Facebook told to hand over all data on user, including fake account set up by extortionist

Facebook told to hand over all data on user, including fake account set up by extortionist

Italy’s Data Protection Authority has ordered Facebook to turn over all the data it has on a user, along with data from a fake page that a troll set up in his name and used to extort him.

In addition, the company’s been ordered to hand over details of how the personal data was used, including who it was sent to or who might have obtained knowledge about it.

According to official documents, the user in question had accepted a friend request from an unspecified party.

When the man – kept anonymous in the documents – resisted that party’s extortion attempt, the troll swiped his personal information and photo and set up a phony account in his name.

Then, he or she used the fake account to send pictures and video montages to the man’s contacts. The images were meant to smear his reputation by implicating him in sexual activity, including with a minor.

The man immediately asked Facebook to take down the bogus account and to hand over all the relevant information it had on him, including data and photographs. Facebook then sent him an email explaining how to download his personal data using the standard tool.

But what he downloaded was jibberish, he said: a series of data, unintelligible because it was marked with codes, numbers and symbols. Beyond that, Facebook hadn’t delivered information about his tormentor.

Facebook told him it was taking steps to delete the fake account. But the self-service tool showed him that related conversations, though marked unavailable, hadn’t actually been deleted.

Unsatisfied, seeking information about who set up the account, he took the matter to the Italian data protection authority (DPA).

The DPA agreed with him.

It ordered Facebook to hand over all the data concerning the user: personal information, photographs, and posts, including those entered and shared by the troll. Also, the DPA said that the social network has to hand over information on its “aims, methods and logic of data processing,” as well as on the people communicated with, in an intelligible, non-gobbledygook form.

The case is notable because it’s yet another example of a European data authority telling tech companies they can’t hide inside their “but our headquarters are over here!” jurisdiction argument.

That jurisdiction notion has already failed to hold water in Google’s failed attempts to fight off the EU’s right to be forgotten.

We don’t care if a URL’s got a .fr, a .uk or a .com glued to the end, the French data protection agency told Google in June; if a European makes a legitimate request to be forgotten in search results, make it so on all your search engines in all countries.

The failure of the jurisdiction gambit hit home big-time in October, in the case of the Slovakian-registered company Weltimmo, which was in court over alleged breaches of Hungarian data protection laws.

In that case, a judgment from the EU Court of Justice opened the door for individuals to complain about data protection law breaches to their local data protection authorities, even if they’re complaining about a company headquartered outside their country.

Italy isn’t Facebook’s first loss on the jurisdiction front. It’s repeatedly tried to claim that it only has to answer to data protection authorities in Ireland, where it has its EU headquarters.

The French courts didn’t buy it. Nor did Belgian courts.

US government drops another iPhone case against Apple

The US government has dropped a case against Apple that sought to compel the company to provide access to an alleged New York drug dealer's locked iPhone.

The Department of Justice said Apple's help was no longer necessary as the passcode had been obtained.

A similar case involving a phone used by the San Bernardino gunman was dropped when the FBI got help from a third-party to unlock the handset.

The DoJ denied either case was about setting a court precedent.

The cases revolve around cracking the four digital security number that accesses the phone without triggering a security feature that erases all data after 10 incorrect guesses.

Reasonable assistance

The FBI has not revealed who helped it to unlock the iPhone of San Bernardino killer Syed Rizwan Farook - but, last week, it emerged it had probably paid more than $1.3m (£900,000) for the service.

Farook and his wife killed 14 in San Bernardino, California, in December. Both were shot dead by police.

The FBI argued that it needed access to the phone's data to determine if the attackers worked with or were supported by other people and were planning other targets.

Meanwhile, in Massachusetts, Apple has been ordered to help the FBI gain access to data on an iPhone belonging to an alleged Boston gang member accused of shooting a rival.

The judge ordered Apple to give "reasonable technical assistance", but Apple has not complied.

According to Apple, it received more than 5,000 similar requests from the government in the first six months of 2015

Exclusive: Bangladesh Bank hackers compromised SWIFT software, warning to be issued

Exclusive: Bangladesh Bank hackers compromised SWIFT software, warning to be issued

The attackers who stole $81 million from the Bangladesh central bank probably hacked into software from the SWIFT financial platform that is at the heart of the global financial system, said security researchers at British defense contractor BAE Systems.

