Have you created a ShazzleMail account on your smartphone? This is a required first step.

Yes No

Free Encrypted Email

Posts Tagged ‘ShazzleMail’

bitcoin-hacking

FBI is Investigating Theft of $1.3 Million in Bitcoin from a Massachusetts Man

October 18, 2016

Over two months ago, the world’s third largest Bitcoin Exchange Bitfinex lost around $72 Million worth of Bitcoins in a major hack.

Shortly after the company encountered a $72,000,000 Bitcoin theft, an unnamed Bitfinex user from Cambridge, Massachusetts, filed a police report in September, alleging that $1.3 Million of funds were stolen from his account.
Since then the Cambridge police have handed the case over to the FBI, which is working with the Bitcoin exchange as well as European authorities to recover funds stolen from the Bitfinex user, Coindesk reports.

The individual claimed that he held $3.4 Million in Bitcoin in his personal wallet hosted by the Bitfinex Bitcoin exchange. But following the August’s Bitfinex breach, he was left with $2.1 Million in his account.

Bitfinex then notified the individual of his initial loss of approximately $1.3 Million in Bitcoin, but after the company issued IOU tokens as an emergency measure to keep the exchange operating, the loss incurred was reduced to just $720,000.
The IOUs or BFX tokens are a form of compensation provided to the victims to reduce their losses by a significant factor.
Although specific details remain still unclear, the Bitfinex user confirmed lose of funds beyond Bitfinex IOU tokens issued to all the victims of the breach.
The usability of the token is still unclear. Neither the explanation of tokens provided by Bitfinex is much clear, nor the legal status of the tokens is known.
“The BFX tokens will remain outstanding until repaid in full by Bitfinex or exchanged for shares of iFinex Inc,” explains the company. “The specific conditions associated with the exchange of these tokens will be explained in a later announcement.”

For the incident report filed by the Bitfinex user, you can head on to this link. No further details about the case are available at this moment.
Shortly after the breach of around $72 Million worth of its customers’ Bitcoins, Hong Kong-based Bitcoin exchange announced a reward of $3.5 Million to anyone who can provide information that leads to the recovery of the stolen Bitcoins.
The incident was so big that the price of Bitcoin was dropped almost 20%, from $602.78 to $541 per Bitcoin, within a day after the announcement.

Tags: , , , ,

bn-py738_0923de_j_20160923160607

Privacy Debate Flares With Report About Yahoo Scanning Emails

October 7, 2016

Reuters reported Tuesday that Yahoo built a software system last year to scan all incoming email for specific information provided by intelligence officials, in compliance with a classified U.S. government directive. PHOTO: EUROPEAN PRESSPHOTO AGENCY
By ROBERT MCMILLAN and DAMIAN PALETTA
Updated Oct. 5, 2016 3:21 p.m. ET
10 COMMENTS
Big technology companies, including Google, Microsoft Corp., Twitter Inc. and Facebook Inc. denied scanning incoming user emails on behalf of the U.S. government, following a report that Yahoo Inc. had built such a system.

Reuters reported Tuesday that Yahoo had built a software system last year to scan all incoming email for specific information provided by intelligence officials, in compliance with a classified U.S. government directive.

The system was built without the knowledge of Yahoo’s security team, and its discovery prompted the departure of Yahoo’s then-Chief Information Security Officer Alex Stamos, Reuters reported. Mr. Stamos declined to comment.
It is unclear whether Yahoo ever provided the government with information gleaned from the system.

In a statement Tuesday, Yahoo said it “is a law abiding company, and complies with the laws of the United States.” On Wednesday, Yahoo issued a second statement, describing the Reuters article as “misleading” and saying the mail scanning system “does not exist.”

According to Reuters, the Yahoo system contained a flaw that could have allowed hackers to access email messages.

The Reuters account suggested the surveillance program differed from those revealed by former National Security Agency contractor Edward Snowden in 2013. In those programs, the government gained access to messages involving specific targets. But the Yahoo tool reportedly examined all incoming email.
The report sparked criticism from some lawmakers and privacy advocates.

“The NSA has said that it only targets individuals…by searching for email addresses and similar identifiers,” said Sen. Ron Wyden (D., Ore.), a member of Senate Intelligence Committee, in an emailed statement. “If that has changed, the executive branch has an obligation to notify the public.”

