Search This Blog
Powered by Blogger.

Blog Archive

Labels

Footer About

Footer About

Labels

Load More
Trendy Right Now

Popular Posts

Internet Freedom in 2017: Rise in Media Manipulation by Governments

A recent study by the Washington-based freedom rights group and watchdog organization, Freedom House, discovered that governments around the world have dramatically increased their efforts in manipulating information on social media over the past year.
The 48-page report goes into depth in the practices of the governments of over 65 different countries, out of which as many as 30 governments were found using some form of online information distortion to dissuade dissent.


It noted that disinformation tactics contributed to a seventh consecutive year of overall decline in internet freedom, as did a rise in disruptions to mobile internet service and increases in physical and technical attacks on human rights defenders and independent media. The tactics used include “bots”, “trolls”, propaganda producers, fake news, paid commentators, harassment of journalists, and more.
The report said that in at least 18 countries, including the United States, online manipulation and disinformation played an important role in the elections the past year.
Furthermore, it said that a record number of governments have restricted mobile internet service for political or security reasons, often in areas populated by ethnic or religious minorities.
The report rated countries from 1 to 100 on the basis of how free the internet is from government manipulation and disinformation.


China, Syria, and Ethiopia were the world’s worst abusers, with scores of 87, 86, and 86, respectively, and Iran following not far behind at 85. On the side of the coin, Estonia and Iceland were the freest countries with scores of 6 each.

This reported a serious threat to democracy all over the world, seeing as unlike direct methods of censorship, internet manipulation is not easily detectable by the common public.

Kshitija Agrawal

Read more »

Nadine Dorries faces backlash over lax attitude to cybersecurity

According to an MP, it’s common to share one’s login passwords with their colleagues in the House of Commons.

Defending over just who might have had access to Damian Green’s computer and therefore potentially used it to view pornography, the Tory MP Nadine Dorries admitted that she allows all levels of staff to log on to her computer, including temporary interns.

Dorries revealed her lax attitude to cyber security on Twitter when a retired police officer said Green must have been responsible for the material found on his machine.
“My staff log onto my computer on my desk with my login every day. Including interns on exchange programmes. For the officer on @BBCNews just now to claim that the computer on Greens desk was accessed and therefore it was Green is utterly preposterous !!”

Later she went on: "All my staff have my login details. A frequent shout when I manage to sit at my desk myself is, 'what is the password?'"

“My staff log onto my computer on my desk with my login every day. Including interns on exchange programmes.”

Cyber-security Twitter was horrified. "Nobody, whatever their seniority, should have anyone else's login details," said technology writer Kate Bevan.

"I'm going to assume UK MP @NadineDorries didn't admit to such crazy infosec practices, and instead just had someone else use her Twitter account instead," said security blogger Graham Cluley.

A social media backlash ensued, forcing the Mid Bedfordshire MP to defend her position with a flurry of tweets claiming sharing passwords was standard practice around parliament, despite being a breach of IT security rules.

Responding to claims she has a “cavalier attitude to data security”, she said she was a backbench MP who did not have access to government documents.

Dorries explained that MPs dealt with vast amounts of email, so had to give staff the ability to read them and respond. But plenty of people pointed out that you can give an assistant access to your email without handing over your password to the whole system.
Read more »

Barclays stopped offering free Russian anti-virus software

A British bank Barclays has stopped giving free Russia based anti-virus software, Kaspersky after British National Cybersecurity Center (NCSC) issued a warning against the use software.

Since 2008, the bank has provided free Kaspersky software to its customer to protect them from being hacked, and it is estimated that more than 290,000 customers might have installed the software on their devices.

According to the letter issued by the bank, "The UK government has been advised... to remove any Russian products from all highly sensitive systems classified as secret or above." "We've made the precautionary decision to no longer offer Kaspersky software to new users."

However, the bank has reassured existing customers that they are safe, and need to panic. It added: 'At this stage, there is no action for you to take. It's important that you continue to protect yourself with anti-virus software.'

Yesterday, Barclays has emailed 290,000 online customers about their decision to cease the use of the anti-virus as a  'precautionary' measure.

Whereas, Kaspersky has denied all the allegations against them, and said they 'never helped… any government in the world, including Russia, with its cyber-espionage or offensive cyber efforts'.

Meanwhile, Barclays said: 'Barclays treats the security of our customers very seriously.'


