With paper and phones, Atlanta struggles to recover from cyber attack.

By: Laila Kearney

(Reuters) – Atlanta’s top officials holed up in their offices on Saturday as they worked to restore critical systems knocked out by a nine-day-old cyber attack that plunged the Southeastern U.S. metropolis into technological chaos and forced some city workers to revert to paper.

On an Easter and Passover holiday weekend, city officials labored in preparation for the workweek to come.

Police and other public servants have spent the past week trying to piece together their digital work lives, recreating audit spreadsheets and conducting business on mobile phones in response to one of the most devastating “ransomware” virus attacks to hit an American city.

Three city council staffers have been sharing a single clunky personal laptop brought in after cyber extortionists attacked Atlanta’s computer network with a virus that scrambled data and still prevents access to critical systems.

“It’s extraordinarily frustrating,” said Councilman Howard Shook, whose office lost 16 years of digital records.

One compromised city computer seen by Reuters showed multiple corrupted documents with “weapologize” and “imsorry” added to file names.

Ransomware attacks have surged in recent years as cyber extortionists moved from attacking individual computers to large organizations, including businesses, healthcare organizations and government agencies. Previous high-profile attacks have shut down factories, prompted hospitals to turn away patients and forced local emergency dispatch systems to move to manual operations.

Ransomware typically corrupts data and does not steal it. The city of Atlanta has said it does not believe private residents’ information is in the hands of hackers, but they do not know for sure.

City officials have declined to discuss the extent of damage beyond disclosed outages that have shut down some services at municipal offices, including courts and the water department.

More: https://mobile-reuters-com.cdn.ampproject.org/c/s/mobile.reuters.com/article/amp/idUSKBN1H70R0

Your friend, boss or partner could be spying on you right now using Whatsapp

By: Jasper Hamill

We don’t wish to alarm you, but someone could be using WhatsApp to spy on you. A new iOS app for iPhone is claiming to be able to use WhatsApp’s public online and offline status in a creepy new way.

It’s called ChatWatch and aims to help people find out ‘friends, family or employees’ activity’ – even when they have hidden the ‘last seen’ function.

All you need to do is pay it $2 per week to monitor a pair of numbers and it will tell you when they are on or offline. You can pay more to snoop on up to ten people at a time.

‘Find out when they went to bed, how long they slept, even compare chat patterns between people you know, and we will tell you the probability of them talking to each other during the day, using artificial intelligence,’ the app wrote.

The app claims to let you view someone’s online history by ‘scrolling through their activity timeline to see exactly when they were on their phone chatting on Whatsapp’.

More:http://metro.co.uk/2018/03/29/friend-boss-partner-spying-right-now-using-whatsapp-7425886/

Serie A giants Lazio ‘fall for email scam’ and pay hackers the €2m they owed Feyenoord for Stefan de Vrij

By: Mark Jones

The Rome-based club reportedly replied to a fake email, thinking it was from the Eredivisie side

Lazio have reportedly fallen for a email scam that has cost them €2m.

Italian newspaper Il Tempo report that the Serie A giants were tricked into paying the final instalment of the deal they struck for Dutch defender Stefan de Vrij from Feyenoord to the wrong bank account.

De Vrij, 26, signed for Lazio from Feyenoord in 2014 having impressed at that summer’s World Cup, penning a four-year contract.

The report claims that hackers with knowledge of the deal sent Lazio an email that appeared to be from Feyenoord asking for the €2m payment to the bank account details supplied.

Lazio then paid that money to the account, but the Eredivisie champions never received the cash and claim that they have no knowledge of the email.

More: https://www.mirror.co.uk/sport/football/news/serie-giants-lazio-fall-email-12265621

UK Police Secretly Hoover Up Users’ Smartphone Data

By: Phil Muncaster

There have been calls for an immediate independent review after a new Privacy International investigation revealed that police are secretly extracting large volumes of highly sensitive data from UK users’ phones – even those not suspected of any crime.

