WikiLeaks’ release of CIA’s hack secrets could have wide-ranging consequences

Share on FacebookShare on Google+Tweet about this on TwitterShare on LinkedInEmail this to someonePrint this page

Wik­iLeaks released thou­sands of doc­u­ments that it said described sophis­ti­cat­ed soft­ware tools used by the Cen­tral Intel­li­gence Agency to break into smart­phones, com­put­ers and inter­net-con­nect­ed tele­vi­sions. If the doc­u­ments are authen­tic, the release would be a seri­ous blow to the CIA, which main­tains its own hack­ing capa­bil­i­ties to be used for espi­onage. The large num­ber of hack­ing tools and secrets made pub­lic, poten­tial­ly along with enough details to repli­cate them, means the dan­ger of the feds leav­ing major secu­ri­ty flaws unfixed could esca­late. “If the CIA can use it, so can the Rus­sians, or the Chi­nese or orga­nized crime,” says Kevin Bankston, the direc­tor of the New Amer­i­ca Foundation’s Open Tech­nol­o­gy Insti­tute. The ini­tial release, which Wik­iLeaks said was only the first part of the doc­u­ment col­lec­tion, includ­ed 7,818 web pages with 943 attach­ments, the group said. The entire archive of mate­r­i­al con­sists of sev­er­al hun­dred mil­lion lines of com­put­er code, it said. Among oth­er dis­clo­sures, the Wik­iLeaks release said the CIA and allied intel­li­gence ser­vices had man­aged to bypass encryp­tion on phone and mes­sag­ing ser­vices such as Sig­nal, What­sApp and Telegram. Wik­iLeaks said gov­ern­ment hack­ers can pen­e­trate Android phones and col­lect “audio and mes­sage traf­fic before encryp­tion is applied.” Apple says its iPhones and iPads are safe if you’ve upgrad­ed to the lat­est ver­sion of its iOS soft­ware. Sam­sung smart TV own­ers could be vul­ner­a­ble to spy­ing through a pro­gram called “Weep­ing Angel.” The smart TV “oper­ates as a bug, record­ing con­ver­sa­tions in the room and send­ing them over the inter­net to a covert CIA serv­er,” accord­ing to Wik­iLeaks. Sources: New York Times, CNet, Wired, Buz­zFeed

One human’s error has far-reaching effects for Amazon, others

The Ama­zon Web Ser­vices out­age that bat­tered up to 150,000 web­sites, includ­ing Net­flix, Spo­ti­fy, Pin­ter­est and Buz­zfeed, was caused by an engi­neer mistyp­ing a sin­gle com­mand. The engi­neer was try­ing to tem­porar­i­ly take down servers used by the S3 billing sub­sys­tem when the com­mand line mishap caused a cas­cad­ing prob­lem that downed two crit­i­cal servers. Each sys­tem required a full restart. Source: Naked Secu­ri­ty

Child porn case might not go forward due to hack secrets

Jus­tice Depart­ment lawyers want a fed­er­al court to drop a case against a Dark Web child porn site because it says it can­not reveal how it used a brows­er exploit to tar­get thou­sands of unsus­pect­ing vis­i­tors to the site. A court fil­ing said that because the gov­ern­ment is “unwill­ing to dis­close” how it car­ried out the hacks, it has “no choice but to seek dis­missal” of the case. How­ev­er, the government’s attor­neys are ask­ing the case to be reopened once the exploit is no longer clas­si­fied. Source: ZD Net

Paying the piper when payment terminals hit

Ver­i­fone Sys­tems is inves­ti­gat­ing a breach of its inter­nal net­works that appears to have affect­ed a num­ber of com­pa­nies run­ning its point-of-sale card ter­mi­nals. The com­pa­ny said the extent of the breach was lim­it­ed to its cor­po­rate net­work and that its pay­ment ser­vices net­work was not affect­ed. On Jan. 23, Ver­i­fone sent an urgent email to staff and con­trac­tors, warn­ing they had 24 hours to change all com­pa­ny pass­words. Source: For­tune

Kids say the darndest things; does toy company hear them?

