-
I went to a presentation recently, where a company had been hacked and the people that hacked them offered to unlock it for $800NZD (they had a call centre you call to arrange)
They contacted their Insurer, who spent about $15k unlocking their servers and 'blocking the hole'
Your credit card data can be sold for $50USD...
Hackers will often target smaller organisations that can give them a backdoor into a large one.
While there are revenge attacks, most are driven by greed.
-
@taniwharugby yeah the Target hack was done by hacking the air conditioning vendor, who then planted the malware on Targets network. Crazy stuff.
There's hacking software you can purchase that gives a gauranteed return on investment. It's big business nowadays.
I never allow companies to save my credit card details for that reason.
-
the value for a lot of information is dropping, so hackers are stealing more data or finding other information to sell.!
We have been seeing a lot of info around Cyber Risk
-
@Kirwan said in Wikileaks CIA releases.......:
Snowden thinks the info is real, for what that's worth.
Snowden is horribly over hyped, he was a very low level, not very competent no-one who exploited appalling security. He's now painting himself as an expert - and compared to most he certainly is. But he was not some high level in the know US intelligence genius. I quite like the stuff he does on the Intercept, but its not like he was priviy to top level - or even mid level meetings.
The big issue I have with all of the "The CIA are tracking you!" stuff is as @dogmeat says, most of the time its not Tom Cruise floating down past lasers & putting in a USB stick that self destructs, its someone opening spam, or getting an email that says "Hi! its Microsoft we need to direct access your PC!" & being too stupid to realise. Or even in Snowdens case where he literally just said to guys with security clearance "can I have your password". And they let him.
While in day to day life Facebook listens to us (and tells us it is doing so) via our phones, as does Google (which again, tells us), Amazons Fire TV boxes don't have an off switch, and so on & so on. People willingly, enthusiastically give away far more information to google, garmin, fitbit, amazon, apple etc every day than any spy agency could ever wish for. Juat the other day people had to be told to maybe not stick their boarding passes on fricking instagram -
The panic over the deep state tracking us amazes me, the deep state is not tracking you, everyone you digitally wank into (FB, Snap, Google etc) IS tracking you & 100% already has enough information to destroy your life, info you freely - gleefullyy, gave them. They aren't going to. But you have given them everything they need to do so. And for at least 50% of the population all it would take to get you to hand all of that to a 16 year old "hacker" would be a mocked up email from Facebook_Important@hotmail.com
-
The boarding pass thing is funny. I can't believe how many people I see telling all and sundry they are away from their house for a while etc
The other good one is the use of your normal email address as your apple or google id. All someone has to do is use the email address you freely hand out and crack your probably weak password and they can track your whereabouts because you probably also have location tracking on.
All those people concerned about their samsung tv are carrying and allowing a personal tracking device on their person. -
Yeah, the huge celebrity photo leak (The Fappening) wasn't amazing hacking, it was a guy digitally watching celebs till he could guess their email address & then just trying out obvious passwords till he got it right. That was all it took. Read Scarlett Johansens tweets for a week, see she bleats on about her dog "Scruffy", login to her icloud using a password of scruffy, Ilovescruffy, scruffy123 till you are in.
And then for good measure try her Amazon, iTunes, Facebook & Instagram accounts too because they are probably all the same fricking password
-
@gollum said in Wikileaks CIA releases.......:
Yeah, the huge celebrity photo leak (The Fappening) wasn't amazing hacking, it was a guy digitally watching celebs till he could guess their email address & then just trying out obvious passwords till he got it right. That was all it took. Read Scarlett Johansens tweets for a week, see she bleats on about her dog "Scruffy", login to her icloud using a password of scruffy, Ilovescruffy, scruffy123 till you are in.
And then for good measure try her Amazon, iTunes, Facebook & Instagram accounts too because they are probably all the same fricking password
We all do owe the man a debt of gratitude as well. Guessing that Kate Upton's password was 'spoodgeonmyback' was genius.
-
But members of the security community have dismissed Assange’s hyperbole around the CIA files – collectively nicknamed “Vault 7” – which he described as “exceptional from a political, legal and forensic perspective”. Ryan Kalember, SVP of Cybersecurity Strategy at Proofpoint, disagreed. “There’s nothing earth-shattering,” he said, pointing out that many of the operating systems mentioned in the documents are quite old and have already been updated.
“It seems like the CIA was doing the same stuff cybersecurity researchers do, which is compile lists of vulnerabilities and try to figure out which ones are being exploited in the wild and which ones could be.” It’s not clear at this point how many, if any, of the vulnerabilities are genuine “zero-days” – those not yet known to vendors, named after the number of days they have to fix them.
Kalember said that the so-called Weeping Angel hack, which uses malware to spy on Samsung smart TVs, has been shown at security conferences for a couple of years and requires physical access to the device.
“The CIA should be embarrassed that they lost control of this cache, but they should also be embarrassed if this is their level of technical sophistication,” said another another security researcher, who did not want to be named. “What they have is pretty unimpressive.” Both said that the vulnerabilities detailed in the documents are likely to have already been patched by the companies. Apple and Google have both publicly stated this is the case.
