Category

Trending

Category

A British hacker whose cyberattacks took the nation of Liberia offline has been jailed for almost three years.

Daniel Kaye launched a series of attacks on Liberian cell phone operator Lonestar in October 2015, which became so powerful they knocked out the west African country’s internet the following year.
Kaye, 30, had been hired to carry out the attacks by a senior employee at rival operator Cellcom, Britain’s National Crime Agency said in a statement, although there is no suggestion that Cellcom was aware of the activity.
He pleaded guilty to creating and using a botnet, a series of computers connected in order to attack systems, and possessing criminal property last month. Kaye was sentenced on Friday at Blackfriars Crown Court in central London to two years and eight months in prison.
While living in Cyprus, Kaye used a botnet he had created to trigger repeated distributed denial of service (DDoS) requests on Lonestar, causing the company to spend around $600,000 in remedial action.
The additional impact of customers leaving the network caused the company to lose tens of millions of dollars in lost revenue, the NCA added.
Following his arrest in February 2017, Kaye was extradited to Germany, where he also admitted to attacks on Deutsche Telekom that affected around 1 million customers in November 2016.
“Daniel Kaye was operating as a highly skilled and capable hacker-for-hire,” Mike Hulett, Head of Operations at the NCA’s National Cyber Crime Unit, said.
“His activities inflicted substantial damage on numerous businesses in countries around the world, demonstrating the borderless nature of cyber crime,” he added. “The victims in this instance suffered losses of tens of millions of dollars and had to spend a large amount on mitigating action.”
Source: CNN

Andrew Bustamante recently responded to a question on a subreddit thread on Reddit which asked what the biggest threat to the America national security in the future will be. He replied saying blockchain technology will be the biggest threat and whoever manages to figure out the technology first wins.

The subreddit thread where the question was raised is a thread dedicated to Bustamante’s ‘Everyday Espionage’, where he supposedly teaches people to benefit from international espionage techniques by implementing them in daily lives. Considering the fact that Bustamante is reportedly a former CIA intelligence officer, U.S. Air Force veteran and Fortune 10 corporate advisor, he does have the qualifications to do so.

On 22 December 2018, the question was raised in the subreddit thread, together with several possible answers such as “climate change”, “Iran”, “North Korea” or “Russia”. He responded saying blockchain technology is “super powerful stuff”, and the whoever is capable of figuring out “how to hack it, manipulate it or bring it down wins”. However, he did not elaborate further on how exactly blockchain could threaten the country’s security.

Since then, multiple Redditors have speculated possible theories regarding Bustamante’s remarks on the technology. One of them suggested that the ability to create false data within the blockchain would be disastrous when paired with the high difficulty of fixing data in a blockchain-based system. Another Redditor suggested that blockchain offers the potential of making certain transactions “untraceable” and “anonymous”, thus ending up being a possible threat to security.

Quantum computing was also mentioned in the thread. Bustamante replied to a Redditor’s question asking for clarification whether developments in blockchain or quantum computing would be a more concerning factor to the country’s security. He replied that the Redditor had a “fair point”, and this remark a lot sparked new discussions on the topic.

As quantum computing was said to hold the possibility of permanently changing the cryptographic protection that defines blockchain, it was speculated that quantum computing was what Bustamante was referring to by his “bring it down” remark.

Over the past few months, the U.S. Department of Justice (DoJ) had charged several people from Russia’s Main Intelligence Directorate (GRU) for crypto-related crimes. In July, the DoJ charged twelve individuals while another seven officers were charged in October, all from the GRU and involved in crypto-related hacking operations.

Source: Cryptoverze

On Tuesday, Apple unveiled its list of the most downloaded iPhone apps of 2018. Topping the list is YouTube, followed by Instagram, Snapchat, Messenger and Facebook, respectively.
Bitmoji — a Snapchat-owned app that lets users create an emoji that looks like them — dropped to sixth place on the list. It was the most downloaded app last year.
It’s been a challenging year for some social media companies, such as Facebook, which has faced criticism over privacy issues, data misuse, misinformation and election meddling on its platform. Nevertheless, Facebook’s flagship app and two others owned by the company (Instagram and Messenger) made the top five on the most downloaded list.
Snapchat also faced challenges this year, including navigating a controversial redesign that was widely panned by users, and heightened competition from Instagram — which has copied many of its popular features.
Once again, the most popular paid app was selfie-editing tool Facetune ($3.99). Kirakira+ ($0.99), which lets you add cool effects to videos and photos, took second place.
Apple declined to say how many times the apps have been downloaded.
In gaming, it was no surprise that the immensely popular Fortnite topped the charts. The number two spot went to Helix Jump, a game in which players navigate a falling ball through a maze. That was followed by Rise Up, a game that lets players protect a balloon from obstacles.
Source: CNN

Marriott

Last Friday, Marriott sent out millions of emails warning of a massive data breach — some 500 million guest reservations
had been stolen from its Starwood database.

