Illustration file picture shows a man typing on a computer keyboard in Warsaw

Sony Pictures computer system down after reported hack

(Reuters) – Sony Pictures Entertainment said its computer system was down for a second day on Tuesday, following media reports of a major hacking attack aimed at the film and television studio.

The hackers warned the unit of Sony Corp that they had obtained “secrets” that they would leak on the Web, the newspaper reported.

“We’ve already warned you, and this is just a beginning. We continue till our request be met,” said a message that popped up on the computer screens, according to the L.A. Times.

Sony Pictures spokeswoman Jean Guerin said the company’s network was down as it dealt with “a system disruption” and that technicians were “working diligently” to resolve the issue. She did not give any details of the reported cyber attack.

Emails sent to Sony Pictures on Tuesday were kicked back with an explanation that its “email system is currently experiencing a disruption.”

The Los Angeles Times said Sony Pictures employees had to resort to using pencil and paper to get their work done on Monday. It was unclear if the problem would affect the company’s plans for upcoming holiday films, such as “Annie,” or regular television programs including “Wheel of Fortune” and “Jeopardy!”

Sony Corp has been a target of hackers in the past. In 2011, its video game online network suffered a major attack resulting in the theft of data belonging to 77 million users, one of the breaches to date.

(Reporting by Jennifer Saba and Jim Finkle; Editing by Tiffany Wu)

Sophisticated Malware Regin Linked To NSA, British Intelligence

Sophisticated Malware Regin Linked To NSA, British Intelligence

When cybersecurity firm Symantec uncovered the sophisticated malware Regin over the weekend, its analysts reported that it was most likely created by a national intelligence agency. Now, new reports suggest that the malware was a tool of the U.S. National Security Administration and British intelligence.

See also: Meet Regin, Government-Created Spyware That’s Been Active Since 2008

Based upon a combination of technical sources and its own technical analysis, a report in the Intercept concludes that a previously disclosed U.S. and U.K. attack on the European Union and a Belgian telecommunications company employed the Regin malware.

Sources close to the matter told the Intercept that the advanced malware had been found on the computers of Belgian phone and Internet provider Belgacom, which were known targets of the British surveillance agency GCHQ (for Government Communciations Headquarters). The news site’s sources said they also found the same malware on European Union computer systems targeted by the NSA.

Belgium and the European Union have known about the attacks since last year thanks to NSA whistleblower Edward Snowden. However, they have never been able to determine the specific software that was used to carry out the attacks. It remains unclear if Regin is the culprit, but the Intercept’s evidence suggests that it was possible the NSA and GCHQ could have been using the spyware.

See also: The Real Lesson From Recent Cyberattacks—Let’s Break Up The NSA

Ronald Prins, the security expert who was part of a team to remove the software from Belgacom’s computer system, said it was “the most sophisticated malware” he’d ever studied, and that he was certain a government was behind its construction.

“Having analyzed this malware and looked at the [previously published] Snowden documents,” Prins told the Intercept, “I’m convinced Regin is used by British and American intelligence services.”

Photo by Jonathan McIntosh

Flexibility a key to modern policing: panel

Flexibility a key to modern policing: panel

OTTAWA – A federally commissioned study says police must be more flexible and seek out partnerships to succeed in the 21st century.

The report by the Ottawa-based Council of Canadian Academies says the one-size-fits-all model of today’s municipal police service is a thing of the past.

Officials say the cost of policing is steadily rising — hitting almost $13 billion in 2011 — even though the rate of reported crime is falling.

Among the reasons: increases in police officer salaries, higher costs for equipment and fuel, and new challenges such as cybercrime and dealing with people who have mental health issues.

As a result, Public Safety Canada — with support from Justice Canada and the RCMP — asked the council, an independent research body, to have an expert panel look at available evidence on ways to improve policing.

The panel found police now operate as part of a “safety and security web” — comprising private security, health professionals, community and municipal groups and other government organizations.

“This web presents both the central challenge and the central opportunity for today’s police,” a council summary of the 212-page study says.

“Working effectively within and through this web — rather than as isolated entities — will allow policing organizations to better respond to existing and emerging issues.”

Operating within the “safety and security web” means police can decide when to draw on the assets of other players, the summary says.

