When it comes to sophisticated international hacking, the US, Russia and China take the prize right? Not so fast. There’s a hacking group in the Middle East that’s causing concern everywhere.
A group called the Yemen Cyber Army hacked a Saudi Arabian news website called Al Hayet. Not only did they infiltrate, they threatened Saudi Arabia over the continued violence and unrest in Yemen. That was back in April, and Yemen Cyber Army has gotten stronger ever since. On May 20, they used Twitter accounts to hack the Saudi foreign ministry. The next day, Iran’s state run news blamed Yemen Cyber Army for this attack, which led to the leak of foreign ministry employees’ personal information. Now, Wikileaks is announcing the release of around a million records from the Saudi foreign ministry. Wikileaks didn’t say the exposed documents were given to them by Yemen Cyber Army. But Wikileaks did credit them for breaching the Saudi Foreign Ministry. This cyber group has no spokesperson. It’s not verified they’re even based in Yemen. Some of them claim to be from Yemen. But yet they won’t speak Arabic or give away their location. In fact, an Israeli cyber security group called ClearSky believes Iran’s government is behind the group. They discovered malware deployed against 550 different targets throughout the Middle East. Half of those targets are against Saudi Arabia.
Whether the Yemen Cyber Army is made up of Yemen or Iranian hackers, or both, one thing should be clear. Cyber conflicts around the world show no signs of slowing down. In fact, I expect them to only intensify. Unfortunately, the Internet seems to be a new way for individuals, corporations, and whole nations to attack and attempt to destroy each other. Obviously, there’s a lot of good the Internet does. In fact, there’s more good than harm. But ClearSky has a valid point. With all the turmoil in Yemen, I’m convinced the Yemen Cyber Army is getting a lot of help from outside Yemen, though I do believe some are from Yemen. Iran is just one of the nations helping them. Are there others?
Samsung, one of the biggest phone makers today and of all-time, is facing a problem. In fact, Samsung faces 600 million problems.
Let me explain. There is a default keyboard threat facing as many as 600 million Samsung phones. The pre-installed SwiftKey keyboard looked for language updates while over unencrypted territory and in plain text. This leaves the door open to create phony proxy servers. These servers can send malware to venerable devices and data to keep bad code on the device. That way, they can further exploit the users’ device. Do you know the power this gives a hacker? They can exploit this keyboard mishap and get a Samsung user’s name, address, email, SSN, text messages, bank information, social media passwords, and anything else they want. Not only that, the malware can be used to spy on users near and far, invading privacy. This discovery was made by Ryan Welton, a security expert representing a firm called NowSecure. Welton talked about the potential attack at a Blackhat Security Summit. According to NowSecure CEO Andrew Hoog, this threat likely affected Samung Android devices like S3, S4, S5, Galaxy Note 3, and Galaxy Note 4. A SwiftKey spokesperson said they are investigating this threat. The spokesperson also said SwiftKey apps on Google Play and the App Store isn’t affected by this threat.
Let me make it clear: This is just a warning. The cyber attack hasn’t happened and it isn’t happening now. So don’t go throwing away your Samsung Galaxy phones away. But you should be alerted of this threat. Some have said to me, “Talking about the threat will give hackers ideas.” Believe me, they’ve already thought of this. Ryan Welton is investigating and bloggers like me are reporting this because you need to know. Now what is SwiftKey going to do about it? What are you going to do about it?
Remember the Office of Personal Management breach in Washington DC last week? This breach seems to be the dubious gift that keeps on giving.
According to a federal employee union called American Federation of Government Employment, last week’s hack attack was worse than originally reported. These hackers, allegedly from China, got into SF-86 forms. What’s so special about SF-86 forms, you ask? These documents contain personal and sensitive information about federal government employees and their families, even interactions with foreign visitors and nationals. You see, SF-86 forms are needed for background checks for every federal employee. So imagine the many social security numbers, birthdays, addresses, emails, phone numbers, spouse info, child info, and mothers’ maiden names the potential cyber crooks would have. It turns out their Einstein security system isn’t so hot either. It took months for the hack to be discovered. To this day, not even President Obama himself really knows who pulled the breach off. If Einstein is top of the line security, then why did it take so long for the breach to be revealed? And why don’t we know who the culprits are and where they came from? Back to these SF-86 forms. These forms contain psychology evaluations, financial information, credit reports, criminal records, even marriage/relationship/sexual history. Can you say blackmail?
This is what makes this, and other hacks like this, dangerous. This and the fact that nobody has been held accountable. Still not concerned? This may not be the work of a geek thief in momma’s basement. This could be the work of an international government that doesn’t like us very much. I guess this is how we have to treat hacking, or any cyber crime these days. I‘m just glad this issue is getting the press it deserves. It’s on every major network and Internet site now. Will this press lead to action?
