Comey now says that the hackers in the attack failed on multiple occasions to use the proxy servers that bounce their Internet connection through an obfuscating computer somewhere else in the world, revealing IP addresses that tied them to the North Korean government.
The post FBI Director: Sony’s ‘Sloppy’ North Korean Hackers Revealed Their IP Addresses appeared first on WIRED.
Advocates say tools that cloak online identities are needed to protect activists. Prosecutors say they hinder efforts to police all kinds of crime, from child pornography to illegal gun sales.
With each passing year, data breaches get bigger and more invasive. But 2014 saw a new twist to the breach phenomenon with the Sony hack. The attackers didn’t just steal data, they scorched Sony’s digital earth as they exited its networks, wiping data from servers and leaving administrators to clean up the mess and restore systems.
The post The Year’s Worst Hacks, From Sony to Celebrity Nude Pics appeared first on WIRED.
A week into the Sony hack, however, there is a lot of rampant speculation but few solid facts. Here’s a look at what we do and don’t know about what’s turning out to be the biggest hack of the year.
The post Sony Got Hacked Hard: What We Know and Don’t Know So Far appeared first on WIRED.
A man is jailed for posting revenge porn to Facebook, making him the first person to be imprisoned under a new Californian law.
The naïveté of new Internet users, and an emphasis on bolstering the web’s growth, have left China’s more than 600 million Internet users vulnerable to cybercrime.
The breach exposed two things the movie industry loathes — the piracy of films and details about executive compensation — and sent a ripple of dread across Hollywood.
More evidence has emerged that makes the Sony Pictures hack look similar to a suspected attack on South Korean companies over a year ago. And a spokesperson for the North Korean government, rather than denying his country’s involvement, is playing coy as the damage to Sony appears to be growing daily.
When contacted by the BBC, a spokesperson for North Korea’s mission to the United Nations said, “The hostile forces are relating everything to [North Korea]. I kindly advise you to just wait and see.”
Sony Pictures’ computers were reportedly the victim of wiper malware which erased all the data on infected PCs and the servers they were connected to. As Ars reported yesterday, this is similar to the attack on two South Korean broadcasters and a bank that was launched in 2013. As security reporter Brian Krebs reports, the FBI sent out a “Flash Alert” to law enforcement warning of a cyber attacker using “wiper” malware this week—malicious software that erases the entire contents of the infected machine’s hard drives as well as the contents of the master boot record of the computer. The FBI shared a Snort intrusion detection signature for the malware file, and as Krebs noted, “the language pack referenced by the malicious files is Korean.”
Read 7 remaining paragraphs | Comments
Researchers have uncovered a group of Wall Street-savvy hackers that has penetrated the e-mail accounts of more than 100 companies, a feat that has allowed them to obtain highly valuable plans concerning corporate acquisitions and other insider information.
FIN4, as the group is known, relies on a set of extremely simple tactics that in many cases has allowed them to remain undetected since at least the middle of 2013, according to a report published Monday from security firm FireEye. Members boast a strong command of the English language and knowledge of corporate finance and Fortune 500 culture. They use that savvy to send highly targeted spearphishing e-mails that harvest login credentials for Microsoft Outlook accounts. The group then uses compromised accounts of one employee, customer, or partner to send spearphishing e-mails to other company insiders. At times, the attackers will inject a malicious message into an ongoing e-mail discussion among multiple people, furthering their chances of success.
E-mails are sent from the accounts of people the target knows, and they discuss mergers, acquisitions, or other topics already in progress. The attackers often bcc other recipients to make it more difficult to detect the malicious e-mail. The messages appear to be written by native English speakers and often contain previously exchanged Microsoft Office documents that embed hidden malicious macros. This results in fraudulent e-mails that are extremely hard to detect, even by some people who have been trained to spot such phishing campaigns. Witness the following:
Read 6 remaining paragraphs | Comments
The defense attorney for one young hacker with ties to Anonymous argues prosecutors indicted his client on 44 baseless felony charges as an intimidation and smear tactic.
