Tag Archives: Hacking

FBI warns automakers, owners about vehicle hacking risks

WASHINGTON (Reuters) – The FBI and U.S. National Highway Traffic Safety Administration (NHTSA) issued a bulletin Thursday warning that motor vehicles are “increasingly vulnerable” to hacking.

“The FBI and NHTSA are warning the general public and manufacturers – of vehicles, vehicle components, and aftermarket devices – to maintain awareness of potential issues and cybersecurity threats related to connected vehicle technologies in modern vehicles,” the agencies said in the bulletin.

In July 2015, Fiat Chrysler Automobiles NV recalled 1.4 million U.S. vehicles to install software after a magazine report raised concerns about hacking, the first action of its kind for the auto industry.

Also last year, General Motors Co issued a security update for a smartphone app that could have allowed a hacker to take control of some functions of a plug-in hybrid electric Chevrolet Volt, like starting the engine and unlocking the doors.

In January 2015, BMW AG said it had fixed a security flaw that could have allowed up to 2.2 million vehicles to have doors remotely opened by hackers.

“While not all hacking incidents may result in a risk to safety – such as an attacker taking control of a vehicle – it is important that consumers take appropriate steps to minimize risk,” the FBI bulletin said Thursday.

NHTSA Administrator Mark Rosekind told reporters in July 2015 that automakers must move fast to address hacking issues.

The Fiat Chrysler recall came after Wired magazine reported hackers could remotely take control of some functions of a 2014 Jeep Cherokee, including steering, transmission and brakes. NHTSA has said there has never been a real-world example of a hacker taking control of a vehicle.

Two major U.S. auto trade associations — the Alliance of Automobile Manufacturers and Association of Global Automakers — late last year opened an Information Sharing and Analysis Center. The groups share cyber-threat information and potential vulnerabilities in vehicles.

The FBI bulletin Thursday warned that criminals could exploit online vehicle software updates by sending fake “e-mail messages to vehicle owners who are looking to obtain legitimate software updates. Instead, the recipients could be tricked into clicking links to malicious Web sites or opening attachments containing malicious software.”

(Reporting by David Shepardson; Editing by Kenneth Maxwell)

Apple opposes order to help unlock California shooter’s phone

WASHINGTON (Reuters) – Apple Inc opposed a court ruling on Tuesday that ordered it to help the FBI break into an iPhone recovered from a San Bernardino shooter, heightening a dispute between tech companies and law enforcement over the limits of encryption.

Chief Executive Tim Cook said the court’s demand threatened the security of Apple’s customers and had “implications far beyond the legal case at hand.”

Earlier on Tuesday, Judge Sheri Pym of U.S. District Court in Los Angeles said that Apple must provide “reasonable technical assistance” to investigators seeking to unlock the data on an iPhone 5C that had been owned by Syed Rizwan Farook.

That assistance includes disabling the phone’s auto-erase function, which activates after 10 consecutive unsuccessful passcode attempts, and helping investigators to submit passcode guesses electronically.

Federal prosecutors requested the court order to compel Apple to assist the investigation into the Dec. 2 shooting rampage by Farook and his wife, killing 14 and injuring 22 others. The two were killed in a shootout with police.

The FBI has been investigating the couple’s potential communications with Islamic State and other militant groups.

“Apple has the exclusive technical means which would assist the government in completing its search, but has declined to provide that assistance voluntarily,” prosecutors said.

U.S. government officials have warned that the expanded use of strong encryption is hindering national security and criminal investigations.

Technology experts and privacy advocates counter that forcing U.S. companies to weaken their encryption would make private data vulnerable to hackers, undermine the security of the Internet and give a competitive advantage to companies in other countries.

In a letter to customers posted on Apple’s website, Cook said the FBI wanted the company “to build a backdoor to the iPhone” by making a new version of the iPhone operating system that would circumvent several security features.

“The government is asking Apple to hack our own users and undermine decades of security advancements that protect our customers – including tens of millions of American citizens – from sophisticated hackers and cybercriminals,” Cook said.

He said Apple was “challenging the FBI’s demands” and that it would be “in the best interest of everyone to step back and consider the implications.”

In a similar case last year, Apple told a federal judge in New York that it was “impossible” for the company to unlock its devices that run an operating system of iOS 8 or higher.

According to prosecutors, the phone belonging to Farook ran on iOS 9.

Prosecutors said Apple could still help investigators by disabling “non-encrypted barriers that Apple has coded into its operating system.”

