A Botnet Took Down Nearly a Million (Yes, Million) Routers – Wired Staff 12.03.16. 7:00 am


Getty Images

Getty Images

Remember Mirai, that botnet that took down swaths of the internet for millions of users one recent Friday afternoon? We were so innocent then! A variant returned this week, taking out over 900,000 routers belonging customers of German ISP Deutsche Telekom. Get used to this.

Entire US political system ‘under attack’ by Russian hacking, experts warn – Geof Wheelwright in Seattle Friday 14 October 2016 06.00 EDT


Meanwhile, some US commentators on cybersecurity issues have suggested that these attacks are not a surprise but appear to be a new spin on an old strategy

The hacks have created a dilemma for American voters.
The hacks have created a dilemma for American voters. Photograph: Tek Image/Getty Images/Science Photo Library RF

It could have been a cold war drama. The world watched this week as accusations and counter-accusations were thrown by the American and Russian governments about documents stolen during a hack of the Democratic National Committee and the email account of Hillary Clinton’s campaign chair John Podesta.

The notion that public figures have any right to privacy appears to have been lost in the furore surrounding the story, stolen correspondence being bandied around in attempts to influence the outcome of one of the nastiest, most vitriolic US presidential campaigns in history.

Some have argued that as secretary of state, Hillary Clinton’s emails were fair game for hacking because had they not been held on a private server, they would have been subject to freedom of information requests and available to the general public.

There may be some truth to that, but it doesn’t change the fact that correspondence between public figures has allegedly been hacked by those acting under the direction of a foreign government and released for everyone to peruse, with little opportunity for the authors to offer context or even confirm that the contents of the leaks are accurate.

The hacks have created a dilemma for American voters, according to Rob Guidry, CEO of social media analytics company Sc2 and a former special adviser to US Central Command. He says voters seem to want the information that has been leaked by the hackers but don’t feel entirely comfortable with the hacks that have brought the information to light.

Article continues:

Wada confirms attack by Russian cyber espionage group – Sean Ingle T`uesday 13 September 2016 12.28 EDT


 ‘Fancy Bear’ accessed confidential medical data including TUEs
 Serena Williams, Simone Biles, Elena Delle Donne targeted by group

Venus Williams, Simon Biles and Serena Williams were among the athletes targeted by the Russian cyber espionage group.

Venus Williams, Simon Biles and Serena Williams were among the athletes targeted by the Russian cyber espionage group. Composite: Getty/AFP

The World Anti-Doping Agency on Tuesday night condemned the hacking of a confidential database by a Russian cyber-espionage group which leaked the personal files of several top American athletes, including the tennis stars Serena and Venus Williams and the gymnast Simone Biles, and promised that it would soon publish “sensational proof” of famous athletes taking doping substances.

Documents published on the Fancy Bear website appeared to show that Serena Williams had taken the restricted drugs prednisone, prednisolone, methylprednisone, hydromorphone and oxycodone between 2010 and 2015, while her sister Venus had taken prednisone, prednisolone, triamcinolone and formoterol. Biles, meanwhile, was given methylphenidate for attention-deficit disorder. In all cases, however, Wada confirmed that the athletes had committed no offence because they had been granted therapeutic use exemptions (TUEs) by the relevant international sports federations and national anti-doping organisations.

The International Olympic Committee said it “strongly condemned” the cyber attack which it said was “clearly aimed at tarnishing the reputation of clean athletes” and confirmed the athletes mentioned had not violated any anti-doping rules during the Rio Olympics.

Venus Williams said she was “disappointed” that her medical data has been “compromised by hackers and published without … permission”. She said in a statement: “I have followed the rules established under the Tennis Anti-Doping Program in applying for, and being granted, ‘therapeutic use exemptions’. The applications for TUEs under the Tennis Anti-Doping Program require a strict process of approval which I have adhered to when serious medical conditions have occurred.” The 36-year-old added she was “one of the strongest supporters of maintaining the highest level of integrity in competitive sport”.

Article continues:

Robot Hackers Could Be the Future of Cybersecurity – By Larry Greenemeier on August 4, 2016


The final round of DARPA’s Cyber Grand Challenge pits computers against one another as human programmers watch the future of cybersecurity unfold

At a live event August 4 in Las Vegas at the annual Def Con hacker conference, seven Cyber Grand Challenge finalists are preprogramming their computers to play a digital version of “capture the flag.” Credit: Courtesy of Getty Images/iStockphoto Thinkstock Images \ Memitina

At a live event August 4 in Las Vegas at the annual Def Con hacker conference, seven Cyber Grand Challenge finalists are preprogramming their computers to play a digital version of “capture the flag.” Credit: Courtesy of Getty Images/iStockphoto Thinkstock Images \ Memitina

A dozen years ago the Defense Advanced Research Projects Agency (DARPA) held its first “grand challenge”—to see if autonomous automobiles could cross a 240-kilometer stretch of the Mojave Desert on their own. Mechanical problems and mishaps ended the race before any of the competitors had gone more than 12 kilometers. DARPA, the U.S. Department of Defense’s research arm, is looking for a better outcome Thursday in its inaugural Cyber Grand Challenge, where seven autonomous computers battle one another in what the agency claims is the “world’s first all-machine hacking tournament.”

