Category Archives: YOUR FILES & RECORDS

Australia likely to get its own GDPR

Everyone in the Australian cybersecurity ecosystem has a role to play to ensure the security of the nation, according to Nationals Senator Bridget McKenzie.

The mandatory data breach notifications laws coming into effect in Australia next year will be followed by other laws to ensure everyone in the digital ecosystem — including government divisions, large corporates, small to medium-size enterprises (SMEs), and consumers — are playing their role in keeping Australia “cyber secure”, according to Senator Bridget McKenzie.

McKenzie, who is the chair of the Foreign Affairs, Defence, and Trade Legislation Committee, likened cyber breaches to the “system of disease in the pre-industrial revolution that just swept through”.

“Cyber breaches have the capacity to wipe out industries, wipe out systems, wipe out communities, if every member of that community or that cyber ecosystem isn’t following best practice when it comes to keeping their information secure,” McKenzie told ZDNet at the Australian Computer Society’s Reimagination Thought Leaders’ Summit.

“It’s not just defence’s job or ASIO’s or DSTO’s or the government’s indeed, but every SME and private homeowner needs to have an eye for cybersecurity, making sure their data’s safe.”

McKenzie said mandatory data breach notifications laws, set to come into effect next year, is a step towards keeping organisations alert and accountable, with other laws expected to be introduced in Australia in the upcoming years, possibly similar to those coming into effect next year in the European Union.

The European Union’s (EU) General Data Protection Regulation (GDPR) will require organisations around the world that hold data belonging to individuals from within the EU to provide a high level of protection and explicitly know where every piece of data is stored.

Organisations that fail to comply with the regulation requirements could be fined up to €20 million, or, in the case of an undertaking, up to 4 percent of the total worldwide annual turnover of the preceding financial year — whichever is higher.

“No longer can you say, ‘Oh I’ll leave it to someone else because the flow-on effects, the interconnectedness, the Internet of Things, is such that if one member of that web, if you like, has a security breach, it has flow-on effects for everybody involved,” McKenzie said.

Additionally, Australians need to have the confidence that they can share private information such as their health details and not have it end up in the public sphere, otherwise the nation will not be able to experience the full benefits of technology, McKenzie said.

Shadow Minister for the Digital Economy Ed Husic said, however, that the government has a long way to go in building that confidence, given 50,000 Australians have been affected by a government data breach that occurred in October. He noted that the breach was not a technological error, but a human error.

“How do we build consumer or citizen confidence about protection of privacy?” Husic said. “50,000 people were affected by a data breach across government, releasing details of passwords and credit cards. It’s not all tech related … people often blame tech for this. It’s people and the way that they use data and it’ll be interesting to see the details that come out on this in the next few days.”

“This data breach occurred back in October, no public explanation of it, no detail about what was known, what was being done to fix it. If we want people to be confident that data is being used well by government, then the government’s got a long way to go to build that confidence.”

Husic added that the government needs to lead by example; it should be notifying the public about data breaches if it wants businesses to do the same.

“[The government’s] got to do some things itself. And you can’t lecture business about getting focused on cybersecurity if you’re losing your own moral authority … because you’re not looking after data within your own batch,” he said.

McKenzie believes in Australia’s growing status as a cybersecurity hub, saying that the nation is equipped with the right expertise in this area. She added that Australia is in the process of creating a strong cybersecurity industry capable of exporting.

“Our law enforcement and intelligence agencies are world-class. We’re also part of Five Eyes, which means we have a lot of access to information and technology and collaboration opportunities,” she said. “We lead the world in quantum computing … and it [has the] potential to contribute further to security of data and security of communications particularly in the intelligence and defence spheres.

“We’ve really got some technical expertise, but also I think a richness around governance frameworks and excellence in regulatory frameworks that can also assist other governments and other organisations worldwide to understand best practices in the area.”