One problem: the email sender’s domain didn’t look like it came from Marriott at all.

Marriott sent its notification email from “email-marriott.com,” which is registered to a third party firm, CSC, on behalf of the hotel chain giant. But there was little else to suggest the email was at all legitimate — the domain doesn’t load or have an identifying HTTPS certificate. In fact, there’s no easy way to check that the domain is real, except a buried note on Marriott’s data breach notification site that confirms the domain as legitimate.

But what makes matters worse is that the email is easily spoofable.

Often what happens after a data breach, scammers will capitalize on the news cycle by tricking users into turning over their private information with their own stream of fake messages and websites. It’s more common than you think. People who think they’re at risk after a breach are more susceptible to being duped.

Companies should host any information on their own websites and verified social media pages to stop bad actors from hijacking victims for their own gain. But once you start setting up your own dedicated, off-site page with its unique domain, you have to consider the cybersquatters — those who register similar-looking domains that look almost the same.

Take “email-marriot.com.” To the untrained eye, it looks like the legitimate domain — but many wouldn’t notice the misspelling. Actually, it belongs to Jake Williams, founder of Rendition Infosec, to warn users not to trust the domain.

“I registered the domains to make sure that scammers didn’t register the domains themselves,” Williams told TechCrunch. “After the Equifax  breach, it was obvious this would be an issue, so registering the domains was just a responsible move to keep them out of the hands of criminals.”

Equifax, the biggest breach of last year, made headlines not only for its eye-watering hack, but its shockingly bad response. It, too, set up a dedicated site for victims — “equifaxsecurity2017.com” — but even the company’s own Twitter staff were confused, and inadvertently sent concerned victims to “securityequifax2017.com” — a fake site set up by developer Nick Sweeting to expose the company’s vulnerable incident response.

With the Equifax breach not even a distant memory, Marriott has clearly learned nothing from the response.

Many others have sounded the alarm on Marriott’s lackluster data breach response. Security expert Troy Hunt,  who founded data breach notification site Have I Been Pwned, posted a long tweet thread on the hotel chain giant’s use of the problematic domain. As it happens, the domain dates back at least to the start of this year when Marriott used the domain to ask its users to update their passwords.

Williams isn’t the only one who’s resorted to defending Marriott customers from cybercriminals. Nick Carr, who works at security giant FireEye, registered the similarly named “email-mariott.com” on the day of the Marriott breach.

“Please watch where you click,” he wrote on the site. “Hopefully this is one less site used to confuse victims.” Had Marriott just sent the email from its own domain, it wouldn’t be an issue.

A spokesperson for Marriott did not respond to a request for comment.

Source: Tech Crunch

Question-and-answer website Quora has been hacked, with the names and email addresses of 100 million users compromised. The breach also included encrypted passwords, and questions people had asked.
In a statement, Quora said the situation had been “contained”.

Last week, hotel chain Marriott admitted that personal information on up to 500 million guests had been stolen.
Quora released a security update in a question-and-answer format.

“We recently became aware that some user data was compromised due to unauthorized access to our systems by a malicious third party,” it began.
“We have engaged leading digital forensic and security experts and launched an investigation, which is ongoing. We have notified law enforcement officials.”

It said it was also in the process of notifying all affected customers and reassured them that it was “highly unlikely” that the incident would lead to identity theft “as we do not collect sensitive information like credit card or social security numbers”.
Security expert Troy Hunt was one of those affected. He tweeted: “Short of not using online services at all, there’s simply nothing you can do to ‘not’ be in a breach, there’s only things you can do to minimize the impact when it inevitably happens.

Users were asked to reset their password and will be prompted to do so when they next try to log in. Those wishing to delete their account can do so in the settings section and the deactivation will happen immediately.
Some users commented on Twitter that they had forgotten they used the service.
One tweeted: “Nothing like a data breach to remind me that I have a Quora account.”

Source: BBC