Apple and Google both adopted strong default encryption in late 2014, amid growing digital privacy concerns spurred in part by the leaks from former National Security Agency contractor Edward Snowden.

Forensics expert Jonathan Zdziarski said on Tuesday that Apple might have to write custom code to comply with the order, presenting a novel question to the court about whether the government could order a private company to hack its own device.

Zdziarski said that, because the San Bernardino shooting was being investigated as a terrorism case, investigators would be able to work with the NSA and the CIA on cracking the phone.

Those U.S. intelligence agencies could likely break the iPhone’s encryption without Apple’s involvement, he said.

(Reporting by Dustin Volz; Additional reporting by Joseph Menn, Dan Levine and Shivam Srivastava; Editing by Cynthia Osterman, Lisa Shumaker and Robin Paxton)

Reports: U.S., British spies hacked Israeli air force

JERUSALEM (Reuters) – The United States and Britain have monitored secret sorties and communications by Israel’s air force in a hacking operation dating back to 1998, according to documents attributed to leaks by former U.S. spy agency contractor Edward Snowden.

Israel voiced disappointment at the disclosures, which were published on Friday in three media outlets and might further strain relations with Washington after years of feuding over strategies on Iran and the Palestinians.

Israel’s Yedioth Ahronoth daily said the U.S. National Security Agency, which specializes in electronic surveillance, and its British counterpart GCHQ spied on Israeli air force missions against the Palestinian enclave Gaza, Syria and Iran.

The spy operation, codenamed “Anarchist”, was run out of a Cyprus base and targeted other Middle East states too, it said. Its findings were mirrored by stories in Germany’s Der Spiegel news magazine and the online publication The Intercept, which lists Snowden confidant Glenn Greenwald among its associates.

“This access is indispensable for maintaining an understanding of Israeli military training and operations and thus an insight to possible future developments in the region,” The Intercept quoted a classified GCHQ report as saying in 2008.

That year, Israel went to war against Hamas guerrillas in Gaza and began issuing increasingly vocal threats to attack Iranian nuclear facilities if it deemed international diplomacy insufficient to deny its arch-foe the means of making a bomb.

Asked for comment, the United States and Britain said through spokespeople for their embassies in Israel that they do not publicly discuss intelligence matters.

NOT “DEEPEST KINGDOM OF SECRETS”

Israeli Energy Minister Yuval Steinitz, a member of Prime Minister Benjamin Netanyahu’s security cabinet, sought to play down the potential damage but said lessons would be learned.

“I do not think that this is the deepest kingdom of secrets, but it is certainly something that should not happen, which is unpleasant,” he told Israel’s Army Radio. “We will now have to look and consider changing the encryption, certainly.”

With the Netanyahu government and Obama administration at loggerheads over the U.S.-led nuclear agreement with Iran, there have been a series of high-profile media exposes in recent months alleging mutual espionage between the allies.

Israel insists that it ceased such missions since it ran U.S. Navy analyst Jonathan Pollard as an agent in the 1980s.

“We know that the Americans spy on the whole world, and also on us, also on their friends,” Steinitz said. “But still, it is disappointing, inter alia because, going back decades already, we have not spied nor collected intelligence nor hacked encryptions in the United States.”

The Intercept report included what it said were images of armed Israeli drones hacked from onboard cameras’ live feeds.

Israel neither confirms nor denies having armed drones, though one of its senior military officers was quoted as acknowledging their existence in a 2010 U.S. diplomatic cable that was previously disseminated by WikiLeaks.

Yedioth said that the hacking revelations could hurt Israeli drone sales to Germany should Berlin worry about the aircraft networks’ security. But Steinitz brushed off that possibility.

“Every country carries out its own encryption,” he said.

Germany said on January 12 it would lease Heron TP drones from state-owned Israel Aerospace Industries (IAI).

(Writing by Dan Williams; Editing by Mark Heinrich)

U.S. official sees more cyber attacks on industrial control systems

MIAMI (Reuters) – A U.S. government cyber security official warned that authorities have seen an increase in attacks that penetrate industrial control system networks over the past year, and said they are vulnerable because they are exposed to the Internet.

Industrial control systems are computers that control operations of industrial processes, from energy plants and steel mills to cookie factories and breweries.

“We see more and more that are gaining access to that control system layer,” said Marty Edwards, who runs the Department of Homeland Security’s Industrial Control Systems Cyber Emergency Response Team, or ICS-CERT.