SWIFT, a cooperative owned by 3,000 financial institutions, confirmed to Reuters that it was aware of malware targeting its client software. Its spokeswoman Natasha Deteran said SWIFT would release on Monday a software update to thwart the malware, along with a special warning for financial institutions to scrutinize their security procedures.

The new developments now coming to light in the unprecedented cyber-heist suggest that an essential lynchpin ofthe global financial system could be more vulnerable than previously understood to hacking attacks, due to the vulnerabilities that enabled attackers to modify SWIFT’s clientsoftware.

Deteran told Reuters on Sunday that it was issuing the software update “to assist customers in enhancing their security and to spot inconsistencies in their local database records." She said "the malware has no impact on SWIFT’s network or core messaging services."

The software update and warning from Brussels-based Swift, or the Society for Worldwide Interbank Financial Telecommunication, come after researchers at BAE (BAES.L), which has a large cyber-security business, told Reuters they believe they discovered malware that the Bangladesh Bank attackers used to manipulate SWIFT client software known as Alliance Access.

BAE said it plans to go public on Monday with a blog post about its findings concerning the malware, which the thieves used to cover their tracks and delay discovery of the heist.

The cyber criminals tried to make fraudulent transfers totaling $951 million from the Bangladesh central bank's account at the Federal Reserve Bank of New York in February.

Most of the payments were blocked, but $81 million was routed to accounts in the Philippines and diverted to casinos there. Most of those funds remain missing.

Investigators probing the heist had previously said the still-unidentified hackers had broken into Bangladesh Bank computers and taken control of credentials that were used to log into the SWIFT system. But the BAE research shows that the SWIFT software on the bank computers was probably compromised in order erase records of illicit transfers.

The SWIFT messaging platform is used by 11,000 banks and other institutions around the world, though only some use the Alliance Access software, Deteran said.

SWIFT may release additional updates as it learns more about the attack in Bangladesh and other potential threats, Deteran said. It is also reiterating a warning to banks that they should review internal security.

“Whist we keep all our interface products under continual review and recommend that other vendors do the same, the key defense against such attack scenarios is that users implement appropriate security measures in their local environments horse-guard their systems,” Deteran said.

Adrian Nish, BAE's head of threat intelligence, said he had never seen such an elaborate scheme from criminal hackers.

"I can't think of a case where we have seen a criminal go tothe level of effort to customize it for the environment they were operating in," he said. "I guess it was the realization that the potential payoff made that effort worthwhile."

A Bangladesh Bank spokesman declined comment on BAE'sfindings.

A senior official with the Bangladesh Police’s Criminal Investigation Department said that investigators had not found the specific malware described by BAE, but that forensics experts had not finished their probe.

Bangladesh police investigators said last week that the bank's computer security measures were seriously deficient, lacking even basic precautions like firewalls and relying onused, $10 switches in its local networks.

Still, police investigators told Reuters in an interview that both the bank and SWIFT should take the blame for the problems. "It was their responsibility to point it out but we haven't found any evidence that they advised before the heist," saidMohammad Shah Alam, head of the Forensic Training Institute ofthe Bangladesh police's criminal investigation department, referring to SWIFT.

THWARTING FUTURE ATTACKS

The BAE alert to be published on Monday includes some technical indicators that the firm said it hopes banks could useto thwart similar attacks. Those indicators include the IPaddress of a server in Egypt the attackers used to monitor useof the SWIFT system by Bangladesh Bank staff.

The malware, named evtdiag.exe, was designed to hide the hacker's tracks by changing information on a SWIFT database atBangladesh Bank that tracks information about transfer requests, according to BAE.

BAE said that evtdiag.exe was likely part of a broader attack toolkit that was installed after the attackers obtained administrator credentials.

It is still not clear exactly how the hackers ordered the money transfers.

Nish said that BAE found evtdiag.exe on a malware repository and had not directly analyzed the infected servers. Such repositories collect millions of new samples a day from researchers, businesses, government agencies and members of the public who upload files to see if they are recognized asmalicious and help thwart future attacks.

Nish said he was highly confident the malware was used inthe attack because it was compiled close to the date of the heist, contained detailed information about the bank's operations and was uploaded from Bangladesh.

