Tag Archives: hacking

U.S. Commerce Department Tightens Exports of Hacking Tools

Security,

The U.S. Commerce Department’s Bureau of Industry and Security (BIS) has released an interim final rule that establishes controls on the export, reexport, or transfer (in-country) of certain items that can be used for malicious cyber activities.

Here is a key part of the press release:

The United States Government opposes the misuse of technology to abuse human rights or conduct other malicious cyber activities, and these new rules will help ensure that U.S. companies are not fueling authoritarian practices. U.S. exporters are likewise encouraged to consult the State Department’s Guidance in Implementing the “Guiding Principles” for Transactions Linked to Foreign Government End Users for Products or Services with Surveillance Capabilities to minimize the risk that their products or services are misused by governments to violate or abuse human rights.

The Washington Post eported that this was a long-awaited rule that officials hope will stem the export or resale of hacking tools to China and Russia while still enabling cybersecurity collaboration across borders.

The rule will take effect after 90 days. Here is what it covers:

  • Software such as Pegasus, a potent spyware product sold by the Israeli firm NGO Group to governments that have used it to spy on dissidents and journalists
  • Bars sales of hacking software and equipment to China and Russia, as well as to a number of other countries of concern, without a license from the department’s Bureau of Industry and Security (BIS)

According to The Washington Post, The U.S. Department of Commerce already has export controls on products containing encryption, so the new rule applies to products that do not contain encryption. The Washington Post also reported that any intrusion software, even for defensive purposes, being sold to anyone in China or Russia, whether or not they work for the government, will require a license, according to the rule.

In addition, the rule will align the United States with the 42 European and other allies that are members of the Wassennaar Arrangement. This group sets voluntary export control policies on military and dual-use technologies (products that can be used both for civilian ad military purposes).

The Washington Post says that China is not a Wassenaar member. Israel is also not a member but voluntarily adopts its controls. Russia is a Wassenaar member.

In my opinion, the rule seems like a common-sense idea. There is no good reason to sell, transfer, or export tools to other countries that might be inclined to use those tools to hurt people.

Ukraine picks up six hackers behind Clop ransomware

Hacker, Information,

It’s been a rough spell for hackers, one was just extradited from Mexico to face charges in California for a DDoS attack on the city of Santa Cruz. 

Now six members of a group responsible for the Clop ransomware were picked up in a raid in the Ukraine. It is not clear if these were all the members behind it or just one cell. The search of the home resulted in the seizure of hundreds of thousands of dollars and expensive vehicles such as an AMG 63 and a Tesla. 

A Ukrainian report states that “[in] 2021, the defendants attacked and encrypted the personal data of employees and financial reports of Stanford University Medical School, the University of Maryland and the University of California.” 

As S Korea and the US were also in on this roundup and have charges pending for hacks in both countries, it’s unclear where things go from here. 

Passwordstate was Compromised by Supply-Chain Attack

Hacker, ,

As many as 29,000 users of Passwordstate password manager downloaded a malicious update that extracted data from the app and sent it to an attacker-controlled server, Click Studios told customers. Ars Technica reported that this was a supply-chain attack.

Click Studios began developing Passwordstate in March of 2004, and released it in August that same year. According to Click Studios, Passwordstate is used by more than 29,000 customers and 370,000 security and IT professionals globally, many being from Fortune 500 listed companies. Industries using Passwordstate include defense, banking and finance, media and entertainment, space and aviation, education, utilities, retail, mining, automotive, service providers and IT security integrators.

It is easy to see why companies who were relying on Passwordstate might be upset by this supply-chain attack. TechCrunch reported that an email sent by Click Studios to customers said the company had confirmed that attackers had “compromised” the password manager’s software update feature in order to steal customers passwords.

Click Studios has created an Incident Management Advisory on its website. It is where to find regular updates detailing the best information about available at that point in time. Click Studios recommends that people periodically check it for the latest updates.

Personally, I think the safest way for individuals to protect their passwords is to write them down on paper and store that information at home. Paper is entirely immune from supply-chain attacks, and it lacks the code that nasty hackers seem to feel entitled to mess around with. This solution might be insufficient for large businesses, though. Unfortunately, that means these kinds of shenanigans will continue to happen.

Clap for Kano’s Camera Kit at CES 2018

camera, ces, Hacker, Interview, Special Media, video, , , , , ,

Kano‘s mission is to encourage people, particularly children, to see computers not as unchangeable appliances but as tools to be made, shaped, coded and shared. Their kits plug together bits, boards, buttons and cables to make individual and personalised computers. Bruno gives Todd a hand to develop a selfie camera from their new Camera Kit.

Kano’s approach is to challenge each young developer into programming simple apps that achieve technical goals. Using Kano’s development tools it’s really easy to build programs as the tools come with code building blocks for things like taking a picture or responding to noise via a microphone. Consequently, even Todd can code an app to take a picture when someone claps.

The Camera Kit’s not expected until next year but you can sign up to hear the latest news. Expect the price to be around US$99.

Todd Cochrane is the host of the twice-weekly Geek News Central Podcast at GeekNewsCentral.com.

Become a GNC Insider today!