In September, Ambassador for Cyber Affairs Dr Tobias Feakin communicated a similar sentiment, saying Australia has an international standing in cybersecurity, and brings “key qualities” to the table.

Australia has also played a role in the creation of international peacetime norms for cyberspace, including chairing the first United Nations Group of Governmental Experts on Developments in the Field of Information and Telecommunications in the Context of International Security (UN GGE) in 2013, and helping develop the 11 international norms agreed to in subsequent UN GGE meetings.

“We have regional knowledge beyond most. We have a trusted diplomatic brand, and that’s something that we intend to capitalise on. We have strategic and economic interests in the region. And we have long-standing development partnerships across the region already,” Feakin said at the second annual SINET61 conference in Sydney.

“We need to capitalise on those, make the most of them. Not just for us as a government, [and] for regional partners as well, but also for our private sector … We see this issue as central to our economic future,” he said.

“It’s only this year that it’s just reached the point, of tipping over, to 50 percent of all internet users living in the Asia-Pacific. But really, still, there’s huge economic growth to unravel there, because still 60 percent of all households don’t have internet coverage.”

Last month, launching the International Cyber Engagement Strategy, Foreign Minister Julie Bishop said that for the purpose of national security, cyberspace cannot be an ungoverned space.

“Just as we have international rules that guide how states behave, and how states should behave towards each other, the international rules-based order that’s been in place for about 70 years, so too must states acknowledge that activities in cyberspace are governed by the same set of rules as military and security activities in traditional domains,” Bishop said in October.

“The 2016 US presidential election focused the world’s attention on the potential for cyber operations to interfere with democratic processes. This cannot be allowed to continue. It strikes at the very heart of the sovereignty of nations.”

According to the International Cyber Engagement Strategy, Australia will develop an international “architecture for cooperation” including mechanisms to respond to unacceptable behaviour in cyberspace in a timely manner.

“Australia’s responses to malicious cyber activity could comprise law enforcement or diplomatic, economic, or military measures as appropriate for the circumstances. This could include, but is not restricted to, offensive cyber capabilities that disrupt, deny, or degrade the computers or computer networks of adversaries,” the strategy states.

The strategy also implies that the nation has the capability to identify the source of cyber attacks.

“Depending on the seriousness and nature of an incident, Australia has the capability to attribute malicious cyber activity in a timely manner to several levels of granularity — ranging from the broad category of adversary through to specific states and individuals,” the strategy states.

In September, the federal government pledged AU$50 million over seven years for the cybersecurity cooperative research centre (CRC), with over AU$89 million in further funding to come from 25 industry, research, and government partners.

The cybersecurity CRC will deliver solutions to increase the security of critical infrastructure, the government said at the time, which includes “frameworks, products, and approaches that will service existing and future ICT enterprises across a broad range of platforms and operating systems”.

Assistant Minister for Industry, Innovation and Science Craig Laundy said the activities of the cybersecurity CRC will contribute to the objectives laid out in Australia’s AU$240 million Cyber Security Strategy, which is aimed at defending the nation’s cyber networks from organised criminals and state-sponsored attackers.

Related Coverage

Just one day after its release, iOS 11.1 hacked by security researchers

The bugs were found in Apple’s Safari web browser.

With a physical key, Google says it can protect you from nation-state hackers

When two-factor doesn’t cut it against the most sophisticated adversary, Google thinks it has an answer.

IoT security: Keeping users on their toes means staying on yours

IoT has introduced new vulnerabilities that can put your network at risk. Providing users with ongoing security training — and examples that relate to their work — will help keep your data safe.

Hacking group targets banks with stealthy trojan malware campaign

Stolen credentials are used to launch attacks which include the ability to stream live video of the screens of infected users.