Read more »

Banking outages and their serious repercussions


It wouldn’t be wrong to state that there are a number of advantages to banking online.
One might be that it’s way more helpful than going to a traditional "original" bank to such an extent as that it can truly simplify the life of a person.
Another can be that online banks offer way better investment funds rates the chance to keep more cash in your pocket increases.
Even so, after being proved authentic so many times, there still remains a question that continues emerging on numerous occasions inside the minds of the vast majority with reference to Whether or not online banking is safe and secure.
Indeed according to a whole lot of population, it is, as they trust it to be sufficiently secure to use on an everyday premise, except what can't be ignored are the rising measures of security breaches, failures, and outages that have been showing up in a previous couple of years.
The current scene of the Fidelity 'glitches', where the clients of third biggest financier in the world found themselves unable to get to their online records and thus needed to persevere through a no. of hardships, this issue emerged as an eye opener for the investors all around the world, helping them to remember the dangers that lie undetected by the digital resources – whether it be stocks or deposits in fact – held exclusively through online records and platforms.

C:\Users\पज\Downloads\Screenshot_20171203-163828.png

Customers kept in the dark...
One of the most well-known incidents which are still afresh in the minds of those affected, occurred back in the year 2011, was the infamous data breach of the Bank of America, which ended up making a great deal of potential damage its clients. This occurrence was especially dreadful and not on the grounds that the Bank of America was effectively breached or traded off or even messed with but since this was an oversight in the site itself, which wound up uncovering a considerable amount of private and classified data of its valuable clients.

Another incident of online banking failure was experienced by the clients of HSBC as they were rendered helpless and were not able to access their internet banking for a few hours to end as the bank had endured a cyber-attack. The series of 'glitches' and 'technical problems' exhibited implied that the clients have without a doubt experienced issues signing or logging in to a few different events also.
C:\Users\पज\Downloads\Screenshot_20171203-162317.png

Even so, here the mobile banking customers were excessively influenced to a large extent. However the payments, exchanges or direct debits were not disrupted because of the attack but rather the banking outage influenced the clients' capacity to process their self - assessment forms.

Reliability never guaranteed...
One would imagine that an institution as security conscious as a bank would have the best possible measures in store to protect against these sorts of attacks, however, in all actuality, you never know when a bank's online services may go down.
C:\Users\पज\Downloads\Screenshot_20171203-164317.png

Same is the case of the NatWest and RBS online clients when a Distributed Denial of Service (DDOS) disabled their internal systems to a point where the clients were not able to get to their records via the internet.

In any case, today despite everything we still assume that the banks, companies and the governments are sufficiently capable to take care of and ensure us that our records are well looked after, we can't force ourselves to imagine the banking systems along with the ATM's going down and not having access to our well-deserved savings. In any case, so did the clients of Lloyds banking group as for them a server failure implied that for around three – and – a – half hours debit card exchanges were declined and ATM's all around the nation couldn't administer the money.
While not as 'cataclysmic' as the glitch which made a few clients of RBC's saving banking brands go a long time without having the capacity to get to their accounts properly, it was yet another sign that the aging IT systems are in a genuine need of an update.
All things considered, the issue like these are consistently happening , in the event that one is settled, another rises on its place, it is an endless circle having no fit solution to it  yet it can be dodged to some degree , if there is a change in the level of endeavours set forth by the banks and in addition its clients, on the grounds that if these meet up to work in an organized manner there may come a period later on when circumstances like these will be eventually handled in a jiffy as opposed to taking days and weeks to fathom giving help to both the bank and its client.

Medha Bhagwat

Read more »

Uber’s New Chief Legal Officer Emails Staff: Don’t Need To Be Surveilling People For Competitive Advantage

Tony West, Uber’s new chief legal officer, had a lot to say about the company’s unsavory practices, which have been frequently in the media. On 29th November 2017, just days into starting his new position, he sent an email to the security team working in Uber to stop any competitive intelligence projects and stop spying on people.


He wrote, “We don’t need to be following folks around in order to gain some competitive advantage. We’re better than that.” He added that he believes that such practices are no longer used in the company, and that, “I have not learned anything in the last couple of days that suggests otherwise. But, to be crystal clear, to the extent anyone is working on any kind of competitive intelligence project that involves the surveillance of individuals, stop it now.”
Dara Khosrowshahi, Uber’s new CEO, then forwarded this email to all of the company’s employees, saying, “As I hope you’ve seen over the past 2.5 months, I will always be fair when people admit mistakes or bring hard problems to me. But let me be clear: I have drawn a line. I will not tolerate misconduct or misbehavior that was endorsed or excused in the past. Period.”
In the email, West also wrote that “I’ve not learned anything regarding the surveillance practices that would be considered illegal. However, as you will hear me say many times, the question for us is not just whether something is legal; we must also ask ourselves whether it’s the right thing to do.”
He further implored the employees to raise any other issues and questionable practices through the Hotline process.