The Digital Stop and Search report builds on previous research from the Bristol Cable in January last year detailing how law enforcers were investing hundreds of thousands intrusive UFEDs (Universal Forensic Extraction Devices) from the likes of notorious Israeli vendor Cellebrite.

Privacy International received FOI responses from 47 police forces and 26 of them (55%) admitted using the technology, with a further 17% trialing or planning to trial it. The data extraction has been going on in some form for over six years.

Such tools can find data even the user may not know they have on their device, including: emails, messages, GPS locations, call data, photos, contacts, calendar info, web browsing, social media accounts, online banking, health and fitness data, cloud storage and much more.

It is extracted from self-service kiosks at the police station, from frontline support service ‘hubs’ serving several forces, or via portable mobile phone extraction kits when out and about, the report revealed.

Privacy International’s concern is that data is often extracted without the user’s knowledge, stored insecurely and for an indefinite time, and taken not just from suspects but also victims and witnesses – even for investigations of low-level crimes.

There’s confusion among the police over the legal basis for this activity, stemming from a lack of national and local guidance, PI claimed.

More: https://www.infosecurity-magazine.com/news/uk-police-secretly-hoover-up/

Iran angered by US imposition of cyber sanctions

By: BBC

Iran has railed against US sanctions imposed on 10 citizens and a tech firm accused of cyber attacks on at least 320 universities worldwide, along with US firms and government agencies.

Tehran called the sanctions a gimmick that was provocative, illegal and unjustified.

The Mabna Institute is accused of stealing 31 terabytes of “valuable intellectual property and data”.

Iranian foreign ministry spokesperson Bahram Qassemi said the new US sanctions were an act of provocation, and that the move would not prevent Iran’s technological progress.

“The US will definitely not benefit from the sanctions gimmick, aimed at stopping or preventing the scientific growth of the Iranian people,” Mr Qassemi said in a statement.

The indicted individuals are still in Iran. They were called “fugitives of justice” by US Deputy Attorney General Rod Rosenstein, and could face extradition in more than 100 countries if they travelled outside Iran.

Many of the “intrusions”, Mr Rosenstein said, were done “at the behest of the Iranian government and, specifically, the Iranian Revolutionary Guard Corps”.

More: http://www.bbc.com/news/world-middle-east-43527152?lipi=urn%3Ali%3Apage%3Ad_flagship3_feed%3BW3%2BPYrkkRCqlNdstUs%2FBkg%3D%3D

Facebook Collected Your Android Call History and SMS Data For Years

By: Swati Khandelwal

Facebook knows a lot about you, your likes and dislikes—it’s no surprise.

But do you know, if you have installed Facebook Messenger app on your Android device, there are chances that the company had been collecting your contacts, SMS, and call history data at least until late last year.

tweet from Dylan McKay, a New Zealand-based programmer, which received more than 38,000 retweets (at the time of writing), showed how he found his year-old data—including complete logs of incoming and outgoing calls and SMS messages—in an archive he downloaded (as a ZIP file) from Facebook.

Facebook was collecting this data on its users from last few years, which was even reported earlier in media, but the story did not get much attention at that time.

Since Facebook had been embroiled into controversies over its data sharing practices after the Cambridge Analytica scandal last week, tweets from McKay went viral and has now fueled the never-ending privacy debate.

A Facebook spokesperson explained, since almost all social networking sites have been designed to make it easier for users to connect with their friends and family members, Facebook also uploads its users’ contacts to offer same.

As Ars reported, in older versions of Android when permissions were a lot less strict, the Facebook app took away contact permission at the time of installation that allowed the company access to call and message data automatically.

Eventually, Google changed the way Android permissions worked in version 16 of its API, making them more clear and granular by informing users whenever any app tries to execute permissions.

More: https://thehackernews.com/2018/03/facebook-android-data.html

Für Krypto-Anleger: Dieses Smartphone kann angeblich nicht gehackt werden.