This destructive wiper ransomware was used to hide a stealthy hacking campaign

“ONI” ransomware deployed on hundreds of machines in an effort by attackers to cover tracks of “Night of the Devil” campaign — which exploited leaked-NSA exploits.

www.scamsfakes.com

www.crimefiles.net

Henry Sapiecha

Huge Locky ransomware campaign sends 23M messages in 24 hours

Locky ransomware is making a comeback, with one of the largest attacks this year. Here’s how to protect your business.

www.scamsfakes.com

White smudge letter background with metal folder icon and red skull filled with random letters ransomware concept 3D illustration

Earlier this week, a Locky ransomware campaign sent more than 23 million messages out across the US in one of the largest attacks in the second half of 2017, according to a post from AppRiver.

Ransomware dominated the cyberthreat landscape in 2016, increasing more than 600% over the year before, with Locky attacks leading the way. As noted by ZDNet, at the start of 2017 distribution of Locky sharply declined, with Cerber variants taking its place.

But Locky made a comeback in recent months, and this massive attack shows just how dangerous it can be. On Monday, just as many US workers were arriving to their offices, the malicious email campaign began inundating their inboxes. The malware traffic spike began that morning just after 7 a.m. CST, the post noted.

The emails in the attack were “extremely vague,” Troy Gill, manager of security research at AppRiver, wrote in the post. They included subject lines such as “please print,” “documents,” “photos,” “images,” “scans,” and “pictures.”

SEE: 17 tips for protecting Windows computers and Macs from ransomware (free PDF)

Each message included a ZIP attachment that contained a Visual Basic Script (VBS) file nested inside a secondary ZIP file, the post say. When a user clicks on it, the VBS file starts a downloader that reaches out to “greatesthits[dot]mygoldmusic[dotcom]” to pull the latest Locky ransomware.

After that, Locky begins encrypting all files on the user’s machine, and adding [.]lukitus to those encrypted files.

Once the victim’s files have all been encrypted, the attackers change their desktop background to an image with instructions for decryption. They also place an HTM file named “Lukitus[dot]htm” on the desktop.

Then, the victim is instructed to install a TOR browser, and is provided a Darkweb site to pay 0.5 Bitcoins, or about $2,150. Once the payment is made, the attackers promise to redirect the victim to the decryption service.

This attack is still occurring, the post noted. On Monday, AppRiver had quarantined more than 5.6 million messages in the campaign. And there currently are no publicly shared methods to reverse this Locky strain, Gill wrote.

AppRiver recommends the following tips to protect your computer from ransomware attacks:

1. Run regular software and hardware updates. These updates often contain security patches to holes that ransomware and other malware variants exploit. Automatic software updates are the best option, but if not possible, then you should set up alerts for the newest updates. You should also set a max number of times they can “snooze” the alert.

2. Have layered, redundant security in place. Ransomware is often delivered via an email attachment or malvertisement on the web. By having email and web protection, you can prevent ransomware from ever entering your network.

3. Back up your files. A secure backup allows you to rid your network of malware and then restore your files, so you don’t have to pay a criminal and hope he keeps his word to un-encrypt your data.

For more tips on how to avoid and mitigate ransomware attacks, click here

www.scamsfakes.com

Henry Sapiecha

Yahoo hack: Email accounts of Australian politicians, public figures,police and judges compromised in massive breach, dataset has revealed

Yahoo suffers world’s biggest hack with data stolen from ONE BILLION users – including over 150,000 US government and military employees

  • Hackers stole data from more than one billion user accounts in August 2013
  • A different breach from one disclosed in September of 500 million accounts
  • Stolen info includes names, emails, phone numbers and dates of birth
  • The company still doesn’t know how the data from the accounts was stolen

yahoo-ceo-on-stage image www.intelagencies.com

The stolen database contains email addresses,

Key points:

  • Private email addresses, passwords belonging to politicians were obtained by hackers
  • AFP officers, judges and magistrates were also affected
  • Security experts warns the hack has the potential to cause serious embarrassment for officials

Data provided by US security company InfoArmor, which alerted the Department of Defence of the massive data breach last October, reveal more than 3,000 log-in credentials for private Yahoo services were linked to Australian Government email accounts.

