surveillance | Breaking Cybersecurity News | The Hacker News

The new documents leaked by former NSA contractor Edward Snowden has exposed a United States secretive facility located near a remote town in Australia's Northern Territory for covertly monitoring wireless communications and aiding US military missions. The leaked documents have come from the massive trove of classified material stolen by Snowden from the US National Security Agency (NSA) in 2013 that exposed the extent of the US government's global surveillance programs. The newly released classified documents, obtained by The Intercept, contained references to a secretive facility, which was codenamed "Rainfall," but is officially known as the Joint Defence Facility Pine Gap . The documents reveal that the Joint Defence Facility Pine Gap, located outside Alice Springs, deployed cutting-edge satellite technology for detailed geolocation intelligence that helps the US military locate targets for special forces and drone strikes . The use of unmanned air v

After disclosing CIA's strategies to hijack and manipulate webcams and microphones to corrupt or delete recordings, WikiLeaks has now published another Vault 7 leak , revealing CIA's ability to spy on video streams remotely in real-time. Dubbed ' CouchPotato ,' document leaked from the CIA details how the CIA agents use a remote tool to stealthy collect RTSP/H.264 video streams. Real Time Streaming Protocol, or RTSP, is a network control protocol designed for use in entertainment and communication systems for controlling streaming media servers. CouchPotato gives CIA hackers ability to "collect either the stream as a video file (AVI) or capture still images (JPG) of frames from the stream that are of significant change from a previously captured frame," a leaked CIA manual reads. The tool utilises FFmpeg for video and image encoding and decoding and Real Time Streaming Protocol connectivity. The CouchPotato tool works stealthily without leaving

Imagine a world where the software that powers your favorite apps, secures your online transactions, and keeps your digital life could be outsmarted and taken over by a cleverly disguised piece of code. This isn't a plot from the latest cyber-thriller; it's actually been a reality for years now. How this will change – in a positive or negative direction – as artificial intelligence (AI) takes on a larger role in software development is one of the big uncertainties related to this brave new world. In an era where AI promises to revolutionize how we live and work, the conversation about its security implications cannot be sidelined. As we increasingly rely on AI for tasks ranging from mundane to mission-critical, the question is no longer just, "Can AI  boost cybersecurity ?" (sure!), but also "Can AI  be hacked? " (yes!), "Can one use AI  to hack? " (of course!), and "Will AI  produce secure software ?" (well…). This thought leadership article is about the latter. Cydrill  (a

Do you own an Amazon Echo? So are you also worried about hackers turning out your device into a covert listening device? Just relax, if there's no NSA, no CIA or none of your above-skilled friends after you. Since yesterday there have been several reports on Amazon Echo hack that could allow a hacker to turn your smart speaker into a covert listening device, but users don't need to worry because the hack is not simple, requires physical access to the device and does not work on all devices, as well. Amazon Echo is an always-listening voice-activated smart home speaker that is designed to play music, set alarms, answer questions via the Alexa voice assistant, and control connected smart home devices like WeMo, Hive and Nest. Hack Turns Amazon Echo Into Spying Device (But It's Complex) Now researchers from MWR InfoSecurity have demonstrated a hack, showing how hackers can exploit a vulnerability in some models of Amazon Echo to turn them into covert listening d

After being threatened with a ban in Russia , end-to-end encrypted Telegram messaging app has finally agreed to register with new Russian Data Protection Laws, but its founder has assured that the company will not comply to share users' confidential data at any cost. Russia's communications watchdog Roskomnadzor had recently threatened to block Telegram if the service did not hand over information required to put the app on an official government list of information distributors. The Russian government requirement came following terrorists' suicide bombings that killed 15 people in Saint Petersburg in April in which terrorists allegedly used the Telegram 's app to communicate and plot attacks. "There is one demand, and it is simple: to fill in a form with information on the company that controls Telegram," said Alexander Zharov, head of Roskomnadzor.  "And to officially send it to Roskomnadzor to include this data in the registry of organizers

WikiLeaks has published a new batch of the ongoing Vault 7 leak , detailing a spyware framework – which "provides remote beacon and loader capabilities on target computers" – allegedly being used by the CIA that works against every version of Microsoft's Windows operating systems, from Windows XP to Windows 10. Dubbed Athena/Hera , the spyware has been designed to take full control over the infected Windows PCs remotely, allowing the agency to perform all sorts of things on the target machine, including deleting data or uploading malicious software, and stealing data and send them to CIA server. The leak, which includes a user manual of Athena, overview of the technology, and demonstration on how to use this spyware, reveals that the program has two implications: Primary: Athena for XP to Windows 10  Secondary: Hera for Windows 8 through Windows 10 According to the whistleblower organization, Athena has the ability to allow the CIA agents to modify its co