While that malware was specifically written to attack Bangladesh Bank, "the general tools, techniques and procedures used in the attack may allow the gang to strike again,"according to a draft of the warning that BAE shared with Reuters.

The malware was designed to make a slight change to code ofthe Access Alliance software installed at Bangladesh Bank, giving attackers the ability to modify a database that logged the bank's activity over the SWIFT network, Nish said.

Once it had established a foothold, the malware could delete records of outgoing transfer requests altogether from the database and also intercept incoming messages confirming transfers ordered by the hackers, Nish said.

It was able to then manipulate account balances on logs toprevent the heist from being discovered until after the funds had been laundered.

It also manipulated a printer that produced hard copies oftransfer requests so that the bank would not identify the attack through those printouts, he said.

(Reporting by Jim Finkle in Boston. Additional reporting by Serajul Quadir in Dhaka.; Editing by Jonathan Weber and Martin Howell)

New Wi-Fi Technology Can Double Speeds With a Single Antenna: Study

New Wi-Fi Technology Can Double Speeds With a Single Antenna: Study

Researchers have developed a novel technology that can double Wi-Fi speeds with a
single antenna, a breakthrough that could revolutionise the field of telecommunications.

This is the first time researchers from Columbia University School of Engineering and
Applied Science have integrated a non-reciprocal circulator and a full-duplex radio on
a nanoscale silicon chip.

The team, led by Associate Professor Harish Krishnaswamy, developed the technology
 that needs only one antenna, thus enabling an even smaller overall system.

"This technology could revolutionise the field of telecommunications," said Krishnaswamy,
 director of the Columbia High-Speed and Mm-wave IC (CoSMIC) Lab.

"Our circulator is the first to be put on a silicon chip, and we get literally orders of
 magnitude better performance than prior work," said Krishnaswamy.

"Full-duplex communications, where the transmitter and the receiver operate at the
 same time and at the same frequency, has become a critical research area and now
 we have shown that Wi-Fi capacity can be doubled on a nanoscale silicon chip with
a single antenna. This has enormous implications for devices like smartphones and
tablets," he said.

Krishnaswamy's group has been working on silicon radio chips for full duplex
 communications for several years and became particularly interested in the role
of the circulator, a component that enables full-duplex communications where the
 transmitter and the receiver share the same antenna.

In order to do this, the circulator has to "break" Lorentz Reciprocity, a fundamental
 physical characteristic of most electronic structures that requires electromagnetic
waves travel in the same manner in forward and reverse directions.

"We wanted to create a simple and efficient way, using conventional materials,
to break Lorentz Reciprocity and build a low-cost nanoscale circulator that would
 fit on a chip," said PhD student Negar Reiskarimian, who developed the circulator.

The traditional way of breaking Lorentz Reciprocity and building radio-frequency
circulators has been to use magnetic materials such as ferrites, which lose reciprocity
when an external magnetic field is applied.

But these materials are not compatible with silicon chip technology, and ferrite
 circulators are bulky and expensive.

Krishnaswamy and his team were able to design a highly miniaturised circulator
 that uses switches to rotate the signal across a set of capacitors to emulate the
non-reciprocal "twist" of the signal that is seen in ferrite materials.

Aside from the circulator, they also built a prototype of their full-duplex system - a silicon
 IC that included both their circulator and an echo-cancelling receiver.

The research was published in the journal Nature Communications.

Shortened URLs Can Let Hackers Spy on You: Study

Shortened URLs Can Let Hackers Spy on You: Study

According to two researchers at Cornell Tech, while URL shortening tools may be useful,
 the short length makes it simple for hackers to brute force them, potentially exposing
private information or even infecting cloud storage accounts with malware.

According to the researchers Martin Georgiev and Vitaly Shmatikov, it is possible to
brute force shortened links from tech companies such as Google, Microsoft, and bit.ly
 that generate a Web address with only six seemingly random characters.
The two researchers were able to use the trial and error method to discover Google Drive
 and Microsoft OneDrive files shared by short URLs. They also claim that out of their
 scanned accounts, around 7 percent of the OneDrive and Google Drive accounts
were vulnerable in such way.

