WikiLeaks’ release of CIA’s hack secrets could have wide-ranging consequences

Share on FacebookShare on Google+Tweet about this on TwitterShare on LinkedInEmail this to someonePrint this page

WikiLeaks released thousands of documents that it said described sophisticated software tools used by the Central Intelligence Agency to break into smartphones, computers and internet-connected televisions. If the documents are authentic, the release would be a serious blow to the CIA, which maintains its own hacking capabilities to be used for espionage. The large number of hacking tools and secrets made public, potentially along with enough details to replicate them, means the danger of the feds leaving major security flaws unfixed could escalate. “If the CIA can use it, so can the Russians, or the Chinese or organized crime,” says Kevin Bankston, the director of the New America Foundation’s Open Technology Institute. The initial release, which WikiLeaks said was only the first part of the document collection, included 7,818 web pages with 943 attachments, the group said. The entire archive of material consists of several hundred million lines of computer code, it said. Among other disclosures, the WikiLeaks release said the CIA and allied intelligence services had managed to bypass encryption on phone and messaging services such as Signal, WhatsApp and Telegram. WikiLeaks said government hackers can penetrate Android phones and collect “audio and message traffic before encryption is applied.” Apple says its iPhones and iPads are safe if you’ve upgraded to the latest version of its iOS software. Samsung smart TV owners could be vulnerable to spying through a program called “Weeping Angel.” The smart TV “operates as a bug, recording conversations in the room and sending them over the internet to a covert CIA server,” according to WikiLeaks. Sources: New York Times, CNet, Wired, BuzzFeed

One human’s error has far-reaching effects for Amazon, others

The Amazon Web Services outage that battered up to 150,000 websites, including Netflix, Spotify, Pinterest and Buzzfeed, was caused by an engineer mistyping a single command. The engineer was trying to temporarily take down servers used by the S3 billing subsystem when the command line mishap caused a cascading problem that downed two critical servers. Each system required a full restart. Source: Naked Security

Child porn case might not go forward due to hack secrets

Justice Department lawyers want a federal court to drop a case against a Dark Web child porn site because it says it cannot reveal how it used a browser exploit to target thousands of unsuspecting visitors to the site. A court filing said that because the government is “unwilling to disclose” how it carried out the hacks, it has “no choice but to seek dismissal” of the case. However, the government’s attorneys are asking the case to be reopened once the exploit is no longer classified. Source: ZD Net

Paying the piper when payment terminals hit

Verifone Systems is investigating a breach of its internal networks that appears to have affected a number of companies running its point-of-sale card terminals. The company said the extent of the breach was limited to its corporate network and that its payment services network was not affected. On Jan. 23, Verifone sent an urgent email to staff and contractors, warning they had 24 hours to change all company passwords. Source: Fortune

Kids say the darndest things; does toy company hear them?

The Senate Commerce Committee’s top Democrat demanded answers from a toy manufacturer after a data breach affected nearly a million users of its high-tech brand of teddy bears. Sen. Bill Nelson, D-Fla., asked Spiral Toys to provide specific details about the company’s security practices after hackers gained access to databases containing sensitive customer information, including millions of personalized audio recordings meant for children. Source: Washington Times

EU group accuses Trump campaign firm of data violations

The data analytics firm employed by President Trump’s campaign team hit back at allegations that it may have breached data protection rights during the U.K.’s EU referendum. Cambridge Analytica came under fire after it was cited at the center of a probe by the U.K.’s data privacy watchdog, which seeks to examine the use of voters’ personal information by data companies during political campaigns. Under EU data protection law, it is illegal for companies to trade third-party data without consent. Source: CNBC

Good tires? Check. Reliable? Check? Cyber safe? Consumer Reports will check

Consumer Reports, which conducts extensive reviews of cars, kitchen appliances and other goods, will consider cybersecurity and privacy safeguards when scoring products. The group, which issues scores that rank products it reviews, said it had collaborated with several outside organizations to develop methodologies for studying how easily a product can be hacked and how well customer data is secured. Source: Reuters

Cyber attacks from beyond our borders might be more than we can handle

A Defense Science Board study on the state of cyber defense in the United States reaches some worrying conclusions, both for civil infrastructure and for military capability. The panel assesses that even after foreign intrusions into election systems, financial institutions and defense contractors, the U.S. has only seen the “virtual tip of the cyber attack iceberg.” On the civilian side, the new report warns that for at least the next five to 10 years, other nations will have offensive cyber capabilities that “far exceed the United States’ ability to defend and adequately strengthen the resilience of its critical infrastructures.” Source: Federal News Radio

There will definitely be some teachers’ dirty looks

Students have been identified as the source of a teacher data breach in Essex County Ontario, Canada. Teachers were warned to call their bank after a data breach in which personal information of staff was accessed and potentially viewed through a system software vulnerability. The potential breach of employee files was identified to be students using a school computer. The software issue has been rectified and access is no longer available. Source: CBC

Younger and not wiser when it comes to spotting scams

A report from the Better Business Bureau found that those under the age of 35 are more susceptible to falling victim to a scam than any other age group. “The people who are most prone to falling for scams are young and middle-age adults and, specifically, those who are educated with a college degree,” said BBB Regional Director Miguel Segura. “Millennials tend to fall for scams targeted for their demographic like fake check or employment scams, whereas a baby boomer may fall for a home improvement or vacation scam,” Segura said. Source: Fox, San Antonio