Yahoo has introduced a new "on demand" password system that allows you to log into your account anytime using an individually generated unique code that the company will text to your phone.
It's essentially two factor authentication without the first step.
The feature is an inevitable move towards making user accounts more secure. Google and Apple have both dealt with high-profile security flaws and consumers are notoriously bad at practicing good password hygiene. Despite warnings, many still rely on easy to remember personal information or family names rather than unique codes generated by a password manager.
Apple CEO Tim Cook made a bold pitch for his company's commitment to user privacy at a White House summit on Friday, taking implicit shots at Apple's Silicon Valley rivals as well as the federal government. …. Cook described privacy online as a human right and linked it to the struggle for freedom for LGBT people.
“Too many people do not feel free to practice their religion or practice their opinion or love who they choose,” said Cook, who is gay. “In a world where that information can make the difference between life and death,” he continued, “if those of us in positions of responsibility fail to do everything in our power to protect the right of privacy, we risk something far more valuable than money. We risk our way of life.”
"We don't sell advertisers information from your email content or your web browsing history," Cook told the audience at Stanford University. "We don't try to monetize the information you store on your iPhone or in iCloud … We set the industry's highest standards and we are deeply committed to living up to them."
It's not just your your medical records that may be insecure, the cyberwar continues on many fronts.
Attacks on state databases. Massive Utah cyberattacks — up to 300 million per day — may be aimed at NSA facility
Five years ago, Utah government computer systems faced 25,000 to 30,000 attempted cyberattacks every day. At the time, Utah Public Safety Commissioner Keith Squires thought that was massive. "But this last year we have had spikes of over 300 million attacks against the state databases" each day: a 10,000-fold increase. Why? Squires says it is probably because Utah is home to the new, secretive National Security Agency computer center, and hackers believe they can somehow get to it through state computer systems.
Or in your cars. Report Sees Weak Security in Cars’ Wireless Systems
In addition to finding “a clear lack of appropriate security measures to protect drivers against hackers who may be able to take control of a vehicle” or hackers who wish to “collect and use personal driver information,” the report expressed concerns over how automakers track drivers’ behavior and collect, transmit and store that information…..The report found that large amounts of data on driving histories are harvested, frequently without consumers being explicitly aware that the information is being collected or how it will be used.
Facebook can follow you just about everywhere and you probably agreed to it. Now Facebook can follow you on other sites: Social media network has started harvesting data on links you click and searches you make
Facebook has started collecting information about the other websites users visit, the links they click on and their searches.
A Facebook spokesman said: ‘It takes into account pages and places visited on Facebook, alongside browsing on the internet.’
She added that the changes help Facebook 'to better serve more relevant advertising to you.'
Using stolen identities to file fraudulent tax returns and claim refunds. TurboTax halts e-filing for state returns due to fraud, stealing of refunds
Intuit, the parent company of TurboTax, has stopped e-filing all state tax returns due to increased suspicion of fraud. The company says it is investigating criminal attempts to use stolen data to file fraudulent returns and claim refunds, after hearing concerns from a handful of states, Intuit spokeswoman Diane Carlini told MarketWatch. After a preliminary examination with security experts, Intuit believes its systems weren’t breached, but crooks may have used TurboTax software to file fraudulent returns after stealing identities, she said.
Intuit said in a release that “the information used to file fraudulent returns was obtained from other sources outside the tax preparation process.” The company called pausing e-filings to states a “precautionary step.”
In light of this breach, Paul Bleeg, CPA and Partner, EisnerAmper LLP argues that you should go back to snail-mail to file your taxes this year.
E-filing isn't mandatory. Taxpayers may elect not to e-file their federal return, and all but a handful of states also allow an "opt-out" of e-filing, including California. So why would you want to choose the inconvenience of mailing paper tax returns?
1. E-filed returns have a higher rate of being chosen for examination (audit) by the IRS…..
2. E-filed returns are at-risk for identity theft. The South Carolina Department of Revenue reported that 3.9 million e-filed tax returns were exposed in a hacker attack. That means that the names and social security numbers of every parent and child listed on those tax returns, as well as investment account details and other personal information, are now in the hands of hackers, who may be connected with organized crime. The South Carolina Department of Revenue is paying the cost of credit-monitoring services for all those taxpayers exposed, including the children of taxpayers. Each state has different e-file security measures that should be considered.
3. Fraudulent e-filed returns using real taxpayers' names and Social Security numbers is a rapidly growing problem…With the correct name and social security number of the victim, criminals are e-filing tax returns that report zero income. When they e-file, the IRS and many of the states just issue refunds of the taxpayers' withholdings and estimated tax payments since there are no tax liabilities reported on these fraudulent returns. These refunds are direct-deposited into the criminal's bank account, or issued as a debit card and sent to the criminal's P.O. Box. When the real taxpayers try to file their tax return, they receive a rejection message, saying a return has already been e-filed.
Health insurer Anthem Inc , which has nearly 40 million U.S. customers, said late on Wednesday that hackers had breached one of its IT systems and stolen personal information relating to current and former consumers and employees.
The No. 2 health insurer in the United States said the breach did not appear to involve medical information or financial details such as credit card or bank account numbers.
The information accessed during the "very sophisticated attack" did include names, birthdays, social security numbers, street addresses, email addresses and employment information, including income data, the company said.
Anthem said that it immediately made every effort to close the security vulnerability and reported the attack to the FBI. Cybersecurity firm FireEye Inc said it had been hired to help Anthem investigate the attack.
Medical identity theft is often not immediately identified by patients or their provider, giving criminals years to milk such credentials. That makes medical data more valuable than credit cards, which tend to be quickly canceled by banks once fraud is detected.
Health insurer Anthem Inc. did not encrypt the 80 million Social Security numbers stolen by hackers last week, but that's probably more common than you think….The Wall Street Journal explained, and though it appears Anthem encrypted data moving out of its database, it didn't do so for information simply being stored. Instead, a spokesperson told the WSJ, the company used other security measures to protect that information.
Security experts say cyber criminals are increasingly targeting the $3 trillion U.S. healthcare industry, which has many companies still reliant on aging computer systems that do not use the latest security features.
Anthem said it would send a letter and email to everyone whose information was stored in the hacked database. It also set up an informational website, www.anthemfacts.com, and will offer to provide a credit-monitoring service. The company said on the website's FAQ page that 'The impacted (plan/brand) include Anthem Blue Cross, Anthem Blue Cross and Blue Shield, Blue Cross and Blue Shield of Georgia, Empire Blue Cross and Blue Shield, Amerigroup, Caremore, Unicare, Healthlink, and DeCare.'
New York Times. What Anthem Customers Should Do Next After Data Breach
Although Anthem says the attackers did not get any medical records, they did get access to medical identification numbers found on insurance cards. ….. “You don’t need a complete medical record to commit medical identity theft if you have the correct name and Social Security number,” said Pam Dixon, executive director of World Privacy Forum. “The chief harm for medical identity theft is that your medical record will change without your knowledge.”
THEFT TYPES In large-scale breaches like the one at Anthem, experts said the criminals could pose as medical billers and fraudulently charge consumers’ insurance companies for medical services and drugs. Not only is your insurer paying for something that you didn’t ask for, but the fraudsters can also alter your medical record, Ms. Dixon said.
WHAT TO DO Consumers should try to create their own copy of their medical file so they have an accurate version of their history should a fraudster make any changes, said Ms. Dixon, who has worked with many medical identity theft victims. Think about any significant or chronic medical conditions, surgeries or accidents — particularly for the last few years — and get a record from your doctors’ offices, hospital or other provider. Also get a record of your blood type and any drug allergies. If you have access to an online patient portal, try to print out or save a copy of those files elsewhere.
“You want to print a baseline record so that if it is altered without your knowledge by fraudulent activity,” Ms Dixon said, “you have something that is really clean.” That will help prove your case, she said, and rebuild an accurate history.
In the New York Times Magazine several weeks ago was a fascinating article The Secret Life of Passwords
by Ian Urbina. We despise them – yet we imbue them with our hopes and dreams, our dearest memories, our deepest meanings. They unlock much more than our accounts.
SEVERAL YEARS AGO I began asking my friends and family to tell me their passwords. I had come to believe that these tiny personalized codes get a bum rap. Yes, I understand why passwords are universally despised: the strains they put on our memory, the endless demand to update them, their sheer number. I hate them, too. But there is more to passwords than their annoyance. In our authorship of them, in the fact that we construct them so that we (and only we) will remember them, they take on secret lives. Many of our passwords are suffused with pathos, mischief, sometimes even poetry. Often they have rich back stories. A motivational mantra, a swipe at the boss, a hidden shrine to a lost love, an inside joke with ourselves, a defining emotional scar — these keepsake passwords, as I came to call them, are like tchotchkes of our inner lives. They derive from anything: Scripture, horoscopes, nicknames, lyrics, book passages. Like a tattoo on a private part of the body, they tend to be intimate, compact and expressive.
There was the former prisoner whose password includes what used to be his inmate identification number (“a reminder not to go back”); the fallen-away Catholic whose passwords incorporate the Virgin Mary (“it’s secretly calming”); the childless 45-year-old whose password is the name of the baby boy she lost in utero (“my way of trying to keep him alive, I guess”).
When I described keepsake passwords to Paul Saffo, who teaches engineering at Stanford and writes often about the future of technology, he coined the term “crypto haiku.”
