Tag Archive for: giving

Ex-CIA computer engineer gets 40 years in prison for giving spy agency hacking secrets to WikiLeaks

/in


NEW YORK — A former CIA software engineer was sentenced to 40 years in prison on Thursday after his convictions for what the government described as the biggest theft of classified information in CIA history and for possession of child sexual abuse images and videos.

The bulk of the sentence imposed on Joshua Schulte, 35, in Manhattan federal court came for an embarrassing public release of a trove of CIA secrets by WikiLeaks in 2017. He has been jailed since 2018.

“We will likely never know the full extent of the damage, but I have no doubt it was massive,” Judge Jesse M. Furman said as he announced the sentence.

The so-called Vault 7 leak revealed how the CIA hacked Apple and Android smartphones in overseas spying operations, and efforts to turn internet-connected televisions into listening devices. Prior to his arrest, Schulte had helped create the hacking tools as a coder at the agency’s headquarters in Langley, Virginia.

In requesting a life sentence, Assistant U.S. Attorney David William Denton Jr. said Schulte was responsible for “the most damaging disclosures of classified information in American history.”

Given a chance to speak, Schulte complained mostly about harsh conditions at the Metropolitan Detention Center in Brooklyn, calling his cell, “My torture cage.”

But he also claimed that prosecutors had once offered him a plea deal that would have called for a 10-year prison sentence and that it was unfair of them to now seek a life term. He said he objected to the deal because he would have been required to relinquish his right to appeal.

“This is not justice the government seeks, but vengeance,” Schulte said.

Immediately afterward, the judge criticized some of Schulte’s half-hour of remarks, saying he was “blown away” by Schulte’s “complete lack or remorse and acceptance of responsibility.”

The judge said Schulte was “not driven by any sense of altruism,” but instead was “motivated by anger, spite and perceived grievance” against others at the agency who he believed had ignored his complaints about the work environment.

Furman said Schulte continued his crimes from behind bars by trying to leak more classified materials and by creating a hidden…

Source…

New ‘Octo’ malware tricks Android users into giving up bank details

/in


Teenage Hacker Girl Attacks Corporate Servers in Dark, Typing on Red Lit Laptop Keyboard. Room is Dark

File pic
Photo: 123RF

Netsafe says it’s not aware of New Zealanders being tricked into giving up their bank details by a sophisticated new malware but it is possible they have without realising.

The ABC reported that Russian cyber criminals have targeted hundreds of bank customers across the Tasman with a malware called Octo.

The scam tricks Android phone users into sharing their banking information using fake log-in screens.

Netsafe’s chief online safety officer Sean Lyons said it was a “pretty nasty piece of malware”, as it not only attacked people’s bank accounts but shut down their phones, leaving them helpless to act.

Customers from 15 banks in Australia, including ANZ and Westpac, had fallen for the scam.

Australian consumer advocates had warned the nation was seen as a soft target.

But Lyons says that was misleading, as anyone could be a victim of cyber crime.

“The technology is ever changing, the technology is using the mechanisms that are out there, to become ever more sophisticated, to evolve, and to get past the tips and tricks that we have to stop ourselves falling for these,” he said.

“I don’t know that they’re necessarily looking for an age demographic …. really, they’re targeting people with bank accounts and that’s quite a lot of us.”

Octo targeted Android phones – brands such as Samsung, Google and HTC – and could be hidden in what look like legitimate apps on the Google Play store.

It could also be downloaded and installed independently, because of the way software on Android phones works.

Lyons said people should be careful when downloading apps and software that were depositing Octo on their phone.

“Perhaps we could be a little more careful in what it is that we download, and look a little more closely into what permissions we’re giving to the apps that we’re installing.”

Source…

Tech Giants Duped Into Giving Up Data Used to Sexually Extort Minors

/in


(Bloomberg) — Major technology companies have been duped into providing sensitive personal information about their customers in response to fraudulent legal requests, and the data has been used to harass and even sexually extort minors, according to four federal law enforcement officials and two industry investigators.

The companies that have complied with the bogus requests include Meta Platforms Inc., Apple Inc., Alphabet Inc.’s Google, Snap Inc., Twitter Inc. and Discord Inc., according to three of the people. All of the people requested anonymity to speak frankly about the devious new brand of online crime that involves underage victims.

The fraudulently obtained data has been used to target specific women and minors, and in some cases to pressure them into creating and sharing sexually explicit material and to retaliate against them if they refuse, according to the six people.

The tactic is considered by law enforcement and other investigators to be the newest criminal tool to obtain personally identifiable information that can be used not only for financial gain but to extort and harass innocent victims.

It is particularly unsettling since the attackers are successfully impersonating law enforcement officers. The tactic is impossible for victims to protect against, as the best way to avoid it would be to not have an account on the targeted service, according to the people.

It’s not clear how often the fraudulent data requests have been used to sexually extort minors. Law enforcement and the technology companies are still trying to assess the scope of the problem. Since the requests appear to come from legitimate police agencies, it’s difficult for companies to know when they have been tricked into giving out user data, the people said.

Nonetheless, the law enforcement officials and investigators said it appears the method has become more prevalent in recent months.

“I know that emergency data requests get used for in real life-threatening emergencies every day, and it is tragic that this mechanism is being abused to sexually exploit children,” said Alex Stamos, a former chief security officer at Facebook who now works as a consultant.

“Police departments are going to…

Source…

The gift that keeps on giving: 7 tips to avoid cyber security threats

/in


Did you give or receive a toy or new parental control or security app for the holidays?

While well intentioned, you may have inadvertently created a security breach for the recipient or opened your family up to unwanted surveillance.


The Internet of security breaches

The Internet of Things (IoT) is not just for your smart doorbell or connected refrigerator. Your child’s toys also connect to the Internet.

We previously wrote about the risks of connected toys. As time passes, connected toys become more popular and these threats only increase.

Poorly secured toys can open your network to target other devices on the same network. Devices such as smart TVs, smart doorbells, personal digital assistants, speakers, phones, laptops, and tablets can all be put at risk.

They can also be used to target others as part of a botnet. We frequently read about DDoS attacks, but how do they happen? Infected internet-connected devices – potentially including that new baby camera you received for Christmas or your child’s new smart doll – are used to launch the attack.

Read on for tips to stay protected.


Preventing privacy perils

It’s not only cyber security threats that you need to watch out for. It’s also privacy violations. Your personal data is big business.

Privacy issues range from targeted ads, selling personal data to data brokers, to location tracking or even the physical threat of someone stalking you with a Bluetooth tagger. According to Jen Caltrider, lead author of the Mozilla Foundation’s Privacy Not Included guide, “It’s just inevitable that data’s going to leak. … Anything that’s next to the internet is just not safe.”

Yet, it’s not just inadvertent data breaches to watch out for. The apps that you got to protect your children may also be putting your privacy at risk. According to a recent report by TheMarkup, a popular family safety app, Life360, is actually selling data on kids’ locations to data brokers. While this is disclosed in their privacy policy, many parents are not aware of it, and several…

Source…