By: msn finanzen

Wie das Portal “CNET” berichtet, soll im August ein Smartphone speziell für Krypto-Anleger auf den Markt kommen. Besonders macht es nicht nur das vorinstallierte Wallet für Bitcoin, Ethereum und Co., sondern allem voran die Tatsache, dass das Smartphone laut Hersteller nicht “hackbar” sein soll.Sie möchten in Kryptowährungen investieren? Unsere Ratgeber erklären, wie es innerhalb von 15 Minuten geht:

Auf die Sicherheit bedacht

Der brasilianische Konzern Sikur setzt mit seinen Smartphones insbesondere auf das Thema Sicherheit. Der neueste Spross aus Sikurs Reihen, das “SikurPhone”, ist mit seiner Hardware-Ausstattung nichts besonderes: Ein 5,5 Zoll-Display ist inzwischen Standard. Die 13 Megapixel-Kamera ist ebenso bei Nokia und auch bei Xiaomi zu finden. Hinzu kommen 4 GB Arbeitsspeicher und 64 GB interner Datenspeicher. Ausschlaggebend soll jedoch die Sicherheit des Android-Smartphones sein. Das Unternehmen versichert, dass das Gerät vollständig verschlüsselt sei und damit “unhackbar”.

In einem Statement ließ Sikur-CEO Cristiano Iop verlauten: “Informationen sicher auf unseren Geräten zu speichern ist eine unserer Stärken. Wir waren bei Browser- und Messaging-Sicherheit erfolgreich. Also fragten wir uns, wieso nicht auch bei Kryptowährungen?”.

More: https://www.msn.com/de-ch/finanzen/top-stories/f%C3%BCr-krypto-anleger-dieses-smartphone-kann-angeblich-nicht-gehackt-werden/ar-BBKbGKE

Snowden Releases NSA Documents Showing Bitcoin Was “#1 Priority”

By: C Edward Kelso

Xkeyscore. MAC addresses. OAKSTAR. MONKEYROCKET. Edward Snowden is at it again. This time the world’s most notorious whistleblower has handed over National Security Agency (NSA) documentation to online investigative news outlet The Intercept revealing an invasive covert program to track bitcoin users using spy tools he uncovered during his infamous first go-round. The implications include the future of privacy along with warrantless data collection being used to prosecute bitcoiners such as Ross Ulbricht of Silk Road.

Snowden Reveals How NSA Tracked Bitcoin Users

Ever get the feeling you’re being watched? Department of Homeland Security (DHS) Acting Assistant Secretary for Legislative Affairs Brian de Vallance, in a November 2013 letter to Congress, worried that “with the advent of virtual currencies and the ease with which financial transactions can be exploited by criminal organizations, DHS has recognized the need for an aggressive posture toward this evolving trend.” Infamous whistleblower Edward Snowden seems to have found a trove of heavily redacted, classified NSA documents attesting to that “aggressive posture.”

It’s fitting Mr. Snowden should share them with The Intercept, an online investigative news organization founded by his benefactor, attorney turned journalist Glenn Greenwald. Mr. Greenwald was then writing for The Guardian, and the two unleashed the largest batch of government security documents ever revealed about US and UK global surveillance.

.

Snowden Releases NSA Documents Showing Bitcoin Was "#1 Priority"

Interestingly, the documents tracking bitcoin users stem from roughly the same period, 2013. They detail bitcoiners all over the world were targeted as powers granted the NSA under the rubric of fighting terrorism expanded, and might have even begun to play a role in early crypto prosecutions such as Ross Ulbricht and Silk Road.

American Civil Liberties Union’s Patrick Toomey, of its National Security Project, explained, “If the government’s criminal investigations secretly relied on NSA spying, that would be a serious concern. Individuals facing criminal prosecution have a right to know how the government came by its evidence, so that they can challenge whether the government’s methods were lawful. That is a basic principle of due process. The government should not be hiding the true sources for its evidence in court by inventing a different trail.”

MORE: https://news.bitcoin.com/snowden-releases-nsa-documents-showing-bitcoin-1-priority/

 

Email Fraud is a Top Business Risk for 2018

By: Phee Waterfield

Email fraud is a top risk for 2018, resulting in employee termination.