The Sen­ate Com­merce Committee’s top Demo­c­rat demand­ed answers from a toy man­u­fac­tur­er after a data breach affect­ed near­ly a mil­lion users of its high-tech brand of ted­dy bears. Sen. Bill Nel­son, D-Fla., asked Spi­ral Toys to pro­vide spe­cif­ic details about the company’s secu­ri­ty prac­tices after hack­ers gained access to data­bas­es con­tain­ing sen­si­tive cus­tomer infor­ma­tion, includ­ing mil­lions of per­son­al­ized audio record­ings meant for chil­dren. Source: Wash­ing­ton Times

EU group accuses Trump campaign firm of data violations

The data ana­lyt­ics firm employed by Pres­i­dent Trump’s cam­paign team hit back at alle­ga­tions that it may have breached data pro­tec­tion rights dur­ing the U.K.‘s EU ref­er­en­dum. Cam­bridge Ana­lyt­i­ca came under fire after it was cit­ed at the cen­ter of a probe by the U.K.‘s data pri­va­cy watch­dog, which seeks to exam­ine the use of vot­ers’ per­son­al infor­ma­tion by data com­pa­nies dur­ing polit­i­cal cam­paigns. Under EU data pro­tec­tion law, it is ille­gal for com­pa­nies to trade third-par­ty data with­out con­sent. Source: CNBC

Good tires? Check. Reliable? Check? Cyber safe? Consumer Reports will check

Con­sumer Reports, which con­ducts exten­sive reviews of cars, kitchen appli­ances and oth­er goods, will con­sid­er cyber­se­cu­ri­ty and pri­va­cy safe­guards when scor­ing prod­ucts. The group, which issues scores that rank prod­ucts it reviews, said it had col­lab­o­rat­ed with sev­er­al out­side orga­ni­za­tions to devel­op method­olo­gies for study­ing how eas­i­ly a prod­uct can be hacked and how well cus­tomer data is secured. Source: Reuters

Cyber attacks from beyond our borders might be more than we can handle

A Defense Sci­ence Board study on the state of cyber defense in the Unit­ed States reach­es some wor­ry­ing con­clu­sions, both for civ­il infra­struc­ture and for mil­i­tary capa­bil­i­ty. The pan­el assess­es that even after for­eign intru­sions into elec­tion sys­tems, finan­cial insti­tu­tions and defense con­trac­tors, the U.S. has only seen the “vir­tu­al tip of the cyber attack ice­berg.” On the civil­ian side, the new report warns that for at least the next five to 10 years, oth­er nations will have offen­sive cyber capa­bil­i­ties that “far exceed the Unit­ed States’ abil­i­ty to defend and ade­quate­ly strength­en the resilience of its crit­i­cal infra­struc­tures.” Source: Fed­er­al News Radio

There will definitely be some teachers’ dirty looks

Stu­dents have been iden­ti­fied as the source of a teacher data breach in Essex Coun­ty Ontario, Cana­da. Teach­ers were warned to call their bank after a data breach in which per­son­al infor­ma­tion of staff was accessed and poten­tial­ly viewed through a sys­tem soft­ware vul­ner­a­bil­i­ty. The poten­tial breach of employ­ee files was iden­ti­fied to be stu­dents using a school com­put­er. The soft­ware issue has been rec­ti­fied and access is no longer avail­able. Source: CBC

Younger and not wiser when it comes to spotting scams

A report from the Bet­ter Busi­ness Bureau found that those under the age of 35 are more sus­cep­ti­ble to falling vic­tim to a scam than any oth­er age group. “The peo­ple who are most prone to falling for scams are young and mid­dle-age adults and, specif­i­cal­ly, those who are edu­cat­ed with a col­lege degree,” said BBB Region­al Direc­tor Miguel Segu­ra. “Mil­len­ni­als tend to fall for scams tar­get­ed for their demo­graph­ic like fake check or employ­ment scams, where­as a baby boomer may fall for a home improve­ment or vaca­tion scam,” Segu­ra said. Source: Fox, San Antonio