Lifeboat Foundation: Safeguarding Humanity
Toggle light / dark theme

Blog

Category: cybercrime/malcode

Ouch!!!

National Security Agency says tools left exposed by mistake — and dumping by presumably Russia-backed hackers Shadow Brokers.

An FBI investigation into the public dumping of hacking tools used by the National Security Agency (NSA) to uncover security flaws in some networking vendor products is looking at how the tools were exposed on a remote computer, a Reuters report says, quoting people close to the investigation.

Sources say NSA believes it was an inadvertent act by an employee or contractor, but the NSA did not inform manufacturers of the leak because sensors employed to detect misuse of the tools came up empty-handed. NSA may have wanted to take advantage of the theft to gather intelligence and improve its defense, adds the exclusive.

Read more

This is definitely something that we should all be aware of, and watching for.

Submarine cables map (credit: Teleography)

“Over the past year or two, someone has been probing the defenses of the companies that run critical pieces of the Internet,” according to a blog post by security expert Bruce Schneier.

“These probes take the form of precisely calibrated attacks designed to determine exactly how well these companies can defend themselves, and what would be required to take them down. It feels like a nation’s military cybercommand trying to calibrate its weaponry in the case of cyberwar.”

Schneier said major companies that provide the basic infrastructure that makes the Internet work [presumably, ones such as Cisco] have seen an increase in distributed denial of service (DDoS) attacks against them, and the attacks are significantly larger, last longer, and are more sophisticated.

Read more

When the project started, a “Red Team” of hackers could have taken over the helicopter almost as easily as it could break into your home Wi-Fi. But in the intervening months, engineers from the Defense Advanced Research Projects Agency (DARPA) had implemented a new kind of security mechanism — a software system that couldn’t be commandeered. Key parts of Little Bird’s computer system were unhackable with existing technology, its code as trustworthy as a mathematical proof. Even though the Red Team was given six weeks with the drone and more access to its computing network than genuine bad actors could ever expect to attain, they failed to crack Little Bird’s defenses.

“They were not able to break out and disrupt the operation in any way,” said Kathleen Fisher, a professor of computer science at Tufts University and the founding program manager of the High-Assurance Cyber Military Systems (HACMS) project. “That result made all of DARPA stand up and say, oh my goodness, we can actually use this technology in systems we care about.”

The technology that repelled the hackers was a style of software programming known as formal verification. Unlike most computer code, which is written informally and evaluated based mainly on whether it works, formally verified software reads like a mathematical proof: Each statement follows logically from the next. An entire program can be tested with the same certainty that mathematicians prove theorems.

Read more

Edward Snowden has warned people not to use Google’s new chat app, because it lets the company read everything that they say.

Google has finally released its new chat app after showing it off over the summer. It comes with a robot that watches everything people say and then stores it for later analysis, using that data to improve the app itself.

But that also means that chats are stored on Google’s servers indefinitely, and are able to be read by it. The company had initially indicated that the messages would only be stored temporarily, limiting the possible impact of any data breach and retaining some privacy for users.

Read more

Quantum teleportation just moved out of the lab and into the real world, with two independent teams of scientists successfully sending quantum information across several kilometres of optical fibre networks in Calgary, Canada, and Hefei, China.

The experiments show that not only is quantum teleportation very much real, it’s also feasible technology that could one day help us build unhackable quantum communication systems that stretch across cities and maybe even continents.

Quantum teleportation relies on a strange phenomenon called quantum entanglement. Basically, quantum entanglement means that two particles are inextricably linked, so that measuring the state of one immediately affects the state of the other, no matter how far apart the two are — which led Einstein to call entanglement “spooky action at a distance”.

Read more

Hmmm; Chinese antitrust regulators are investigating Microsoft, and Huawei has been shut out of the U.S. telecommunications-equipment market over concerns it might be a front for cyberspying.

Alleged Chinese hacking of American companies may have diminished since tensions over the issue came to a head during Xi Jinping’s state visit to the U.S. last year. At Lawfare, however, security technologist Bruce Schneier describes a recent series of attacks which appear to show “someone […] learning to take down the internet.” “The data I see suggests China,” he writes, “an assessment shared by the people I spoke with.”

Over the past year or two, someone has been probing the defenses of the companies that run critical pieces of the . These probes take the form of precisely calibrated attacks designed to determine exactly how well these companies can defend themselves, and what would be required to take them down. We don’t know who is doing this, but it feels like a large a large nation state. China or Russia would be my first guesses.

Read more

So, here is the real question we in the US should start raising is how does all of this look for the US to its allies, frienemies, etc. with US filling the headlines with statements like this one. No wonders allies and others are expanding their partnerships with Russia.

WASHINGTON (AP) — CIA Director John Brennan warned on Sunday that Russia has “exceptionally capable and sophisticated” computer capabilities and that the U.S. must be on guard.

When asked in a television interview whether Russia is trying to manipulate the American presidential election, Brennan didn’t say. But he noted that the FBI is investigating the hacking of Democratic National Committee emails, and he cited Moscow’s aggressive intelligence collection and its focus on high-tech snooping.

“I think that we have to be very, very wary of what the Russians might be trying to do in terms of collecting information in a cyber realm, as well as what they might want to do with it,” he told CBS’ “Face the Nation” on the 15th anniversary of the Sept. 11 attacks.

Read more

CHANTILLY, Va., Sept. 13, 2016 /PRNewswire/ — Vencore Labs Inc., a wholly owned subsidiary of Vencore Inc., announced today that it has been awarded two prime contracts for the Rapid Attack Detection, Isolation and Characterization Systems (RADICS) program led by the U.S. Defense Advanced Research Projects Agency (DARPA). The contracts have a total value of $17M and work is slated to begin in August of this year.

Vencore Labs Logo (PRNewsFoto/Vencore, Inc.)

The objective of the RADICS program is to develop technologies for detecting and responding to cyberattacks on critical U.S. infrastructure, with an ultimate goal of enabling cyber and power engineers to restore electrical service within seven days in the event of a major attack. Vencore Labs, a leader in smart grid security and monitoring, will conduct research and deliver technologies in three of five technical areas (TA).

Read more

China hasn’t kept it a secret for many months now about the Chinese government desire to have an unbreakable quantum communication networks which is why they launched their Quantum Satellite (the QSS program) last month. What the real story is how QSS is enabling the military to have a leading edge through technologies such as the Quantum Radar capabilities, or using Quantum communications to prevent hacking of their systems while having the ability to hack others. And, this is what has actually been published publically to boot.

Hacked recently covered the efforts of the Chinese government to build unbreakable quantum communication networks. According to analysts, quantum communications networks are so expensive that they could have a “recentralizing effect,” enabling states to recover the ground that they have lost to decentralizing digital technologies. But what if ultra-secure quantum cryptography could be made available to everyone at low cost?

European researchers at the Institute of Photonic Sciences (ICFO), Institució Catalana de Recerca (ICREA), and other research labs, have developed a fast random number generator based on a quantum mechanical process that could deliver the world’s most secure encryption keys in a package tiny enough to use in a mobile device.

“We’ve managed to put quantum-based technology that has been used in high-profile science experiments into a package that might allow it to be used commercially,” says ICFO researcher Carlos Abellan in a press release of the Optical Society of America (OSA). “This is likely just one example of quantum technologies that will soon be available for use in real commercial products. It is a big step forward as far as integration is concerned.”

Read more