“Keepsake passwords . In our authorship of passwords, in the fact that we construct them so that we (and only we) will remember them, they take on secret lives. Many of our passwords are suffused with pathos, mischief, sometimes even poetry.
On the other hand, we are at the dawn of development in using parts of our bodies as the authenticator for our unique identity instead of passwords.
As usual, Apple leads the way with fingerprint sensors in the newest iPhones and iPads. Now there are companies where the password can be your heartbeat, your iris, the veins on your palm.
Read more at CNN - How your body will be your password.
With the help of Pathway Genomics, consumers might one day be able to "Ask Watson" for insights into their health.
IBM's Watson Group today announced an undisclosed investment in Pathway Genomics to create the first cognitive consumer app based on a user's genetic makeup.
Citing research on genomic medicine, IBM said the bioinformatics market is expected to grow to $12.86 billion by 2020. Few consumers, however, have access to or can benefit from personalized wellness-related recommendations tailored to their individual needs. Which is where IBM and Pathway Genomics come in.
By leveraging the natural language processing and cognitive capabilities of Watson, consumers will be able to "Ask Watson" for insights, based on their own genes, wearable data, and other wellness information, like emotional, physical, and social well being.
"The medical industry is undergoing a dramatic and systemic change, putting the consumer more in charge of their own health care," Michael Nova, chief medical officer at Pathway Genomics and member of the Watson Advisory Board, said in a statement. "Giving the consumers access to a powerful tool built upon cognitive learning and Watson will make the change even more transformative."
For a spit of saliva and $2,500, your genetic test results are securely delivered to your computer screen with your genetic likelihood for 18 medical conditions, from Alzheimer's to rheumatoid arthritis to several types of cancer. Navigenics aims to boost disease prevention by providing customers reports on their DNA that they can share with their doctors. The company addresses privacy concerns by encrypting customer identities, and screens only for conditions it deems to have scientifically sound genetic studies. The company also offers genetic counseling.
in 2007 Google invested at least $4.4 million in a genetic screening company, 23andMe, that was started by Anne Wojcicki, the wife of Google co-founder Sergey Brin, and her business partner.
Interestingly, Navigenics and 23andMe don't consider themselves competitors. Navigenics' DuRoss says "23andMe has taken the approach of providing you a fun, social, and ancestral look at your DNA," adding that her company "has taken the view that science, clinical utility, and the ability to do something about your health is of paramount importance."
MIT Technology Review Google Wants Your DNA too. For $25 a year, Google will keep a copy of any genome in the cloud.
Google is approaching hospitals and universities with a new pitch. Have genomes? Store them with us….The idea is to create “cancer genome clouds” where scientists can share information and quickly run virtual experiments as easily as a Web search, says Sheila Reynolds, a research scientist at the Institute for Systems Biology in Seattle. “Not everyone has the ability to download a petabyte of data, or has the computing power to work on it,” she says.
One lawyer took the time to read the 46 page privacy notice that came with his smart TV and this is what he said.
I am now the owner of a new “smart” TV, which promises to deliver streaming multimedia content, games, apps, social media, and Internet browsing. Oh, and TV too.
The amount of data this thing collects is staggering. It logs where, when, how, and for how long you use the TV. It sets tracking cookies and beacons designed to detect “when you have viewed particular content or a particular email message.” It records “the apps you use, the websites you visit, and how you interact with content.” It ignores “do-not-track” requests as a considered matter of policy.
It also has a built-in camera — with facial recognition. The purpose is to provide “gesture control” for the TV and enable you to log in to a personalized account using your face…..
More troubling is the microphone. The TV boasts a “voice recognition” feature that allows viewers to control the screen with voice commands. But the service comes with a rather ominous warning: “Please be aware that if your spoken words include personal or other sensitive information, that information will be among the data captured and transmitted to a third party.” Got that? Don’t say personal or sensitive stuff in front of the TV.
You may not be watching, but the telescreen is listening.
According to retired General David Petraeus, former head of the CIA, Internet-enabled “smart” devices can be exploited to reveal a wealth of personal data. “Items of interest will be located, identified, monitored, and remotely controlled through technologies such as radio-frequency identification, sensor networks, tiny embedded servers, and energy harvester,” he reportedly told a venture capital firm in 2012. “We’ll spy on you through your dishwasher” read one headline. Indeed, as the “Internet of Things” matures, household appliances and physical objects will become more networked. Your ceiling lights, thermostat, and washing machine — even your socks — may be wired to interact online. The FBI will not have to bug your living room; you will do it yourself.
Peeping into 73,000 unsecured security cameras thanks to default passwords.. A site linked to 73,011 unsecured security camera locations in 256 countries to illustrate the dangers of using default passwords.
Security cameras are supposed to offer security, not provide surveillance footage for anyone to view. Businesses may be fine with that, but cameras that are not truly locked down in homes invite privacy invasions.
There were lots of businesses, stores, malls, warehouses and parking lots, but I was horrified by the sheer number of baby cribs, bedrooms, living rooms and kitchens; all of those were within homes where people should be safest, but were awaiting some creeper to turn the “security surveillance footage” meant for protection into an invasion of privacy.
The Washington Post reports that computers at the White House were hacked recently by people possibly working for the Russian government.
According to the report, which is based on information from unnamed sources, security officials were able to contain the breaches relatively quickly, and that no classified networks were compromised. The NSA and FBI are investigating the attack, which we only found out about thanks to information from an "ally."
"How does an ally figure that out?" Ben FitzGerald, with the Center for a New American Security in Washington, D.C. said. "What were they monitoring that we weren't?"
Scott Johnson at PowerLine reports
the computer network within the Executive Office of the President has been down for close to a week, and staff throughout the various components still lack basic access to their files (though many are now able to access e-mail and the Internet). He advises that EOP staff have been told not to say anything about the situation to anyone.
Our source Describing the problem as a “major data loss,” he believes that repair is expected to take weeks. From what he understands, this is a serious problem. He asserts: “We are potentially talking OMB, USTR, ONDCP, OPM, and the White House itself(!). Top-line executive deliberations. Gone. Stolen? No idea.”
In his most recent message, our source reports: EOP employees told to think very carefully about what personal information might have been located on their computers – still “weeks away” from a fix.
Federal officials warned companies Monday that hackers have stolen more than 500 million financial records over the past 12 months, essentially breaking into banks without ever entering a building.
"We're in a day when a person can commit about 15,000 bank robberies sitting in their basement," said Robert Anderson, executive assistant director of the FBI's Criminal Cyber Response and Services Branch.
The U.S. financial sector is one of the most targeted in the world, FBI and Secret Service officials told business leaders at a cybersecurity event organized by the Financial Services Roundtable. The event came in the wake of mass hacking attacks against Target, Home Depot, JPMorgan Chase and other financial institutions.
"You're going to be hacked," Joseph Demarest, assistant director of the FBI's cyberdivision, told the business leaders. "Have a plan."
His advice was directed to the banks, but it's just as applicable to you. What are you doing to protect yourself?
JPMorgan Chase Co. says that a recent cyberattack compromised customer information for about 76 million households and 7 million small businesses.
The New York-based bank said Thursday that customer information including names, addresses, phone numbers and email addresses were stolen in the cyberattack.
However, JPMorgan said there’s no evidence that the data breach included customers’ account numbers, passwords, Social Security numbers or dates of birth.
The lender said it has not found any unusual customer fraud related to this data breach.
Just days after revealing that the tax agency's failure to follow its own rules put the private data of 1.4 million people at risk, the Treasury Inspector General for Tax Administration publicized the sentencing of Tax Examining Technician Missy Sledge for aggravated identity theft and mail fraud, and IRS employee Monica Hernandez for making and subscribing a false income tax return, wire fraud, and aggravated identity theft.
in addition to IRS personnel, 14,000 contractors have "staff-like" access to Sensitive But Unclassified (SBU) information. Such protected data includes "any information under the IRS's authority that the loss, misuse, unauthorized access, or modification of could adversely affect the national interest, the conduct of IRS programs, or the privacy to which individuals are entitled under law." To gain that access, contractors have to submit to background checks…..
The tax collection agency failed to perform background checks when handing out five reviewed contracts for courier, printing, document recovery, and sign language interpreter services. The report also found a dozen other contracts where the IRS planned to perform background checks, but didn't get to all of the people on the job.
It is tracking your every move – recording the exact time you left for work, where you bought your coffee and where you like to shop.
But this isn’t a futuristic spy drone or some sinister Big Brother state – it’s the iPhone sitting in your pocket.
Hidden in Apple phones is a function which logs every journey. The iPhones are then able to analyze the data to figure out where you live and work, basing decisions on the frequency and timing of trips.
The function – called the Frequent Locations feature – was quietly introduced to iPhones a year ago. But since access to the program is buried beneath five layers of settings menus, few people know it exists.
Apple claims the data never leaves your phone without your permission, and that it was only designed to improve mapping services.
But Professor Noel Sharkey, one of Britain’s leading computing experts, described Apple’s ability to track people as ‘terrifying’. ‘This is shocking,’ he said. ‘Every place you go, where you shop, where you have a drink – it is all recorded. This is a divorce lawyer’s dream. But what horrifies me is that it is so secret. Why did we not know about this?’