ICS-CERT helps U.S. firms investigate suspected cyber attacks on industrial control systems as well as corporate networks.

Interest in critical infrastructure security has surged since late last month when Ukraine authorities blamed a power outage on a cyber attack from Russia, which would make it the first known power outage caused by a cyber attack.

Experts attending the S4 conference of some 300 critical infrastructure security specialists in Miami said the incident has caused U.S. firms to ask whether their systems are vulnerable to similar incidents.

Edwards said he believed the increase in attacks was mainly because more control systems are directly connected to the Internet.

“I am very dismayed at the accessibility of some of these networks… they are just hanging right off the tubes,” he said in an on-stage interview with conference organizer Dale Peterson.

Edwards did not say whether those attacks had caused any service disruptions or threatened public safety.

Sean McBride, a critical infrastructure analyst with iSight Partners who attended the talk, said the increase may reflect more publicity in recent years over risks over cyber attacks, which prompted operators to find more infections.

McBride said he could not say if the increase was troubling because he did not know the intent of the attackers.

Edwards and a DHS spokesman declined to elaborate on his comments.

ICS-CERT said in an alert this week that it had identified malware used in the attack in Ukraine as BlackEnergy 3, a variant of malware that the agency said in 2014 had infected some U.S. critical infrastructure operators.

A DHS official said on Tuesday that government investigators have not confirmed whether the BlackEnergy malware caused the Ukraine incident.

“At this time there is no definitive evidence linking the power outage in Ukraine with the presence of the malware,” said the official, who was not authorized to discuss the matter publicly.

Edwards did not discuss the Ukraine attack during his talk.

(Reporting by Jim Finkle in Miami; Editing by Leslie Adler)

Ukraine Power Outage Appears to be Work of Hackers

Some Ukrainians were without power for hours last month after hackers infiltrated the power grid and were able to turn off the lights, according to a report in The Washington Post.

An official with the cybersecurity company iSIGHT Partners told the newspaper that the Dec. 23 cyber attack appeared to be the first documented time that hackers successfully shut off power.

The official told The Washington Post that the group believed to be responsible for turning off the lights was Russian, and had at one point tried to attack targets in the United States and Europe. But another cyber security expert told the paper it could be difficult to determine the exact circumstances about the breach, including if the alleged hackers were even responsible.

Hackers Access Data of 650K British Pub Chain Customers

Hackers gained access to a database that contained private information about more than 650,000 customers of a chain of British pubs, according to a posting on its website.

JD Wetherspoon reported that about 100 of its customers had the last four digits of their credit and debit card numbers stolen through a breach of the company’s former website. Because the complete numbers hadn’t been stored, the company said no stolen data could be used for fraud.

The website posting indicated the database contained information like email addresses, names, birthdays and phone numbers of 656,723 people. The pub chain’s CEO, John Hutson, said in the posting that neither its customers nor its cyber security specialists gave any indication that anyone had used that stolen customer information for fraud, “although we cannot be certain.”

Hutson said in the posting there were no passwords stored in the database. He asked customers to watch out for suspicious emails, such as ones that ask recipients to respond with personal or financial information or to click on links. Such emails are commonly seen in phishing schemes.

The breach took place in June, the company said in the website posting. The pub chain only learned of the breach last week, and subsequently began investigating and notifying customers.

Huston said in the website posting that JD Wetherspoon has “taken all necessary measures to secure” its website following the breach (the pub chain has since switched to a new website manager that it says has no ties to the hack) and that a forensic investigation is ongoing. The pub chain has also notified the British authority that regulates data protection of the breach.

As of Monday morning, it’s still not known who was responsible for the hack.

The news comes just days after digital toy manufacturer VTech announced that the personal data of millions of its customers was hacked, including some photographs of children. VTech has said it’s cooperating with law enforcement officials from around the world to investigate.

Amazon forces some to change passwords after potential compromise

Some Amazon account holders were required to change their passwords this week after the online retailer found that the information could have been compromised.

Technology website ZDNet first reported the news Tuesday, noting Amazon wrote in an email addressed to affected users that there was “no reason” to believe the information had been leaked.

ZDNet reported the email said Amazon forced the password change as a purely precautionary measure after learning that the passwords might have been improperly stored or transmitted, which could have allowed a third party to access it.

It’s not clear how many people were asked to reset their passwords and Amazon corrected the issue.