Many people believe that they are much less likely to be bothered by malware if they use a Mac computer, but is it really true? Unfortunately, No. According to the McAfee Labs , malware attacks on Apple's Mac computers were up 744% in 2016, and its researchers have discovered nearly 460,000 Mac malware samples, which is still just a small part of overall Mac malware out in the wild. Today, Malware Research team at CheckPoint have discovered a new piece of fully-undetectable Mac malware, which according to them, affects all versions of Mac OS X, has zero detections on VirusTotal and is "signed with a valid developer certificate (authenticated by Apple)." Dubbed DOK , the malware is being distributed via a coordinated email phishing campaign and, according to the researchers, is the first major scale malware to target macOS users. The malware has been designed to gain administrative privileges and install a new root certificate on the target system, which allows

Last week, we reported about a so-called 'vigilante hacker' who hacked into at least 10,000 vulnerable 'Internet of Things' devices, such as home routers and Internet-connected cameras, using a botnet malware in order to supposedly secure them. Now, that vigilante hacker has already trapped roughly 300,000 devices in an IoT botnet known as Hajime , according to a new report published Tuesday by Kaspersky Lab, and this number will rise with each day that passes by. The IoT botnet malware was emerged in October 2016, around the same time when the infamous Mirai botnet threatened the Internet last year with record-setting distributed denial-of-service (DDoS) attacks against the popular DNS provider Dyn. How the Hajime IoT Botnet Works Hajime botnet works much like Mirai by spreading itself via unsecured IoT devices that have open Telnet ports and uses default passwords and also uses the same list of username and password combinations that Mirai is programm

As part of its Vault 7 series of leaked documents, whistleblowing website WikiLeaks today released a new cache of 27 documents allegedly belonged to the US Central Intelligence Agency (CIA). Named Grasshopper , the latest batch reveals a CLI-based framework developed by the CIA to build "customised malware" payloads for breaking into Microsoft's Windows operating systems and bypassing antivirus protection. All the leaked documents are basically a user manual that the agency flagged as "secret" and that are supposed to be only accessed by the members of the agency, WikiLeaks claims. Grasshopper: Customized Malware Builder Framework According to the leaked documents, Grasshopper framework allows the agency members to easily create custom malware, depending upon the technical details, such as what operating system and antivirus the targets are using. The Grasshopper framework then automatically puts together several components sufficient for attack

Ukraine has once again been a target of a potential hacking attack that infected computer systems from dozens of Ukrainian businesses with highly sophisticated malware, allowing hackers to exfiltrate sensitive data and eavesdrop on their network. Late last year, the country also suffered a power outage caused by the same group of hackers that targeted Ukraine's power grid with the BlackEnergy malware in late 2015, causing 225,000 residents to lose electricity. Now security researchers from threat intelligence firm CyberX have uncovered an advanced malware-based operation that has already siphoned over 600 gigabytes of data from about 70 victim organizations, including critical infrastructure, news media, and scientific research. Operation BugDrop: Damages and Modus Operandi Dubbed " Operation BugDrop ," the large-scale malware campaign has been perpetrated against targets in the Ukraine, though targets from other countries include Russia, Saudi Arabia, and Austr

A group of highly sophisticated state-sponsored hackers is spying on the Israeli military by hacking into the personal Android phones of individual soldiers to monitor their activities and steal data. A newly released research by Lookout and Kaspersky suggests that more than 100 Israeli servicemen from the Israeli Defense Force (IDF) are believed to have been targeted with spyware. Dubbed ViperRAT , the malware has specifically been designed to hijack Israeli soldiers' Android-based smartphones and remotely exfiltrate data of high value, including photos and audio recordings, directly from the compromised devices. Modus Operandi Identified According to the security firms, IDF personnel had been compromised by social engineering techniques — where the soldiers were lured via Facebook Messenger and other social networks into entering communications with hackers who posed as attractive women from various countries like Canada, Germany, and Switzerland. The soldiers were th