Smartphones have had the ability to track their owners’ movements since they were first installed with GPS chips and mapping functions. But this feature, which is automatically installed on any iPhone with the iOS 7 or an iOS 8 operating system, is the first to display the movements clearly on a map. The phone records the date of every one of your journeys, your time of arrival and departure and how many times you have been to each address.
HOW THE HIDDEN TRACKING SYSTEM WORKS…AND HOW YOU CAN STOP IT
The Frequent Locations function is automatically installed on any phone with iOS 7 or iOS 8.
• To access Frequent Locations, go into Settings, choose the Privacy option and then Location Services.
• Go right down to the bottom and select System Services – then click Frequent Locations.
• Your data will be displayed under a History heading divided up into cities and districts – click on each one to see how your phone monitors, analyses and maps everywhere you go.
• To disable Frequent Locations, select Clear History and make sure Improve Maps is deselected.
• Finally, turn off the Frequent Locations tab. This does not stop data being recorded, it only stops it being packaged up in a map.
• To stop it being logged at all, you can disable Location Services in the Privacy menu – but this will leave you unable to use your phone’s mapping software.
What are you doing to protect yourself from becoming collateral damage in the persistent ongoing digital war?
Cyber criminals can make ten times more money hacking someone's medical information rather than their credit card details, new research has shown. ….Medical identity theft is often not immediately identified by a patient or their provider, giving criminals years to milk such credentials. That makes medical data more valuable than credit cards, which tend to be quickly canceled by banks once fraud is detected.
The FBI has warned US health care providers of the new threat after a group of Chinese hackers stole personal information from 4.5 million patients after targeting the computer network of Community Health Systems Inc. Internet security experts believe the $3 trillion US healthcare industry is a ripe target for cyber criminals because many many health care providers use older computers with inadequate tools to protect the confidential information.
The data for sale includes names, birth dates, policy numbers, diagnosis codes and billing information. Fraudsters use this data to create fake IDs to buy medical equipment or drugs that can be resold, or they combine a patient number with a false provider number and file made-up claims with insurers, according to experts who have investigated cyber attacks on healthcare organizations.
Community Health Systems revealed the cyber attack in a SEC filing on Monday. 'The Company and its forensic expert, Mandiant (a FireEye Company), believe the attacker was an “Advanced Persistent Threat” group originating from China who used highly sophisticated malware and technology to attack the Company’s systems,' Community Health Systems said. 'The attacker was able to bypass the Company’s security measures and successfully copy and transfer certain data…. The stolen information included patient names, addresses, birth dates, telephone numbers and social security numbers of people who were referred or received services from doctors affiliated with the hospital group in the last five years, the company said in the regulatory filing. It did not include medical or clinical information.
Home Depot said that 56 million debit and credit cards are estimated to have been breached in a data theft between April and September at its stores in the U.S. and Canada. That makes it the second-largest breach for a retailer on record. The disclosure puts the data breach behind TJX Cos.’s theft of 90 million records, disclosed in 2007 and ahead of Target’s pre-Christmas 2013 breach which compromised 40 million credit and debit cards.
A database containing nearly 5 million Gmail user accounts and passwords was leaked on Bitcoin Security, a popular Russian website devoted to the cryptocurrency. The text file was published on Tuesday night by user tvskit, according to CNews, the Russian news outlet that first broke the story. The leaker claimed that the majority of the accounts belong to users who speak English, Russian, or Spanish, and that approximately 60 percent are active. The passwords not only give access to Gmail, but a slew of other Google services such as Drive and the mobile payment system Google Wallet.
Hack leaks hundreds of nude celebrity photos Apple says its iCloud security was not breached. The culprit was weak passwords The hackers figured out user names, passwords, and security questions of the celebrities.
Half of us are at risk of cyber-attacks ‘because we don’t install anti-virus software on laptops or phones’
National Crime Agency is launching new campaign to increase awareness of the dangers of not protecting yourself online.
Open wireless and default passwords make controlling a city's intersections trivial. …..the most upsetting passage in the entire paper is the dismissive response issued by the traffic controller vendor when the research team presented its findings. According to the paper, the vendor responsible stated that it "has followed the accepted industry standard and it is that standard which does not include security."
What if your body is hacked? Microchip Implants in Healthy People
In March 2009, British researcher Mark Gasson had a chip injected under the skin of his hand. The chip, a slightly more advanced version of the tags used to track pets, turned Gasson into a walki• ng swipe-card. With a wave of his wrist, he could open security doors at the University of Reading laboratory, where his experiment was being conducted, and he could unlock his cell phone just by cradling it.
A year later, Gasson infected his own implant with a computer virus, one that he could pass on to other computer systems if the building's networks were programmed to read his chip. As Gasson breezed around the the workplace, spreading the virus and corrupting computer systems, certain areas of the building became inaccessible to his colleagues.
The Plague of Passwords. Senior trying to set a password
WINDOWS: Please enter your new password.
WINDOWS: Sorry, the password must be more than 8 characters.
USER: boiled cabbage
WINDOWS: Sorry, the password must contain 1 numerical character.
USER: 1 boiled cabbage
WINDOWS: Sorry, the password cannot have blank spaces.
USER: 50bloodyboiled cabbages
WINDOWS: Sorry, the password must contain at least one upper case character.
WINDOWS: Sorry, the password cannot use more than one upper case character consecutively.
WINDOWS: Sorry, the password cannot contain punctuation.
WINDOWS: Sorry, that password is already in use.
Data collection has become a growing concern for many users of smart technology, which can record numerous personal details, some of which is collected without their knowledge. With that in mind Coop Himmelb(l)au, an Austrian architecture company, created the Jammer Coat to protect the wearer from unwanted data collection. The Jammer Coat is a padded cloak that contains metallic fibres designed to block radio waves, shielding the wearer from tracking devices.
All signals are designed to be blocked from reaching devices once they are stored inside the coat, meaning vital information from important items such as credit cards is protected from those looking to obtain it. This also means it is blocked from WI-Fi networks, mobile providers and more. And with numerous pockets of different sizes the coat can accommodate smartphones, tablets and a range of other devices. The white coat is also patterned with black spots, which have been designed to mask the wearer’s true body shape.
'The CHBL Jammer Coat is a piece of clothing that enables its user to disappear: Google cannot find you anymore,' said a spokesperson for Coop Himmelb(l)au. The piece is made of metallised fabrics, which are blocking radio waves and shielding the wearer against tracking devices. You are no longer reachable on your mobile phone and no information from your credit card can be captured.
Even though it looks like duvet, I rather like it, but then I've always liked the elegance of desert robes, especially their coolness in the summer heat.
Failing to protect yourself online is so irresponsible, it could threaten the economy of entire nations.
That's according to a security report by California-based group, McAfee, which suggests cybercrime is now such big business, it is worth more than the wealth of some countries.
As a business, cybercrime would be ranked 27th in the world based on revenue, and the attacks are currently costing the world more than £328 billion ($400 billion) a year.
They claim the big problem remains a lack of understanding among the public about different threats that exist.
As part of the report, Samani revealed there are 20 to 30 cybercrime groups that are operating on a ‘nation-state level’.
This means they are working on an industrial scale, and overcome almost any sort of web defence they face.
‘We want the economy to grow, and it’s being held back by cybercrime.
‘If you’re not taking important measures you’re contributing to criminals, and I mean nasty criminals, making money off you. Not taking action is resulting in people losing their jobs,’ he said.
The report found that more than 200,000 jobs had been lost as a result of cybercrime - through reputation damage or loss of assets.
The news comes in the wake of continued efforts to improve web security before the ‘two-week threat’ elapses, and two viruses that have infected thousands of computers are active again.
The U.S. Department of Homeland Security urged users to install anti-virus software on their computer and ensure that the latest operating systems were also installed on their computers.
If systems do not offer automatic updates, people should enable it, the department said.
It also advised changing passwords, as original passwords may have been compromised during the infection.
Beware of doing online banking on your mobile phone. Security expert reveals that ANYONE can hack a bank's app using free internet tools
Mobile security expert Wilson Bond, a technical manager at mobile security firm Arxan Technologies has demonstrated how a banking app can be hacked.
He built a dummy app and used reverse engineering to connect to a server. When sending money, the server was able to obtain the user’s password
It was then programmed to piggyback onto the payment and transfer money to the hacker’s account. There are also tools and online tutorials to teach hackers the process. He did point out that iOS apps and software are more secure and closely monitored than Android, for example - except on jailbroken devices.
'Jailbreaking' is the process of removing certain restrictions Apple places on apps and downloads, for example, and makes it easier for developers to adjust settings.
Change your password now
What personal details were stolen?
Hackers gained access to eBay customers' names, encrypted passwords, email addresses, physical addresses, phone numbers and dates of birth.
It is unclear whether all, or any, of the details were taken but security experts are warning people to assume the worst.
Are my credit cards details safe?
The firm said that the infiltrated part of the network did not contain any financial details, so in theory, yes.
Will changing my password solve the problem?
Changing passwords will stop hackers from being able to use any login details that were stolen.
However, they could still use names, addresses and birth dates to commit identity fraud.
It’s a good idea to change passwords following any attack such as this. It’s also important to update login details on any sites that use the same password.
If a hacker has your password and email address they could use it to attempt to access other sites that use the same combination.
As a rule, the same password should never be used across different sites.
Should I change my PayPal password as well?