InfoArmor, an Arizona-based cybersecurity firm which investigates data theft for law enforcement agencies, said the data was stolen from Yahoo in 2013 by a hacker organisation from Eastern Europe.

It said the hacker group then sold the Yahoo accounts to cyber criminals and a suspected foreign intelligence agency for $US300,000 each.

Yahoo revealed late last year that it believed hackers had stolen data from more than 1 billion user accounts in August 2013, in what is thought to be the largest data breach at an email provider.

A Department of Defence spokesperson confirmed key events to the ABC, including:

  • Defence was notified of the breach last October via an intermediary from NSW Police, two months before Yahoo announced the data breach to the public
  • It then notified its own affected employees of the breach

It remains unclear whether affected staff from other Commonwealth agencies have also been notified by their departments.

The stolen database contains email addresses, passwords, recovery accounts, and other personal identifying data belonging to a startling array of senior Australian officials.

Among those affected were Social Services Minister Christian Porter, Shadow Treasurer Chris Bowen, Victorian Premier Daniel Andrews, Liberal MP Andrew Hastie, opposition health spokesperson Catherine King and Liberal senator Cory Bernardi.

It is unclear how many of the accounts are still active.

The ABC was able to identify officials in the dataset because they had used their government emails as backups if they forgot their passwords.

Last week, the ABC approached each of these affected politicians’ offices, as well as some public servants, seeking confirmation of the authenticity of these log-in credentials. Most declined to do so.

The compromised accounts do not exclusively relate to clients of Yahoo’s email service, but also Yahoo-affiliated web services such as the microblogging site Tumblr and the photo sharing site Flickr.

A spokeswoman for Mr Porter said “as far as the Minister is aware he has never used a Flickr account”.

A spokesperson for Senator Bernardi said “to the best of his knowledge, [Senator Bernardi] doesn’t have a Yahoo account.”

One advisor told the ABC it was possible some accounts linked to politicians were set up by former staffers.

Others who did respond confirmed the log-in credentials are accurate.

Do you know more about this story? Email investigations@abc.net.au

Accounts linked to police, judges also compromised

Other government officials compromised include those carrying out sensitive roles such as high-ranking AFP officers, AusTrac money laundering analysts, judges and magistrates, political advisors, and even an employee of the Australian Privacy Commissioner.

“Perhaps records of transactions of purchases, or discussions or things they’ve done. Private conversations that they didn’t want to do on a government server. Perhaps they’ve engaged in some sort of shady activity. Or just expenses for politicians, for example, that they might have tried to keep out of official channels.

“Blackmail information is very valuable to other governments for nudging or persuading people to do things.”

Another challenge facing the Government is how to deal with compromised private accounts belonging to some Australian diplomats and special defence personnel posted overseas. Many of the officials featured in the dataset are employed in roles with security clearances that are intended to be low-profile.

“If I was in a position where my relationship with the government wasn’t to be known by others, then absolutely you shouldn’t be linking a government account to your personal accounts,” Mr MacGibbon said.

Hackers have had years to exploit data

A further problem is the protracted period between the Yahoo data breach itself, which dates back to March 2013, to the eventual public confirmation of Yahoo, over three years later.

Andrew Komarov, InfoArmor’s chief intelligence officer, said malicious hackers would have had literally years to exploit the users’ data.

“The bad actors had enough time to compromise any records they wanted as it’s a pretty significant time frame,” Mr Komarov said.

“That’s why today is pretty hard to figure out what exactly happened and how many employees in government could be compromised.”

According to InfoArmor, the hacker group responsible are an Eastern European cyber-criminal organisation motivated by profit, rather than a state-sponsored entity.

“This group has no presence on any forums or marketplaces. In the past they used two proxies: one for the Russian-speaking underground and another one for the English-speaking,” Mr Komarov said.