The company has recently taken steps to improve cyber security.

Last week, it began allowing customers to require two-factor authentication to access their account. That requires users to not only successfully enter their password to log in to the website, but also a second group of characters that is typically sent to a user’s mobile phone.

TruNews: Charges In Massive Cyberattacks against JPMorgan Chase & Co

TRUNEWS – Prosecutors have announced criminal charges for three men accused of helping to run a series of hacking and fraud schemes, including an attack in 2014 against JPMorgan Chase & Co that generated hundreds of millions of dollars in illegal profit.

Gery Shalon, Joshua Samuel Aaron and Ziv Orenstein are named in a 23-count indictment, the three are accused of crimes involving at least nine financial services companies and media outlets, as well as online casinos, payment processing for criminals, and an illegal bitcoin exchange.

A fourth man, Anthony Murgio, is also named in the bitcoin exchange scam.

The charges are the first to be connected to the attack on JPMorgan, in which 83 million customers had their personal data accessed; prosecutors are calling it the largest theft of customer data from a US financial institution.

Other companies who were affected include E Trade  Financial, which says it’s contacted some 31,000 customers who may have been affected.

JPMorgan says it continues to work with authorities in an effort to fight further cybercrimes.

Edward Snowden Claims Smartphones can Easily be Hacked

Whistleblower Edward Snowden rocked the world when he called out the actions of the NSA, but he now has new revolutionary information: UK spy agency GCHQ has the ability to hack into smartphones with encrypted text messages, and the owner would never know.

In an interview with the BBC’s Panorama program, he stated that the GCHQ “invested heavily” into technology that allows them to hack smartphones belonging to the public. The agency could gain access to the phones to take pictures and listen in to conversations.

“They want to own your phone instead of you,” he explained.

Snowden went on to explain that the GCHQ had a collection of secret intercept capabilities called a “Smurf Suite,” named after the cartoon series. Each “Smurf” controls a different aspect of the phone.

“Dreamy Smurf is the power management tool which means turning your phone on and off with you knowing,” he said.

“Nosey Smurf is the ‘hot mic’ tool. For example if it’s in your pocket, [GCHQ] can turn the microphone on and listen to everything that’s going on around you – even if your phone is switched off because they’ve got the other tools for turning it on.

“Tracker Smurf is a geo-location tool which allows [GCHQ] to follow you with a greater precision than you would get from the typical triangulation of cellphone towers.”

In order to hack the smartphone, the GCHQ sends a simple text message that is hidden from the owner. That text contains an exploit that allows the agency to control the software of the smartphone.

“You paid for [the phone] but whoever controls the software owns the phone,” Snowden added.

15 Million T-Mobile Customers’ Data Stolen by Hackers

The credit bureau Experian experienced a data breach, revealing user data from approximately 15 million T-Mobile customers.

The data gathered by the hackers included names, addresses, birth dates, and Social Security numbers along with other forms of identification like driver’s’ license numbers. According to T-Mobile, the hackers were not able to get payment information or bank account information.

People affected by the hack may not be current T-Mobile customers. The companies announced that customers who applied for T-Mobile postpaid services or device financing between September 1, 2013 and September 16, 2015 were the ones who could be victims of the hack.

Experian stated in a press release that no evidence has been presented so far that the data has been used illegally or inappropriately. Experian is a widely used credit-information provider that has experienced several security concerns; the T-Mobile hack is just the latest incident. The last cyberattack on Experian was in 2012 when 200 million Americans had their Social Security numbers exposed.

T-Mobile CEO John Legere had strong feelings regarding the breach and said that his company would be looking for a new and more secure service provider.

“Obviously I am incredibly angry about this data breach and we will institute a thorough review of our relationship with Experian,” but the carrier’s top concern now is helping the people affected, Legere wrote in an open letter on T-Mobile’s site.

Experian North America stated in a notice that it was a business unit that had been compromised, and its consumer credit bureau wasn’t affected. Experian has notified international and U.S. law enforcement.

T-Mobile is now offering free credit monitoring identity resolution services from ProtectMyID for the next two years for their customers that think they may have been affected by the breach. ProtectMyID is a division of Experian.

The breach at Experian is the latest in a string of massive hacks that have claimed tens of millions of customer records. The U.S. Office of Personnel experienced a major hack earlier this year, JPMorgan Chase had a breach of data in 2014, and large retailer, Target, had a major cyberattack on their cash register systems in 2013.