PayPal, which owns eBay, has confirmed its accounts and customers have not been affected by this cyber attack.
However, as a matter of course, it’s good practice to change all related passwords across different sites, including PayPal.
Which countries are affected?
At the moment, we can assume that all eBay customers worldwide will be affected by this breach, until eBay says otherwise.
Is this hack a result of the Heartbleed bug?
When Heartbleed was exposed, eBay announced its customer’s account were secure and had not been affected. This suggests the latest hack is a separate attack.
How did hackers steal the information?
It is unclear how the hackers got hold of the information but eBay said it is working with forensic teams to get an answer to this question.
Why did it take so long for eBay to inform customers of the breach?
MailOnline has contacted eBay for an answer to this question. It is unclear what caused the delay.
Typically, following cyber attacks, a firm will investigate the breach to try and determine how many people are affected, and the severity of the attack, before issuing advice.
The biggest flaw in Internet history affecting as many as two-thirds of the world's websites.
German developer Dr Robin Seggelmann admitted he wrote the code. It was then reviewed by other members and added to OpenSSL software. This addition led to the Heartbleed flaw in the open-source program
Code was added in December, 2011, and no-one picked up the error.
As if the fact that we all have to change our passwords yet again were not bad enought, Bloomberg reports NSA Said to Exploit Heartbleed Bug for Intelligence for Years
Putting the Heartbleed bug in its arsenal, the NSA was able to obtain passwords and other basic data that are the building blocks of the sophisticated hacking operations at the core of its mission, but at a cost. Millions of ordinary users were left vulnerable to attack from other nations’ intelligence arms and criminal hackers.
“It flies in the face of the agency’s comments that defense comes first,” said Jason Healey, director of the cyber statecraft initiative at the Atlantic Council and a former Air Force cyber officer. “They are going to be completely shredded by the computer security community for this.”
“We’ve never seen any quite like this,” said Michael Sutton, vice president of security research at Zscaler, a San Jose, California-based security firm. “Not only is a huge portion of the Internet impacted, but the damage that can be done, and with relative ease, is immense.”
The potential stems from a flawed implementation of protocol used to encrypt communications between users and websites protected by OpenSSL, making those supposedly secure sites an open book. The damage could be done with relatively simple scans, so that millions of machines could be hit by a single attacker.
Ace comments What the hell. What the unholy hell.
This is scary. I'm not even so much bothered by the NSA itself preserving a backdoor into my private stuff. I always figured they could do that anyway, if they wanted.
But they've also exposed everyone to criminal hacking and even compromise by foreign intelligence services.
What the hell. What the unholy hell.
'Changing your password on a vulnerable site makes little difference because the site is still open to attack….'This means your old password would have been at risk, but you're also giving hackers access to your new password - a double whammy.
Affected sites include a number of Google services, including Gmail and YouTube, Facebook, Tumblr, Yahoo and Dropbox. All of these sites have been patched and security experts are advising people to change their passwords on these accounts, even if the sites themselves aren't issuing the advice.
Business Insider Find Out Instantly If A Site Has Been Infected By 'Heartbleed'
I never knew that some smartphone apps
contain computer code that allow the app developer to use the cell phone’s camera or microphone at any time, and record cell phone conversations at any time. Listening to a cell phone conversation in the past would require that the police take evidence to a court and ask a judge to sign a warrant allowing a police wiretap. Yet today, many apps effectively usurp the privacy of downloaders at the push of a phone button.
Right now these rights can be taken away by the state only after a long and arduous legal process. A convicted felon, for example, will lose his right to vote.
Up to now, a person could give away copyright rights to a photograph, for example, only by physically signing a photo release. Or he could sign away the copyright protections for a piece of music to a record company. But apps today could sneak in language that states that any music transmitted by a smartphone becomes the property of the person who developed the app. This was all made possible because written signatures were replaced by the e-signature, and now only a click of the "accept" button is required.
The product is called Cognizant, a free to download app for Android mobile phones and tablets. It protects those devices by empowering the user to be fully aware of all the permissions that applications have been granted on a device, knowingly or not.
In a non-descript Montreal office building, McAfee demonstrated how one popular chat application in particular had by default been granted what can only be described as excessive permissions. The application has access to things like: all call history, contacts, GPS, camera access, the ability to silently make calls and even turn off notifications of these activities to the user. I install the app on my own phone to see this and sure enough, it’s pretty shocking. If you think about it, if one were to describe a program that did all of these things on a PC, it could be called malware. McAfee states that there are thousands upon thousands of apps out there doing the exact same thing, taking more permissions than are clearly necessary or that you may be comfortable with.
While awaiting a similar app for the iPhone, I just got rid of a bunch of apps that I never used.
Just as the Pew Research Center released a survey showing Americans would give up TV before they would give up the Internet.
53 percent of US Internet users would find it "very hard" to give up Web access, up from 38 percent in 2006….
35 percent of all US adults television would be very hard to give up, compared with 44 percent in 2006…..
Using the Web -- browsing it, searching it, sharing on it -- has become the main activity for hundreds of millions of people around the globe," Pew said.
A cybersecurity firm has uncovered stolen credentials from 360 million accounts that are available for sale on cyber black markets…they warn the discovery could represent more of a risk to consumers and companies than stolen credit card data because of the chance the sets of user names and passwords could open the door to online bank accounts, corporate networks, health records and virtually any other type of computer system….'The sheer volume is overwhelming.'….
Alex Holden, chief information security officer of Hold Security LLC….believes the 360 million records were obtained in separate attacks, including one that yielded some 105 million records, which would make it the largest single credential breaches known to date.
He said he believes the credentials were stolen in breaches that have yet to be publicly reported. The companies attacked may remain unaware until they are notified by third parties who find evidence of the hacking, he said.
'We have staff working around the clock to identify the victims,' he said.
Do you think this will change anyone's mind?
Michael Ollove, a reporter for Stateline, noted that 43 percent of identity-theft incidents in the United States are medical-related, “a far greater chunk than identity thefts involving banking and finance, the government and the military, or education. The U.S. Department of Health and Human Services says that since it started keeping records in 2009, the medical records of between 27.8 million and 6.7 million people have been breached.”
Regardless, as many as 31 states do not conduct background checks on Obamacare navigators, who have access to enrollees’ names, Social Security numbers, financial records, and health information. A recent NR report found that in California, at least 43 navigators approved by the state health exchange had prior convictions, including for forgery and welfare fraud.
Every credit card in the U.S. will be replaced by October 2015 with new cards that contain the chip-and-PIN technology that the rest of the world has had for years, according to the Wall Street Journal. Both Visa and MasterCard are committed to the switch, which will render extinct the plastic in your wallets and purses right now.
No more black magnetic stripes; no more signing on the dotted line.
Americans who have traveled to Europe in recent years will know that the U.S.'s credit card system is embarrassingly old-fashioned by comparison. It's often difficult to use American credit cards abroad because the Europeans abandoned magnetic stripes and signatures years ago — they were too easily hacked. Credit and debit cards in the U.S. are about 10 years behind the rest of the world.
The new cards contain a microchip and require the owner to enter a PIN into a payment machine at checkout. They are more secure for a couple of reasons.
First, requiring the PIN prevents checkout staff from handling your card — they will simply hand you the point-of-sale device and customers will insert their cards and verify payment themselves.
Second, the chip replaces the magnetic stripe, which is easily copied and therefore vulnerable to hackers, as the Target sting proved. In France, chip-and-PIN allegedly reduced credit-card fraud by 80% (although the sourcing for this number is vague).
Senate cybersecurity report finds agencies often fail to take basic preventive measures against even modestly skilled hackers.
The report…paints a broader picture of chronic dysfunction, citing repeated failures by federal officials to perform the unglamorous work of information security. That includes installing security patches, updating anti-virus software, communicating on secure networks and requiring strong passwords. A common password on federal systems, the report found, is “password".
The report levels particularly tough criticism at the Department of Homeland Security, which helps oversee cybersecurity at other federal agencies. The report concluded that the department had failed even to update essential software — “the basic security measure just about any American with a computer has performed.”
Report: 4 in 10 Government Security Breaches Go Undetected DHS, DOJ, DOD, EPA, NASA, Energy, State routinely hacked
Nearly every agency has been attacked, including the Departments of Homeland Security, Justice, Defense, State, Labor, Energy, and Commerce. NASA, the EPA, the FDA, the U.S. Copyright Office, and the National Weather Service have also been hacked or had personal information stolen.
In one example, hackers breached the national Emergency Broadcast System in February 2013 to broadcast “zombie attack warnings” in several midwestern states.
Even worse, nearly four in 10 intrusions into major civilian agencies go undetected….
The Nuclear Regulatory Commission, which contains volumes of information on the nation’s nuclear facilities, “regularly experiences unauthorized disclosures of sensitive information,” according to the report.
The agency has “no official process for reporting” breaches, cannot keep track of how many laptops it has, and kept information on its own cybersecurity programs, and its commissioner’s “passport photo, credit card image, home address, and phone number,” on an unsecure shared drive.
“Weaknesses in the federal government’s own cybersecurity have put at risk the electrical grid, our financial markets, our emergency response systems, and our citizens’ personal information,” Coburn, ranking member of the Homeland Security and Governmental Affairs Committee, said in a statement. “While politicians like to propose complex new regulations, massive new programs, and billions in new spending to improve cybersecurity, there are very basic—and critically important—precautions that could protect our infrastructure and our citizens’ private information that we simply aren’t doing.”
