Free Republic

The Internal Revenue Service continues to have weaknesses in information security control that the Government Accountability Office fears could affect the confidentiality, integrity and availability of financial and sensitive taxpayer data. An April 8 GAO report found that although the IRS has improved on information security control and internal control over financial reporting, significant risks remain. The agency has failed to consistently install the appropriate patches on all databases and servers to protect against known vulnerabilities, GAO found, and also failed to sufficiently monitor database controls and appropriately restrict access to its mainframe environment. The IRS has also allowed individuals...

A special unit with the US intelligence agency succeeded in infiltrating Huwaei's network and copied a list of 1,400 customers as well as internal documents providing training to engineers on the use of Huwaei products, among other things. Source Code Breached According to a top secret NSA presentation, NSA workers not only succeeded in accessing the email archive, but also the secret source code of individual Huwaei products. Software source code is the holy grail of computer companies. Because Huawei directed all mail traffic from its employees through a central office in Shenzhen, where the NSA had infiltrated the network,...

WASHINGTON — American officials have long considered Huawei, the Chinese telecommunications giant, a security threat, blocking it from business deals in the United States for fear that the company would create “back doors” in its equipment that could allow the Chinese military or Beijing-backed hackers to steal corporate and government secrets. But even as the United States made a public case about the dangers of buying from Huawei, classified documents show that the National Security Agency was creating its own back doors — directly into Huawei’s networks. The agency pried its way into the servers in Huawei’s sealed headquarters in...

A sophisticated piece of spyware has been quietly infecting hundreds of government computers across Europe and the United States in one of the most complex cyber espionage programs uncovered to date. Several security researchers and Western intelligence officers say they believe the malware, widely known as Turla, is the work of the Russian government and linked to the same software used to launch a massive breach on the U.S. military uncovered in 2008. Those assessments were based on analysis of tactics employed by hackers, along with technical indicators and the victims they targeted.

Link only. Read article at source.

A British man accused of hacking into U.S. government computer networks was charged in a new indictment unsealed Thursday with infiltrating the Federal Reserve’s computers. Lauri Love, 28, of Stradishall, England, was charged with computer hacking and aggravated identity theft, which carry a potential penalty of up to 12 years in prison. He initially was arrested in Great Britain in October and released on bail after he was charged under a United Kingdom law that permits the arrest of anyone who starts attacks from the U.K. on computers anywhere in the world. …

The Global Positioning System helps power everything from in-car satnavs and smart bombs to bank security and flight control, but its founder has warned that it is more vulnerable to sabotage or disruption than ever before – and politicians and security chiefs are ignoring the risk. Impairment of the system by hostile foreign governments, cyber criminals – or even regular citizens – has become “a matter of national security”, according to Colonel Bradford Parkinson, who is hailed as the architect of modern navigation. “If we don’t watch out and we aren’t prepared,” then countries could be denied everything from ‘navigation’...

A local congressional candidate now says she will not be hiring a cyber-security firm to look into claims that someone hacked her campaign’s website. The situation started in September, 2013, when Democrat Martha Robertson’s campaign sent an e-mail out to supporters claiming “GOP ops” were trying to hack their website. In early October, the Robertson campaign backed off the “GOP ops” claim during an interview with WETM, but presented evidence showing there were multiple “SQL injection” attacks made on the website. And during an interview with the political site Roll Call, Robertson state the campaign was looking into hiring a...

Visitors to the Sochi Winter Olympics can expect for their computers and mobile devices to be hacked, NBC’s Richard Engel reported Tuesday evening on NBC Nightly News. Engel conducted multiple experiments with the help of an American based security expert in which the NBC reporter logged onto various public WIFI networks around Moscow. Almost immediately, all of Engel’s devices were exposed to malicious malware. Analysis revealed some of Engel’s devices were transmitting personal data stored on his computer to a server based in Russia. The best way for travelers to avoid these issues, Engel said, is to avoid public WIFI...

A 19-year-old who lived at home with his mom and worked at a local call center stole the identities of America's rich and famous — including Kim Kardashian and the head of the FBI — and took over their financial accounts..... ...Earlier this week, Flores learned he'll spend the next 3 1/2 years in federal prison for his identity theft scheme..... ....At the time, Flores was already facing criminal charges in state court, where he was accused of taking private information from a coworker's personnel profile and having his colleague's paycheck directly deposited into his own bank account. Flores was...