Patrick Toomey, a staff attorney with the American Civil Liberties Union, said “We have never heard or seen an order requiring an email provider to do something like this.”

In a statement, Richard Kolko, a spokesman for the Office of the Director of National Intelligence, said intelligence gathering is overseen by the Foreign Intelligence Surveillance Act, and any activity is “narrowly focused on specific foreign intelligence targets and does not involve bulk collection or use generic key words or phrases.” The statement also said the U.S. only looks at electronic communication for national-security purposes “and not for the purpose of indiscriminately reviewing the emails or phone calls of ordinary people.”

Representatives from the NSA and the White House declined to comment.

Other messaging providers reached Tuesday said they hadn’t built similar tools. “We’ve never received such a request, but if we did, our response would be simple: ‘no way,’” a Google spokesman said via email. Google is a division of Alphabet Inc.

“We have never engaged in the secret scanning of email traffic like what has been reported today about Yahoo,” a Microsoft spokesman said via email. Microsoft didn’t respond to questions about whether it had received such a request from the federal government.

Twitter, Apple Inc. and Facebook said they hadn’t received requests, and said they would oppose any.

Over the past year, the federal government has found itself at odds with some Silicon Valley companies such as Apple and Facebook as they have developed so-called end-to-end messaging encryption systems that would prevent them from being able to monitor their users’ communications.

In March, the Federal Bureau of Investigation dropped a legal effort to compel Apple to circumvent the encryption protections of its iPhone to investigate the Dec. 2, 2015, terror attack in San Bernardino, Calif.

Yahoo last year pledged to introduce end-to-end encryption on email. But it is unclear the company ever followed through. A Yahoo spokesman didn’t immediately respond to a request for comment on encryption.

Tags: , , , , ,

gchq-hacking-news

The Feds Will Soon Be Able to Legally Hack Almost Anyone

September 19, 2016

Digital devices and software programs are complicated. Behind the pointing and clicking on screen are thousands of processes and routines that make everything work. So when malicious software—malware—invades a system, even seemingly small changes to the system can have unpredictable impacts.

That’s why it’s so concerning that the Justice Department is planning a vast expansion of government hacking. Under a new set of rules, the FBI would have the authority to secretly use malware to hack into thousands or hundreds of thousands of computers that belong to innocent third parties and even crime victims. The unintended consequences could be staggering.
The new plan to drastically expand the government’s hacking and surveillance authorities is known formally as amendments to Rule 41 of the Federal Rules of Criminal Procedure, and the proposal would allow the government to hack a million computers or more with a single warrant. If Congress doesn’t pass legislation blocking this proposal, the new rules go into effect on December 1. With just six work weeks remaining on the Senate schedule and a long Congressional to-do list, time is running out.

The government says it needs this power to investigate a network of devices infected with malware and controlled by a criminal—what’s known as a “botnet.” But the Justice Department has given the public far too little information about its hacking tools and how it plans to use them. And the amendments to Rule 41 are woefully short on protections for the security of hospitals, life-saving computer systems, or the phones and electronic devices of innocent Americans.
Without rigorous and periodic evaluation of hacking software by independent experts, it would be nothing short of reckless to allow this massive expansion of government hacking.
If malware crashes your personal computer or phone, it can mean a loss of photos, documents and records—a major inconvenience. But if a hospital’s computer system or other critical infrastructure crashes, it puts lives at risk. Surgical directives are lost. Medical histories are inaccessible. Patients can wait hours for care. If critical information isn’t available to doctors, people could die. Without new safeguards on the government’s hacking authority, the FBI could very well be responsible for this kind of tragedy in the future.
No one believes the government is setting out to damage victims’ computers. But history shows just how hard it is to get hacking tools right. Indeed, recent experience shows that tools developed by law enforcement have actually been co-opted and used by criminals and miscreants. For example, the FBI digital wiretapping tool Carnivore, later renamed DCS 3000, had weaknesses (which were eventually publicly identified) that made it vulnerable to spoofing by unauthorized parties, allowing criminals to hijack legitimate government searches. Cisco’s Law Enforcement access standards, the guidelines for allowing government wiretaps through Cisco’s routers, had similar weaknesses that security researchers discovered.