“They sell their data indirectly using some trusted channels, contacts and proxies. Not through any marketplaces or forums because of their security measures. They don’t need it.

“They have pretty serious contacts in the underground and some trusted rounds of various cybercriminals with whom they work.”

CLUB LIBIDO BANNER blonde on floor

Henry Sapiecha

YAHOO SPIED ON 500M USERS EMAILS REQUESTED BY FEDERAL AGENCIES

Published on 5 Oct 2016

An unsettling report says Yahoo complied with government requests to scan all incoming user emails, and even wrote a special program to do so. Between this news and the massive data breach, how can consumers trust Yahoo with their privacy?

CLUB LIBIDO BANNER THE EYES HAVE IT

Henry Sapiecha

Census: The ABS has been quietly holding on to our names for years

The Bureau of Statistics has been quietly hanging on to the names it collects with the census to conduct studies, despite a public commitment to destroy them.

Census changes

Find out why no one will be knocking at your door with census forms this year.

Australian statistician David Kalisch told Fairfax Media the Bureau had been keeping the names it collected for up to 18 months.

“They’ve done it under the guise of: ‘this is while we are processing the data’,” he said.

Australian statistician David Kalisch image www.intelagencies.com

David Kalisch says: ‘We are now being more transparent about it’. Photo: Rohan Thomson

“They’ve done linkages, they’ve done other things. What’s happening now is we are being more transparent about it.”

The studies have been conducted despite a commitment on the ABS website that “name and address information will be destroyed once statistical processing has been completed“.

They used the names and addresses on census forms to link the census answers to department of immigration records, to school enrolment records and to the Australian Early Development Index.

The names were destroyed only after the records were linked.

Separately, and without asking for consent, the Bureau has been tracking five per cent of the population (more than one million people) through what it calls the Australian Census Longitudinal Dataset.

It has been using the names on the forms to create “linkage keys”, which enable it to follow respondents over time. Each census, the same name produces the same linkage key, enabling movements to be tracked. Once each key has been created, the name itself has been destroyed. It is impossible to reverse-engineer a key to derive the name.

“In 2016, I have decided to keep names and addresses for longer,” Mr Kalisch writes in today’s Sydney Morning Herald and Age. “This will enable the ABS to produce statistics on important economic and social areas such as educational outcomes, and measuring outcomes for migrants.”

Labelled by former Australian Statistician Bill McLennan “the most significant invasion of privacy ever perpetrated on Australians by the ABS,” the decision will formalise what was happening informally before Mr Kalisch joined the ABS in 2014. It will extend the period for research using names from 18 months to four years. All names collected will be deleted by August 2020 or when studies have been completed, whichever is the soonest.

What’s happening now is we are being more transparent about it.

Australian Statistician David Kalisch

The decision is a retreat on a announcement in December that names and addresses on census forms would be retained indefinitely.

“There are extremely robust safeguards in place to protect the privacy and confidentiality of the information collected in the census, including names and addresses,” Mr Kalisch writes in today’s Fairfax Media publications. “The ABS never has and never will release identifiable census data.”

Kat Lane, vice-chair of the Australian Privacy Foundation, said the real issue wasn’t the ABS security system. It was that there was no justification for tracking or personally identifying Australians.

1dft

Henry Sapiecha

171 million VK.com [Europe’s largest social network site] accounts stolen by hackers

It’s the latest of a string in historical hacks targeting large social networking sites.

vk-hero-screen-shot image www.intelagencies.com

A hacker has obtained 171 million user accounts associated with social networking giant, VK.com.

The stolen database contains full names, email addresses and plain-text passwords, and in many cases locations and phone numbers.

The St. Petersburg, Russia-headquartered social network — formerly known as VKontakte — is said to be the largest in Europe, with over 350 million users at the last count. The hack is thought to have been carried out in late-2012 or early 2013, but the hacker who is selling the data could not be more precise.