Photographer Jennifer Greenburg, an assistant professor of photography at Indiana University, has been photographing the Rockabilly culture for 10 years.
People that not only dress like it’s the Fifties, but also drive perfectly preserved Cadillacs and decorate their homes with furniture to rival the retro sets of Mad Men.
'At first I thought the culture was about fashion,' the 36-year-old photographer told MailOnline. 'Then I realized it was much, much, more than that. I realized that this was a culture of people who functioned as a community.'
The community of people Ms Greenburg has documented, she believes, usually have a desire for this kind of joyousness that was lost in the 21st Century. 'Happiness, I believe, is everyone’s primary full-time job. And living a life that resembles, visually, the 1950’s helps make that just a little easier,' she said.
From re-wiring a lamp, to re-sewing the seams of a Fifties cocktail dress, Ms Greenburg added that most true participants of the culture are skilled at repairing and restoring most of their possessions.
'I realized what a special and lovely thing I found myself a part of,' she said. 'I have a friend in every city in America that I can call today and go visit tomorrow. That friend will open up his door to me, and, help me with anything that I need -- a laugh, a drink of water, a shoulder to cry on -- just like only the best of friends do.'
From Reflections of a Paralytic » Sperm Donor Recalls Meeting His Donor-Daughter Decades Later
All Narelle Grech from Australia knew of her father was that his code name was T5, he was brown-haired and brown-eyed with O-positive blood type. “When I was a teenager, I carried that information around with me on a scrap of paper, the way other kids carried a photograph of their dad,” she said. “It was my way of keeping a link to him because I had nothing else.”
Born in 1983, Narelle started searching for her biological father fifteen years ago. That search became even more urgent when she was diagnosed her with advanced bowel cancer in 2011, a disease which doctors said might kill her within the next five years. The disease is genetic and she didn’t get it from her mother’s side. Shortly after her diagnosis, Grech has also discovered that she has eight half-siblings created with her biological father’s sperm: “Each one may be a genetic time bomb waiting to go off and it’s probable that they don’t know anything about it.”
Narelle was finally united with her biological father in February of 2013, she passed away just one month later at the age of 30. Last October Ray Tonna was a guest on an Australian talk show to discuss his experience with anonymous sperm donation. In this teaser video for the episode, he recalls what it was like meeting his daughter for the first time:
It’s complicated Human ingenuity has created a world that the mind cannot master. Have we finally reached our limits?
We are now living with the unintended consequences: a world we have created for ourselves that is too complicated for our humble human brains to handle….a world where nearly self-contained technological ecosystems operate outside of human knowledge and understanding. As a scientific paper in Nature in September 2013 put it, there is a complete ‘machine ecology beyond human response time’ in the financial world, where stocks are traded in an eyeblink, and mini-crashes and spikes can occur on the order of a second or less. When we try to push our financial trades to the limits of the speed of light, it is time to recognize that machines are interacting with each other in rich ways, essentially as algorithms trading among themselves, with humans on the sidelines.
ever since the Enlightenment, we have moved steadily toward the ‘Entanglement’, a term coined by the American computer scientist Danny Hillis. The Entanglement is the trend towards more interconnected and less comprehensible technological surroundings. Hillis argues that our machines, while subject to rational rules, are now too complicated to understand. Whether it’s the entirety of the internet or other large pieces of our infrastructure, understanding the whole — keeping it in your head — is no longer even close to possible.
Intellectual surrender in the face of increasing complexity seems too extreme and even a bit cowardly, but what should we replace it with if we can’t understand our creations any more?
The examples Samuel Arbesman uses include: the Traffic Alert and Collision Avoidance System (TCAS), financial trading, software, our legal system which includes the tax code and Obamacare and evolutionary programming.
In Wired, How the NSA Almost Killed the Internet
Google, Facebook, Microsoft, and the other tech titans have had to fight for their lives against their own government. An exclusive look inside their year from hell—and why the Internet will never be the same.
The hard-earned trust that the tech giants had spent years building was in danger of evaporating—and they seemed powerless to do anything about it. Legally gagged, they weren’t free to provide the full context of their cooperation or resistance. Even the most emphatic denial—a blog post by Google CEO Larry Page and chief legal officer David Drummond headlined, “What the …”—did not quell suspicions. How could it, when an NSA slide indicated that anyone’s personal information was just one click away? When Drummond took questions on the Guardian website later in the month, his interlocutors were hostile:
“Isn’t this whole show not just a face-saving exercise … after you have been found to be in cahoots with the NSA?”
“How can we tell if Google is lying to us?”
“We lost a decade-long trust in you, Google.”
“I will cease using Google mail.”
“The fact is, the government can’t put the genie back in the bottle,” says Facebook’s global communications head, Michael Buckley. “We can put out any statement or statistics, but in the wake of what feels like weekly disclosures of other government activity, the question is, will anyone believe us?”
At an appearance at a tech conference last September, Facebook’s Zuckerberg expressed his disgust. “The government blew it,” he said. But the consequences of the government’s actions—and the spectacular leak that informed the world about it—was now plopped into the problem set of Zuckerberg, Page, Tim Cook, Marissa Mayer, Steve Ballmer, and anyone else who worked for or invested in a company that held customer data on its servers.
“At first we were in an arms race with sophisticated criminals,” says Eric Grosse, Google’s head of security. “Then we found ourselves in an arms race with certain nation-state actors [with a reputation for cyberattacks]. And now we’re in an arms race with the best nation-state actors.” Primarily, the US government.
Research estimates that as much as $180 billion could be lost due in large part to overseas companies choosing not to patronize the American-based cloud. “American companies are feeling shellacked by overeager surveillance,” says US senator Wyden. “It reduces our competitiveness in a tough global economy.”
“I was naive,” says Ray Ozzie, who as the inventor of Lotus Notes was an early industry advocate of strong encryption. “I always felt that the US was a little more pure. Our processes of getting information were upfront. There were requests, and they were narrow. But then came the awakening,” he says. “We’re just like everybody else.”
Gizmondo offers advice on How to Erase Yourself from the Internet, especially from the four largest social media sites: Facebook, Twitter, Google+, and LinkedIn
Until now 13 to 17-year olds barred from making posts visible to all users. But Facebook removed that protection and images can be shared publicly. Move condemned as a 'disaster' by campaigners.
A new study shows that Facebook may help people feel connected, but it doesn’t make them any happier. In fact, according to the research, which was conducted by the University of Michigan, Facebook use actually predicts a decline in a person’s well-being.
Report suggests Facebook recently lost active users in the U.S and UK. The majority of people quitting the site blamed concerns over privacy. Other reasons included fear of addiction, and shallow conversations
A Facebook data scientist studied the HTML code of 3.7 million profiles to discover 71% of users regularly type comments and statuses before deciding not to post them. The study, also found men are more likely to abandon a post on the social network site, than women.
From Neatorama Facebook Security Simulator
Google's latest terms and conditions are more difficult to understand than Anglo-Saxon saga Beowulf, say researchers
If you always wanted to see your shining face next to Google ads, your wish will soon be granted. Today Google announced plans to roll out “shared endorsements,” which will augment its own advertisements with information from users who rated, reviewed, or gave a +1 to the service or location in question.
The move echoes Facebook’s “sponsored stories,” where the social network started turning users’ likes or check-ins into ads on its site, all without asking permission or even notifying them. A public outcry, class-action lawsuit, $20 million settlement, and limitations on the use of users’ content followed.
Google revealed its shared endorsements scheme in a change to its terms of service. The updates state that going forward, friends, family, “and others” may see a user’s Google profile name, photo, and any endorsement they’ve created for a company alongside ads for that company.
Users are opted in to Google's new scheme by default. In the past, Google gave itself permission to use users’ +1s alongside advertisements unless the user specifically opted out. The new “shared endorsements” are an extension of that setting, wherein Google gives itself permission to take even more of a user’s content and place it alongside ads.
To opt out of being a shared endorsement, Google users must go to the “shared endorsement” settings page, which is currently not linked anywhere from either their Google+ account or privacy settings (the ads have yet to go into effect, so Google may be waiting to integrate the page until the feature is live). At the bottom of the page is a checkbox next to the phrase “Based upon my activity, Google may show my name and profile photo in shared endorsements that appear in ads.”
MIT Technology Review The Real Privacy Problem
As Web companies and government agencies analyze ever more information about our lives, it’s tempting to respond by passing new privacy laws or creating mechanisms that pay us for our data. Instead, we need a civic solution, because democracy is at risk.
Our instincts for privacy evolved in tribal societies where walls didn't exist. No wonder we are hopeless oversharersm‘. Thinking about online privacy doesn’t come naturally to us,’ Loewenstein told me when I spoke to him on the phone. ‘Nothing in our evolution or culture has equipped us to deal with it.’
When a boy hit puberty, he disappeared into the jungle, returning a man. In today's digital culture this is precisely the stage at which we make our lives most exposed to the public gaze
The need for privacy remains, but the means to meet it — our privacy instincts — are no longer fit for purpose.
Over time, we will probably get smarter about online sharing. But right now, we’re pretty stupid about it. Perhaps this is because, at some primal level, we don’t really believe in the internet. Humans evolved their instinct for privacy in a world where words and acts disappeared the moment they were spoken or made. Our brains are barely getting used to the idea that our thoughts or actions can be written down or photographed, let alone take on a free-floating, indestructible life of their own. Until we catch up, we’ll continue to overshare.
