Displaying items by tag: hacking

Canadian multinational firm BlackBerry has officially announced it has sold its messaging tools which can be used for encrypting phone calls and text messages to the US federal government – following an endorsement from the National Security Agency (NSA). BlackBerry confirmed that it received notification from the NSA’s National Information Assurance Partnership which reviews commercial technology products to see if they meet enhanced security standards for governments use.

There fear that eavesdroppers are listening in to government communications continues to rise, and has done so over the last number of years. In 2014, one of the first high-profile cases of calls being intercepted was an encrypted mobile phone conversation between a senior US State Department officer and the US ambassador to the Ukraine - the call was intercepted and subsequently leaked online.

BlackBerry is providing the NSA with messaging tools based on technology from Secusmart which is the start-up business the Canadian company acquired in 2014. The start-up had garnered international attention after it won the contract to secure German Chancellor Angela Merkel’s mobile phone in the wake of allegations by a former US intelligence contractor that her phone had been hacked by the NSA.

However, the case into the alleged phone bugging was dropped in 2015, when German prosecutors declared it had not found enough substantial evidence to continue the investigation. BlackBerry has confirmed that its encrypted voice and text messaging products are by other government agencies in Europe, Latin America, Asia and Africa, although Germany remains its biggest customer.

US politics is currently rife with allegations of hacking with two separate investigations underway to determine if Russia played a role in the US presidential election, or if any of Trump’s team conspired with Russian authorities in relation to the election. The FBI and CIA both said it believed Russia was responsible for the e-mail hacking of Democratic presidential candidate Hilary Clinton.

Published in Government

US President Donald Trump has admitted that he spoke with Russian President Vladimir Putin about the prospect of forming a cybersecurity unit at the G20 summit which was held last week in Hamburg, Germany. The scrutiny over cybersecurity has intensified following the recent ransomware attack which destabilized hundreds of businesses and institutions like the NHS in the UK.

The attack only served to indicate further that it doesn’t matter what size your organization is, every entity it seems is extremely vulnerable to these cyber-attacks from those in the murky world of hacking. The US presidential race was dogged by allegations that Russia were involved in influencing the election. Hilary Clinton had her e-mail hacked during the campaign and was subsequently investigated by the FBI – and many political analysts believe this interference ultimately cost Clinton the election.

Both the CIA and FBI on the instruction from the Obama administration were asked to investigate the allegations further – in an attempt to establish whether Russia was responsible for the cyber-attack. The CIA later confirmed that it believed Russia was the source of the hack, but incredibly, this was rubbished by the President-elect Trump.

At the G20 Summit in Hamburg, both presidents were meeting for the first time, and Trump tweeted about the future of forming a cybersecurity unit between the two nations to combat fears over election hacking. He said it was time for the US to work constructively with officials in Moscow.

Trump tweeted, “Putin and I discussed forming an impenetrable cybersecurity unit so that election hacking and many other negative things, will be guarded and safe.” In addition to this, Trump disclosed that he had in fact challenged Putin on the allegations that Russia was responsible for the hacking scandal which embroiled the US presidential election, but said Putin rejected the claims.

Trump tweeted, “I strongly pressed President Putin twice about Russian meddling in our election. He vehemently denied it. I've already given my opinion. We negotiated a ceasefire in parts of Syria which will save lives. Now it is time to move forward in working constructively with Russia!”

Published in Government

According to the Pew Research Center, almost two-thirds of Americans have experienced some sort of data theft or fraud, which has left many people mistrustful of organizations in charge of safeguarding their information. The research found that 41 percent of Americans have encountered fraudulent charges on their credit cards, and 35 percent said they had sensitive information compromised.

A smaller percentage of the individuals surveyed for the research said they had their email or social media accounts compromised or that someone had impersonated them in order to file fraudulent tax returns. Overall, the survey found that 64 percent of participants said they had some form of personal data stolen or compromised.

The greatest concerns according to those surveyed were regarding telecom firms, credit card companies and others, but majority of those surveyed were concerned about the government and of social media companies. Following the epidemic of data breaches and hacks recently, “many Americans lack faith in specific public and private institutions to protect their personal information from bad actors,” the study says.

Just 12 percent of the individuals surveyed said they had a high level of confidence in the American government’s ability to protect their data and only nine percent said the same about social media companies. However, the survey also found that most Americans don’t take a proactive role in their own data security with steps such as password management and enhanced authentication.

While half of the individuals surveyed said they have used “two-factor” authentication on their online accounts – requiring a code sent to a mobile phone or separate account – many use similar passwords for multiple accounts or share their passwords with others, the research found. The vast majority of those surveyed (86 percent) said they keep track of passwords by memory, and only 12 percent used password management software which is said to be more secure.

