Articles about Hacking

With its well-known habit of uncompromising surveillance, the NSA has earned itself something of a poor reputation among internet users. But while the spying side of the agency is what it is most famous for, it is actually made up of two different divisions: offensive and defensive.

Later this week the NSA is expected to announce an internal restructuring that will see the two divisions merging. This presents the agency with an interesting predicament: does it continue to work to fight the efforts of hackers, or does it adopt hacker-like techniques to help gather data? Experts says that the merger is a mistake, largely because the aim and modus operandi of the two departments are diametrically opposed.

Continue reading →

An interesting talk happened recently during the Usenix Enigma security conference in San Francisco. It was held by Rob Joyce, basically the number one hacker of the US. He is the head of NSA's Tailored Access Operations, or TAO. That's pretty much the government's hacking team, tasked with breaking and entering into the systems of its enemies. Or allies, if need be.

This man, who assumed the position of hacker-in-chief just a few months before Edward Snowden blew the whistle on the whole ordeal, spoke about a lot of things which Wired summed up in one smart sentence -- he explained how to keep people like him out of your systems.

Continue reading →

Kaspersky Lab has released its report into DDoS attacks for the fourth quarter of 2015, and it claims that the global reach of attacks shrunk, but the sophistication of those attacks grew.

According to the report, in the fourth quarter of 2015, resources in a total of 69 countries were attacked. In the previous quarter, that number stood at 79. Similar to the previous quarter, in the last three months of 2015 the majority of attacks (94.9 percent) took place in just ten countries, with the US, China and South Korea being the most affected of the bunch.

Continue reading →

Security researchers have discovered a vulnerability in LG G3 smartphones which could be exploited to run arbitrary JavaScript to steal data. The issue has been named Snap, and was discovered by Israeli security firms BugSec and Cynet.

What is particularly concerning about Snap is that it affects the Smart Notice which is installed on all LG G3s by default. By embedding malicious script in a contact, it is possible to use WebView to run server side code via JavaScript. If exploited, the vulnerability could be used to gather information from SD cards, steal data from the likes of WhatsApp, and steal private photos.

Continue reading →

As workers eagerly awaited the arrival of their first payday of 2016, and others rushed to file their tax returns ahead of Sunday's deadline, HSBC's online banking services were knocked offline today.

The banking giant was hit by a DDoS, but it is not yet clear who is responsible. The attack meant that customers were unable to access their online accounts, and it is just the latest in a strong of high-profile security issues to affect well-known sites.

Continue reading →

There have numerous instances of credit card breaches recently, with many popular companies affected by the problems. News of one more seems to be expected these days, and now it is beginning to break that a fast food chain may be the latest in this growing line.

Before you panic, this is only being investigated at the moment, so everything may be fine. So far all that's known is that several banks reported a pattern of fraud charges and the common link was that each had been used at a Wendy's location.

Continue reading →

We're only a couple of weeks into a brand new year, and the outlook for security isn't looking particularly better. That doesn't mean you'll be hacked or malware will run wild on your computer, but it does mean you'll still need to be vigilant.

Now the popular Angler exploit kit has a brand new threat contained within it and this one could be especially scary. CryptoWall aims to lock up your files and hold them for ransom, an attack method that has been around now for sometime.

Continue reading →

There’s a good chance that the recent DDoS attack against the BBC was the biggest one, yet. That depends on whether the hackers behind the attack are exaggerating or not.

According to a CSO Online report, the hackers claimed the attack on the BBC website, which occurred on New Year’s Eve, reached 602Gbps. If that turns out to be true, that will be almost twice the size of the current biggest attack which sits at 334Gbps.

Continue reading →

My colleague Brian Fagioli has referred to the web being rather like the Wild West. I'm inclined to agree, but that's not to say that we have reached the same conclusion for the same reasons. For me, the web -- like the Wild West -- is not a world filled with danger, but one occupied by vigilantes. As a proponent of free speech, I find this concerning. One of the most highly-lauded of vigilantes is the disparate group marching under the ragged banner of Anonymous.

One of its taglines is 'We Are Anonymous', a phrase that can be uttered by anyone as there is no membership process -- if you say you are part of Anonymous, you are part of Anonymous. The group is not, for the most part, organized. Individuals and factions can fight for or against whatever cause they want, just like real-world vigilante groups. But Anonymous is not alone. There are hacking collectives and other online crusaders who see fit to take the law into their own hands. This might sound wonderful, but it's not necessarily a good thing. As New World Hackers demonstrate, attacks can target the wrong people and restrict free speech.

Continue reading →

A huge DDoS attack took the BBC's websites offline on Thursday, as well as the broadcaster's iPlayer streaming service. The disruption lasted for several hours, and now a US-based group of 'cyber hackers' that usually targets ISIS has claimed responsibility.

The New World Hacking group is a self-proclaimed hacktivist group that supports Anonymous. It says that despite effectively knocking the BBC from the face of the web, it was only meant to be a test of server power rather than a targeted attack on the corporation.

Continue reading →

Yesterday we reported that Microsoft will warn users of 'state-sponsored' attacks on their accounts. Sounds great, but does it actually mean anything? Is it a useful service by the tech giant, or just PR bluster?

Considering the covert nature of spying and digital attacks, coupled with legislation around the world, it seems likely that the announcement is little more than meaningless hot air. In the UK, for instance, the planned snooper's charter would make it illegal for companies to alert users to hacking and surveillance by British agencies.

Continue reading →

Whenever you access the internet, you are under attack. There are tons of evildoers out there just waiting to hack or scam you. Between malware and social engineering, it can feel like the wild west on the web. In other words, bad guys are everywhere -- be cautious.

While some of these hackers are merely amateurs looking to wreak havoc or profit monetarily, there is something far more devious. State-sponsored hackers and terrorists could be targeting you with more sophisticated techniques. This could be for political reasons, such as espionage, or even stealing corporate secrets. Starting today, if Microsoft suspects sate-sponsored attacks on your Microsoft Account, it will let you know. This includes both Outlook.com email and OneDrive cloud storage.

Continue reading →

When I go to a hotel, there are plenty of things I worry about. Are there bed bugs? Was the prior guest disgusting? Dear God, is there room service? For the most part, I have satisfying hotel stays, as I check online reviews beforehand. Any mention of cigarette smells, high noise levels, or yellow stains on the sheets, and I move along.

Sadly, there is yet another thing to worry about -- malware. Yes, today, Hyatt Hotels announces that its payment processing was breached by malware. Sigh. This type of news is becoming too commonplace nowadays, and quite frankly, I am getting fed up.

Continue reading →

Linux is usually touted as the operating system of choice for those concerned about privacy, but a recently discovered bug makes it unbelievably simple to bypass authentication. A vulnerability in Grub2 -- the bootloader used by many Linux distros -- means that all it takes to take control of a computer is to press the backspace key 28 times.

Two researchers from the Cybersecurity Group at Spain's Polytechnic University of Valencia published a paper that reveals just how easy it is to gain access to many Linux systems. It's not a problem that Ubuntu, Red Hat, and Debian users need to worry about too much as patches have already been issued, and users of other distros can make use of an emergency patch in the Grub2 git repository.

Continue reading →

Networking manufacturer Juniper has discovered backdoors built into its firewalls. The company says that a number of its devices running the ScreenOS operating system include serious vulnerabilities that could be used to take remote control of networked devices, or to decrypt VPN traffic.

The company says that the security issues were unearthed during an internal code review and has issued an out-of-cycle fix to address the vulnerabilities. Network admins are advised to treat the threats seriously, and to make use of the available patches immediately.

Continue reading →