Cybercrime

WikiLeaks says Aaron Swartz may have been a 'source'

WikiLeaks said late yesterday that recently deceased Internet activist Aaron Swartz assisted the organization, was in contact with Julian Assange, and may have been one of the organization's sources.

Reached in Iceland on Saturday evening, California time, WikiLeaks representative Kristinn Hrafnsson confirmed to CNET that the tweets were authentic but declined to elaborate.

In the tweets, the organization said it was revealing the information "due to the investigation into the Secret Service involvement" with Swartz.

Here are screenshots of the tweets:

The phrasing of the last tweet ("strong reasons to believe, but cannot prove") may … Read more

New bill asks companies to notify EU of security breaches

Proposed legislation in the European Union would force tech companies that have access to user data -- such as Facebook, Google, and Microsoft -- to report any security breaches to local cybersecurity agencies, the Financial Times reported today.

This is the European Commission's effort to make private companies accountable for privacy and security problems, European Commission Vice President Neelie Kroes told the Financial Times.

If passed, the measure would require each of the EU's 27 member states to set up local cybersecurity agencies to implement security standards on online networks. Social networks, e-commerce companies, and large online platforms … Read more

U.S. general warns of Iran's growing cyber strength

Learning a lesson from the Stuxnet attack, Iran has beefed up its cyber forces and poses a greater threat to the United States.

At least, that was the word of warning from U.S. Air Force General William Shelton yesterday, according to Reuters. Speaking with reporters, Shelton said that the Iranian government has increased its cyber efforts since and as a result of being hit by Stuxnet.

In 2010, the infamous computer worm was unleashed in Iran and other countries. Designed to seize control of power grids and other industrial control systems, Stuxnet infected computers at Iran's Natanz nuclear … Read more

The top threats for 2013, as seen by McAfee

In the coming year, the world will see increases in mobile cyberattacks, ransomware, and "hacking for profit," as well as the decline of hacktivist groups such as Anonymous, according to McAfee Labs' 2013 Threat Predictions.

The security firm's research report, released today, predicts that cybercriminals and hacktivists are going to refine and "evolve" techniques and tools used not only to steal from our wallets, but also to take advantage of our personal data. Along with a likely rise in cyberattacks that take advantage of the explosion in mobile technology, McAfee warns of threats based on … Read more

NASA hacker won't face prosecution in U.K.

NASA hacker Gary McKinnon will face no legal action in the U.K.

The Crown Prosecution Service has decided the appropriate jurisdiction for the McKinnon case is the U.S., after discussing the case with the U.S. Department of Justice and the police.

U.S. authorities started their bid to extradite McKinnon in 2005, accusing him of causing hundreds of thousands of dollars of damage by hacking into NASA and military systems. McKinnon admitted to the intrusion in 2002 but claimed he was looking for evidence of UFO activity.

But U.S. requests for his extradition were formally turned down … Read more

New 'Dexter' malware strikes point-of-sale systems

Retailer point-of-sale systems may be at risk of malware that steals credit card data.

Israel-based security firm Seculert has identified a strain of malware, dubbed Dexter, which it asserts has infected hundreds of point-of-sale (POS) systems across 40 countries in the past two to three months. English-speaking countries appear to be a prime target, with 30 percent of infections in the U.S., 19 percent in the U.K., and 9 percent in Canada.

Rather than targeting thousands of individual machines through traditional Trojans or phishing emails, the custom-made malware targets specific POS systems. The malware injects itself into the … Read more

Threat of mass cyberattacks on U.S. banks is real, McAfee warns

The wave of distributed denial of service attacks that hit U.S. banks in October was next-to-nothing compared to what could happen if cybercriminals actually carry through with their plans for next year.

According to a report (PDF) released today by McAfee Labs, an impending attack on U.S. financial institutions -- dubbed Project Blitzkrieg -- isn't only a possibility, it's a "credible threat."

"McAfee Labs believes that Project Blitzkrieg is a credible threat to the financial industry and appears to be moving forward as planned," the report reads. "Although Project Blitzkrieg hasn'… Read more

Facebook helps FBI take down $850M botnet crime ring

Facebook helped the FBI take down an international crime ring that used a botnet to infect 11 million computers and steal more than $850 million, one of the largest cybercrime hauls in history.

The FBI announced today that with the social-networking giant's assistance, it had arrested 10 people from countries around the world who it said used the Yahos malware and Butterfly botnet to steal victims' credit card, bank account, and personal information.

"Facebook's security team provided assistance to law enforcement throughout the investigation by helping to identify the root cause, the perpetrators, and those affected by … Read more

GhostShell claims breach of 1.6M accounts at FBI, NASA, and more

Team GhostShell, the hacktivist collective, said today that it has stolen accounts from a large number of government agencies, contractors, and security firms, posting information from 1.6 million accounts online.

Dubbed Project White Fox, the hacking project appears to have affected NASA, the FBI, the Pentagon, and Interpol, among many others. The hackers announced their work in a file posted on Pastebin.

Our colleagues at ZDNet report:

The file dump, upon closer inspection, seems to include a number of records obtained via SQL injection. A random selection of the files contain email and home addresses, defense material tests and … Read more

Zeus botnet steals $47M from European bank customers

A new version of the Zeus botnet was used to steal about $47 million from European banking customers in the past year, security researchers report.

Dubbed "Eurograbber" by security vendors Versafe and Check Point Software Technologies in a report (PDF) released today, the malware is designed to defeat the two-factor authentication process banks use for transactions by intercepting bank messages sent to victims' phones.

A variant of the Zeus malware used to steal more than $100 million, Eurograbber typically launched its attack when a victim clicked on a malicious link most likely included in a phishing attempt. After … Read more