DARPA announced the competition a couple of years ago, challenging computer programmers to create machines that could find and fix flaws in their software without human intervention. At a live event Thursday evening in Las Vegas at the annual Def Con hacker conference, seven Cyber Grand Challenge finalists are preprogramming their computers to play a digital version of “capture the flag.” The key to victory and the $2 million prize is to successfully defend one’s digital “flags”—bits of data written into programs running on the computers—from other teams’ cyber attacks while at the same time attacking competitors’ computers to find their flags.

Article continues:

How the U.S. Could Respond to the DNC Breach – By Laura K. Bate JULY 26 2016 6:54 PM


Barack Obama holds a bilateral meeting with Vladimir Putin during the G8 summit at the Lough Erne resort near Enniskillen in Northern Ireland, on June 17, 2013. -- Jewel Samad/Getty Images

Barack Obama holds a bilateral meeting with Vladimir Putin during the G8 summit at the Lough Erne resort near Enniskillen in Northern Ireland, on June 17, 2013. —
Jewel Samad/Getty Images

After a possible Russian attempt to influence U.S. elections by hacking the Democratic National Committee, the FBI has announced that it will investigate the origins of the hack. International interference in the democratic process has a long and storied past, but inhibiting self-determination is generally considered unacceptable and warrants a response.

But what should that response be? Below are six different paths the United States could take to answer the data breach. The choice will depend on many factors—the evidence supporting Russian involvement, the state of U.S.–Russian relations, the challenge of avoiding the appearance of using the tools of government to assist the Democratic candidate. Whatever the United States does or does not do will set an important precedent worldwide.

1) Public denouncement

Because of the difficulty of attribution in network-based attacks, officially denouncing the perpetrator of an attack is a surprisingly rare move for a government. The Obama administration set a precedent by publicly naming North Korea after the December 2014 hack on Sony, which caused the company to pull The Interview from theaters a day before its premiere. After the FBI blamed North Korea, citing issues of sovereignty and freedom of speech, experts argued about whether the government had the capacity to unequivocally attribute the attack. But later disclosures suggest the U.S. had penetrated North Korean networks thoroughly enough to have clear proof.

The DNC case will prove different; despite mounting evidence, there is not irrefutable proof of Russian involvement in the hack, and there is not likely to be. Russia’s networks are almost certainly harder to penetrate and monitor than North Korea’s, and if NSA did have that kind of access, it would be reluctant to share evidence that would reveal active sources and methods. Nonetheless, the stakes involved may warrant denouncing the Russians on the basis of something less than absolutely definitive proof.

Snowden Designs a Device to Warn if Your iPhone’s Radios Are Snitching – ANDY GREENBERG 07.21.16. 9:01 AM


When Edward Snowden met with reporters in a Hong Kong hotel room to spill the NSA’s secrets, he famously asked them put their phones in the fridge to block any radio signals that might be used to silently activate the devices’ microphones or cameras. So it’s fitting that three years later, he’s returned to that smartphone radio surveillance problem. Now Snowden’s attempting to build a solution that’s far more compact than a hotel mini-bar.

On Thursday at the MIT Media Lab, Snowden and well-known hardware hacker Andrew “Bunnie” Huang plan to present designs for a case-like device that wires into your iPhone’s guts to monitor the electrical signals sent to its internal antennas. The aim of that add-on, Huang and Snowden say, is to offer a constant check on whether your phone’s radios are transmitting. They say it’s an infinitely more trustworthy method of knowing your phone’s radios are off than “airplane mode,” which people have shown can be hacked and spoofed. Snowden and Huang are hoping to offer strong privacy guarantees to smartphone owners who need to shield their phones from government-funded adversaries with advanced hacking and surveillance capabilities—particularly reporters trying to carry their devices into hostile foreign countries without constantly revealing their locations.

Article continues:

America’s Elite Hacking Force: CYBERWAR (Clip) – Vice News Published on Jul 14, 2016


In 2013, Edward Snowden leaked tens of thousands of classified documents, including information about a top secret NSA unit called TAO, or Tailored Access Operations. Ben Makuch speaks with a German national security reporter to learn more about this covert operation.