Former FBI Director Predicts Russian Hackers Will Interfere With More Elections

An anonymous reader quotes the New York Times:
James B. Comey, the former director of the F.B.I., testified that the Russians had not only intervened in last year’s election, but would try to do it again… Russian hackers did not just breach Democratic email accounts; according to Mr. Comey, they orchestrated a “massive effort” targeting hundreds of — and possibly more than 1,000 — American government and private organizations since 2015… As F.B.I. director, he supervised counterintelligence investigations into computer break-ins that harvested emails from the State Department and the White House, and that penetrated deep into the computer systems of the Joint Chiefs of Staff. Yet President Barack Obama’s administration did not want to publicize those intrusions, choosing to handle them diplomatically — perhaps because at the time they looked more like classic espionage than an effort to manipulate American politics…
Graham Allison, a longtime Russia scholar at Harvard, said, “Russia’s cyberintrusion into the recent presidential election signals the beginning of what is almost sure to be an intensified cyberwar in which both they — and we — seek to participate in picking the leaders of an adversary.” The difference, he added, is that American elections are generally fair, so “we are much more vulnerable to such manipulation than is Russia,” where results are often preordained… Similar warnings have been issued by others in the intelligence community, led by James R. Clapper Jr., who has sounded the alarm since retiring in January as director of national intelligence. “I don’t think people have their head around the scope of what the Russians are doing,” he said recently.
Daniel Fried, a career diplomat who oversaw sanctions imposed on Russia before retiring this year, told the Times that Comey “was spot-on right that Russia is coming after us, but not just the U.S., but the free world in general. And we need to take this seriously.”

Read more of this story at Slashdot.


Slashdot

Netgear Exploit Found in 31 Models Lets Hackers Turn Your Router Into a Botnet

An anonymous reader shares a report: You might want to upgrade the firmware of your router if it happens to sport the Netgear brand. Researchers have discovered a severe security hole that potentially puts hundreds of thousands of Netgear devices at risk. Disclosed by cybersecurity firm Trustwave, the vulnerability essentially allows attackers to exploit the router’s password recovery system to bypass authentication and hijack admin credentials, giving them full access to the device and its settings. What is particularly alarming is that the bug affects at least 31 different Netgear models, with the total magnitude of the vulnerability potentially leaving over a million users open to attacks. Even more unsettling is the fact that affected devices could in certain cases be breached remotely. As Trustwave researcher Simon Kenin explains, any router that has the remote management option switched on is ultimately vulnerable to hacks.

Read more of this story at Slashdot.


Slashdot

Ask Slashdot: Any Dishwasher Hackers Out There?

New submitter writes: I just replaced my dishwasher with a basic, inexpensive Sears model. It works fine, but only has 3 different wash cycles. I’m betting that the code to manage more cycles (as in more-expensive models) is already in the microcontroller and just needs inputs to select it. Is there any information available on this? Beyond dishwashers, have you done any useful hacks to household appliances more generally? I’d probably support a Kickstarter project that adds nice wireless notifications to my oven, clothes washer, and dishwasher.

Read more of this story at Slashdot.


Slashdot

PhantomSquad Hackers Begin Their Xmas DDoS Attacks By Taking Down EA Servers

An anonymous reader writes: The hacking crew was not kidding about their Christmas DDoS attacks on Xbox & PSN. This morning the group started warmup attacks on the EA network, taking it down for 3 hours. The attacks were severe enough to take down the network completely, and EA issued apologies on its Twitter account. Phantom Squad is now carrying out DDoS attacks on PSN. Users started reporting outages in small areas around the world.

Read more of this story at Slashdot.


Slashdot

Hackers Abuse Satellite Internet Links To Remain Anonymous

msm1267 writes: Poorly secured satellite-based Internet links are being abused by nation-state hackers, most notably by the Turla APT group, to hide command-and-control operations, researchers at Kaspersky Lab said today. Active for close to a decade, Turla’s activities were exposed last year; the Russian-speaking gang has carried out espionage campaigns against more than 500 victims in 45 countries, most of those victims in critical areas such as government agencies, diplomatic and military targets, and others. Its use of hijacked downstream-only links is a cheap ($ 1,000 a year to maintain) and simple means of moving malware and communicating with compromised machines, Kaspersky researchers wrote in a report. Those connections, albeit slow, are a beacon for hackers because links are not encrypted and ripe for abuse.

Read more of this story at Slashdot.


Slashdot

Uber Hires Hackers Who Remotely Killed a Jeep

An anonymous reader writes: The past several weeks have been rife with major vulnerabilities in modern cars, but none were so dramatic as when Charlie Miller and Chris Valasek tampered with the systems on a moving Jeep Cherokee. Now, Miller and Valasek have left their jobs to join a research laboratory for Uber. It’s the same lab that became home for a number of autonomous vehicle experts poached from Carnegie Mellon University. From the article: “As Uber plunges more deeply into developing or adapting self-driving cars, Miller and Valasek could help the company make that technology more secure. Uber envisions autonomous cars that could someday replace its hundreds of thousands of contract drivers. The San Francisco company has gone to top-tier universities and research centers to build up this capability.”

Read more of this story at Slashdot.


Slashdot

Ashley Madison CEO Steps Down, Reporter Finds Clues To Hacker’s Identity

Dave Knott writes: Following the recent hacks on the infidelity website Ashley Madison, Noel Biderman has stepped down as CEO of both AshleyMadison.com and its parent company. Avid Life Media Inc., the company that owns the site and many others, announced Biderman’s move in a short press release on Friday: “Noel Biderman, in mutual agreement with the company, is stepping down as chief executive officer of Avid Life Media Inc. (ALM) and is no longer with the company. Until the appointment of a new CEO, the company will be led by the existing senior management team.” Before the data hack, the company was planning an IPO in London that would have taken in as much as $ 200 million from investors. According to regulatory filings, the company had $ 115 million in revenue last year, more than four times the amount it obtained in 2009.

Meanwhile, in related news, Brian Krebs (the reporter who first uncovered the hack) says he has uncovered clues to the possible identity of the hacker.
Krebs says he noticed the Twitter account operated by a known hacker recently posted a link to Ashley Madison’s stolen proprietary source code before it was made public. Intrigued by the poster’s apparent access, he examined the account’s posting history and noticed a predilection for the music of Australian hard rock band AC/DC. This jibes with the behavior of the hacker(s), who had displayed threatening messages on the computers of Ashley Madison employees, accompanied by AC/DC song Thunderstruck. In a series of tweets, the owner of the account, one Thadeus Zu, appears to deny that he was behind the hack, and indeed makes several suggestions that the account itself isn’t even run by one person, but is instead an amalgam of like-minded digital vigilantes.
The NY Times also reports that people whose details were contained in the leak are beginning to face threats of blackmail.

Read more of this story at Slashdot.


Slashdot

Hackers Publish Cheating Site’s Stolen Data

pdclarry notes that many news outlets are reporting that 9.7 GB of data stolen from cheating website AshleyMadison.com has been published online. “The dump contains files with titles including ‘aminno_member_dump.gz,’ ‘aminno_member_email.dump.gz,’ ‘CreditCardTransactions7z,’ and ‘member_details.dump.gz,’ an indication that the download could contain highly personal details.” Brian Krebs questioned the way this has been reported without confirmation, but added that he’s been contacted by several people who found their own accurate details within the data dump. Many of the reports note this detail: “Assuming the download turns out to be authentic, people should remember that it was possible for anyone to create an account using the name and e-mail address of other individuals.”

Read more of this story at Slashdot.


Slashdot