More than one in four respondents said they did not lock their smartphone screen, and some neglect to install important updates for their phones or applications. The report is based on a survey conducted from March 30 to May 3, 2016, among 1,040 adults, with a margin of error for the full group estimated at 3.4 percentage points.

Outgoing US President Barack Obama has called for a broad review to be conducted into the Russian hacking scandal which disrupted the US presidential election campaign last month. US Democrats believe the hacking scandal significantly benefited Donald Trump’s successful bid candidacy.

White House counterterrorism and Homeland Security adviser Lisa Monaco confirmed that President Obama has ordered intelligence officials to file a report into the hacking of Democratic officials’ e-mail accounts and Russia’s involvement in it – which has also further raised concerns over ‘foreign meddling.’

President Obama has requested the report to be submitted before he leaves office next month. However, it has not been confirmed whether or not the findings of the report will be made public. During a hostile campaign between Hilary Clinton and Donald Trump – Trump regularly referenced the e-mail hacking scandal involving Clinton, labelling her ‘crooked Hilary’ and said he believed she should be in jail.

US intelligence officials accused the Russian government of ordering the breaches as part of an effort to interfere with the presidential campaign.

In the months leading up to the election, Hillary Clinton faced intense scrutiny after it emerged she used a private server when she was Secretary of State, rather than official State Department email accounts maintained on federal servers. Those official communications included thousands of emails that would retroactively be marked classified by the state department.

The FBI initiated an investigation but recommended that no charges be filed against her. Many political analysts believe it strengthened the campaign of President elect Donald Trump. However, Trump has downplayed the possibility that Russia was involved in the hacking scandal.

Since Trump's victory, Democratic senators on the intelligence committee have been pushing Obama to declassify more information about Russia's role. Congressman Adam Schiff, the senior Democrat on the House intelligence committee, said he welcomed Obama's call for a review.

"Given President-elect Trump's disturbing refusal to listen to our intelligence community and accept that the hacking was orchestrated by the Kremlin, there is an added urgency to the need for a thorough review before President Obama leaves office next month. If the administration doesn't respond "forcefully" to such actions, "we can expect to see a lot more of this in the near future.”

The news of this investigation come hot on the heels of an announcement made by Kremlin officials last week, in which they disclosed information that Russian leader Vladimir Putin had signed a new cybersecurity doctrine in an effort to bolster Russia against cyberattacks from abroad.

Published in Government

Russian President signs off on new cybersecurity doctrine

Written on Wednesday, 07 December 2016 10:45

Russian leader Vladimir Putin has approved a broad-ranging cybersecurity plan which is specifically aimed at bolstering the county’s defences against cyberattacks from abroad, while it will also be utilized for cracking down on perceived foreign influence. The new doctrine comes in light of the media furore over allegations from the United States that Moscow was behind a series of cyberattacks which were aimed at influencing the outcome of last month’s US Presidential election.

The Kremlin have described it as a new ‘information security doctrine’ and is an update from Russia’s last policy in 2000. The new document outlines a number of fears that range from concern over foreign hacking and negative media coverage abroad. The document also discloses The Kremlin’s fears about the ‘erosion of traditional Russian spiritual and moral values.’

The plan has been described as quite vague and offers few concrete steps but it does set out the general aims of the new policy – which include bolstering the military's propaganda output and ratcheting up controls over the internet in Russia.   

Over the past few years the Kremlin has increasingly pulled up the drawbridge as ties with the West have plunged to their lowest point since the end of the Cold War over the Ukraine crisis. Russia has splashed vast sums on state-funded channels and outlets broadcasting Kremlin propaganda across the globe.

In light of Putin’s approval of this cybersecurity document it seems it will do little to approve relations between Russia and the West, with The Kremlin expressing its fears over foreign influence and outside hacking which seems to be taking aim at the US in response to their allegations last month.

Published in Government

A panel of experts assembled by the George Washington University Center for Cyber and Homeland Security said on October 31 that the U.S. government and private sector should have stronger measures in place to strike back against hackers and to counter cyber-attacks, aimed at stealing sensitive information and disrupting computer networks.

The experts said policies should be put in place that allow “active defense” measures that deter hackers, rather than “hacking back” to disable systems used by hackers and more-or-less stooping to their level. Some of the solutions raised by the experts included measures including taking down “botnets” that disrupt cyberspace, freeing data from “ransomware” hackers and “rescue missions” to recover stolen data, AFP reported.

The report reads, "The time for action on the issue of active defense is long overdue, and the private sector will continue to be exposed to theft, exfiltration of data, and other attacks in the absence of a robust deterrent. When private sector companies have a capability to engage in active defense measures, they are building such a deterrent, which will reduce risks to these companies, protect the privacy and integrity of their data, and decrease the risks of economic and societal harm from large-scale cyber-attacks."

