Author Archives: Robert Lemos

Bitstamp Reopens Bitcoin Exchange, Adds Security Precautions

Major Bitcoin exchange Bitstamp reopened its virtual doors late Friday, four days after it suspended services because of an online theft of 19,000 bitcoins valued at more than $5 million.

Bitstamp, the second largest Bitcoin exchange for US dollars, moved its system to Amazon’s cloud services and added additional security features to make compromises more difficult, Bitstamp’s CEO Nejc Kodrič said in a statement on the company’s website.

“By redeploying our system from a secure backup onto entirely new hardware, we were able to preserve the evidence for a full forensic investigation of the crime,” he said. “While this decision means we have not been able to provide you with services for a number of days, we feel this extra measure of precaution was in the best interest of our customers.”

Read 6 remaining paragraphs | Comments

Bitcoin Exchange Bitstamp Claims Hack Siphoned Up to $5.2 million

UK-based Bitstamp, the second largest bitcoin exchange for US dollars, suspended operations on Monday, following evidence that online thieves had stolen up to 19,000 BTC—approximately $5.2 million—from its operational store of bitcoins.

The company alerted its users of the possible attack on Monday and warned against transferring any bitcoins to the service’s old bitcoin deposit addresses. Early the following morning, Bitstamp revealed that the attack affected fewer than 19,000 bitcoins. The actual attack appeared to have occurred on Sunday, January 4, when attackers compromised the company’s operational funds, also known as the “hot wallet.”

“Thank you all for your patience, we are working diligently to restore service,” Nejc Kodrič, the co-founder and CEO of Bitstamp, tweeted on Monday, adding, “To restate: the bulk of our bitcoin are in cold storage, and remain completely safe.”

Read 7 remaining paragraphs | Comments

Security Scorecard Finds Messaging Apps Need More Development

Only six out of 39 messaging applications have the features needed to guarantee the security of communications sent over the Internet, according to an analysis by the Electronic Frontier Foundation (EFF).

The results of the analysis, published as a scorecard on Tuesday, found that popular messaging apps—such as Facebook Chat, Apple’s FaceTime and iMessage, Microsoft’s Skype, and Yahoo Messenger—failed to meet all seven criteria, such as whether the application implements perfect forward secrecy and whether the source code had been audited for security. The group did the analysis as part of its campaign to promote the development of secure and usable cryptography, which is necessary in a world where government surveillance has become more common, Peter Eckersley, EFF’s technology projects director, told Ars.

The study is intended to help direct companies who are actively developing secure-communication software, he said.

Read 7 remaining paragraphs | Comments

Latest Android Encrypted by Default, Adds “Smart” Device Locking

The latest version of the Android operating system, Lollipop, adds encryption by default, along with a variety of easy-to-use ways to lock and unlock the phone and a more secure foundation to help protect devices against current threats.

In a blog post published on Tuesday, Google described the features, which will begin shipping with the Lollipop operating system in new Android devices in the coming weeks. While some of the capabilities, such as encryption, are already included in the current Android OS, the new version will turn them on by default.

Many of the security features were born of Android’s open-source foundations and the fact that other researchers and companies can create and test new security features for the operating system, Adrian Ludwig, lead security engineer for Android at Google, said during a briefing on the security features.

Read 11 remaining paragraphs | Comments

Mac OS X Yosemite Sends Location, Search Data to Apple

Two steps toward privacy, one step back.

While privacy advocates lauded Apple for the company’s decision to default to encrypting data on its latest mobile operating system, iOS 8, the technology firm faced criticism on Monday after independent researchers discovered that its latest operating system, Mac OS X Yosemite, is configured to send location and search data whenever a user queries Spotlight.

Spotlight is the company’s search feature for Mac OS X. The capability doesn’t just search a user’s computer, though; it also sends information to Apple and Microsoft to return searches from the companies’ services, according to Fix-MacOSX.com.

Read 4 remaining paragraphs | Comments

Report: Cybercrime Costs US $12.7M a Year

Cyber attacks on large US companies result in an average of $12.7 million in annual damages, an increase of 9.7 percent from the previous year, according to the fifth Cost of Cybercrime report published by the Ponemon Institute on Wednesday.

The report, sponsored this year by Hewlett Packard’s Enterprise Security division, found that business disruption and information loss account for nearly three-quarters of the cost of cybercrime incidents. The study also confirmed that companies that make security a priority have lower costs associated with security incidents during the year. In particular, companies that use technology that helps flag potential intrusions into critical systems have lower costs, by an average of $2.6 million.

“Business disruption, information loss and the time it takes to detect a breach collectively represented the highest cost to organizations experiencing a breach,” Larry Ponemon, chairman and founder of the Ponemon Institute, said in a statement.

Read 5 remaining paragraphs | Comments

FBI Director to Citizens: Let Us Spy on You

The expanding options for communicating over the Internet and the increasing adoption of encryption technologies could leave law enforcement agents “in the dark” and unable to collect evidence against criminals, the Director of the FBI said in a speech on Thursday.

In a post-Snowden plea for a policy more permissive of spying, FBI Director James B. Comey raised the specters of child predators, violent criminals, and crafty terrorists to argue that companies should build surveillance capabilities into the design of their products and allow lawful interception of communications. In his speech given at the Brookings Institute in Washington DC, Comey listed four cases where having access to a mobile phone or laptop proved crucial to an investigation and another case where such access was critical to exonerating wrongly accused teens.

All of that will go away, or at least become much harder, if the current trend continues, he argued.

Read 15 remaining paragraphs | Comments

Suspected Russian “Sandworm” Cyber Spies Targeted NATO, Ukraine

A group of cyber spies targeted the North Atlantic Treaty Organization (NATO), Ukrainian and Polish government agencies, and a variety of sensitive European industries over the last year, in some cases using a previously unknown flaw in Windows systems to infiltrate targets, according to a research report released on Tuesday.

Dubbed “Sandworm” by iSIGHT Partners, the security consultancy that discovered the zero-day attack, the campaign is suspected to be Russian in origin based on technical details, the malware tools used, and the chosen targets, which also included government agencies in Europe and academics in the United States. If confirmed, the attack is an uncommon look into Russia’s cyber-espionage capabilities.

“We can confirm that NATO was hit; we know from several sources that multiple organizations in the Ukraine were targeted,” said John Hultquist, senior manager of cyber-espionage threat intelligence for iSIGHT. “We have seen them using Ukrainian infrastructure as part of their attacks.”

Read 10 remaining paragraphs | Comments