It was also possible to break inside a shortened Google Maps URLs that often contained
routes between two private addresses, potentially leading to huge privacy issues.
Some Maps links even contained details about users' medical facilities and places
of worship.

The duo explained that Microsoft used Bit.ly service to generate short URLs for
OneDrive files and folders. The researchers randomly generated 71 million OneDrive
 short URLs, out of which 24,000 were legitimate and let them access private files
 and folders. They even said that by opening the full length URL from the shortened
 ones, they could then tweak the Web address to access different folders by the same user.

"If someone wanted to inject a lot of malicious content into people's computers,
 it's a pretty interesting way of doing it," Wired quoted Shmatikov. "By scanning
you can find these folders, you put whatever you want in them, and it gets
automatically copied to people's hard drives."

For the search giant Google, the researchers said its Maps service like OneDrive
used Bit.ly-generated shortened URLs that included shared locations and directions.
 They randomly generated 23 million shortened Google Maps URLs only to find that
a massive almost 10 percent of them directly opened actual directions. The researchers
 said they could find directions requested by users to clinic for specific diseases,
 addiction treatment centres, abortion providers and more. Over 16,000 directions
showed one end as the residence of the user.

They could even illustrate the level of threat caused by shortened Google Maps
 URL by pin pointing one of the users, identifying it as a young woman who
shared directions to a Planned Parenthood facility, confirming her residence address,
 full name, and age as well.

Georgiev and Shmatikov started this research almost a year ago and notified Google
 about it in September last year. The company then responded by increasing the length
of the URLs to 11 or 12 randomised characters, making them much harder to crack
by brute force. The search giant even took measures to identify and block automated
scanning of shortened URLs.

When the researchers approached Microsoft in May last year, the Redmond-based
 tech giant initially ignored the concerns but by last month removed the URL
shortening feature from OneDrive. However, the researchers still say they could
 still successfully access all the identified vulnerable links. The detailed research
study can be found here.

IBM Charges US Government $1.4 Million To Create An App, Indian Techie Recreates It In Just 4 Minutes

The app didn’t do something particularly complicated; it randomly directed people in queues left or right on the press of a button. Just like any other big tech company IBM charged a premium amount, $ 1.4 million (9.5 crore) to be precise.

It was all fine till Ex-IBM employee Sandesh Suvarna entered the scene. He decided to make the app all by himself.

And it took him around 4 minutes to re-create a $1.4 million app. 

And if that doesn't sound impressive enough, Sandesh completed the whole process while making a video of it.

How to not get pwned on Windows: Don't run any virtual machines, open any web pages, Office docs, hyperlinks ...

How to not get pwned on Windows: Don't run any virtual machines, open any web pages, Office docs, hyperlinks ...

Patch Tuesday Microsoft has posted the April edition of its monthly security update, which kills a bug that allows guests to escape to hosts on Hyper-V.

A malicious app running in a virtual machine can exploit this flaw to drill down to the host server, execute code on the machine, and interfere with the system and other VMs. Which is bad.

This month's patches also splat remote code execution bugs in Office, Internet Explorer, Edge and Skype. In total, Microsoft has posted 13 bulletins addressing a total of 40 CVE-listed security vulnerabilities.