The government will likely argue that its tools for going after large botnets have yet to cause the kind of unintended damage we describe. But it is impossible to verify that claim without more transparency from the agencies about their operations. Even if the claim is true, today’s botnets are simple, and their commands can easily be found online. So even if the FBI’s investigative techniques are effective today, in the future that might not be the case. Damage to devices or files can happen when a software program searches and finds pieces of the botnet hidden on a victim’s computer. Indeed, damage happens even when changes are straightforward: recently an anti-virus scan shut down a device in the middle of heart surgery.

Compounding the problem is that the FBI keeps its hacking techniques shrouded in secrecy. The FBI’s statements to date do not inspire confidence that it will take the necessary precautions to test malware before deploying them in the field. One FBI special agent recently testified that a tool was safe because he tested it on his home computer, and it “did not make any changes to the security settings on my computer.” This obviously falls far short of the testing needed to vet a complicated hacking tool that could be unleashed on millions of devices.

Why would Congress approve such a short-sighted proposal? It didn’t. Congress had no role in writing or approving these changes, which were developed by the US court system through an obscure procedural process. This process was intended for updating minor procedural rules, not for making major policy decisions.

This kind of vast expansion of government mass hacking and surveillance is clearly a policy decision. This is a job for Congress, not a little-known court process.

If Congress had to pass a bill to enact these changes, it almost surely would not pass as written. The Justice Department may need new authorities to identify and search anonymous computers linked to digital crimes. But this package of changes is far too broad, with far too little oversight or protections against collateral damage.

Congress should block these rule changes from going into effect by passing the bipartisan, bicameral Stopping Mass Hacking Act. Americans deserve a real debate about the best way to update our laws to address online threats.

Tags: , , , , , , , ,

touhill-bio-photo

White House Appoints First Federal Chief Information Security Officer

September 16, 2016

Obama appointee Gregory Touhill has an opportunity to foster a substantive conversation with the public over privacy issues.
The Obama administration recently appointed the United States’ first federal chief information security officer, in the latest of a series of moves aimed at shoring up cybersecurity both within the government and the country at large. Former Air Force general Gregory Touhill has been named to the post, the duties of which were described in the administration’s announcement:
General Touhill is currently the Deputy Assistant Secretary for Cybersecurity and Communications in the Office of Cybersecurity and Communications (CS&C) at the Department of Homeland Security (DHS), where he focuses on the development and implementation of operational programs designed to protect our government networks and critical infrastructure.
In his new role as Federal CISO, Greg will leverage his considerable experience in managing a range of complex and diverse technical solutions at scale with his strong knowledge of both civilian and military best practices, capabilities, and human capital training, development and retention strategies.
Historically, the U.S. government has placed a lot of emphasis on fighting hackers and stopping cybersecurity attacks, but that’s just a small piece of the overall security puzzle, says Constellation Research VP and principal analyst Steve Wilson. There’s a major opportunity for Touhill to drive a much broader and more valuable cybersecurity agenda with a focus on authentication and encryption. (It should be noted that Touhill, as an appointee, could be replaced by the incoming administration.)
“Giving citizens the ability to manage their diverse identities and attributes online is critical when it comes to the digital economy,” Wilson says. “The root cause of so much cyber insecurity right now is stolen passwords and identity theft.”
Moreover, many U.S. government agencies are going toward a mobile-first strategy for service delivery. It makes perfect sense for the government to back efforts such as the FIDO Alliance, an industry consortium working on a set of specifications for advanced authentication leveraging the features of smart devices, such as biometrics.
Last year, the government office charged with implementing the National Strategy for Trusted Identities in Cyberspace joined FIDO. In his high-profile role, Touhill could serve as a strong advocate for more U.S. agencies to join the effort.
Of course, there’s the question of how much the U.S. public would trust stronger advocacy for authentication from the government in light of the domestic surveillance revelations of recent years, and controversial actions such as the FBI’s demands for a security backdoor on a suspected terrorist’s iPhone.
It’s important for the public to take a measured view, Wilson says. While the FBI may have overreached, you have to assume that its general goal is go after the bad guys, he adds.
However, the U.S. government “still has to have a genuine conversation with the public about privacy,” he says. “Ever since 9/11, there has been a thesis that the world has changed and the security-privacy balance needs to be shifted. I don’t know if that’s true but why don’t we have a conversation about it? I don’t see many governments having that discussion in good faith. They’re saying, ‘trust us.'”To that end, Touhill is in a position to kick off just such a conversation.