With less than three weeks to sign up for insurance or pay a penalty, problems with the healthcare.gov website are still unresolved. It is impossible to imagine the anxiety and suffering of the millions who lost their health care policies and who don't want to put their identities at risk by going online to healthcare.gov.
“It doesn’t appear that any security fixes were done at all,” David Kennedy, CEO of the online security firm TrustedSec, told the Washington Free Beacon.
Kennedy said fundamental safeguards missing from Healthcare.gov that were identified by his company more than a month ago have yet to be put in place.
After warning Americans when testifying before Congress on Nov. 19 to stay away from Healthcare.gov, Kennedy now says the situation is even worse.
“They said they implemented over 400 bug fixes,” he said. “When you recode the application to fix these 400 bugs—they were rushing this out of the door to get the site at least so it can work a little bit—you’re introducing more security flaws as you go along with it because you don’t even check that code.”
Get this. The Federal Government doesn't have to notify anyone if the site is hacked.
“States are required to notify in the event of a breach, the federal government is not,” he added. “So in the event that Healthcare.gov gets compromised and all their information gets taken out of it they don’t have to notify anybody.”
Kennedy said the team working on Healthcare.gov is more likely to hide its security flaws than address them. When it was revealed that the most popular searches on the website were hack attempts—confirmed by entering a semicolon in the search bar—the website simply removed the tool.
The White House won't even give classified briefings to Congress about the security problems of healthcare.gov. Chairman of the House Intelligence Committee Mike Rogers said,
“They could not even provide someone — CMS and HHS, the two folks responsible for the HealthCare.gov website — in a classified setting to come up and talk about the breaches that they know have happened. That’s just unconscionable.”
He warned that there is currently no coordinated effort within the administration to test the website’s newly-written code which was completed over the past two months of repairs, leaving it vulnerable to breaches. “You’re encouraging people to go to a site that our own government knows doesn’t meet safety standards when it comes to security of private information.”
The latest IBD/TIPP Poll finds that 78% say Americans should be worried about the security of the ObamaCare exchange website, and 53% say they should be "very concerned." This view was shared across parties, with 69% of Democrats saying security concerns are warranted.
More worrisome for the law's success, 82% of those aged 18-24 say concern is justified. These are among the people ObamaCare most desperately needs to enroll to keep overall premiums from spiraling out of control.
John Podhoretz writes in Commentary, No, Healthcare.Gov Isn’t Working. Much of the backend hasn't been constructed yet.
There is no such thing as a functioning website if the “back end” isn’t working. The “back end” is the catchall phrase for everything you don’t see when you visit a website. It refers to the software that translates pictures and words into what you see here. It refers to the software that mediates the relationship between 1) users who enter information, 2) the servers that store the website’s information, and 3) third parties hired to take some (but not all) of the information and process it on their servers and computers. It refers to the security systems put in place so that the website cannot be disabled by an outside attack and so that the data entered cannot be stolen or otherwise compromised.
In other words, the back end is the website. What many people are seeing now at healthcare.gov is a visual demonstration of a sign-in. If the sign-in data are not transferred to a database, nothing has happened. It’s like taking a practice test; it’s not scored and it’s not registered and it means nothing.
Obama administration officials acknowledged today that some of the roughly 126,000 Americans who completed the torturous online enrollment process in October and November might not be officially signed up with their selected issuer, even if the website has told them they are.
While the front-end of the website has been vastly improved, the back-end glitches remain a serious concern, IT experts and industry officials say.
For those who thought they enrolled in a plan through the federal exchange since October, the Obama administration now advises that individuals contact their insurance company to verify coverage and if none exists, to start all over again.
The Washington Post is reporting the bad news for Obama; about ⅓ of consumers enrolled through healthcare.gov have serious errors in the plans they chose.
The mistakes include failure to notify insurers about new customers, duplicate enrollments or cancellation notices for the same person, incorrect information about family members, and mistakes involving federal subsidies.
The spying by the government on American citizens is so far beyond what anyone thought was possible, it's hard to comprehend its scope. Except that it gets bigger and bigger.
New York Times. N.S.A. Said to Search Content of Messages to and From U.S.
To conduct the surveillance,’ reads the report, ‘the NSA. is temporarily copying and then sifting through the contents of what is apparently most e-mails and other text-based communications that cross the border…[the] computer searches the data for the identifying keywords or other “selectors” and stores those that match so that human analysts could later examine them.’
By identifying the recipient of the emails or text messages as the target of the surveillance instead of the sender, the NSA sidesteps a 2008 law that allows spying on domestic soil without warrants as long as the target was a noncitizen abroad.
The official said the remaining emails, those not selected by the software, are deleted. Nonetheless, privacy proponents were in disbelief.
‘The program described by the New York Times involves a breathtaking invasion of millions of people's privacy,’ American Civil Liberties Union deputy legal director Jameel Jaffer said in a statement. ‘The NSA has cast a massive dragnet over Americans' international communications, collecting and monitoring virtually all of them, and retaining some untold number of them in government databases. This is precisely the kind of generalized spying that the Fourth Amendment was intended to prohibit.’
Reuters. Exclusive: U.S. directs agents to cover up program used to investigate Americans
A secretive U.S. Drug Enforcement Administration unit is funneling information from intelligence intercepts, wiretaps, informants and a massive database of telephone records to authorities across the nation to help them launch criminal investigations of Americans.
Although these cases rarely involve national security issues, documents reviewed by Reuters show that law enforcement agents have been directed to conceal how such investigations truly begin - not only from defense lawyers but also sometimes from prosecutors and judges.
The undated documents show that federal agents are trained to "recreate" the investigative trail to effectively cover up where the information originated, a practice that some experts say violates a defendant's Constitutional right to a fair trial. If defendants don't know how an investigation began, they cannot know to ask to review potential sources of exculpatory evidence - information that could reveal entrapment, mistakes or biased witnesses.
"I have never heard of anything like this at all," said Nancy Gertner, a Harvard Law School professor who served as a federal judge from 1994 to 2011. Gertner and other legal experts said the program sounds more troubling than recent disclosures that the National Security Agency has been collecting domestic phone records. The NSA effort is geared toward stopping terrorists; the DEA program targets common criminals, primarily drug dealers.
"It is one thing to create special rules for national security," Gertner said. "Ordinary crime is entirely different. It sounds like they are phonying up investigations."
In a follow-up article Reuters reports Exclusive: IRS manual detailed DEA's use of hidden intel evidence
Details of a U.S. Drug Enforcement Administration program that feeds tips to federal agents and then instructs them to alter the investigative trail were published in a manual used by agents of the Internal Revenue Service for two years.
The practice of recreating the investigative trail, highly criticized by former prosecutors and defense lawyers after Reuters reported it this week, is now under review by the Justice Department. Two high-profile Republicans have also raised questions about the procedure.
“It’s a very common complaint about N.S.A.,” said Timothy H. Edgar, a former senior intelligence official at the White House and at the office of the director of national intelligence. “They collect all this information, but it’s difficult for the other agencies to get access to what they want.”
“The other agencies feel they should be bigger players,” said Mr. Edgar, who heard many of the disputes before leaving government this year to become a visiting fellow at Brown University. “They view the N.S.A. — incorrectly, I think — as this big pot of data that they could go get if they were just able to pry it out of them.”
The federal government has demanded that major internet companies turn over users’ stored passwords, two sources told the respected tech website CNet.
“If the government is able to determine a person’s password, which is typically stored in encrypted form, the credential could be used to log in to an account to peruse confidential correspondence or even impersonate the user,” the report says. “Obtaining it also would aid in deciphering encrypted devices in situations where passwords are reused.” But it doesn’t end there. The government is not only requesting the passwords, but its also asking for algorithms and even security questions:
At the same time, the government is doing everything it can to protect its own secrets, today's example, the EPA
The EPA's Game of Secret Science The agency pursues rules that will cost billions but refuses to reveal its research.
As the Environmental Protection Agency moves forward with some of the most costly regulations in history, there needs to be greater transparency about the claimed benefits from these actions. Unfortunately, President Obama and the EPA have been unwilling to reveal to the American people the data they use to justify their multibillion-dollar regulatory agenda.
To cite a few examples of where the EPA would like to take the country, the agency is moving forward with strict new limits on ozone that by its own estimates will cost taxpayers $90 billion per year, which would make the regulation the most costly in history. Other examples include a Mercury and Air Toxics Standard for power plants (previously known as "Utility MACT") that the EPA estimates could cost up to $10 billion a year. Yet more than 99% of the EPA's health-based justifications for the rule are derived from scientific research that the EPA won't reveal. Taxpayers are supposed to take on faith that EPA policy is backed by good science.
When the acclaimed television drama series Homeland climaxed with a devious plot by terrorists to kill America’s vice-president by hacking into his electronic pacemaker, critics scoffed at the ludicrousness of the idea.
But the outrageous storyline was thought credible by many in the world of computer security. Among those was the New Zealand-born computer hacker Barnaby Jack. The 35-year-old — who, unlike many in the business, used his skills ‘ethically’ — had spent his career demonstrating the dangers posed by unscrupulous hackers combined with computer manufacturers’ failure to install proper safety devices on equipment.