• MS16-045 This one will be a major headache for those who run and host virtual machines on Hyper-V. A flaw in the hypervisor could allow a "guest" instance to access the host system and execute code, in addition to infecting the host system or accessing data from other hosted instances.
• MS16-037 A cumulative update for Internet Explorer that addresses six flaws, including remote code execution vulnerabilities that can be exploited by loading a malicious web page.
• MS16-038 A cumulative update for the Edge browser that, like the IE fix, patches six vulnerabilities, including remote code execution from malicious web pages.
• MS16-039 A patch to address a remote code execution flaw present in Windows, .NET Framework, Office, Skype for Business, and Microsoft Lync. According to Microsoft, the vulnerability "could allow remote code execution if a user opens a specially crafted document or visits a webpage that contains specially crafted embedded fonts."
• MS16-040 A single flaw in the XML Core Services component in Windows that allows an attacker to take control of a system by convincing the user to click a link "typically by way of an enticement in an email or Instant Messenger message."
• MS16-041 A remote code execution bug in the .NET Framework that allows an attacker who already has access to the local system to install and execute a malicious application.
• MS16-042 Four memory corruption vulnerabilities in Office that allow an attacker to remotely execute code by convincing the user to open a malicious Office file. One of the flaws also affects Office for Mac, meaning Apple users will need to patch their software as well.
• MS16-044 A vulnerability in Windows OLE that allows an attacker to remotely execute code by convincing the target to open "either a specially crafted file or a program from either a webpage or an email message."
• MS16-046 A flaw in the Windows Secondary Logon that allows an attacker to elevate their user privilege level to Administrator.
• MS16-047 A "man in the middle" flaw in the Windows Security Account Manager and Local Security Authority Domain components that allows an attacker with access to network traffic the ability to downgrade security controls and then impersonate the user – aka the Badlock bug.
• MS16-048 A vulnerability in Windows CSRSS that potentially allows an attacker to bypass security credentials and gain administrator access by exploiting a flaw in the way CSRSS handles memory tokens.
• MS16-049 A denial of service vulnerability in Windows that allows an attacker to freeze a targeted machine just by sending a malicious HTTP packet.
• MS16-050 A cumulative update for Flash Player addressing a total of 10 security bugs, including remote code execution flaws.

Additionally, Microsoft has posted a security advisory for an update that closes a vulnerability allowing a USB wireless mouse to input keyboard strokes on Windows machines.

Windows 10 debuts Blue QR Code of Death – and why malware will love it

Windows 10 debuts Blue QR Code of Death – and why malware will love it

Microsoft has added a QR code to its infamous Blue Screen of Death in Windows 10.

As of Windows 10 Insider Preview build 14316, when the operating system falls over, you get not only the sad ASCII smiley but also a QR square that contains an encoded URL that leads you to a webpage about your problem. Scan it with a smartphone or other handheld and your browser will be taken to the embedded web addresses.

Right now, it just points to windows.com/stopcode, which explains typical Blue-Screen-of-Death causes, but in future it could contain detailed information about the crash – or something a little more user-friendly than something like MACHINE_CHECK_EXCEPTION.

The QR code feature isn't mentioned in build 14316's release notes, although it hasn't escapedpeople's attention. The version was emitted last week to testers.

Neat idea, huh. Except we can imagine the fun malware will have with this. Fake a system crash by popping up a blue screen, show a QR code that links to a malicious website, and fool someone into opening it on their browser. From there you can offer crap PC repair software (your machine just "crashed", after all), pretend to be Microsoft offering updates to fix your PC, and so on.

Badlock Windows, Samba Man-in-the-Middle and DoS Vulnerability

Badlock Windows, Samba Man-in-the-Middle and DoS Vulnerability

Go ahead and poo poo the overdone marketing of the Badlock vulnerability. With its fire-engine-red logo and a dedicated website that went live more than a month before the release of any patches, claims the risk was shamelessly hyped are justified. That said, Badlock represents a real and critical threat to virtually any organization that maintains a Microsoft network. Administrators who don't patch right away fail to do so at their own peril.

In a nutshell, Badlock refers to a defect in a security component contained in just about every version of the Windows and Linux operating systems. Known as the Distributed Computing Environment/Remote Procedure Call (DCE/RPC), it's used by administrators around the world to access the most valuable asset on any Windows network—the Active Directory, which acts as a network's digital security guard, allowing, for instance, an organization's CFO to log in to an accounting server, while locking out the janitor or the groundskeeper. Because Active Directories enforce security policies and contain password data and other crucial credentials, they are almost always the first asset hackers access once they gain a limited foothold into a targeted network.

By design, DCE/RPC is able to use a cryptographic system to protect connections between an admin's remote computer and the server running the Active Directory. In many ways, the system is analogous to the transport layer security protocol that protects connections between end users and the websites they visit. DCE/RPC ensures that parties are who they claim to be. It can also encrypt the data traveling between the parties. That way, anyone who happens to have access to the same corporate network—say, a rogue janitor or groundskeeper employed by the same organization—can't monitor or modify the crucial information inside the Active Directory.