Reports from Proofpoint and Clearswift show that businesses across the globe are concerned about email phishing campaigns.

Today, two reports highlight that email phishing is a top concern for global businesses. However, a third of employees believe it is lack of support from execs that is the biggest challenge to protection – demonstrating a disconnect between the board and IT.

Proofpoint’s 2018 Understanding Email Fraud Survey asked 2250 senior IT decision makers across the US, UK, France, Germany and Australia for their email fraud experiences from the last two years. The results found 75% of organizations had experienced at least one targeted email fraud attack, with 41% suffering multiple attempts in the last two years.

Concerningly, more than 77% of businesses expect they will fall victim to email fraud in the next 12 months, and only 40% have full visability into email threats.

“Email fraud is highly pervasive and deceptively simple; hackers don’t need to include attachments or URLs, emails are distributed in fewer volumes, and typically impersonate people in authority for maximum impact,” said Robert Holmes, vice-president of email security products for Proofpoint. “These and other factors make email fraud, also known as business email compromise (BEC), extremely difficult to detect and stop with traditional security tools. Our research underscores that organizations and boardrooms have a duty to equip the entire workforce with the necessary solutions and training to protect everyone against this growing threat.”

Clearswift also identified that UK organizations were concerned about ex-employees retaining access to business networks and human error.

More: https://www.infosecurity-magazine.com/news/email-fraud-is-a-top-business-risk/

Infographic: How to safely buy and sell cryptocurrency

By: Brandon Vigliarolo

Cryptocurrency exchanges and theft have been regular news since Bitcoin went big, but that hasn’t deterred investors: The number of digital cryptocurrency wallets in existence by the end of 2017 was 21.5 million. That’s a huge increase from 2015, when only 5.4 million wallets were around.

Along with the new popularity of cryptocurrency has come a new breed of cryptocurrency criminals. In 2016 $95 million worth of Bitcoin was stolen, and in 2017 the amount stolen exploded: $115 million was lost to phishing, $103 million to exploitation of software and storage, $7.4 million to hacks, and $4,000 to Ponzi schemes.

That’s a lot of lost cryptocurrency—so how are criminals doing it?

Five ways cryptocurrency gets stolen

There are five popular ways that cryptocurrency criminals get their hands on your virtual coins:

  • Brute forcing, in which an attacker simply tries again and again to guess a password until they finally get in.
  • Phone porting, in which criminals call cellular customer service, have a number transferred to their phone, and use the number to reset a crypto account password.
  • Phishing, which installs malware that looks for, and steals, digital wallet addresses.
  • Ponzi schemes, in which investors are paid returns that are actually just the money new investors put in (see BitConnect).
  • Mining malware, which uses a victim’s computer to do the mining for the hacker.

So, risks come from all angles: anonymous hackers on the internet, fake exchanges that run away with your money, or even malware that makes you do the work for someone else’s gain.

That doesn’t mean safe investment isn’t possible.

How to safely invest in cryptocurrency

Cryptocurrency brokerage CryptoGo has some tips for investing in cryptocurrency without placing yourself in harm’s way.

  • Encrypt and back up safely so that you always have a record of your wallet. Use a mnemonic phrase to ensure you can recover a lost wallet.
  • Use an antivirus product that was built with cryptocurrency in mind, such as Spybot Anti-Beacon or Comodo.
  • Only use “hot wallets,” those that are connected to the internet, for small transactions. If you’re going to store large amounts of cryptocurrency for long-term investment keep them in a secure, offline wallet.
  • Use multifactor authentication, either through a hardware token or an app, to secure cryptocurrency-related accounts.
  • Don’t use SMS authentication—phone numbers can be stolen via phone porting.
  • Diversify your holding through different exchanges and use different passwords and recovery methods for each one.

More: https://www.techrepublic.com/article/infographic-how-to-safely-buy-and-sell-cryptocurrency/