You can’t build a backdoor that only the good guys can walk through. Encryption protects against cybercriminals, industrial competitors, the Chinese secret police and the FBI. You’re either vulnerable to eavesdropping by any of them, or you’re secure from eavesdropping from all of them.

Backdoor access built for the good guys is routinely used by the bad guys. In 2005, some unknown group surreptitiously used the lawful-intercept capabilities built into the Greek cell phone system. The same thing happened in Italy in 2006.

In 2010, Chinese hackers subverted an intercept system Google had put into Gmail to comply with US government surveillance requests. Back doors in our cell phone system are currently being exploited by the FBI and unknown others.

 …


We need to fight this. Strong encryption protects us from a panoply of threats. It protects us from hackers and criminals. It protects our businesses from competitors and foreign spies. It protects people in totalitarian governments from arrest and detention. This isn’t just me talking: The FBI also recommends you encrypt your data for security.

As for law enforcement? The recent decades have given them an unprecedented ability to put us under surveillance and access our data. Our cell phones provide them with a detailed history of our movements. Our call records, e-mail history, buddy lists, and Facebook pages tell them who we associate with. The hundreds of companies that track us on the Internet tell them what we’re thinking about. Ubiquitous cameras capture our faces everywhere. And most of us back up our iPhone data on iCloud, which the FBI can still get a warrant for. It truly is the golden age of surveillance.

Europol's Cybercrime Centre says 100 hacker behind internet cybercrime

image

Troels Oerting, head of Europol’s Cybercrime Centre said that as little as 100 good programmer are behind all the internet cybercrime, and the majority of them are located in Russian speaking countries.

"We can still cope but the criminals have more resources and they do not have obstacles. They are driven by greed and profit and they produce malware at a speed that we have difficulties catching up with."

According to Oerting, Russian-speaking criminal gangs were creating and testing malware and then selling it as a service in online forums.

"Then it is downloaded by all kinds of criminals, from Eastern Europe, Europe, Africa and America,.. It is so easy to be a cybercriminal. You don’t have to be a cyber-expert because you just download the programs that you want to use." he said

Ah, but that’s the thing: You can’t build a “back door” that only the good guys can walk through. Encryption protects against cybercriminals, industrial competitors, the Chinese secret police and the FBI. You’re either vulnerable to eavesdropping by any of them, or you’re secure from eavesdropping from all of them.
Phone Apps Spy on Hong Kong Protesters

Phone Apps Spy on Hong Kong Protesters

Security experts say China is a leading source of hacking attacks aimed at foreign governments and companies to computers in China

HONG KONG (AP) — The Chinese government might be using smartphone apps to spy on pro-democracy protesters in Hong Kong, a U.S. security firm said.

“The Xsser mRAT represents a fundamental shift by nation-state cybercriminals from compromising traditional PC systems…

View On WordPress

What is Browser Hijacking?

Imagine it. You sit down at your computer about to do your daily perusal of Buzzfeed  or check out The Financial Times but your homepage is now some weird search engine you’ve never seen before. Guess what? You’ve been hijacked.

image

Browser hijacking is when your Internet browser (eg. Chrome, FireFox, Internet Explorer) settings are modified. Your default home or search page might get changed or you might get a lot of advertisements popping up on your computer. This is done through malicious software (malware) called hijackware. A browser hijacker is usually installed as a part of freeware, but it can also be installed on your computer if you click on an attachment in  an  email, visit an infected site (also known as a drive-by download), or download something from a file-sharing site.

Once your browser has been hijacked, the cybercriminal can do a lot of damage. The program can change your home page to a malicious website, crash your browser, or install spyware. Browser hijackers impede your ability to surf the web as you please.

Why do criminals use browser hijackers?

Like other malware and scams,  hijacked browsers can bring in a good chunk of money for the hacker. For example, one browser hijacker, CoolWebSearch, redirects your homepage to their search page and the  search results go  to links that the hijacker wants you to see. As you click on these links, the cybercriminal gets paid. They can also use information on your browsing habits to sell to third parties for marketing purposes.

Browser hijackers are annoying and sometimes they can be tough to get rid of. Here are some ways to prevent your browser from getting hijacked:

  • Carefully read end user license agreement (EULA)documents when installing software. Often times, mentions of browser hijackware are hidden in the EULA, so when you accept the user agreements, you might be unknowingly accepting malware.
  • Be cautious if you download software from free sites. As the old saying goes, free is not always free—you may be getting additional items with your free download.
  • Keep your browser software up-to-date.
  • Use comprehensive security software, like the McAfee LiveSafe™ service, to keep all your devices protected.

