Monday, February 23, 2015
Always attack the weakest link.
There's a massive new leak of confidential spy files from MI6, Mossad and the FSB
Al-Jazeera has obtained hundreds of confidential "spy cables" from some of the world's top intelligence agencies, in what the news channel is calling "the largest intelligence leak since Snowden."
Documents from Britain's MI6 and Israel's Mossad are included, along with the Russian FSB, South African SSA and the Australian ASIO. (No American intelligence agencies appear to be included.) Al-Jazeera is publishing the leaks over the coming days in conjunction with the Guardian, promising that they will provide "an unprecedented insight into operational dealings of the shadowy and highly politicised realm of global espionage."
The documents date from 2006 to December 2014.
The source for the documents appears to be a leak in South Africa's SSA agency, including "detailed briefings and internal analyses written by operatives of South Africa's State Security Agency (SSA)", as well as "secret correspondence with the US intelligence agency, the CIA, Britain's MI6, Israel's Mossad, Russia's FSB and Iran's operatives, as well as dozens of other services from Asia to the Middle East and Africa."
A really bad precedent. If they did this to track the hacker, that's one thing. If not, what could possibly be on only one computer (without clean backups) that is irreplaceble?
Midlothian cops pay ransom to retrieve data from hacker
A south suburban police department paid a $500 ransom to an unidentified hacker to regain access to data from a police computer the hacker managed to disable, records show.
… "It didn't encrypt everything in the police department. It was just that computer and specific files," not the entire system, Harden said.
The hacker didn't access the information on the computer [How do they know that? Bob] but merely shut it down and made it inaccessible, Harden said.
… At the Midlothian Police Department, someone opened an email that contained the virus, allowing the virus to lock down the computer, Harden said.
… Village officials released a copy of the town's invoice in response to an open records request by the Tribune. The invoice, "for MPD virus," shows the village sent a $606 money order to a bitcoin cafe in New York to transmit the money to the hacker. The payment included bank fees and surcharges.
Officials tried to wire the money through Bank of America, Harden said, but couldn't.
… "Because the backups were also infected, the option was to pay the hacker and get the files unencrypted," Harden said, "which is what we decided to do."
Harden said he believes the hacker's actions are criminal, [Gosh Sherlock, what was your first clue? Bob] which is why the hacker requested "pretty much untraceable" bitcoin as payment.
It's not just on Lenovo's laptops. (Article 1)
Lenovo & Microsoft Remove Superfish
In case you missed the news last week, Lenovo laptops were found to be infected by a particularly nasty piece of adware that makes computers vulnerable to man-in-the-middle attacks. Shockingly, Superfish was pre-installed on Lenovo machines. We shared news of the discovery on Thursday (Feb. 19), and detailed the Superfish issue in full on Friday (Feb. 20).
Since then, Lenovo has released a patch which automatically removes Superfish and its certificates from affected machines. The company has also detailed how to remove Superfish manually, for those who don’t trust running an executable from the manufacturer who created this problem in the first place. Microsoft has also updated Windows Defender so that it detects and removes all traces of Superfish.
For my Ethical Hackers. Subscription or purchase required. (Probably free access through the library.)
Roy Wenzl reports:
Kevin Steinmetz, a criminologist at Kansas State University, has studied and met a lot of hackers and he sees value in them. Hacker culture is far more diverse, more interesting, more valuable and more sophisticated than most of us realize, he said.
His latest work, “An Ethnographic Study of Hacking,” has been published in the British Journal of Criminology, according to a statement from Kansas State University. In his work, he defines what a hacker is (and is not) and what it means to “hack.”
Read more on The Witchita Eagle.
Here’s the Abstract of Steinmetz’s article, “Craft(y)ness: An Ethnographic Study of Hacking:”
The idea of the ‘hacker’ is a contested concept both inside and outside the hacker community, including academia. Addressing such contestation the current study uses ethnographic field research and content analysis to create a grounded understanding of ‘the hacker’. In doing so, hacking is revealed to parallel features found in craftwork, often sharing (1) a particular mentality, (2) an emphasis on skill, (3) a sense of ownership over tools and objects of labour, (4) guild-like social and learning structures, (5) a deep sense of commitment, (6) an emphasis on process over result, (7) a common phenomenological experience, and (8) tendencies towards transgression. The final result is that hacking is identified as a kind of transgressive craft or craft(y).
[In the January issue: http://bjc.oxfordjournals.org/content/55/1.toc
Another couple of reports worth reading.