Beware of malformed FileZilla FTP client versions 3.7.3 and 3.5.3. We have noticed an increased presence of these malware versions of famous open source FTP clients. The first suspicious signs are bogus download URLs... Malware installer GUI is almost identical to the official version. The only slight difference is version of NullSoft installer where malware uses 2.46.3-Unicode and the official installer uses v2.45-Unicode. All other elements like texts, buttons, icons and images are the same. The installed malware FTP client looks like the official version and it is fully functional! You can’t find any suspicious behavior, entries in the system...

The man who appeared before Congress last week to explain the security pitfalls of HealthCare.gov took to Fox News on Sunday to explain just how easy it was to penetrate the website. Hacking expert David Kennedy told Fox’s Chris Wallace that gaining access to 70,000 personal records of Obamacare enrollees via HealthCare.gov took about 4 minutes and required nothing more than a standard browser, the Daily Caller reported. PHOTOS: Eye-popping excuses in American political scandals “And 70,000 was just one of the numbers that I was able to go up to and I stopped after that,” he said. “You know,...

<p>Researchers with Trustwave's SpiderLabs said they discovered the credentials while investigating a server in the Netherlands that cyber criminals use to control a massive network of compromised computers known as the "Pony botnet."</p> <p>The company told Reuters on Wednesday that it has reported its findings to the largest of more than 90,000 websites and Internet service providers whose customers' credentials it had found on the server.</p>

Target confirmed Friday that debit card PIN data was stolen in its recent massive breach, reversing its earlier stance that the codes were not part of the hack. However, the retailer believes the PINs remain "safe and secure." In a statement, Target spokeswoman Molly Snyder said the PINs are "strongly encrypted" and were never stored on Target's systems in plain text. In other words, from the moment a customer entered a PIN after swiping a debit card, Target's payment system translated that number into an indecipherable string of code. Target claims that the PINs remained encrypted after they were stolen....

If your personal info is filched from the site, the government doesn’t have to tell you. Christmas shoppers were stunned to learn last Thursday that computer hackers had made off with the names and other personal info of some 40 million Target customers. Some of the pilfered information is reportedly being sold on the black market, prompting JP Morgan Chase to limit purchases and cash withdrawals on debit cards owned by recent Target shoppers. But at least Target informed its customers of the security breach, as it is required by federal law to do. HealthCare.gov faces no such requirement; it...

Christmas shoppers were stunned to learn last Thursday that computer hackers had made off with the names and other personal info of some 40 million Target customers. Some of the pilfered information is reportedly being sold on the black market, prompting JP Morgan Chase to limit purchases and cash withdrawals on debit cards owned by recent Target shoppers. But at least Target informed its customers of the security breach, as it is required by federal law to do. HealthCare.gov faces no such requirement; it need never notify customers that their personal information has been hacked or possibly compromised. The Department...

Documents provided to the House Committee on Government Oversight and Reform reveal that the Obama administration knew of security vulnerabilities within Healthcare.gov prior to Oct. 1, but launched the website anyway. Chairman Darrell Issa (R., Calif.) said Health and Human Services (HHS) officials showed a “disturbing lack of judgment” by going ahead with the site’s launch and putting Americans’ personal information at risk. Results of a security assessment conducted by a contractor on the site, MITRE Corporation, found that 19 security vulnerabilities remained unaddressed on Oct. 1. Eleven of the 19 vulnerabilities “significantly impact the confidentiality, integrity and/or availability of...

Daniel_Stuckey writes "Earlier this year, it was London. Most recently, it was a university in Germany. Wherever it is, [artist Aram] Bartholl is opening up his eight white, plainly printed binders full of the 4.7 million user passwords that were pilfered from the social network and made public by a hacker last year. He brings the books to his exhibits, called 'Forgot Your Password,' where you're free to see if he's got your data—and whether anyone else who wanders through is entirely capable of logging onto your account and making Connections with unsavory people. In fact, Bartholl insists: "These eight...

The Queen marked the level in bowls of nuts left around Buckingham Palace as she was "irritated" by police officers eating them, the Old Bailey has heard. According to an email sent by Clive Goodman, ex-royal editor at the News of the World, she was "upset" by it. The journalist added that a memo was sent to palace officers, telling them to "keep their sticky fingers out". The phone-hacking jury has also heard one of the defendants, Ian Edmondson, is no longer fit to stand trial. Mr Justice Saunders said that it was "not appropriate to adjourn to wait for...

China hacked computers in the foreign ministries of Bulgaria, the Czech Republic, Hungary, Latvia and Portugal in summer 2013, The New York Times reports, citing own research and work by IT firm FireEye. It said officials triggered malware by clicking email links to naked pictures of French celebrity Carla Bruni.