Jack thought it highly plausible that a terrorist could hack into someone’s pacemaker and speed up their heartbeat until it killed them. He also believed it was possible to infect the pacemaker companies’ servers with a bug that would spread through their systems like a virus.
‘We are potentially looking at a “worm” with the ability to commit mass murder,’ he said. ‘It’s kind of scary.’ Jack certainly knew what he was talking about — having become famous after demonstrating how he could sabotage cash machines and make them dispense large sums of money (a trick he called ‘Jackpotting’) by hacking into a bank’s computer system.
Another stunt was to reveal how a diabetic’s insulin pump — which is designed to deliver insulin to the body day and night — could be hacked from 300ft away, so it could dispense a fatal dose.
Jack, who had been obsessed with computers since childhood, emigrated to the U.S. at the age of 21 and joined a firm specializing in computer security issues.
In recent years, he had developed a specific interest in what is known as ‘embedded’ technology, the hardware and software built into everyday objects such as cars, banking systems, home appliances and medical devices. Jack thought it plausible that someone could hack into a pacemaker and speed up their heartbeat until it killed them
He was preparing to demonstrate his work two days ago at a major computer-hacking convention in Las Vegas.
In an address to the Black Hat convention titled ‘Implantable medical devices: hacking humans’, Jack was due to show an audience of hackers and cyber security experts at Caesar’s Palace how he could hack into devices such as pacemakers and defibrillators.
However, he was never to give the demonstration. A week beforehand, Jack was found dead in his flat in the San Francisco neighborhood of Nob Hill. His body was believed to have been found by his girlfriend, Layne Cross, a 31-year-old model. According to friends, he was found dead in bed.
To say his sudden death remains shrouded in mystery is putting it mildly.
Predictably, for someone who worked in such a shadowy world, there have been countless theories about how he was killed. Hackers are a suspicious bunch who have become even more paranoid since the U.S government’s efforts to silence whistleblowers such as ex-soldier Bradley Manning (who faces jail for leaking secret government cables to WikiLeaks). The absence of even the most basic details about Barnaby Jack’s untimely death has ignited a firestorm of speculation that foul play could be involved.
A prolific gang of foreign hackers stole and sold 160 million credit card numbers from more than a dozen companies, causing hundreds of millions of dollars in losses, federal prosecutors charged on last Thursday in what they described as the largest hacking and data breach case in the country.
The scheme was run by four Russian nationals and a Ukrainian, said the United States attorney for the District of New Jersey, Paul J. Fishman, who announced the indictments in Newark.
The victims in the scheme, which prosecutors said ran from 2005 until last year, included J. C. Penney; 7-Eleven; JetBlue; Heartland Payment Systems, one of the world’s largest credit and debit processing companies; and the French retailer Carrefour.
“It is a really potent reminder of what researchers have been saying: The bigger threat is coming from criminal gangs, most of which are coming from Russia,” said Fred H. Cate, director of the Center for Applied Cybersecurity Research at Indiana University in Bloomington. “It’s far more immediately impactful than threats coming from China.”
In a scam that dated back to 2005, the suspects first targeted retailers, surreptitiously visiting their checkout counters and exploiting vulnerabilities in the payment systems they used. By 2007, they were hacking into the financial systems of Nasdaq, the largest US electronic stock market, and major corporations like 7-Eleven, France’s Carrefour SA, JCPenney and the Hannaford Brothers supermarket chain.
They hit the real paydirt, authorities allege, when they hacked directly into some of the biggest credit card payment processors themselves to steal literally oceans of personal financial data.
Once inside the network, they used malware (malicious code) to create a “back door” that gave them return access, even after some companies identified breaches and thought they had fixed them. Then they installed “sniffers,” or programs to identify, collect and steal vast amounts of personal financial data, individually known as dumps, that they secreted in a network of computers around the world.
John Fund reports on Obamacare’s Branch of the NSA Community organizers will use a Federal Data Hub to sign up people for subsidies — and even ballots.
The Department of Health and Human Services is about to hire an army of “patient navigators” to inform Americans about the subsidized insurance promised by Obamacare and assist them in enrolling. These organizers will be guided by the new Federal Data Hub, which will give them access to reams of personal information compiled by federal agencies ranging from the IRS to the Department of Defense and the Veterans Administration. “The federal government is planning to quietly enact what could be the largest consolidation of personal data in the history of the republic,” Paul Howard of the Manhattan Institute and Stephen T. Parente, a University of Minnesota finance professor, wrote in USA Today. No wonder that there are concerns about everything from identity theft to the ability of navigators to use the system to register Obamacare participants to vote.
This spring, House Oversight and Government Reform Committee lawyers were also told by HHS that, despite the fact that navigators will have access to sensitive data such as Social Security numbers and tax returns, there will be no criminal background checks required for them. Indeed, they won’t even have to have high-school diplomas. Both U.S. Census Bureau and IRS employees must meet those minimum standards, if only because no one wants someone who has been convicted of identity theft getting near Americans’ personal records. But HHS is unconcerned. It points out that navigators will have to take a 20–30 hour online course about how the 1,200-page law works, which, given its demonstrated complexity, is like giving someone a first-aid course and then making him a med-school professor.
Indeed, voter registration is among the goals of the folks hawking Obamacare. The People’s World newspaper reports: “California’s Secretary of State Debra Bowen is designating the state’s new Health Benefit Exchange, Covered California, as a voter registration agency under the National Voter Registration Act. That means Covered California will be incorporating voter registration into every transaction — online, in-person and by phone — it has with consumers.” It seems as if some Obama supporters have found a new way to fill the void left by the bankruptcy of ACORN, the notorious left-wing voter-registration group that saw dozens of its employees in multiple states convicted of fraud.
“Giving community organizers access to the Federal Data Hub is bad policy and potentially a danger to civil liberties,” House Budget Committee chairman Paul Ryan told me recently. “But it’s one of the most underreported stories I’ve seen. If people only knew about this Data Hub program, it would touch off a huge public outcry.”
"It's the greatest collection of private identification information ever assembled on Americans that will be put into one place," said Rep. Patrick Meehan, who chairs a House cybersecurity subcommittee. "It is every bit of sensitive information one would need to know to completely take over the identification of a person," said the Pennsylvania lawmaker.
The Obamacare data hub, he added, "creates a honey pot and the day that it goes online it is going to be a target for hackers and others and they are unprepared to protect the system."
To combat wide spread skepticism, ‘Obamacare’ National Marketing Campaign To Cost Nearly $700 Million
Study: Obamacare could cause 1 million low-income Americans to move from work to welfare
Hackers aren't going anywhere any time soon, so Russian spies are wising up and taking their most sensitive intelligence offline. Not offline like off the internet. Offline like off computers altogether.
The Russian state procurement agency FSO recently announced that it was interested in spending up to 486,000 rubles (about $14,800) on at least 20 old fashioned typewriters to handle top secret documents. After all, cyber security isn't an issue when ink and tree are involved.
Web-users who want to protect their privacy have been switching to a small unheard of search engine in the wake of the 'Prism' revelations.
DuckDuckGo, the little known U.S. company, sets itself aside from its giant competitors such as Google and Yahoo, by not sharing any of its clients' data with searched websites. This means no targeted advertising and no skewed search results.
Aside from the reduced ads, this unbiased and private approach to using the internet is appealing to users angered at the news that U.S. and UK governments (the National Security Agency (NSA) in the U.S. and GCHQ in the UK), have direct access to the servers of big search engine companies, allowing them to 'watch' users.
Entrepreneur Mr Weinberg had the idea for the company in 2006….From there he had the idea to develop a 'better' search engine, that does not share any user information with any websites whatsoever.
Search data, he told the paper, 'is arguably the most personal data people are entering into anything. You're typing in your problems, your desires. It's not the same as things you post publicly on a social network.'
DuckDuckGo, named after an American children's tag game Duck Duck Goose (though not a metaphor), was solo-founded by Mr Weinberg in 2008, in Valley Forge, Pennsylvania. He self-funded it until 2011 when Union Square Ventures, which also backs Twitter, Tumblr, Foursquare and Kickstarter, and a handful of angel investors, came on board.
The 33-year-old CEO, who lives in Paoli, a suburb of Philadelphia, PA, with his wife and two children, explains that when other search engines are used, your search terms are sent to that site you clicked on; this sharing of information is known as 'search leakage'.
'For example, when you search for something private, you are sharing that private search not only with your search engine, but also with all the sites that you clicked on (for that search),' he points out on his website.
'In addition, when you visit any site, your computer automatically sends information about it to that site (including your User agent and IP address). This information can often be used to identify you directly.
'So when you do that private search, not only can those other sites know your search terms, but they can also know that you searched it. It is this combination of available information about you that raises privacy concerns,' he says.
A computer virus that steals bank details and empties money from accounts has been found on Facebook.
Eric Feinberg, who controls the U.S National Football League Facebook page, discovered the malicious links were being posted on his brand's page by fake profiles.
The links are believed to be controlled by the Russian Business Network - an online criminal gang accused of stealing internet users' identities and private information.
The link discovered by Feinberg was for a page called 'Bring the N.F.L to Los Angeles'. The page has since been removed.
Security firm Trend Micro claim that there may be many more hidden on pages, or even being spread inadvertently by Facebook friends.