Your government is spying on you! Businesses are spying on you! Your phone and browser are constantly spying on you! Even your TV is spying on you! Yes, you should also worry about your "smart" TV, as one of the world's biggest smart TV makers Vizio has been caught secretly collecting its consumers' data through over 11 Million smart TVs and then selling them to third-parties without the user's explicit consent. But the good news is that the home entertainment hardware maker has been fined heavily for this practice. The US Federal Trade Commission (FTC) announced on Monday that Vizio had spied on almost every customer from its Vizio smart TVs through its Smart Interactivity feature, and rather than fighting back the accusation any longer, the company has agreed to pay a $2.2 Million fine to settle the lawsuit. "To settle the case, Vizio has agreed to stop unauthorized tracking, to prominently disclose its TV viewing collection practices, and to g

In this world of global mass surveillance by not the only US, but also intelligence agencies across the world, every other country wants tech companies including Google, Apple, and Microsoft to set-up and maintain their servers in their country to keep their citizen data within boundaries. Last year, Microsoft won a case which ruled that the US government cannot force tech companies to hand over their non-US customers' data stored on servers located in other countries to the FBI or any other federal authorities. However, a new notable ruling just goes against the court judgment last year, raising concerns regarding people's privacy. A US magistrate reportedly ruled Friday that Google has to comply with FBI search warrants seeking customer emails stored on servers outside of the United States, according to RT . U.S. Magistrate Judge Thomas Rueter in Philadelphia noted that transferring emails from outside servers so FBI could read them locally as part of a domestic f

Just days before the inauguration of President Donald Trump, cyber criminals infected 70 percent of storage devices that record data from feds surveillance cameras in Washington D.C. in a cyber attack. Any guess, What kind of virus could have hit the storage devices? Once again, the culprit is Ransomware, which has become a noxious game of Hackers to get paid effortlessly. Ransomware is an infamous piece of malware that has been known for locking up computer files and then demanding a ransom in Bitcoins in order to help victims unlock their files. But over time, the threat has changed its way from computers and smartphones to Internet-of-Thing (IoT) devices. Ransomware Infected 70% Surveillance Cameras in Washington D.C. This time the hackers managed to plant ransomware in 123 of its 187 network video recorders, each controlling up to four CCTVs used in public spaces throughout Washington D.C, which eventually left them out from recording anything between 12 and 15 Jan

Texas-based Encrypted Email Service ' Lavabit ,' that was forced to shut down in 2013 after not complying with a court order demanding access to SSL keys to snoop on Edward Snowden's emails , is relaunching on Friday. Lavabit CEO Ladar Levison had custody of the service's SSL encryption key that could have helped the government obtain Snowden's password. Although the FBI insisted it was only after Snowden's account, that was the key to the kingdom that would have helped the FBI agents obtain other users' credentials as well. But rather than complying with the federal request that could compromise the communications of all of its customers, Levison preferred to shut down his encrypted email service, leaving its 410,000 users unable to access their email accounts. Now, Levison has announced that he is reviving Lavabit with a new architecture that fixes the SSL problem — which according to him, was the biggest threat — and includes other privacy-enhancin

It's not always necessary to break into your computer or smartphone to spy on you. Today all are day-to-day devices are becoming more connected to networks than ever to add convenience and ease to daily activities. But here's what we forget: These connected devices can be turned against us because we are giving companies, hackers, and law enforcement a large number of entry points to break into our network. These connected devices can also be a great boon for law enforcement that can listen and track us everywhere. Let's take the recent example of 2016 Arkansas murder case where Amazon was asked to hand over audio recordings from a suspect's Echo. However, that was not the first case where feds asked any company to hand over data from a suspect's connected device, as they have long retrieved such information from connected cars. According to court documents obtained by Forbes , United States federal agencies have a 15-year history of " Cartapping &qu

Have you considered the possibility that someone could be watching you through your webcam? Or Listening to all your conversations through your laptop's microphone? Even a bit of thought about this probability could make you feel incredibly creepy. But most people think that they have a solution to these major issues i.e. simply covering their laptop's webcam and microphone with tape, just like Facebook CEO Mark Zuckerberg and FBI Director James Comey . But it's 2016, and a piece of tape won't help you, as a new experiment has proved that how easily hackers can turn your headphones into a microphone to spy on all your conversations in the background without your knowledge. A group of Israeli security researchers at Ben Gurion University have created a proof-of-concept code (malware) that converts typical headphones into microphones and then use them to record all your conversations in the room just like a fully-featured spying device. Speake(a)r Malware Weaponize