Accessing the Active Directory

If DCE/RPC is a TLS of sorts for administrators, Badlock is similar to the Goto fail bug that made it trivial for attackers to bypass the TLS encryption protecting millions of Mac users' e-mail and Web communications. To be sure, Goto Fail left orders of magnitude more users vulnerable, but it's also the case that those exposed by Badlock have more to lose. And in both cases, there's no indication the encryption has failed. Like Goto Fail, Badlock can be silently exploited by anyone in a position to monitor the traffic passing over the network. And that's hardly a comforting thought for any corporate or government organization that maintains an Active Directory on its network.

"An Active Directory infrastructure with a Samba server as a domain member is vulnerable to this flaw," an advisory published Tuesday by Linux distributor Red Hat warned. "A man-in-the-middle attacker could intercept DCE/RPC traffic between the domain member and the domain controller to impersonate the client and get the same privileges as the authenticated user account. The attacker could view or modify secrets within an AD database, including user password hashes, or shutdown critical services."

The Red Hat advisory goes on to say: "Any Samba server configured as a file or print server is also vulnerable to this flaw. The attacker could use the flaw to modify user permissions on files or directories."

As noted earlier, Red Hat users are by no means the only ones affected by Badlock. Because the vulnerability resides in the DCE/RPC protocol itself, it affects just about any platform that implements the protocol. Red Hat has classified the vulnerability as critical, its highest threat category. Microsoft, meanwhile, rates the flaw as important, or one notch below critical. The software maker, which has provided a patch and details here and here, most likely chose the lower rating because the flaw doesn't pose a threat to the machines of everyday users, or isn't easy to exploit in real-world situations. That's not to say everyday users aren't affected. If Badlock is exploited to hack into their bank, e-mail server, or tax return service, ordinary people may very well suffer very real consequences even if their PCs remain secure.

The month-long marketing of Badlock is unfortunate because it has turned into a side show that distracts people from what's at stake. Instead of the vulnerability being the news of the day, the exaggerated warning became the only thing people are talking about. People who read about Badlock and saw its logo expected a vulnerability with the scale and severity of the Heartbleed flaw that opened millions of websites to attacks that stole passwords, encryption keys, and other sensitive data. The threat posed by Badlock is a lot more nuanced and muted. But it could prove a godsend for rogue insiders or hackers looking to elevate privileges on a targeted network. Sure, it's no Heartbleed or Goto Fail, but people who say it's not serious may be sadly mistaken.

For More Info Read: www.badlock.org

Swedish military unwittingly helped hose US banks in 2012/2013

Swedish military unwittingly helped hose US banks in 2012/2013

Sweden's military has told a newswire that its servers were used in a 2012/2013 attack on American banks.

The report from Agence France Presse (AFP) quotes military spokesperson Mikael Abramsson, whotold the agency, "The hacking attack was a kind of wake-up call for us and forced us to take very specific security steps to prevent such a thing from happening again."

The military has since taken unspecified measures to improve the security of its machines.

Back in 2013, the US government claimed Iran was behind attacks on American banks. Arbor Networks reckoned the attacks didn't use traditional PC botnets, but were launched from insecure Web servers – which is broadly in line with the AFP report.

As many as 20 banks were targeted in the DDoS campaign, including Citigroup, Capital One and HSBC.

According to Sweden's Dagens Nyheter (Daily News), the military was alerted to the compromise of its servers by the country's Civil Contingencies Agency, MSB.

An armed forces security bod, Dan Eriksson, told Daily News the exposure was down to human error, and said that exploiting the vulnerability for DDoS didn't let attackers get into the military's systems.

However, the Swedish report also claims the vulnerability that existed in the military server is still present on "14,000 servers in Sweden," including 7,600 DNS servers and an unspecified number of NTP servers. It also claims many of the vulnerable machines are in the university sector.

SQL injection vuln found at Panama Papers firm Mossack Fonseca

SQL injection vulnerability found at Panama Papers firm Mossack Fonseca

Grey hat security researchers have discovered new flaws in the systems of Panama leak firm Mossack Fonseca.

A self-styled “underground researcher” claims to have found a SQL injection flaw on one of the corporate systems of the Panamanian lawyers.

“They updated the new payment CMS, but forgot to lock the directory /onion/,” he said via the “1x0123” Twitter profile.

Mossack Fonseca specialises in helping its clients to set up firms in tax havens such as the British Virgin Islands. The leak of its client information as part of the Panama Papers has created a huge political stink

The lawyers informed clients in early April that the leak to journalists has been traced back to a hack on its email server, rather than a whistleblower. Its apparent failure to adequately lock down its systems is surprising in the circumstances.