Financial Industry Regulatory Authority Report on Cybersecurity Practices
FINRA Report on Cybersecurity Practices, February 2015 – Executive Summary –
“Like many organizations in the financial services and other sectors, broker-dealers (firms) are the target of cyberattacks. The frequency and sophistication of these attacks is increasing and individual broker-dealers, and the industry as a whole, must make responding to these threats a high priority. This report is intended to assist firms in that effort. Based on FINRA’s 2014 targeted examination of firms and other related initiatives, the report presents FINRA’s latest work in this critical area. Given the rapidly evolving nature and pervasiveness of cyberattacks, it is unlikely to be our last. A variety of factors are driving firms’ exposure to cybersecurity threats. The interplay between advances in technology, changes in firms’ business models, and changes in how firms and their customers use technology create vulnerabilities in firms’ information technology systems. For example, firms’ Web-based activities can create opportunities for attackers to disrupt or gain access to firm and customer information. Similarly, employees and customers are using mobile devices to access information at broker-dealers that create a variety of new avenues for attack. The landscape of threat actors includes cybercriminals whose objective may be to steal money or information for commercial gain, nation states that may acquire information to advance national objectives, and hacktivists whose objectives may be to disrupt and embarrass an entity. Attackers, and the tools available to them, are increasingly sophisticated. Insiders, too, can pose significant threats. This report presents an approach to cybersecurity grounded in risk management to address these threats. It identifies principles and effective practices for firms to consider, while recognizing that there is no one-size-fits-all approach to cybersecurity.”
"When in trouble or in doubt, run in circles, scream and shout"
The Minsk Ceasefire Has Failed. What Now For Ukraine?
… The Minsk agreement imposed an “immediate and full” bilateral ceasefire across the whole of Donetsk and Luhansk from 15th February. But the ceasefire was immediately breached. In fact fighting never stopped. It is a ceasefire on paper only.
The European Union is losing patience. Gone are the carefully-worded missives, calculated to avoid upsetting anyone: it is resorting to plain language, which for the EU amounts to the “ultimate weapon”.
(Related) “No more McDonald's for you!”
Kerry Raises Prospect of More Sanctions Against Russia Over Ukraine
… Washington has expressed alarm over the past week about Russia’s role in supporting the separatists in eastern Ukraine.
Last week, the State Department said Russia was not only providing the separatists with weapons but also using its own forces to fire shells and rockets at Debaltseve, a strategically important town that Ukrainian troops were forced to abandon.
With Ukraine’s loss of Debaltseve, there is growing concern in Western countries that Mariupol, a port city in eastern Ukraine, could be the separatists’ next objective. Mr. Kerry echoed those concerns on Saturday, warning that Russia had been involved in “land grabbing.”
The outrage in Western capitals, however, has yet to lead to a package of tough, new measures like economic sanctions or the shipment of defensive arms to the Ukrainian military. And it remains to be seen whether the United States and its allies can forge an effective response to Russia’s support of the separatists.
Big data keeps getting bigger. At least this is another source of copyright free images. Maybe.
Denmark’s largest digital archive launched
The Copenhagen Post – “Denmark’s largest digital photo album with nearly two million images…open[ed] to the general public [February 20, 2015]. Danes will have access to the online database at Arkiv.dk, which includes 1,841,254 documents such as photos, diaries, letters, and sound and video recordings. Since the late 1980s, all items from the country’s more than 550 archives have been recorded electronically, and today a large portion of them becomes freely available to the public. The Association of Local Archives estimates that Danish archives contain some 50 million images and more than 100 kilometres of shelves with original documents. Every month, 25,000 new photos will be added to the database… All documents in the digital archive are covered by the general rules of copyright, the oldest of them dates back to the 1600s.”
My students do this already and I have to tell you, it doesn't work. Humorous infographic.
10 Tricks to Make You Seem Like The Smartest Person in a Meeting
The 10 tricks outlined below will make you look the smartest person in the room. Sure, you won’t have any idea what you’re actually doing, but at least people will think you’re a genius.
(Note: In case reading the infographic didn’t make it obvious, this isn’t actual advice, and you should prepare for your meetings. In fact, following this advice might lead you to lose your job. Use at your own risk.)
For my librarians. Perhaps we can use some of this?
22 ideas win Knight News Challenge: Libraries
In September we launched the 12th Knight News Challenge, on libraries, asking the question, “How might we leverage libraries as a platform to build more knowledgeable communities?” Today we’re announcing 22 winners of that challenge, awarding the recipients a share of $3 million for their ideas. Building on previous experience working with libraries, this challenge has helped us learn a great deal about libraries and the challenges they face while serving the information needs of their communities. Several themes emerged among the winners, including focusing on digital rights and privacy; history and digital preservation; the maker movement and open data. We look forward to learning more as the projects develop and to applying that knowledge to our work more broadly. Additionally, we have experienced firsthand the enthusiasm inside and outside of libraries for making them vibrant civic institutions in a digital age. The winners of the Knight News Challenge…”
Maybe we don't need to teach our students to code? Interesting article on taking advantage of a few loopholes.
How a 25-year-old dev made 600 apps without being able to code
John Hayward-Mayhew is one of the most prolific iOS developers ever to peddle a blackjack game. Over the past four years, the 25-year-old entrepreneur flooded the App Store with an astonishing 600 separate apps — everything from endless runners such as Dangerous Caveman Bum Runner to dentistry games like Emergency Dentist Race — raking in close to $1 million in the process.
The most miraculous part of all? He can’t even code.
Just in case they do want to learn something... List of resources!
Learning Vim for Beginners
Vim, or Vi Improved, is an extremely powerful text editor that lets you do almost everything using keyboard shortcuts. You can replace text in a document, move or delete lines, automate edits and more without ever reaching for the mouse. Vim is the favorite source code editor of programmers but there’s no reason why you cannot use the editor for your regular text-editing tasks from writing down ideas to composing long emails.