There could be more to come, however: Assange has emphasized that the data trove released on Tuesday is only a portion of the total leaked information WikiLeaks holds. “The fact that Julian Assange is offering to selectively disclose vulnerability information to affected companies is better than revealing it to all and sundry, but it depends on the veracity, accuracy and currency of that information,” said BullGuard CEO Paul Lipman.
“I don’t think WikiLeaks is the first stop for tech companies looking to solve vulnerabilities,” he added. How do the CIA files compare to the revelations contained in the NSA leaks from whistleblower Edward Snowden? “It’s apples and oranges,” said Kalember. “The Snowden leaks were not only technically interesting but contained a lot of novel stuff that was not known at all.”
He said that with Vault 7, he and other members of the cybersecurity community have spent a lot of time “laughing about funny things on the CIA’s intranet” (like this collection of emoticons) rather than “debating anything interesting from a tech perspective”.
Some researchers were skeptical of WikiLeaks’ motives, pointing to apparent ties between the whistleblowing organization and Russia – despite Assange’s denial. “Everything they have done over the last few months suggests they are operating as a front for a different leaker [Russia],” said Kalember. He said that the possible Russian ties as well as WikiLeaks’ track record of publishing identifying information about people (known as ‘doxxing’ ) – including millions of women in Turkey – and threats to make an online database of all verified users on Twitter – has diminished confidence in the organization.
“No-one in the information security community really trusts him and his motives,” he said. At the press conference, Assange attempted to counter accusations that he or WikiLeaks had ties to Russian intelligence agencies, describing his operation as “a neutral, digital Switzerland”. The WikiLeaks’ promotion of the CIA files has placed emphasis on a group at the agency called Umbrage, which collects a library of attack techniques produced in other states including, the press release stated, the Russian Federation.
“With Ubrage and related projects the CIA cannot only increase its total number of attack types but also misdirect attribution by leaving behind the ‘fingerprints’ of the groups that the attack techniques were stolen from,” WikiLeaks said. This could be interpreted as an attempt by WikiLeaks to undermine the attribution of the DNC hack to the Russians – something that the international security community almost unanimously agrees on.
“They place a lot of emphasis on the fact that the CIA could be using malware to achieve its ends and leave trails that point to people in different directions. Everybody does this, but it’s not going to genuinely undermine proper attribution,” he said. That hasn’t stopped conservative media figures from embracing the conspiracy theory, amplified by a flood of Twitter bots spouting memes and a similar narrative.
“I think at this point Assange is effectively acting in the service of the Russian government, whether intentionally or not,” said Kalember.
-
The biggest disappointment I have with Assange is that he has totally destoyed any shred of belief I had in the Hollywood version of the USA govt machine. He should been assassinated years ago..
-
@jegga said in Wikileaks CIA releases.......:
@gollum said in Wikileaks CIA releases.......:
When do they start releases hacks that make the Russians look bad? Oh.. yeah..
I am amazed how many people think a Russian proxy tossing information out is awesome.
Its bizarre that people think this weirdos behaviour is somehow constructive and most of the time his "revelations " are a let down or obvious to most people anyway. And like you said its completely one way, if he's as awesome as he thinks he is when it comes to hacking surely he can get past Russias cyber security? It seems more likely they've been drip feeding him stuff for years knowing that the narcissistic douche would happily take credit for it.
Since the election there's been a weird change in attitudes to Assange and wikileaks , he was a hero to leftards but now rwnjs like Sarah Palin are saying this about him.
Also he might be banging Pamela Anderson.
If the American government doesn't get him the hepatitis will...
-
@aucklandwarlord he's not a fan of safe sex apparently, so here's hoping.
-
Yes and no. The issue with Assange is its hard to target him & not target the New York Times, Washpo etc.
So now that is not an issue as a criminal DOJ case against the NYT is actually excellent. And it will lose in constitutional grounds (it wont even be close) but that wont matter because enough people will buy that the NYT & co are fake news & traitors.
The only interesting bit will be how many people in the DOJ resign in protest / get fired. And if Sessions is brought up on charges as a result.. It'll take a while, I imagine till at least the mid-terms.
Here's the key quote -
"Never in the history of this country has a publisher been prosecuted for presenting truthful information to the public," Wizner told CNN. "Any prosecution of WikiLeaks for publishing government secrets would set a dangerous precedent that the Trump administration would surely use to target other news organizations."
-
@gollum said in Wikileaks CIA releases.......:
Sets it up REALLY nicely to sue Washpo, NYT, CNN etc over all leaks coming out re Russia.
It'll never fly constitutionally but it'll look solid to the base.
I'm still a bit confused though. I think it is very unlikely and undesirable to sue a publication over the truth (or to try and prove or disprove what is the truth).
What can be done is to target the means of obtaining the information. For the WP etc they didn't play an active role but they believe they have evidence that Assange did.
State secrets stop being secret when they come out in public and you can't prosecute people for repeating them. What you can do is get someone for obtaining those secrets or mis-using them.
Wikileaks CIA releases.......