“This means that, in some instances, police are leaders, while in others they are supporting partners.”

The panel points to the Community Mobilization Prince Albert Initiative in Saskatchewan that brings together police and more than a dozen other community agencies twice a week to discuss high-risk situations and discuss responses.

Since beginning the project three years ago, Prince Albert has seen a notable drop in its violent crime severity index, the study summary says.

The panel wants to tear down the illusion that police alone can solve vexing societal problems, said participant Benoit Dupont, director of the International Centre for Comparative Criminology at the University of Montreal.

However, the panel says police must remain the central, co-ordinating agency in the security web.

“The police has this unique mandate to act on behalf of the common good, and that’s something that we certainly don’t advocate changing,” Dupont said.

When police break the law or breach public confidence, they are accountable under the law or through oversight bodies, the summary notes. But similar accountability measures are not in place to the same degree for private security firms and other players.

“As these non-police actors come to play more extensive roles and engage in more sophisticated partnerships, the need to develop accountability structures for all actors in the web is expected to grow,” the summary adds.

The panel suggests more research be done.

“We are not suggesting a model per se, we are just highlighting a number of challenges and a number of potential solutions,” Dupont said.

“It’s going to be for the politicians and communities in Canada to decide for themselves what they really want.”

Follow @JimBronskill on Twitter

Now is the perfect time to pick up one of the world’s best iOS password managers

Frightening new malware targets your password manager


New Malware Password Manager

If you thought hackers gaining access to just one of your online accounts was troublesome, you’ll be terrified to know that the next frontier might put your entire online identity at risk. IBM’s Security Intelligence reports that a new configuration of the Citadel trojan has been designed to start keylogging when specific password managers begin running on an infected user’s computer.

FROM EARLIER: Scary new malware uses a Gmail trick to steal your data

“Because the configuration file instructs the malware to capture keystrokes related to widely used password management and authentication solutions, we can’t know who, exactly, is the target of the attack,” writes IBM.

“It might be an opportunistic attack, where the attackers are trying to see which type of information they can expose through this configuration, or a more targeted attack in which the attackers know that the target is using these specific solutions.”

It’s worth noting that the Citadel trojan has been around for quite some time, compromising millions of computers all around the world. In fact, IBM Trusteer research shows that at any given time, 1 in 500 computers are infected with this malware. It bypasses scans and stays dormant until it is activated by a user action, such as the configuration noted above.

In an age when keeping up with every password for every app, service and device you own is next to impossible, password management tools have become vital. In light of this new information, it’s as good a time as any to remind everyone to err on the side of caution when it comes to accessing your password manager from a new location.

How To Stop Apple From Tracking You In Mac OS X Yosemite

Meet Regin, Government-Created Spyware That’s Been Active Since 2008

Symantec has uncovered yet another sophisticated, malware-based spying tool, dubbed “Regin,” apparently the latest spyware tool created by a national government agency.

The company’s research, published Sunday, identifies Regin—also known as Backdoor.Regin—as a Trojan virus that exhibits “a degree of technical competence rarely seen” on behalf of its creators. Its purpose appears to be mass surveillance of government organizations, businesses, researchers, and individuals. And it’s been on the loose since 2008. Writes Symantec:

It is likely that its development took months, if not years, to complete and its authors have gone to great lengths to cover its tracks. Its capabilities and the level of resources behind Regin indicate that it is one of the main cyberespionage tools used by a nation state.

Symantec has been unable to identify the origin of the software, but Re/code reporter Arik Hesseldahl suggests that the U.S., Israeli, and Chinese governments all have the technological capability and M.O. to engineer it. Also raising suspicions: not one Regin attack has targeted either the U.S. or China.

See also: The Flame Virus: Spyware On An Unprecedented Scale

Private researchers have uncovered several instances of such government-created spyware over the past few years—most notably, the Stuxnet malware (also discovered by Symantec) that targeted Iran’s nuclear program and Flame, a much larger program that infected hundreds of computers across Europe and the Middle East.

In any case, Regin’s targets are decidedly global. Symantec has detected about 100 different infections in ten different countries, including Russia, Saudi Arabia, and Mexico. Nearly half of all targets for surveillance, 48%, are small businesses and private individuals. In every case identified, Regin attacks systems that are running Microsoft Windows.