The post Oops: After Threatening Hacker With 440 Years, Prosecutors Settle for a Misdemeanor appeared first on WIRED.
Target’s massive data breach, in which criminals were able to drop malware onto point-of-sale systems and compromise at least 40 million credit and debit cards, is now the subject of a federal lawsuit by banks who issued those cards. And Target is arguing in court today that those claims should be thrown out, Bloomberg reports—because the company claims it had no obligation to protect the banks from damages.
The suit has been brought by five banks—First Federal Savings, Village Bank, Umpqua Bank, Mutual Bank, and Louisiana’s CSE Federal Credit Union. As a group, the banks are claiming losses because the breach exceeded $5 million. The lawsuit is playing out as representatives from financial organizations, including the US’ two major credit union industry associations, are pressing Congress to take action to hold retailers more accountable for payment data breaches and to bring them under the same privacy standards as financial institutions with regard to financial data.
Major retailer data breaches over the past year, including the ones at Target and Home Depot, have caused banks and credit unions to have to reissue hundreds of millions of payment cards. The Home Depot breach, first reported in September, was revealed last week to have exposed 53 million customer e-mail addresses, as well as 56 million payment cards.
Read 2 remaining paragraphs | Comments
Fifteen people have been arrested, including four in the UK, in connection with the hijacking of computers.
Data privacy watchdogs are warning the public about a Russian website that provides links to breached webcams, baby monitors and CCTV feeds.
Bots number in the millions, for good reason.
The eBay-style contraband bazaar Evolution has grown more than 50 percent in drug offerings since September.
The post How the Dark Web’s New Favorite Drug Market Is Profiting From Silk Road 2’s Demise appeared first on WIRED.
Brian Krebs’ new book tells the story of how two companies groomed spammers, and then destroyed each other. In the process, Krebs got access to documents that illuminated how cybercriminals operate.
On Monday, the US Marshals Service (USMS) announced that it will auction off 50,000 bitcoins belonging to Ross William Ulbricht. Ulbricht, allegedly under the moniker Dread Pirate Roberts, is suspected of running the first Silk Road, the hidden website that was often used to traffic drugs and other illegal sales. Ulbricht had 114,000 bitcoins stored on his various computers when the devices were seized by federal authorities during an arrest in San Francisco last October.
The USMS auction will take place on December 4. Today, a bitcoin is worth about $377.60, making the assets up for auction worth around $18.88 million.
The announcement comes several months after an initial auction of bitcoins taken from the Silk Road’s servers. In June, venture capitalist Tim Draper bought almost 30,000 bitcoins for $18 million. (Five months ago, bitcoins were worth about $200 more per unit than they are today.) The auction itself went off relatively smoothly, but not until after the USMS sent an e-mail CCing, rather than BCCing, all those interested in it.
Read 2 remaining paragraphs | Comments
The attorney representing Blake Benthall, whom prosecutors claim was the head of the Silk Road 2.0 website, told Ars on Monday that his client’s Twitter account has been hacked.
“He remains in custody and thus, of course, is not tweeting,” Jean-Jacques Cabou said by e-mail. “Blake’s Twitter account was compromised by unauthorized users, who posted the tweet regarding bitcoin donations. Neither Blake nor any member of Blake’s family authorized the tweet or its request. Beginning days ago, we took proper measures to report to Twitter that the account was compromised and the tweet was unauthorized. We have no idea who holds the private key(s) associated with the bitcoin address posted in the tweet.”
Last Tuesday, Benthall’s account simply stated:
Read 3 remaining paragraphs | Comments
When a small-time Tennessee restaurateur named Khaled Abdel Fattah was running short of cash he went to an ATM. Actually, according to federal prosecutors, he went to a lot of them. Over 18 months, he visited a slew of small kiosk ATMs around Nashville and withdrew a total of more than $400,000 in 20-dollar bills. The only problem: It wasn’t his money.
The post Two Dudes Prove How Easy It Is to Hack ATMs for Free Cash appeared first on WIRED.
