Category Archives: News

DEA Settles Fake Facebook Profile Lawsuit Without Admitting Wrongdoing

The Justice Department is agreeing to pay $134,000 to a New York woman to resolve an incident in which the Drug Enforcement Agency created a counterfeit Facebook profile and posted risqué personal pictures the agency obtained from her mobile phone without consent, according to federal court documents [PDF] filed Tuesday.

The woman, who at the time went under the name Sondra Prince, eventually was sentenced to probation and six months of home confinement. The DEA created a phony Facebook profile in her name and maintained it for at least three months in 2010 in a bid to nab other suspects connected to an alleged drug ring. At one point in the litigation, the government said the counterfeit account was for “legitimate law enforcement purposes.”

Richard Hartunian, the US attorney for the northern district of New York, said in a statement that the settlement “demonstrates that the government is mindful of its obligation to ensure the rights of third parties are not infringed upon in the course of its efforts to bring those who commit federal crimes to justice.” He said the deal “also takes into account emerging personal privacy concerns in the age of social media, and represents a fair resolution of plaintiff’s claims.”

Read 3 remaining paragraphs | Comments

Researcher Links 20 Percent of Ulbricht’s Bitcoins to Silk Road Accounts

Ross Ulbricht was back in a Manhattan federal courtroom today facing drug trafficking and money laundering charges for allegedly running the Silk Road online drug marketplace. We’ll have a story on today’s court action posted shortly.

A few hours ago, computer security researcher Nicholas Weaver published some analysis about bitcoins he says came from Ross Ulbricht’s accounts. If the government has done a similar analysis—and there’s no reason to think they couldn’t—it will be one more obstacle for Ulbricht’s defense team.

Last week, the outlines of Ulbricht’s defense became clear. Ulbricht’s lawyer Joshua Dratel admitted that his client founded Silk Road, but said Ulbricht walked away from the site only to be “lured back.” During opening statements, the defense attorney acknowledged that Ulbricht, who had 144,000 bitcoins on his computer seized by the feds, made money from Bitcoin. Dratel said this was, at least in part, from being a successful trader in the digital crypto-currency.

Read 12 remaining paragraphs | Comments

Silk Road Judge ‘Eviscerates’ Defense’s Evidence That Mt. Gox CEO Was a Suspect

Silk Road Judge ‘Eviscerates’ Defense’s Evidence That Mt. Gox CEO Was a Suspect

Just as quickly as the Silk Road’s defense created an alternate theory that the massive drug market was run by Mt. Gox CEO Mark Karpeles, the prosecution and judge in the case have now shoved key elements of the story back into the closet.

The post Silk Road Judge ‘Eviscerates’ Defense’s Evidence That Mt. Gox CEO Was a Suspect appeared first on WIRED.



Playing NSA, Hardware Hackers Build USB Cable That Can Attack

Just over a year ago, Jacob Appelbaum and Der Spiegel revealed pages from the National Security Agency’s ANT catalog, a sort of “wish book” for spies that listed technology that could be used to exploit the computer and network hardware of targets for espionage. One of those tools was a USB cable with embedded hardware called Cottonmouth-I—a cable that can turn the computer’s USB connections into a remote wiretap or even a remote control.

Cottonmouth-I is the sort of man-in-the-middle attack that hackers dream of. Built into keyboard or accessory cables, it allows an attacker to implant and communicate with malware even on a computer that’s “airgapped”—completely off a network. And its hardware all fit neatly into a USB plug. Because of the sophistication of the hardware, the advertised price for Cottonmouth-I was over $1 million per lot of 50—meaning each single device cost $20,000.

But soon, you’ll be able to make one in your basement for less than $20 in parts, plus a little bit of solder. At Shmoocon in Washington, DC, this past weekend, Michael Ossman, a wireless security researcher and founder of Great Scott Gadgets, and a contributor to the NSA Playset–a set of projects seeking to duplicate in open source the capabilities in the NSA’s toolbox, showed off his progress on TURNIPSCHOOL, a man-in-the-middle USB cable project under development that fits a USB hub-on-a-chip and a microprocessor with a built-in radio onto a circuit board that fits into a molded USB plug.

Read 5 remaining paragraphs | Comments

Obama Talks Cybersecurity, but Federal IT System Breaches Increasing

President Barack Obama has said that his proposed cybersecurity legislation is expected to bolster the private sector’s defenses. Later tonight, he is expected to urge Congress and the American public to embrace the Cyber Intelligence Sharing and Protection Act during his State of the Union address. The measure, known as CISPA, was unveiled a week ago and is controversial because it allows companies to share cyber threat information with the Department of Homeland Security—data that might include their customers’ private information.

White House

The proposal by Obama, who once threatened to veto similar legislation, comes in the wake of the December hack of Sony Pictures Entertainment and breaches of giant retailers including Target.

But new research out Tuesday from George Mason University calls into question how effective Obama’s proposal would be. That’s because the federal government’s IT professionals as a whole have “a poor track record in maintaining good cybersecurity and information-sharing practices.” What’s more, the federal bureaucracy “systematically” fails to meet its own federal cybersecurity standards despite billions of dollars in funding.

Read 7 remaining paragraphs | Comments

Wireless Device in Two Million Cars Wide Open to Hacking

An electronic dongle used to connect to the onboard diagnostic systems of more than two million cars and trucks contains few defenses against hacking, an omission that makes them vulnerable to wireless attacks that take control of a vehicle, according to published reports.

US-based Progressive Insurance said it has used the SnapShot device in more than two million vehicles since 2008. The dongle tracks users’ driving to help determine if they qualify for lower rates. According to security researcher Corey Thuen, it performs no validation or signing of firmware updates, has no secure boot mechanism, no cellular communications authentication, and uses no secure communications protocols. SnapShot connects to the OBDII port of Thuen’s 2013 Toyota Tundra pickup truck, according to Forbes. From there, it runs on the CANbus networks that control braking, park assist and steering, and other sensitive functions.

“Anything on the bus can talk to anything [else] on the bus,” Thuen was quoted as saying in an article from Dark Reading. “You could do a cellular man-in-the-middle attack” assuming the attacker had the ability to spoof a cellular tower that transmits data to and from the device.

Read 1 remaining paragraphs | Comments

How Installing League of Legends and Path of Exile Left Some With a RAT

Official releases for the League of Legends and Path of Exile online games were found laced with a nasty trojan after attackers compromised an Internet platform provider that distributed them to users in Asia.

The compromise of consumer Internet platform Garena allowed the attackers to attach malicious software components to the official installation files for the two games, according to a blog post published Monday by antivirus provider Trend Micro. In addition to the legitimate game launcher, the compromised executable file also included a dropper that installed a remote access tool known as PlugX and a cleaner file that overwrote the infected file after it ran.

According to Trend Micro, the attackers took care to conceal their malware campaign, an effort that may have made it hard for victims to know they were infected. The cleaner file most likely was included to remove evidence that would tip users off to a compromise or the origin of the attack. The cryptographic hash that was included with the tampered game files was valid, so even people who took care to verify the authenticity of the game installer would have no reason to think it was malicious, Trend Micro researchers said. The researchers linked to this December 31 post from Garena. Translated into English, one passage stated: “computers and patch servers were infected with trojans. As a result, all the installation files distributed for the games League of Legends and Path of Exile are infected.”

Read 2 remaining paragraphs | Comments