Read the whole email here.


Kshitija Agrawal
Read more »

Wall Street embraces bitcoin to trade futures on exchanges

Bitcoin's stratospheric rise this week follows the digital currency's embrace by mainstream trading platforms and is seen by some in finance as normal growing pains often experienced by innovative technologies.

A US regulator has cleared the way for bitcoin futures to trade on major exchanges but warned investors the digital currency is prone to elevated risk and volatility.

Two US exchanges, including the parent of the venerable Chicago Mercantile Exchange and CBOE Futures Exchange, are racing to embrace bitcoins.
The development shows how some big financial players are moving to co-opt the volatile cryptocurrency, rather than trading the actual currency and lure more mainstream investors into the market, even before regulators have agreed on just what bitcoin is.

CME Group Inc.’s contracts will debut December 18. Cboe Global Markets Inc. didn’t announce a start date. Both got the green light Friday after going through a process called self-certification -- a pledge to the US Commodity Futures Trading Commission that the products don’t run afoul of the law. Both the major exchanges announced plans to offer bitcoin trading in the next few months. The news pushed bitcoin’s price higher.

After starting the year at around $1,000, bitcoin, which first appeared in 2008, on Wednesday surged as high as $11,434 before promptly falling 15 percent. Near 1900 GMT Thursday, the virtual currency stood at $9,839.

Nasdaq is the latest major financial market to reportedly plan to launch a bitcoin futures exchange next year, although the exact timing is unclear.

The moves are a watershed for Wall Street professionals -- including institutional investors and high-speed traders -- who’ve been eager to bet on cryptocurrencies and their wild swings but worried about doing so on mostly unregulated markets. The new products are subject to CFTC oversight. CME, Cboe and Cantor Fitzgerald LP’s Cantor Exchange -- which is creating another kind of bitcoin derivative, binary options -- promised to help the agency surveil the underlying bitcoin market.
Read more »

Russian hacker group stole 40 million rubles from the Automobile Carriers

The official representative of the Russian Ministry of Internal Affairs Irina Wolf said that the MIA initiated criminal proceedings against hacker group specializing in grand theft of property from legal persons.

According to her, criminals hacked the accounts of road transporters, and disguised as official Automobile Carriers received orders from different companies. After that, they went to the warehouse where they downloaded fake documents and exported goods.

As noted by Irina Volk, the material damage has exceeded 40 million roubles. It turned out that the criminal community consisted of three groups and operated from 2016 on all territory of the Russian Federation.


- Christina

 
Read more »

IB: Uninstall Chinese apps from Mobile Phones to avoid espionage

The Intelligence Bureau (IB)  has advised the Army and paramilitary forces along the Line of Actual Control (LAC), to format their smartphones and delete a certain number of Chinese apps, and other Chinese links from their phones.

The intelligence agency has asked everyone member of security forces to uninstall a mobile applications like WeChat, Truecaller, Weibo, UC Browser and UC News and other 42 apps from their smartphones, to avoid being the victim of cross-border espionage.

The Union  Home Ministry has issued the warning after they received an input from RAW and NTRO

According to the reports, China and Pakistan, have escalated to use the mobile apps to break into smartphones and steal data.

“As per reliable inputs, a number of Android/IOS apps developed by Chinese developers or having Chinese links are reportedly either spyware or other malicious ware. Use of these apps by our force personnel can be detrimental to data security having implications on the force and national security,” the advisory read.

Truecaller has issued a statement to avoid any kind of possible cyber attack and denied any kind of foul play from their side.

"In response to certain reports, we would like to clarify that we are a Sweden-based company. We are not sure why the app is on this list, but we're investigating. Truecaller is not a malware, and all our features are permission-based and are disabled by default," the company said in a statement.

"For additional clarity, when you download Truecaller from the app store, Truecaller needs access to certain capabilities to provide you with a richer experience," the company added.

It’s not the first time the security forces are on hackers radar. In 2012,  over 10,000 email addresses of top government officials were hacked in a single day, and Indo-Tibetan Border Police (ITBP) was worst hit by the data breach.

