aims to give journalists the tools to know when their smartphones are tracking or disclosing their location when the devices are supposed to be in airplane mode," Huang and Snowden wrote in a blog post published Thu

Whistleblower and ex-NSA employee Edward Snowden has criticized a new anti-terror law introduced on Thursday by Russian President Vladimir Putin, referring it as "repressive" and noting that it is a " dark day for Russia ." The new legislation signed by Putin would compel the country's telephone carriers and Internet providers to record and store the private communications of each and every one of their customers for six months – and turn them over to the government if requested. The data collected on customers would include phone calls, text messages, photographs, and Internet activities that would be stored for six months, and "metadata" would be stored up to 3 years. Moreover, Instant messaging services that make use of encryption, including WhatsApp, Telegram, and Viber, could face heavy fines of thousands of pounds if these services continue to operate in Russia without handing over their encryption keys to the government. "Putin

Do you have any idea what the software you have installed is doing stealthily in the background? If it's not an open source software, can you find out? Usually, the answer is no. After Edward Snowden's revelations, it's clear that how desperately government agencies wants to put secret backdoors in your network, devices, and software. However, Bulgaria has come forward with an all new set of laws that would be appreciated by privacy lovers and open-source community. Also Read:  Top Best Password Managers . The Bulgarian Parliament has passed legislative amendments to its Electronic Governance Act that require all software written for the country's government to be fully open-sourced and developed in the public Github repository . This means that source code of software developed for the Bulgarian government would be accessible to everyone and provided free for use without limitations. Article 58A of the Electronic Governance Act states that administrative

Hey! Welcome to the United States. May we have your Twitter handle, please? That's exactly what you'll likely be asked by the U.S. Customs and Border Protection at the airport prior to entering U.S. soil. Yes, your Twitter handle may soon be part of the US Visa process as U.S. Customs and Border Protection has entered a new proposal into the federal register, suggesting a new field in which foreign visitors can declare their online presence. This new proposal submitted by the US Department of Homeland Security (DHS) to the Federal Register on Thursday would update the required entry forms with a question asking travelers to " Please enter information associated with your online presence -- Provider/Platform -- Social media identifier. " This information would not be mandatory, but of course, foreign travelers who decline to reveal their online presence may subject for additional scrutiny. What's the idea behind Knowing the visitors' Online Prese