US law officials suspect Chinese hackers compromised four million people by breaking into their business computers. If such suspicions turn out to be true, then this would be one of the biggest government breaches of all-time.
The FBI believes the victims are employees of the Office of Personnel Management. They’re responsible for the federal government’s human resources, background checks and job training, among other things. It’s unclear what was stolen, but the cyber attacks began in April and May 2015. The Chinese Foreign Ministry has all but denied these allegations, claiming China opposes all forms of hacking. The Office of Personnel Management was allegedly hacked last year; it’s believed this is a different incident. The White House and other government entities often urge private companies to do a better fighting hacks. But this isn’t the first time the government has struggled with it’s own data security issues. The Department of Homeland Security said they discovered the breach through a data system called Einstein, a system known for identifying cyber intruders, especially on the Federal level. Office of Personnel Management insists they’re taking steps to improve their security so such breaches don’t keep happening. But Rep. Adam Schiff (D-CA) sums up what most Americans are already thinking: We expect federal agencies to be among the most protected.
In the past several years, China and the US have been beefing over cyber security issues for several years now. Not only that, there’s been an intense conflict of words over the South China Seas. With these events, China could very well be a prime suspect. If you’re buying China’s stance against hacking, I have some oceanfront property in Kansas I’d like to sell you. But Rep. Schiff has a great point. Think about how much sensitive data comes through government servers on a daily basis. Now think about if this sensitive gets into the wrong hands. I shutter to think what our enemies could do with this. The US needs to do a far better job protecting their agencies and their employees. This is why I’m considering starting a petition and sending it to my local representatives addressing this critical issue. If the Feds can’t protect their own computer systems, what hope is there for the rest of us?
Sometimes ‘I told you so’ doesn’t do justice. A couple of weeks ago, I blogged about the June 1 expiration of surveillance aspects of the Patriot Act of 2001. That prediction has come true.
Because Washington couldn’t come up with a reform agreement, these surveillance powers expired at midnight Eastern Standard Time June 1, 2015. Even those who are pro NSA surveillance say there needs to be reform. Ever since Edward Snowden‘s exposure of bulk surveillance in 2013, we learned ?how the federal government can read every social media post, every email, every instant message, and how they can listen to every smartphone conversation. Many political leaders have called for a stop to this kid of surveillance. There’s hope for new legislation called the USA Freedom Act. This would ban the NSA from collecting bulk telephone conversations and restrict other areas of surveillance. But as for now, the Feds can’t use bulk telephone records, or business records relating to Internet use. This debate has turned Republican against Republican, even fellow Kentucky Senators Rand Paul and Mitch McConnell. Senator McConnell is opposed to any surveillance reform. Senator Paul is a staunch opponent of NSA surveillance. He even believes this new USA Freedom Act doesn’t go far enough in fighting surveillance abuses. Rand Paul is running for US President in 2016 under the Republican ticket, but is popular among civil libertarians.
With Memorial Day vacation and June 1 shortly after, and politicians hardly agreeing on anything these days, I knew the old NSA surveillance wouldn’t be renewed. But I have hope for the USA Freedom Act. On one hand, it would ban unnecessary privacy abuses. On the other hand, this act will help keep us safe. Some say a resolution should happen by the end of this week. Do you think our elected officials will put differences aside and put our privacy and security first?
Some go on dating sites to find true love, some go to find friends. Some go to find something a little wilder. Those sites offering something wilder are at risk.
Dating site Adult Friend Finder has been hacked. Nearly four million accounts have been compromised. Before you panic too much, Adult Friend Finder boasts well over 60 million users. But what makes this cyber leak more intense is the information on this site. Adult Friend Finder caters to those looking for…how do I put this…hook ups and casual relationships. So in this case, peoples’ most intimate and sexual information is compromised and in the hands of cyber criminals. One major concern is sextortion. These criminals are going to hold such sexual information at random and release it if they don’t get what they want. Within hours of this leak, the hackers themselves said they were going to hit victims with spam. Cyber security experts believe they’ll fish through these emails looking for people to blackmail. ?The adult dating site is taking the leak seriously. A spokesperson said, “We have already begun working closely with law enforcement and have launched a comprehensive investigation with the help of leading third-party forensics expert.We pledge to take the appropriate steps needed to protect our customers if they are affected.”
I found an interesting statistic. On Adult Friend Finder, there’s one female user for every 16 male users. That’s just one reason to leave these adult websites alone. That’s too much competition. And you never know what you’re getting. You think getting hacked is bad? I remember a news story about one sociopath who used online services to find women, only to kill and rob them! Then he took his own life! Now I’ve always hated the ‘blame the victim’ mentality. The main culprit are these cyber criminals. I hope these criminals are arrested and convicted for these heinous actions and putting innocent people at risk. But let’s choose our online social life carefully. Whatever happened to just meeting people the good old fashioned way…in person?