Given the timing, the entire store of VK’s data — which at the time had just under 190 million users — is likely to have been taken in the hack.

The hacker is now selling a smaller portion of the database — 100 million accounts, which is a little over 17 gigabytes in size — on a dark web marketplace for 1 bitcoin, or about $580 at the time of writing.

That same for-sale database was provided ZDNet for verification.

vk-com-screen-shot-2 image www.intelagencies.com

We examined the database that was provided by searching a selection of names in VK’s public search engine — many of which turned up valid results. We reached out to many of these via email (which were listed in the breach) for confirmation, but didn’t immediately hear back — we will update the story if that changes. A handful of queries returned nothing, indicating a user was no longer a member or had deactivated their account.

LeakedSource.com, a search engine that records breaches and allows users to search their details, also obtained a portion of the database — albeit a smaller data set of about 100 million records.

Given the social network’s predominance in Russia, the most common password was “123456,” in line with other breaches. LeakedSource.com also found that the most common email address came from mail.ru, which may not be a coincidence, since VK.com was bought by the Mail.ru group in 2014. That led to the ousting of the company’s founder, Pavel Durov, who later fled Russia amid a shake-up of the country’s media laws. Durov later founded encrypted chat app Telegram.

For its part, VK.com said in an email on Monday that it “hasn’t been hacked.”

“We are talking about old logins / passwords that had been collected by fraudsters in 2011-2012. All users’ data mentioned in this database was changed compulsorily,” said a spokesperson. “Please remember that installing unreliable software on your devices may cause your data loss. For security reasons, we recommend enabling 2-step verification in profile settings and using a strong password.”

An email to Durov on Sunday went unreturned.

Correction: an earlier version of this story had a headline which suggested that 171 million user accounts are up for sale, when in fact a smaller 100 million database was put up for sale. We regret the error.

BBB

Henry Sapiecha

 

Hacker places over 50 million file sharing accounts for sale on dark web

The recently-defunct IT company was once the third-largest music and video file sharing service in the US.

SAMSUNG CSC

SAMSUNG CSC

User accounts for iMesh, a now defunct file sharing service, are for sale on the dark web.

The New York-based music and video sharing company was a peer-to-peer service, which rose to fame in the file sharing era of the early-2000s, riding the waves of the aftermath of the “dotcom” boom. After the Recording Industry Association of America (RIAA) sued the company in 2003 for encouraging copyright infringement, the company was given status as the first “approved” peer-to-peer service.

At its peak in 2009, the service became the third-largest service in the US. But last month, iMesh unexpectedly shut down after more than a decade in business.

LeakedSource, a breach notification site that allows users to see if their details have been leaked, has obtained the database.

The group’s analysis of the database shows it contains a little over 51 million accounts.

The database, of which a portion was shared with ZDNet for verification, contains user information that dates back to late-2005 when the site launched, including email addresses, passwords (which were hashed and salted with MD5, an algorithm that nowadays is easy to crack), usernames, a user’s location and IP address, registration date, and other information — such as if the account is disabled, or if the account has inbox messages.

LeakedSource said in a blog post that iMesh was likely breached in September 2013, based on the most recent records in the database.

imesh-screen-shot image www.intelagencies.com

In a message on Saturday, one of the group members said that “someone obviously hacked” the site, but did not speculate on who was responsible. “Who knows who really did it,” the person said.

For its part, the company’s chief operating officer Roi Zemmer said in an email that the company “is not aware of any hacks” and “is currently using state of the art technology to protect users’ info.”

After repeated requests, Zemmer did not confirm whether or not a sample of the database we sent him, which was provided by LeakedSource, was valid. Zemmer did not outright deny that the company had been hacked.

Attempts to follow up with Zemmer over the weekend went unanswered.

Given that the service is no longer operational, it’s difficult to verify the data. We reached out by email to a number of those who most recently to joined the service (which were listed in the breach) for confirmation, but we didn’t immediately hear back over the weekend. (We will update the story if that changes.)