“It looks like MF [Mossack Fonseca] had really very low security level, [such] that hackers continue to hack them for fun,” a security intelligence source who notified us of the claimed vulnerability told El Reg.

In between flagging up security issues with Mossack Fonseca, the same hacker has been busy over the last week attacking major media outlets, such as the LA Times and New York Times, and offering to sell access to insecure systems at NASA, among other hi-jinks.

The same hacker (1x0123) contacted Edward Snowden, notifying him of some bugs on one of his projects. Snowden acknowledged the bug report on the Freedom of the Press Foundation website on Sunday. ®

Hike Takes on Line and WeChat With Games on Hike

Hike Takes on Line and WeChat With Games on Hike

Hike isn't just a messaging app. In an attempt to emulate the likes of Line and WeChat, you can play games on it as well. Labelled as Games on Hike - Beta, there are five games you can play. These are Chess, Snake, Solitaire, Sudoku, and Word Rush. While they might seem like extraordinarily simple fare, Hike has issued a press release claiming a 100 million game plays across these titles in the first 26 days. The beta was made available to two million Android users on March 9. According to Hike, players are spending over an average of 20 minutes a day playing these games, though it fails to state what it defines as a game play session.

"We're thrilled that Hikers are loving Games on Hike! We're still in beta but the response
has been tremendous with a 100 million plays in less than 30 days. We've really
 just launched simple, bite-sized classics like Snake and Word Rush that users
are able to enjoy without leaving their core social and messaging experience.
The tiny size of Games on Hike enables everyone to enjoy them regardless
of the capability of their smartphones; and clearly users are lapping them up!"
claimed Kavin Bharti Mittal, Founder and CEO, Hike Messenger in a prepared statement.

If you're wondering which studio is behind these games, it's Tiny Mogul which has
 been a part of the Hike brand since last year following the departure of its erstwhile
studio head, Anshumani Ruddra.

Plans to open up Hike for games have been in the works since 2014, what with the
company in talks with several local outfits (most of whom claimed the commercial
terms were anything but developer-friendly). This was before deciding to work with
 its own talent. It's heartening to see some kind of success for the messaging platform.
 More so considering that sources close to the company have told Gadgets 360
that prior to launch every Hike user had a maximum of three friends on the app.
 What this meant was poor virality, which could possibly explain the spate of
 SMSes lapsed users were getting to come back to the service.

Forget Encryption, WhatsApp Is Vulnerable To Phishing Attacks

Forget Encryption, WhatsApp Is Vulnerable To Phishing Attacks

Recently there has been a lot of noise about how WhatsApp has done end-to-end encryption and even WhatsApp cannot decrypt it for the Federal Agencies! This has been done in the interest of privacy and security of 1 billion people for whom WhatsApp is the sole choice for to send text messages and phone calls to other users.

However its not the Federal Agencies that WhatsApp should be protecting its users from. It’s the Phishing attacks, scams, identity thefts on naïve users that needs WhatsApp’s urgent attention.

Sometime back WhatsApp introduced WhatsApp Web for its users where they have to scan a QR code from their WhatsApp on mobile and then they can start using WhatsApp from their desktop or laptop in the same way they do it on their mobile phones.

WhatsApp Web is the gateway for unscrupulous individuals and companies to phish personal data, financial details, confidential information, pictures, videos, and chats from WhatsApp accounts of people.

They do it easily, just by:

1.Scrapping the QR code from the WhatsApp Web

2.Posting that scrapped QR Code onto their phishing site / page

3.Asking visitors on their phishing page to scan it from WhatsApp on their phone, in return offering some prize, cash or anything that can lure a user

4.Once the user is done with scanning, these phishing individuals or companies get complete access to the user’s WhatsApp

The technically savvy readers can download and examine the source code for phishing on whatsApp here: https://github.com/Mawalu/whatsapp-phishing

Most of the 1 billion WhatsApp users are not technically savvy to realize that a parallel connection to their WhatsApp account gets created the moment they scan a QR Code on a non-whatsApp site from their WhatsApp application. Try explaining that to your mother !