Support my CES 2024 Sponsor:
$11.99 – For a New Domain Name cjcfs3geek
$6.99 a month Economy Hosting (Free domain, professional email, and SSL certificate for the 1st year.) Promo Code: cjcgeek1h
$12.99 a month Managed WordPress Hosting (Free domain, professional email, and SSL certificate for the 1st year.) Promo Code: cjcgeek1w
Support the show by becoming a Geek News Central Insider

Podcast (specmedia): Play in new window | Download | Embed

Subscribe: Apple Podcasts | RSS

Hijacking a Drone

Information, Security, , , ,

droneDrones are unmanned flying vehicles which are controlled by operators from thousands of miles away. They are used extensively in Afghanistan to track the Taliban’s activities. There has been increase talk among law enforcement in the United States that using drones might be useful in fighting crime. There is a Federal mandate that would permit drones to be used in US airspace. There are many questions involving the use of drones including privacy rights, lack of search warrants …. There are also technical questions. Right now the biggest problem that the DHS and the FAA are facing involving drones are jammers which don’t control the drones but simply jam the signal. This is the way the Iranians insist they were able to bring down a drone in 2011. Although that is still disputed by the US who insist it was operator error and not Iranian jamming that caused the drone to land off course.

However solving the jamming problem maybe easy compared to the problem of spoofing. Spoofing is where the drone is actually controlled by a third-party. In order for spoofing to be successful the drones GPS system must be hacked. That is what the University of Texas, Cockrell School of Engineering did under Assistant Professor Todd Humphreys when it hijacked a drone using $1,000 worth of equipment and custom software. These drones were using unencrypted software that the University of Texas team was able to hack. Their signal was more powerful than the GPS signal that the drone was receiving from the satellite that was originally controlling it. They were able to over ride that GPS signal sending the drone where they wanted to. As you can image this is a huge potential problem. Imagine what would happen if a terrorist group was able to hack a drone and send it where ever they wanted it to. They could control it from anywhere and sending it crashing into buildings with no risk to themselves.

Right now the DHS is still working on the jamming problem through the Patriot Watch and the Patriot Shield programs but the programs are underfunded and haven’t even started looking into the spoofing problem. Before we allow drones to fly above US cities we might want to find a solution to both jamming and spoofing first.

Battle For The Internet Looms

ICANN, internet, Security,
Image - BigStockPhoto.com

With the perpetually refreshed glut of information available on the Web, it’s rare to find a thoroughly researched, thoughtful and meaningful piece on – of all things – the State of The Internet. In the May issue of Vanity Fair, contributing editor Michael Joseph Gross writes a captivating article, “World War 3.0,” that is both rich with history and chilling in his description of the challenges facing a tough-to-tame digital behemoth.

In this lengthy (by Web standards, anyway) piece leading up to a December conference in Dubai where the world will meet to discuss and renegotiate a UN treaty – International Telecommunications Regulations – as it relates to the Internet, Gross pens a somber outlook on where things are headed with the Web. Crisis, Gross asserts, is in store for the Internet and its users because of four main issues:

Sovereignty – the Internet was created and has developed specifically to exist outside or above the worldly territories we’ve mapped out

Piracy and Intellectual Property – the battle between freedom of information and folks wanting to protect their work and, more importantly, get paid

Privacy – the incomprehensible mass of information on the Internet and our ability to contribute and participate with relative anonymity is great for creativity and freedom, but it’s also awesome for criminals and folks who want to use your information for nefarious purposes.

Security – Code written is code hacked. It’s all just a matter of time and effort. With so much at stake and with so much money being made from the Web, how on Earth do we protect it all?

Four main issues – each extremely difficult to solve. In most cases, it’s damn near impossible to get consensus on the terms of each of these issues. You’ll have to read the article to see how Gross places this all in a context that makes the battle over the Internet one of the most important showdowns we might ever see.

The chill-factor for me comes from the last paragraph of his article – discussing the options for achieving security in such a connected world:

Aside from wealth or arcane knowledge, the only other guarantor of security will be isolation. Some people will pioneer new ways of life that minimize their involvement online. Still others will opt out altogether—to find or create a little corner of the planet where the Internet does not reach. Depending on how things go, that little corner could become a very crowded place. And you’d be surprised at how many of the best-informed people about the Internet have already started preparing for the trip.

Image: Blue Digital Background by BigStock

GNC-2012-02-23 #744 Listen and Win!

Podcast, , , , , , , , , ,

Unexpected Trip to Washington DC next week. I get back to Hawaii on Thursday, will make a decision on Monday show in next day or so. Listen today to get your name in the hat for the show 750 giveaway.

Support my Show Sponsor: Best Godaddy Promo Codes
$11.99 – For a New Domain Name cjcfs3geek
$6.99 a month Economy Hosting (Free domain, professional email, and SSL certificate for the 1st year.) Promo Code: cjcgeek1h
$12.99 a month Managed WordPress Hosting (Free domain, professional email, and SSL certificate for the 1st year.) Promo Code: cjcgeek1w
Support the show by becoming a Geek News Central Insider

Download the Audio Show File

Links to articles talked about in this Podcast are on the Show Notes Page [Click Here]

Podcast: Play in new window | Download | Embed

Subscribe: Apple Podcasts | Blubrry | TuneIn | RSS | More

Podcast (video): Play in new window | Download | Embed

Subscribe: Apple Podcasts | RSS | More