What made the verification process more challenging is what appeared to be a considerable drop in user numbers in the site’s later years, based on LeakedSource’s analysis of the data. The service reached a peak of 9.4 million new users in 2009, but its growth had slowed to just 2.5 million new users by 2013 when the hack is said to have been carried out.

As many as 13 million accounts are from the US, with millions more from the UK and Europe.

The data is now up for sale on the dark web.

The hacker and seller who goes by the name “Peace,” who made a name for himself selling stolen data from Fling, LinkedIn, Badoo, and VK.com, also obtained a copy of the database — now thought to be in wide circulation among the hacker community.

In an encrypted chat, Peace confirmed that he is now selling the database on a dark web marketplace for 1 bitcoin, or about $590 at the time of writing.

SSW

Henry Sapiecha

 

Hacker claims to be selling millions of Twitter account details

The hacker has links to the MySpace, LinkedIn, & Tumblr “mega breaches.”

twitter-offices-signage image www.intelagencies.com

A hacker, who has links to the recent MySpace, LinkedIn, and Tumblr data breaches, is claiming another major tech scalp — this time, it’s said to be millions of Twitter accounts.

A Russian seller, who goes by the name Tessa88, claimed in an encrypted chat on Tuesday to have obtained the database, which includes email addresses (and sometimes two per person), usernames, and plain-text passwords.

Tessa88 is selling the cache for 10 bitcoins, or about $5,820 at the time of writing.

The seller said they obtained 379 million accounts as early as 2015. That would be far more than its 310 million monthly active users, but could account for cumulative accounts, such as inactive users.

An analysis of the database by LeakedSource, a breach notification site which received the database from the seller on Wednesday, showed there are in fact over 32 million purported accounts in the database, after duplicates were removed.

LeakedSource said in a blog post that it was unlikely that Twitter was breached, and pointed to malware as the culprit.

“The explanation for this is that tens of millions of people have become infected by malware, and the malware sent every saved username and password from browsers like Chrome and Firefox back to the hackers from all websites including Twitter,” the blog post said.

The group said it was able to verify the passwords associated with 15 users. LeakedSource shared a portion of the database with me. Two colleagues whose email addresses were in the database were able to verify their password. A third colleague said they had not used the email address found in the database to join Twitter.

LeakedSource said that the passwords were likely “stolen directly from consumers, therefore they are in plaintext with no encryption or hashing.” The groups said it did not believe that Twitter stored data in plain-text at the time the data was taken, thought to be around 2014.

“These credentials however are real and valid,” said the group. “The lesson here? It’s not just companies that can be hacked, users need to be careful too.”

As we’ve seen in recent data breaches, the most common password was “123456,” with the third and fourth password being “qwerty” and “password” respectively.

A Twitter spokesperson said in prepared statement: “We are confident that these usernames and credentials were not obtained by a Twitter data breach — our systems have not been breached. In fact, we’ve been working to help keep accounts protected by checking our data against what’s been shared from recent other password leaks.”

In a recent tweet, the company also said that it periodically checks its data against recent password leaks to ensure that accounts stay secure.

Given the high-profile Twitter account takeovers in recent days — which included Facebook co-founder Mark Zuckerberg — it would be an easy assumption to make that Twitter had been hacked.

But Zuckerberg’s account was not in the database obtained by LeakedSource, the blog post said.

The hackers who took over Zuckerberg’s account said at the time they acquired his “dadada” password from the LinkedIn breach.

When asked, a LinkedIn spokesperson declined to comment, pointed to a recently-updated company blog post, but ruled out any new breach, and advised users to change any re-used passwords on other sites.

f6

Henry Sapiecha

MySpace hackers place another 427 million passwords up for sale

Password theft should make victims change credentials they have re-used for other sites.

security-lock-abstract-thumb image www.intelagencies.com

In another haunting hack from the past, Time Inc. has confirmed the theft of 427 million passwords from MySpace, the aging social networking site the media company acquired just three months ago.