For other security tips and advice, follow McAfee_Consumer on Twitter or like the McAfee Facebook page.

Robert Siciliano is an Online Security Expert to McAfee. He is the author of 99 Things You Wish You Knew Before Your Mobile was Hacked!Disclosures.

2014 Top cyber-security threats that should worry you.

2014 Top cyber-security threats that should worry you.

Our lives have been greatly enriched by the advent of modern tools such as social media and online commerce. We’re now able to share and exchange information across social strata and geographical boundaries in ways unimaginable a generation ago. These tools have also given rise to a phenomenal magnitude and diversity of information on a scale never before seen. With the data storage industry…

View On WordPress

Expand

As the internet becomes more and more integrated into our everyday life, it is creating an ever-growing array of criminals looking for ways to take advantage of those who have not taken steps to secure their digital lives. Even big name companies are not immune to these talented criminals. Major security breaches have meant the loss of significant personal details and financial records of people all over the world. As if the theft of your private information isn’t frightening enough, it’s …
Read the full post here: The Rise of the Cybercriminal

Злоумышленники, вероятно проживающие в городке Гранд Форкс, штат Северная Дакота, придумали оригинальный способ завлечения на вредоносные сайты. Жертвами киберпреступников оказались владельцы автомобилей, рискнувшие припарковать свой личный транспорт в неположенном месте. Злоумышленники прикрепляли на лобовое стекло автомобиля желтый билет со следующим текстом: “НАРУШЕНИЕ ПРАВИЛ ПАРКОВКИ! Этот автомобиль нарушает общепринятые правила парковки. Для просмотра снимка, демонстрирующего факт нарушения, и ознакомления с правилами перейдите на указанный сайт”. На данном web-сайте демонстрировались изображения машин с закрашенными номерами, сделанные на городских автостоянках. Для просмотра снимка собственного автомобиля совсем ничего не подозревающим автолюбителям предлагалось загрузить на свой компьютер инструмент под названием PictureSearchToolbar.exe. Соглашаясь на загрузку “необходимого” браузерного компонента, пользователь устанавливал на компьютер троянскую программное обеспечение. При попытке перезагрузки системы приложение выводило на дисплей фальшивое уведомление об обнаружении опасного вируса и предлагало скачать “противоядие”. Киберпреступники, распространяющие опасные уведомления, пока не найдены. Однако, это 1 из тех редких случаев, когда у правоохранительных органов есть реальный шанс задержать членов хакерской группировки или хакера-одиночку без привлечения компьютерных специалистов.

Virgin Media Customers Targeted in Phishing Scam
Emails purporting to come from Virgin Media customer service department in relation to an alleged bill processing issue, seek to steal the credentials for accessing the service.<br/><br/>The messages are well-crafted, and in order to increase the rate of success, they include a variety of reasons that could have led to payment processing problems.<br/><br/>In the fake notification, the cybercriminals claim that logging into the My Virgin Media account and filling the fields with updated personal information w…

Source: General Security News | Hackerstorm.co.uk News http://ift.tt/1DlfOzX
October 18, 2014 at 12:36PM via \hack\
Not Just Governments Hacking Your Computers Via YouTube Videos; Malicious Ads Found On Popular Videos | Techdirt

Reposted from http://ift.tt/1rIkIOX on October 17, 2014 at 12:09PM

Over the summer, a research report came out detailing how “lawful intercept” offerings from Hacking Team and FinFisher could be used to hack computers via YouTube videos. YouTube quickly closed the vulnerability that enabled this (a man-in-the-middle attack on non-SSL’d videos), but it appears that criminals are still figuring out ways to use YouTube videos to hack your computer. The latest trick: exploiting ads on popular YouTube videos:

This was a worrying development: not only were malicious ads showing up on YouTube, they were on videos with more than 11 million views – in particular, a music video uploaded by a high-profile record label.

The ads we’ve observed do not directly lead to malicious sites from YouTube. Instead, the traffic passes through two advertising sites, suggesting that the cybercriminals behind this campaign bought their traffic from legitimate ad providers.

In order to make their activity look legitimate, the attackers used the modified DNS information of a Polish government site. The attackers did not compromise the actual site; instead they were able to change the DNS information by adding subdomains that lead to their own servers. (How they were able to do this is unclear.)

The traffic passes through two redirection servers (located in the Netherlands) before ending up at the malicious server, located in the United States.

The target here: computers using Internet Explorer (based on our stats, this means that most of the people reading this site were safe from this particular attack). Once again, we see how scammers are using traditional ad networks to do nefarious things. And yet publishers still wonder why so many people decide to use ad blockers.

