About Over 50 Articles Library
Content: Services - Computer
Computer Security No 47: CIA - Wikileaks Vault7
Corporate - Private Computer Security
CIA - Wikileaks Vault7
Wikileaks has recently released its second article and batch of documents called "Dark Matter". This covers the documentation for several CIA projects:
- Software that infects the Apple Mac firmware (software that is permanently embedded in a piece of hardware and allows you to further install operating systems, etc). This gains persistence on Apple Mac devices including Macs and iPhones.
Examples: Sonic Screwdriver (executes code on Mac laptops or desktops), DarkSeaSkies (for Apple MacBook Air), Dark Mallet; NightSkies 1.2 is a "beacon/loader/implant tool" for iPhones.
- The the first version of this software for iPhones has been operational since 2007
"... it is likely that many CIA physical access attacks have infected the targeted organization's supply chain including by interdicting mail orders and other shipments (opening, infecting, and resending) leaving the United States or otherwise," says WikiLeaks.
US Senate voted to let ISPs sell web browsing data without permission
On 23 March, the US Senate voted to remove Obama-era online privacy regulations, allowing providers/ISPs such as Verizon, AT&T, Comcast, Time Warner Cable, etc to sell browsing habits and other personal information.
If the House of Representatives votes the same way, the ISPs would be able to share or sell the information from your web browsing (shopping habits, your location, the apps you use and everything you search online).
EFF (the Electronic Frontier Foundation, a not-for-profit defending privacy rights) is concerned about the rushed process to put this through the House and even more concerned about the impact on Privacy.
To read more, go to: /www.eff.org/deeplinks/2017
The great digital divide: torn between privacy and security
March 2017 - The UK government is accusing technology firms of giving terrorists "a place to hide," saying Intelligence agencies must have access to encrypted messaging applications such as WhatsApp to prevent such attacks. Khalid Masood was on WhatsApp two minutes before unleashing carnage in London.
July 2016 - the public prosecutor in the Brazil state of Amazonas said the court froze US 11.7 million of funds held in Facebook's bank account for failing to comply with an order to hand over data of WhatsApp users who are under criminal investigation. WhatsApp communications are end-to-end encrypted and the company claims it would not be able to access any message between users.
May 2016 - Brazil blocked its roughly 100 Million citizens from using WhatsApp, the popular messaging service owned by Facebook, for 72 hours (3 days). A Brazilian Judge ordered the blackout after WhatsApp failed to comply with a court order asking the company to help a branch of civil police access WhatsApp data tied to a criminal investigation.
March 2016 - Facebook's Latin America Vice President (Diego Jorge Dzodan)was arrested for the same WhatsApp, as he failed to comply with court orders to help investigators in a drug trafficking case.
February 2016 - France privacy regulator threatened to fine Apple 1 Million Euro for each iPhone it refuses to unlock.
February 2016 - Germany fined Facebook over the site's terms of service regarding the rights of the users have to give Facebook their intellectual property such as photos and videos.
February 2016 - FBI unsuccessfuly requests cooperation from Apple's CEO to unlock the work iPhone of terrorist responsible for the San Bernardino massacre in US
(image source: Thinkstock/BernardaSV)
Edward Snowden Interview with Jeremy Scahill 15/03/17
Snowden outlays his views on claims made by President Trump that the Obama government spied on him, explains which president authorised some of the first NSA and CIA programs spying on America and the World, etc.
The interview goes for 40 minutes: https://www.youtube.com/watch?v=P4KKfr0OTvs
Cyber Security & Privacy suite for Directors and Executives
On 13 Feb 2017, legislation passed through the Australian Parliament which will establish a Mandatory Data Breach Notification scheme. This gives Australian companies one year to get ready and ensure that a cyber strategy, processes and tactical plans are in place.
Recent lawsuits against directors worldwide, claiming negligence, lack of due diligence and/or duty of care (Worldwide Corporation, Target US, etc) highlight the need for directors to take immediate action.
The fact that 60% of organisations go out of business within 6 months of an attack and that the average cost for a breach is $4m illustrate the significance of this threat.
Are you prepared to discuss cyber at Board level? Are you aware of your obligations and defence as a director or officer of the company? Have you taken the necessary steps to mitigate the consequences of a cyber attack?
ABG offers the Cyber suite of course modules:
- Cyber threats and defences Module - Tactical plans
- Directors and Officers Module - Strategy
- Risk Management Workshop for Cyber
- Cyber Crisis simulation
Send your enquiries to email@example.com
Ransomware discussion (Part 1)
We will be looking at Ransomware and how to prevent or deal with it if it hapends in a series of articles. The articles will appear fortnightly in the Corporate Security Newsletters (47, 49, etc).
Ransomware attacks have grown 300% in 2016 in comparison to 2015
Yellow reprents Ransomware. FakeAV or fake antivirus (class of malware that displays false alert messages to the victim concerning threats that do not really exist, prompting users o visit websites where they must pay to have the non-existent threats removed). Cryptoransomware - see definition below.
Ransomware is malicious software that encrypts a user or company's files and forces them to pay a fee to the hacker(s) in order to gain access to the key that presumably will unlock the files.
Main types: Crypto ransomware (infiltrates the victim's device and silently identifies and encrypts valuable files; then it asks the user to pay a fee to access their files; it is impossible to decrypt the files without the key) & Locker ransomware (does not encrypt the files but instead denies the access to the device by locking the user interface and then demands the victim to pay ransom).
Vectors used to infect machines: phishing emails (social engineering techniques used to deceive users and obtain sensitive information like passwords, credit card details, etc), unpatched programs, online advertising, free software downloads, compromised websites.
Flowcharts of ransomware: can encrypt the files on a single computer; can travel across a network and encrypt any files located on mapped or unmapped network drives; can encrypt files that were backed up.
Message: when the files are encrypted, the hackers will display a screen or webpage explaining how to pay to unlock the files. Usually, ransomware has a one week deadline and if not paid, it causes the ransomware to increase.
Price: most are in the US $300- $500 and if not paid on time will increase to US $1000. Payments are done in e-currency (cryptocurrencies) like: Bitcoin (BTC),
Happy ending: hackers verify payment and provide the key for decryption or the decryptor software and the victim gets the files back.
Bad ending: hackers lost the key and the victim pays but doesn't get the files back, hackers ask for more money after the victim paid, etc
Memories of jokes
Moderated by Monica Schlesinger: www.advisoryboardsgroup.com.au
© About Over 50s 2017 website by aml websites online