The records were offered for sale on the dark web by the same hacker who posted for sale a trove of 117 million stolen LinkedIn passwords nearly two weeks ago. The posted price for MySpace credentials is 6 bit coins or about $3,200 at today’s rate.

The MySpace incident is tied to a June 11, 2013 hack, according to LeakedSource, while the LinkedIn episode dated back to 2012. LeakedSource is the same web site that confirmed the LinkedIn theft.

The important similarity of these dated incidents lies in the fact that hackers could use these recently posted stolen passwords to break into current accounts of victims who re-use passwords across many sites, including banking and health services.

The recent 2016 Verizon Data Breach Investigation Report showed that 63% of confirmed data breaches involved weak, default or stolen passwords.

Social media users made light of the aging passwords, including Paul Hosford, a reporter with the Irish media site thejournal, “If MySpace hackers have managed to get hold of my password, can they tell me what it is?”

But even past its prime, MySpace reports today 50 million visitors per month. On its blog, MySpace said the stolen passwords have been inactivated on its site, and it encouraged users to set new passwords on accounts where they used the same or similar password from their MySpace account.

LeakedSource reported that the MySpace passwords were stored in SHA1 with no salting, a process that makes decrypting passwords exponentially harder. MySpace confirmed the stolen data included user login data “from a portion of accounts that were created prior to June 11, 2013.”

Time Inc., which own titles such as Fortune and Sports Illustrated, acquired MySpace when it bought parent company Viant Technology in February. Terms of the deal were not disclosed, but at the time Time Inc. chairman and CEO Joe Ripp, said, “This acquisition is game changing for us.” Today, the change seems to be dealing with a major hack of private account data.

Since its heyday early in this century as the world’s largest social media site, MySpace was acquired in 2005 by News Corp. for $580 million and again in 2011 for $35 million by Justin Timberlake and Specific Media Group.

www.socialselect.net

7745

www.scamsfakes.com

Henry Sapiecha

“Skynet” is 4 real, and maybe flag you as a terrorist

National security

terminator-skynet image www.intelagencies.com

A scene from “Terminator.” (Screenshot: Warner Bros. via CNET/CBS Interactive)

It may not be quite the self-aware computer network that takes over millions of computers and machines, but “Skynet” is real.

Documents published by The Intercept, leaked by NSA whistleblower Edward Snowden, confirm that the Skynet program exists — at least in name only. Its name comes from the intelligent computer defense system in the “Terminator” films, which later destroys most of humanity in a nuclear apocalypse.

The National Security Agency program analyzes location and metadata from phone records to detect potentially suspicious patterns, according to the publication. In one example, it was used to identify people that act as couriers between al-Qaeda leadership. (This may have been the program that helped identify Osama bin Laden’s courier, leading to his targeted killing in Pakistan by US forces in 2011.)

According to one of the documents, it uses “behavior-based analytics,” such as low-use phones that only take incoming calls, SIM card or handset swapping, or frequent disconnections from the phone network (such as powering down cellphones). Also, repeated trips mapped out by location data, including visits to other countries or airports, can flag a person as being suspicious — or a potential terrorist.

More than 55 million cell records collected from major Pakistani telecom companies were fed into the Skynet system to determine targets of interest, the document said.

But questions remain around why the program flagged a prominent Al Jazeera journalist as a “member” of al-Qaeda. It’s probably not a surprise that the system alerted on Ahmad Muaffaq Zaidan, a Syrian national, based on his frequent travel between Afghanistan and Pakistan. But the fact that it identified him as a member of a terrorist group is a mystery, as well as a great concern.

Zaidan “absolutely” denied that he is a member of al-Qaeda, and criticized the US government’s “attempt at using questionable techniques to target our journalists.”

5FY6RBJU

Henry Sapiecha