Permalink | Comments | Email This Story








The United States Computer Emergency Readiness Team (US-CERT) has issued an advisory alerting users of email scams and cyber campaigns using the highly-publicized Ebola virus disease as phishing bait. “Phishing emails may contain links that direct users to websites which collect personal information, such as login credentials, or contain malicious attachments that can infect a…
The post Beware: Cybercriminals Using Ebola Scare to Spread Malware appeared first on The State of Security.

Over the summer, a research report came out detailing how “lawful intercept” offerings from Hacking Team and FinFisher could be used to hack computers via YouTube videos. YouTube quickly closed the vulnerability that enabled this (a man-in-the-middle attack on non-SSL’d videos), but it appears that criminals are still figuring out ways to use YouTube videos to hack your computer. The latest trick: exploiting ads on popular YouTube videos:

This was a worrying development: not only were malicious ads showing up on YouTube, they were on videos with more than 11 million views – in particular, a music video uploaded by a high-profile record label.

The ads we’ve observed do not directly lead to malicious sites from YouTube. Instead, the traffic passes through two advertising sites, suggesting that the cybercriminals behind this campaign bought their traffic from legitimate ad providers.

In order to make their activity look legitimate, the attackers used the modified DNS information of a Polish government site. The attackers did not compromise the actual site; instead they were able to change the DNS information by adding subdomains that lead to their own servers. (How they were able to do this is unclear.)

The traffic passes through two redirection servers (located in the Netherlands) before ending up at the malicious server, located in the United States.

The target here: computers using Internet Explorer (based on our stats, this means that most of the people reading this site were safe from this particular attack). Once again, we see how scammers are using traditional ad networks to do nefarious things. And yet publishers still wonder why so many people decide to use ad blockers.

Permalink | Comments | Email This Story








A major change this year in how online advertisements are sold has been embraced by hackers, who are using advanced ad-targeting capabilities to precisely deliver malware.

Security vendor Invincea said it has detected many instances of people within defense and aerospace companies stumbling across malicious advertisements that are shown only to them, a scheme it calls “Operation DeathClick.” A white paper on the scheme will be released Friday.

The cybercriminals are taking advantage of a sea change in the online advertising industry, which has mostly stopped selling “bulk” user impressions and moved to real-time bidding for advertisements that are highly targeted, said Patrick Belcher, director of malware analysis at Invincea, in a webinar presentation Thursday.

To read this article in full or to leave a comment, please click here



Android Analytics - Android apps statistics and reporting website.
Not Just Governments Hacking Your Computers Via YouTube Videos; Malicious Ads Found On Popular Videos | Techdirt

Reposted from http://ift.tt/1rIkIOX on October 17, 2014 at 12:09PM

Over the summer, a research report came out detailing how “lawful intercept” offerings from Hacking Team and FinFisher could be used to hack computers via YouTube videos. YouTube quickly closed the vulnerability that enabled this (a man-in-the-middle attack on non-SSL’d videos), but it appears that criminals are still figuring out ways to use YouTube videos to hack your computer. The latest trick: exploiting ads on popular YouTube videos:

This was a worrying development: not only were malicious ads showing up on YouTube, they were on videos with more than 11 million views – in particular, a music video uploaded by a high-profile record label.

The ads we’ve observed do not directly lead to malicious sites from YouTube. Instead, the traffic passes through two advertising sites, suggesting that the cybercriminals behind this campaign bought their traffic from legitimate ad providers.

In order to make their activity look legitimate, the attackers used the modified DNS information of a Polish government site. The attackers did not compromise the actual site; instead they were able to change the DNS information by adding subdomains that lead to their own servers. (How they were able to do this is unclear.)

The traffic passes through two redirection servers (located in the Netherlands) before ending up at the malicious server, located in the United States.

The target here: computers using Internet Explorer (based on our stats, this means that most of the people reading this site were safe from this particular attack). Once again, we see how scammers are using traditional ad networks to do nefarious things. And yet publishers still wonder why so many people decide to use ad blockers.

Permalink | Comments | Email This Story








What’s Your Click IQ?: The recent celebrity photo hacks are an unfortunate reminder of how devastating or embarrassing it can be to have your data compromised. But celebrities are not the only ones getting hacked. Cybercriminals aren’t choosy—they’ll send malicious texts, emails, and website links to Jennifer Lawrence and your grandma. And while the celebrity hacks are more publicized, the fact is, every day, hundreds of ordinary people are falling prey to phishing scams. So how can you protect yourself from these cybercriminals? http://bit.ly/11z79fR

Text
Photo
Quote
Link
Chat
Audio
Video