When a Facebook user clicks the links the Trojan - which gets its name from the Trojan horse the Greeks used to enter the city of Troy undetected - is installed on their computer. It then scans all the personal files and steals any private information.
The malware is also able to collect login details, even if they aren't stored in documents on your PC, by using keystroke logging. Keystroke logging, also known as keylogging, can record which keys on a keyboard are being pressed. It can then wait until the user types in their online banking address and login details and steal them.
Once they have the logins, the cybercriminals can enter your online accounts and steal your money.
It is a six-year-old malware program that has seen a resurgence recently on Facebook and other social network sites. The Zeus Trojan, also known as ZBOT, has infected millions of computers worldwide - with reports claiming 3.6 million are in the U.S alone - and can sit in the background dormant and virtually undetected.
‘If you tell me your date of birth and where you’re born on Facebook, I’m 98 per cent of the way to stealing your identity,’
'World's greatest conman' Frank Abagnale says social network is rich seam for identity thieves. He said children in particular need to be made aware of the serious risks of unwittingly revealing information online…..‘Technology breeds crime.’
‘What I did 40 years ago as a teenage boy is 4,000 times easier now,’ said Mr Abagnale, who is known as one of the most successful impostors of all time, assuming the identities of pilots, doctors, lawyers, and even a U.S. prison agent.
"Something seemingly innocent, like posting our birthday on Facebook, can provide thieves with just enough information to access bank accounts, credit cards, sign up for credit and more."
You also give away a few more pieces of the identity puzzle by sharing whom or what you "like" or "follow." When you like a particular store or your neighborhood bank, for instance, you are giving a potential thief one more link to steal your information.
Hackers utilize the following distribution "touch points" to deceive users: malicious links and code, spam, friend requests, private messaging, user groups, gaming forums, videos and music.
"Social networking scams are 10 times more effective in spreading malware than email" is, said George Waller, executive vice president and co-founder of StrikeForce Technologies in Edison, N.J.
Blanton, who was once a police officer, added that people have always used personal information to commit crimes.
"The Internet just makes it easier," she said. And now social media has provided a gold mine for bad guys.
1. Change your name. If you tweak your name just a little, or use a nickname, life will be easier for you after the inevitable hack.
2. Stop geotagging your photos.
3. Lie about your age. While it's fun to get birthday greetings on your wall, it's a key piece of information needed to steal your identity. At least post the wrong year.
4. Don't store your credit card information on the site. Facebook has several services that require a credit card. Buyer beware.
5. Have some boundaries. When Facebook asks you where your photo was taken, keep it to yourself.
6. Less is more (peace of mind). …. Go through your timeline and remove posts that provide personally identifiable information.
7. Deactivate your account.
Bonus Pro Tip: Don't use your Facebook password anywhere else. That's making it way too easy for the bad guys.
Suicide is now the leading cause of injury deaths. Too many people are living lives of despair as the miserable economy takes its toll.
More people commit suicide than die in car crashes. A report in the American Journal of Public Health says suicide ranks first followed by car crashes, poisoning, falls and murder.
"Suicides are terribly undercounted; I think the problem is much worse than official data would lead us to believe," said study author Ian Rockett, a professor of epidemiology at West Virginia University…. For the study, Rockett's team used data from the U.S. National Center for Health Statistics to determine the cause of injury deaths from 2000 to 2009.
Deaths from intentional and unintentional injury were 10 percent higher in 2009 than in 2000, the researchers noted. And although deaths from car crashes declined 25 percent, deaths from poisoning rose 128 percent, deaths from falls increased 71 percent and deaths from suicides rose 15 percent, according to the study.
In 2009, more than 37,000 Americans took their own lives, and more than 500,000 were at risk of suicide, according to Pamela Hyde, administrator of the U.S. Substance Abuse and Mental Health Services Administration.
Medical errors kill enough people to fill four jumbo jets a week. A surgeon with five simple ways to make health care safer.
All of them have to do with transparency
A staggering 94 million Americans exposed to potential identity theft through breaches in government agencies. And it's probably much worse.
Furthermore, out of 268 breach incidents reported since 2009, the 67 of the public agencies responsible (and I use that term loosely) couldn't even figure out how many records were lost. That fact alone will tell anyone with basic math skills and a lick of common sense that this epidemic is much worse than we know. …..
Premeditated attacks by hackers accounted for only 40 breaches since 2009, a mere 15 percent of the total….Plain and simple stupidity and negligence caused most of the rest.
the sad truth is that our own government's security policies -- or lack thereof -- have put us all at risk. …The GAO's report found that out of 24 major government agencies, 18 had inadequate information security controls….the Department of Veterans Affairs and the Department of Health and Human Services, each of which have met just over 50 percent of the law's requirements.
Robert Morgenthau: The Death of Peter Wielunski
For every soldier killed in combat, 25 veterans are dying by suicide. It's time to broaden efforts against PTSD.
Online storage service Dropbox has admitted to a security breach that led to many of its members receiving unsolicited emails. A stolen password had been used to access an employee's accounts and copy a 'project document' containing user emails addresses.
The US company said that usernames and passwords stolen from other sites had also been used to sign in to some of its members' accounts.
'The Dropbox incident underlines the necessity of having different passwords for every website,' said Graham Cluley, senior technology consultant at Sophos. 'As people pile more confidential information onto the web, hackers are being given a greater incentive to penetrate accounts.
Matt Honan over at Wired tells how his entire digital life was destroyed.
In the space of one hour, my entire digital life was destroyed. First my Google account was taken over, then deleted. Next my Twitter account was compromised, and used as a platform to broadcast racist and homophobic messages. And worst of all, my AppleID account was broken into, and my hackers used it to remotely erase all of the data on my iPhone, iPad, and MacBook.
In many ways, this was all my fault. My accounts were daisy-chained together. Getting into Amazon let my hackers get into my Apple ID account, which helped them get into Gmail, which gave them access to Twitter. Had I used two-factor authentication for my Google account, it’s possible that none of this would have happened, because their ultimate goal was always to take over my Twitter account and wreak havoc. Lulz.
Had I been regularly backing up the data on my MacBook, I wouldn’t have had to worry about losing more than a year’s worth of photos, covering the entire lifespan of my daughter, or documents and e-mails that I had stored in no other location.
An amazing illusion that I found here.
Speaking of illusions, how safe are you from identity theft?
A report by the Treasury Inspector General for Tax Administration (TIGTA) reveals that that taxpayer identity theft more than doubled in 2011, skyrocketing to 641,052 taxpayers affected as compared to 270,518 the prior year.
As Eileen Ambrose of the Baltimore Sun explains, once a fraudster has someone's Social Security number, all they have to do is "make up W-2 information, submit a return before the legitimate taxpayer files and receive a refund directly deposited on a debit card."
That, said Taxpayer Advocate Nina Olson during a July 10th House Judiciary Committee hearing, can mean a nightmare for victims. "Identity theft wreaks havoc on our tax system in many ways," explained. "Victims not only must deal with the aftermath of an emotionally draining crime, but may also have to deal with the IRS for years to untangle the resulting tax account problems. Identity theft also impacts the public …(Treasury)… as Treasury funds are diverted to pay out improper refunds claimed by opportunistic perpetrators….Identity theft is not a problem the IRS can solve on its own."
Phishing emails, stolen Social Security numbers, and fraudulent tax preparers are all cited as potential pathways for taxpayer identity fraud to occur.
Amy Feldman, writing for Reuters, says that "Fighting taxpayer identity theft is a bit like going after Nigerian email scammers, a constant battle that seems unlikely to be won anytime soon."
Cary Doctorow in Technology Review, The Curious Case of Internet Privacy, Free services in exchange for personal information. That's the "privacy bargain" we all strike on the Web. It could be the worst deal ever.
What we agree to participate in on the Internet isn't a negotiated trade; it's a smorgasbord, and intimate facts of your life (your location, your interests, your friends) are the buffet.
Why do we seem to value privacy so little? In part, it's because we are told to. Facebook has more than once overridden its users' privacy preferences, replacing them with new default settings. Facebook then responds to the inevitable public outcry by restoring something that's like the old system, except slightly less private. And it adds a few more lines to an inexplicably complex privacy dashboard.
People don't value privacy until they lose it.
You aren't the customer, you're the product being sold says Michael van der Gallen in The 8 ways Big Brother's Facebook's New Changes Alienate Its Users
Most of the changes aren’t meant to make life easier for users — that means: for you and me — but for advertisers. The goal clearly is to make it easier for them to target people whose Internet behavior implies they may be interested in a company’s products. If that means that you and I have a more difficult time using the world’s largest social network, so be it. Facebook has more important things to consider, namely money.
I am horrified to learn that Facebook is asking users to share their medical history, that the new profiles are "The biggest Breach of Your Privacy in Facebook's History" and that its new "Open Graph" creates a permanent record over which the user has no control.
Lauren Weinstein — an expert on the Internet and privacy – adds rather succinctly: Biggest fans of Facebook’s new Open Graph:
FBI, CIA, NSA, TSA, + (all Department of Homeland Security departments and assets)
Local Law Enforcement
Your medical and life insurance companies
Your auto insurance company
Department of Motor Vehicles
All lawyers (especially divorce and personal injury)
Anyone else who might want to know how you’ve spent your time, at any point in the future, based on the permanent data record created automatically by your activities at vast numbers of sites, all collected in one place for ease of court orders.