Read more »

Uber Says: 2.7 million British Users Affected by Data Breach

Uber Technologies has revealed to Britain's data protection regulator that 2.7 million British users were affected by a 2016 security breach, which was covered up for more than a year.

The breach compromised personal data of more than 57 million riders and drivers worldwide. The leaked data includes users names, mobile phone numbers and email addresses.

“Uber has confirmed its data breach in October 2016 affected approximately 2.7 million user accounts in the U.K.,” said James Dipple-Johnstone, the deputy commissioner of the Information Commissioner’s Office data regulator.

ICO said they want the company to notify all their affected British users, both Uber drivers, and passengers, as soon as possible.

An ICO spokesman said: "As part of our investigation we are still waiting for technical reports which should give full confirmation of the figures and the type of personal data that has been compromised."

London Mayor Sadiq Khan described the latest development as the "shocking" incident.

"Uber needs to urgently confirm which of their customers are affected, what is being done to ensure these customers don't suffer adversely, and what action is being taken to prevent this happening again in the future," he said.





Read more »

Fancy Bear hackers’ UK link revealed

As dangerous as they may be, a Russian cyberespionage group allied with the Kremlin known as APT28, Fancy Bear, Sofacy, Iron Twilight and Pawn Storm gets points for topicality.

When Russia's most notorious hackers hired servers from a UK-registered company, they left a trove of clues behind, the BBC has discovered.

The hackers used the computers to attack the German parliament, hijack traffic meant for a Nigerian government website and target Apple devices.
The company, Crookservers, had claimed to be based in Oldham for a time.

It says it acted swiftly to eject the hacking team as soon as it learned of the problem.

Technical and financial records from Crookservers seen by the BBC suggest Fancy Bear had access to significant funds and made use of online financial services, some of which were later closed in anti-money laundering operations.

Russian hackers tried to breach the personal Gmail accounts of scores of US officials. Fancy Bear was responsible for waging a hacking campaign in 2015 and 2016 targeted towards the Democratic Party and the Clinton campaign with shrewd, politically savvy timing and aimed at disrupting the 2016 election.

Some of Fancy Bear's activities had previously been identified by the cyber-security company Crowdstrike. 

Indeed an internet protocol (IP) address that once belonged to a dedicated server hired via Crookservers was discovered in the malicious code used in the breach.

Over three years, Fancy Bear rented computers through Crookservers, covering its tracks using bogus identities, virtual private networks and hard-to-trace payment systems.

Researchers at cyber-threat intelligence company SecureWorks, who analysed information from Crookservers for the BBC, said it had helped them connect several Fancy Bear operations.

Mike McLellan of SecureWorks said the hackers employed poor tradecraft.

The server used to control the malware was hired through Crookservers by a hacker using the pseudonym Nikolay Mladenov who paid using Bitcoin and Perfect Money, according to records seen by the BBC.
Read more »

The Oxford and Cambridge Club, one of the United Kingdom’s most elite gentlemen’s clubs open to alumni of the universities of Oxford and Cambridge, has called in the Metropolitan police and private investigators after being hit by the theft of online data of its 5,000 members.

Alistair Telfer, the club’s secretary, has written to all members by email and followed it up with a letter — seen by the newspaper — urging them to check bank accounts regularly for "suspicious activity" and has warned them to be alert to potential identity theft, after a hard drive was stolen from the club’s headquarters which consisted of data of the members. Members were informed that they could be at risk of fraud attempts.

"We have been advised that we should write to confirm that there may have been a data breach at the Club which could possibly result in disclosure of your personal data held on the Club computer system," Telfer wrote.
The breach at Pall Mall street in central London has put the personal details of many members at risk, including comedian, actor and author Stephen Fry; Lord Rees, the astronomer royal; the former master of Trinity College. Though Queen Elizabeth II’s husband and the Duke of Edinburgh, Prince Philip and his son, Prince Charles — both honorary members of the club — were not affected by the break-in, 'The Sunday Telegraph' reported.

A backup computer drive, described as the size of a toaster, was taken from a locked “comms” room inside the club’s headquarters earlier this month. The information on the hard drive includes members’ names, home and email addresses, phone numbers, some bank account details, dates of birth and even photographs. The database did not hold information about members’ credit or debit cards.

The theft was discovered on November 16, but has only just been reported amid a police investigation.
Read more »
Subscribe to: Comments (Atom)