On October 7, the U.S. government formally accused Russia of trying to “interfere” with the American presidential election, and promised to respond at an undisclosed time and place. Adding to the already tense relations between the two nations, a joint statement from the Department of Homeland Security and Office of the Director of National Intelligence was the first formal statement made by Washington, accusing Moscow of cyber attacks to gain political advantage. It represents a tense time for the U.S. and its battle against cybercrime.

Many believe that U.S. policymakers are moving too slowly with a “dynamic” threat from cyberspace, according to former national intelligence director and task force co-chair, Dennis Blair. "We are shooting so far behind the rabbit that we will only hit it if the rabbit makes another lap and comes back to where it was," he told a conference presenting the report.

However, the panel did not recommend hacking back "because we don't want the cure to be worse than the disease," project co-director, Frank Cilluffo said. But "there are certain steps companies can take" to repel and deter cyber-attacks, he added, advocating the establishment of a legal framework for them.

The threat facing the U.S. regarding cybercrime is well-understood, but some of the solutions to counter it have been controversial. Task force co-chair, Nuala O’Connor, president of the Center for Democracy & Technology, said many of the recommendations go too far such as inviting companies to gain unauthorized access to outside computer networks.

"I believe these types of measures should remain unlawful," she wrote, adding that it remains difficult to be sure of cyberattacks' sources. "The risks of collateral damage to innocent internet users, to data security, and to national security that can result from overly aggressive defensive efforts needs to be better accounted for."

Published in Government

Controversy surrounds MTS, Russia’s largest telecom operator, after accusations that the company assisted with hacking into Russian activists’ accounts on messaging app Telegram. According to a recent report by the Financial Times, the activists plan to sue MTS over the allegations.

The controversy began when Oleg Kozlovsky, director of the Vision of Tomorrow Center in Moscow, and Georgy Alburov, a leading member of the Anti-Corruption Foundation, both received warnings that their Telegram app accounts had been accessed from other devices. This led to Alexi Navalny’s Anti-Corruption Foundation to explore a U.S. class-action lawsuit against the Russian telecom operator, to answer for the accusations.

Once again, an encrypted messaging app is in the limelight, mounting growing concerns about privacy vulnerability. Telegram is known to be popular amongst the millennial generation, political activists and even terrorists groups who use the app because of its (mostly) reliable encrypted privacy. However, apps like Telegram have caused governments all over the world to seek ways to breach encrypted messages to access criminal activity. Who could forget the 2015 Apple vs. FBI case?

According to the Financial Times report, the hacked Russian activists published documents which they claim prove that MTS “colluded with the unknown intruders” without following the correct procedures required for the FSB to gain access (FSB is the successor agency to the KGB). Both of the activists’ accounts were compromised on April 29th from the same IP which offers evidence that at least one part was targeting Russian opposition activists in particular.

The activists have both claimed that the Russian government hacked into their Telegram accounts with the help of MTS. Kolovsky shared a Facebook post outlining the specific events which led him to believe that MTS was involved:

  • 2:25am: The technical security department of MTS disables the text message delivery service for my number. 
  • 2:40am: Someone uses a Unix console via the IP-address 162.247.72.27 (this is a Tor anonymizer exit node) to send Telegram a request to authorize a new device to work with my phone number. I was then sent a text message with the code, which was not delivered (since the service was disabled for me). 
  • 3:08am: The hacker enters the new authorization code and gains access to my account. Telegram sends me an automatic notification of this (which I will only see in the morning). 
  • 3:12am: Zhora Alburov's account is hacked in a similar fashion from the same IP-address (and through the same Tor session). 
  • 4:55am: The MTS technical security department reactivates the text-message delivery service for my number. MTS refused to name the cause of disabling and reactivating the service to me, and suggested I send a written request for information. 

How was the SMS message with authorization code intercepted? Zdolnikov Vladislav, a technology expert with the Anti-Corruption Foundation, believes that the message could have been intercepted using a clone of the SIM card, or directly at the MTS SMS gateway which the authorities reportedly have access to using a technical surveillance initiative called SORM (System of Operative-Investigative Measures).

The SORM surveillance initiative was introduced in 1996 originally designed to enable wiretaps of telephone communications. Since then, the system has been developed to access a much wider range of electronic communications, such as direct access to Russian ISPs through installation of black boxes in their networks.

Pavel Durov, the founder of Telegram, has called on all users of the messaging app, especially in “troubled countries” to enable two-step verification so that SMS alone cannot be used to access personal accounts. It is likely that surveillance agencies could have access to national telecommunications networks? After the Edward Snowden revelations about the extent of Western surveillance capabilities, it would seem so.

Published in Telecom Operators