Symantec wrote that Regin attacks have been occurring since 2008, and it may have taken this long to discover them since a major function of the software is to cover its own tracks.

Researchers are still unpacking the mysteries of this complicated program. For more technical information, Symantec has published a 21-page white paper.

Photo by nolifebeforecoffee

Bugs & Fixes: Phony Photozoom malware adds ads

Report: IT pros are overly confident that they know how to prevent data breaches

It’s been a rough year for businesses when it comes to data breaches. A new report from ThreatTrack Security suggests that things will improve dramatically in 2015—that is, unless the survey participants are overstating the efficacy of their network defenses. It’s important for you to take steps to secure your own data to make sure you’re protected either way.

The title of the ThreatTrack report—2015 Predictions from the Front Lines: Cybersecurity Professionals Very Confident in Their Ability to Fight Data Breaches in 2015—spells it all out. The survey of 250 IT professionals from companies of 2,000 or more employees reveals a high level of confidence when it comes to guarding against cyber attacks.

The summary of the report states, “though security professionals expect their organizations to be increasingly targeted by cybercrime in 2015, they are feeling optimistic—so much so that a significant majority is willing to personally guarantee the safety of their customers’ data. Their optimism appears rooted in plans to invest in the coming year on shoring up cyber defenses.”

Let’s start by taking a look at some of the findings from the survey. Nearly seven out of ten respondents believe their organizations are more likely to be targeted by a cyber attack in 2015. However, 94 percent indicated that their ability to detect and prevent data breaches will improve in 2015.

There is nothing wrong with IT professionals’ having confidence in their efforts and capabilities when it comes to protecting against cyber attacks, and defending against data breaches. But saying that security defenses will improve is a long way from saying it will be effective or sufficient. There are variety of ways a company can improve security policies and tools, yet still be exposed to significant risk. When more than 80 percent of those surveyed are issuing personal guarantees, it suggests that IT professionals are in denial and continue to believe that data breaches are just something that happens to other companies.

If you had asked a year ago, Target, Home Depot, Michael’s, and other victims of recent major data breaches would most likely have stated that they, too, were confident in the security policies and tools they had in place. The compromise of point-of-sale systems, though, and attacks like the DarkHotel cyber espionage campaign have a way of evading detection and wreaking havoc despite the best laid plans of IT professionals.

What does that mean for customers? You can exercise some control by choosing which companies you’re willing to do business with, but ultimately you’re going to be trusting your data to someone. 

However, you can’t afford to have complete faith. Nobody will guard your data as tenaciously as you will yourself. Take steps to protect yourself: Use strong passwords, employ two-factor authentication anywhere you can, and use more secure methods of payment where possible—especially during the upcoming holiday season.

Hipstamatic takes on Vine with Cinamatic, a new iOS app for shooting square-format videos

Craigslist hack knocks web classified site offline: Who’s behind it?

This article originally appeared on The Next Web

shutterstock_177975611

The venerable web classifieds site, Craigslist, was knocked offline last and is still not loading for visitors. Local versions are redirecting for others. Users visiting the site yesterday evening were redirected to a site called Digital Gangster as a result of what looks like a DNS hijack.

Presumably unable to cope with the huge amount of traffic Craigslist itself receives, the Digital Gangster website itself is now inaccessible. The Digital Gangster forum was the source of a well-publicised Twitter hack in 2009 and the theft of Miley Cyrus photos from her Gmail account in 2008.

Craigslist’s domain record was modified yesterday, with the new domain name registrant listed as “steven wynhoff @LulzClerk”. @LulzClerk is a suspended account Twitter. Steven Wynhoff, meanwhile, does have a live Twitter account but it hasn’t tweeted since 2013.

Wynhoff’s name has been attached to the hijacking of YouTube accounts dedicated to Call of Duty and to the alleged hacking of Bitcoin creator Satoshi Nakamoto’s email earlier this year.

Given that there are a number of postings online purporting to “dox” Wynhoff i.e. expose his personal information, it seems fairly likely that he’s not the person behind the Nakamoto incident or the attack on Craigslist. You’d have to be phenomenally stupid to use your real name in an attack on a hugely popular website.