How WhatsApp Web Works:

1.User log onto web.whatsapp.com from their desktop

2.Scan the QR code on the page from WhatsApp on mobile

3.Get connected to WhatsApp via desktop / laptop

What Phishing Individuals and Companies are doing:

1.User is taken on a fraudulent website

2.The website requires user to scan a QR code from WhatsApp

3.Once scanned, the fraudulent website gets access to user’s WhatsApp account

While the example above is only illustrative but its happening around us already. I came across a company named 1Group / ii5.com, in India who is using this vulnerability as a feature for their product. They get naïve customers to scan a QR Code and get access to whatsApp groups of the customers.

What all can get stolen:
1.Anything & everything that you have shared via WhatsApp, like bank details, passwords, private pics, personal messages, etc.

2.Your entire contacts list

3.Your complete chat data

4.Your personal information

All this data can now be accessed by these phishing individuals and companies. Imagine what all they can do with this data?

Moreover, they can send messages to any contact on your phone posing as you. For example:

1.Inappropriate messages to your professional contacts

2.Indecent messages to your family

How dangerous it can become if any individual or company can get access to a large number of WhatsApp users? Personal and confidential information of a billion users is at stake and it can really cause a phishing bomb to explode with unimagined repercussions. Think about anti-national elements get into this phishing scam and what they can do with this – its not encryption but phishing protection that customers really need.

Five Ways to Become a Smaller Target for Ransomware Hackers

Five Ways to Become a Smaller Target for Ransomware Hackers

Hacking for ransom is on the rise - on pace to beat out last year's figures - and hits people where it hurts, locking them out of files, photos and critical records until they pay hackers a bounty to restore their access. Hackers bait users to click on infected email links or open infected attachments, or they take advantage of outdated and vulnerable systems.

Victims see important files scrambled into encrypted gobbledygook, as an electronic ransom note warns that if they ever want to see those files again in a readable format, they must pay money in virtual currency, known as bitcoin.

Last year's 2,453 reports of ransomware hackings totaled a reported loss of $24.1 million (roughly Rs. 160 crores), making up nearly one-third of the complaints over the past decade. They also represented 4 percent of the $57.6 million in reported losses since 2005. Such losses are significantly higher than any paid ransoms because companies routinely include remediation costs, lost productivity, legal fees and sometimes even the price of lost data in their estimates.

What's priceless is avoiding the hack altogether.

Here are five tips to make yourself a less likely victim:

Make safe and secure backups
Once your files are encrypted, it's nearly always game over. Backups often are out of date and missing critical information.

Ransomware has become increasingly sophisticated and effective at separating users from the contents of their computers. For example, sometimes it targets backup files on an external drive. You should make multiple backups - to cloud services and using physical disk drives, at regular and frequent intervals. It's a good idea to back up files to a drive that remains entirely disconnected from your network.

Update and patch your systems
The recent samsam virus-like attack takes advantage of at least two security vulnerabilities on servers, including one discovered in 2007. Updating software will take care of some bad vulnerabilities. Browsers such as Chrome will automatically update behind the scenes, saving you the time and deterring hackers.

Use antivirus software
It's basic but using antivirus will at least protect you from the most basic, well-known viruses by scanning your system against the known fingerprints of these viruses. Low-end criminals take advantage of less savvy users with such known viruses even though malware is constantly changing and antivirus is frequently days behind detecting it.

Educate your workforce
Basic cyber hygiene such as ensuring workers don't click on questionable links or open suspicious attachments can save headaches. System administrators should ensure that employees don't have unnecessary access to parts of the network that aren't critical to their work. This helps limit the spread of ransomware if hackers do get into your system.

If hit, don't wait and see
When hackers hit MedStar Health Inc., the hospital chain shut down its network as soon as it discovered ransomware on its systems. That action prevented the continued encryption - and possible loss - of more files. Hackers will sometimes encourage you to keep your computer on and attached to the network but don't be fooled.

If you're facing a ransom demand and locked out of your files, law enforcement and cyber-securityexperts discourage paying ransoms because it incentivizes hackers and pays for their future attacks. There's also no guarantee all files will be restored. Many organizations without updated backups may decide regaining access to critical files, such as customer data, and avoiding public embarrassment is worth the cost.

The hackers, of course, are counting on that.