While Craigslist’s domain record has now been restored to its rightful owners, the site remains offline. If the issue is a simply DNS attack, it could take several hours for it to come back online as the settings propagate across global servers. That explains why the site appears to be slowly getting back to normal.

DNS attacks are generally not complex and rarely involve breaches of customer data. Instead, hackers use phishing and other social engineering attempts to get access to the accounts that control the domain name.

We’ve contacted Cragslist and will update this post with more information when we get it.

Craigslist.org [via Hacker News]

Image credit: Gil C / Shutterstock.com” target=”_blank”>Gil C/Shutterstock 

A week with iOS 8

Here’s why the iPhone ‘Masque Attack’ security flaw is so scary


iOS 8 Security Flaw

Earlier this month, researchers at cybersecurity firm FireEye discovered a vulnerability in the iOS operating system which could allow hackers to replace legitimate apps with malicious copies, giving them access to any data the user entered into the hacked app. These “Masque Attacks” were enough of a threat to convince the U.S. government to release a statement warning iPhone users to avoid downloading apps from third-party sources until the issue could be resolved.

Apple was quick to issue its own response, downplaying the severity of the vulnerability, but further research by Trend Micro seems to indicate that the threat is even more serious that originally reported.

FROM EARLIER: Apple says iOS 8 ‘Masque Attack’ has not affected a single person yet

According to Trend Micro, malicious apps installed on an iOS device could allow hackers to access unencrypted data from legitimate apps on the device.

“We tested several apps and found that some of the popular iOS apps do not employ data encryption for their databases,” writes Trend Micro’s Brooks Hong. “In our analysis, we simply used file browsers to access these files. Additionally, the apps we tested are messaging/communication apps, which means that they store a lot of sensitive information like names and contact details.”

Once hackers successfully infiltrate an iPhone or iPad through a Masque Attack, they will be able to trawl through unencrypted messaging and communication apps to find information they could use maliciously.

Interestingly, many of the Android counterparts to the iOS messaging apps Trend Micro tested were encrypted. This might be a result of Android being more susceptible to malware, whereas iOS developers haven’t had to deal with these issues in the past.

Apple says that it is not aware of any users who have been affected by Masque Attacks, but based on the potential outcome of being a victim of one of these attacks, we should all remain cautious when downloading software to our iOS devices.

Driverless cars could face threat from hackers trying to cause road chaos

Driverless cars could face threat from hackers trying to cause road chaos

Driverless cars will need to be protected from hackers who could take control of vehicles to cause chaos on the roads, cyber security and transport experts have warned.

While autonomous vehicles, such as Google’s self-driving car, could reduce road casualties by eliminating human error, they could also increase the risk of accidents amongst motorists who continue to use manual cars if they are allowed to mix on the same roads.

Recent research conducted in driving simulators has shown that human drivers change their behaviour when using the same road as autonomous cars by copying the driving styles and leaving less space between the vehicle in front.

While an autonomous vehicle equipped with sensors would be able to react almost instantaneously, reaction times in human drivers are slower.

The warnings come as the Institution of Engineering and Technology (IET) publishes a report on autonomous vehicles and how they can be integrated onto British roads.

It predicts that within 15 years there will be fully autonomous vehicles taking goods and people around Britain, bringing cheaper and safer mobility for passengers.

Driverless cars could also lead to more people living in the countryside as the vehicles will make it easier to get around in rural locations without being able to drive.

This could prove particularly beneficial for older people who retire to the countryside and find they can no longer drive themselves as they get older, yet still need to access shops and healthcare.

The first driverless vehicles are expected to begin appearing on Britain’s roads from January next year under a series of trials to be conducted in three cities by the Department for Transport.

However, Hugh Boyes, cyber security lead at the IET, said the reliability and security of software used in driverless cars will be a major issue for manufacturers and insurers.

He said: “If the hacker community could start to target vehicles we can imagine a fair amount of chaos.

“The motor industry is really strong on safety but if someone tries to interfere with the vehicle, tries to hack it and disrupt it, then these don’t fall under the typical safety issues.

“Unfortunately living in the world today people do try to tamper with technology. The industry is only just starting to recognise this.”

He also said that software would have to be reliable and bug free. “Recent reports analysing software show that 98% of applications have serious defects and in many cases there were 10-15 defects per application,” he said.

“If ultimately you want to use autonomous vehicles, we need to make sure they don’t have a defect.”

Earlier this year Vince Cable, the business secretary, announced that trials of driverless vehicles on public roads will begin in Britain in January 2015.

In January Newcastle will also start trialling technology where traffic lights can communicate with vehicles to help traffic flow more smoothly.

Major companies including Nissan and Volvo have already begun testing driverless cars in other countries while Google’s own driverless car has clocked up more than 1m miles on the open road.

During that time Google has said its autonomous vehicle was only involved in one accident, which occurred when a human driver took control.

Experts predict that using such vehicles can help improve road safety and allow busy road networks to cope with greater numbers of vehicles.

Autonomous cars, fitted with radar systems, cameras and other sensors to detect their surroundings, will be able to drive closer together while those connected to central networks can be rerouted to ease congestion.

According to Dr Nick Reed, principal human factors researcher at the Transport Research Laboratory in Crowthorne, Berkshire, 95% of the 1.2m annual deaths worldwide on the road involve human error. However, he warned that integrating human drivers and autonomous vehicles on the roads at the same time could present serious challenges.

This article originally appeared on guardian.co.uk

Researcher disputes report BlackPOS used in Home Depot, Target attacks

Attackers trading malware for privilege

Hackers will use malware, among other techniques, to break into enterprise systems but once they’re in, they’re likely to switch away from malware to abusing privileged accounts, according to a report released today by CyberArk Software, Ltd., an Israel-based vendor of security solutions for privileged accounts.The report analyses the experience of some of the world’s top cybersecurity and forensics teams — Cisco’s Talos Security Intelligence and Research Group, Deloitte’s Computer and Cyber Forensics Team, Deloitte & Touche’s Cyber Risk Services, FireEye’s Mandiant, EMC’s RSA security division, and the Verizon RISK Team.”A lot of the industry equates malware to the means by which an attack is carried on,” CyberArk CEO Udi Mokady told CSO Online. “But the more computers are infected with malware, the easier it is for a victim to detect an attack.”Instead, hackers switch to using privileged accounts once they’re in a system.”When you’re able to do do that, you can come and go to the organization as you please, and set up additional users that blend in with the normal traffic,” he said.According to Mokady,  most enterprises are unaware of how many privileged accounts they actually have.”Companies typically have three to four times as many privileged accounts as employees,” he said. In fact, compromised privileged accounts are at the heart of 80 to 100 percent of the attacks that cybersecurity teams investigate, he said.”This also explains why attacks are so hard to discover and stop,” he added. “An attacker with access to a privileged account can lie there undetected for 200 days or more.”For example, according to the report, privileged accounts can be used to delete log data and other evidence of illicit activity.In addition, hackers are using a wider range of privileged accounts than ever before.”Security investigators report a range of privileged account exploits, from hacking embedded devices in the Internet of Things to establishing multiple privileged identities in Microsoft Active Directory to ensure redundant points of access,” said the report.One particularly dangerous type of privileged account is the service account used for machine-to-machine communication.”Most companies expect service accounts to be used only internally, so they keep the default passwords,” said Christopher Novak, global managing principal for investigative response for the Verizon RISK Team, one of the experts who contributed to the report.“We’ve seen 25 or 30 attacks recently in which attackers used default passwords,” he added. “And because it’s presumed individuals aren’t using [these accounts], analysts dial down the sensitivity on alerts. Service accounts are out of sight, out of mind.”The report also provides some details about how far attackers will go to gain access to high-value targets.“We’ve set up fake online personas, pretending to be a PhD researching cancer therapies oran engineer developing a new laser module for a defense system,” said Peter Tran, senior director of RSA’s Worldwide Advanced Cyber Defense Practice, in the report. “And what we’re seeing is attackers have gotten really good,” he said. “They’re masquerading as recruiters and reaching out to high-value targets such as senior engineers, business managers. They use social media to start dialogs with valuable insiders, and they take time to cultivate relationships. Based on what we’ve seen, [attackers are] credible enough to fool most people into providing the entry point they need.”