Tags: , , , , , ,

Main Entrance Of Modern Hospital Building With Signs

Hackers Split On ‘Ethics’ Of Ransomware Attacks On Hospitals

September 14, 2016

Ransomware might be lucrative for some cybercriminals, but there are those who condemn holding hospitals to ransom.

Ransomware attacks against hospitals represent a growing threat which is becoming increasingly lucrative for some cybercriminals — even while other hackers are openly condemning extortion attempts against healthcare providers.
A combination of hospitals’ reliance on equipment powered by older operating systems and their often very urgent need to access medical data means that some hackers have looked at the institutions as a potentially rich target.
That was demonstrated when a Los Angeles hospital paid a $17,000 Bitcoin ransom after a Locky infection took down its network. But that wasn’t a one-off attack: there’s been a surge in ransomware-based cyberattacks against hospital networks across the globe, but particularly in the US.
Cybersecurity researchers from Intel Security analysed ransomware code from attacks against hospitals made during the first quarter of the year and discovered numerous Bitcoin wallets used to transfer ransom payments — Bitcoin having become the preferred currency of the cybercriminal — which showed that the hackers behind these hospitals attacks had amassed $100,000 from ransoms alone.
Researchers have described the ransomware attack methods used by such attackers as “effective but not very sophisticated”. While they don’t specify which variants of ransomware are being used, the description could point to the culprits using something like Cerber, which has been seen being made available as a ransomware-as-a-service scheme for use by even the most technically-illiterate wannabe cybercriminal.
Researchers also suggest the hospital attacks weren’t carried out by the sort of “malicious actors we normally face in ransomware attacks or breaches”.
Indeed, they found evidence that suggests that cyberattacks against hospitals are being carried out by those viewed as renegades even within the cybercriminal fraternity, judged negatively for their decision to carry out attacks against those which provision healthcare. In the Russian underground in particular, there’s an ‘ethical’ code of conduct which places hospitals off-limits — even in countries usually targeted by Russian-speaking hackers.
In one forum, criminals discussed the ethics of attacking hospitals at length: “Yes, this is pretty sad and a new low. These ransom attacks are bad enough, but if someone were to die or be injured because of this it is just plain wrong,” one user said, while another labelled hospital attackers as “dumbest hackers ever”.
While hospitals currently only account for a small percentage of ransomware victims, it’s feared that as ransomware becomes an increasingly appealing method of attack for hackers, more and more of them will attack the healthcare sector.
“With cybersecurity threats including ransomware rising at such a rapid rate, organisations are having to come to terms with the fact that it’s fast becoming a question of ‘when’, not ‘if’, they suffer a breach,” says Raj Samani, CTO at EMEA Intel Security. “It’s crucial that the likes of healthcare pick up the pace with cybersecurity. Vulnerabilities in these sectors provide hackers with access to extremely personal, valuable and often irreplaceable data and IP.”
Despite a few high profile cases, Intel Security researchers found that, in most instances, hospitals that became victims of ransomware didn’t pay hackers a ransom. In these cases, it’s likely that organisations found another way to decrypt the files — or they simply deemed the encrypted files to not be important enough to pay to get back.
Cybersecurity researchers and the authorities have both warned about the increasing threat of ransomware to corporate and public sector networks.

Tags: , , , , , , , ,

Introducing ShazzleMail Email and How it Works

Privacy is your Fundamental Human Right.

Our Daily Blog
privacy-coins-and-bitcoin-dominance-guide
Privacy Coins and Bitcoin Dominance Guide
August 7, 2018

The advent of Bitcoin has proved to be a key landmark in the way that money is thought about because...

Read more
Web threat
Privacy Coins Fall Through The Ranks As Market Caps Decline
July 30, 2018

Bitcoin.com has reported that the market caps for many privacy coins have decreased significantly ov...

Read more
venmo_pub_priv
SECURITY NEWS THIS WEEK: MAYBE GO AHEAD AND MAKE YOUR VENMO PRIVATE
July 25, 2018

THIS WEEK STARTED with a controversial, widely derided meeting between President Trump and Russian l...

Read more
4000
WhatsApp WARNING – Chat app blasted in damning new report on privacy
July 17, 2018

The Electronic Frontiers Foundation, EFF, has published its latest annual privacy audit, dubbed Who ...

Read more
imrs
SECURITY NEWS THIS WEEK: CARRIERS STOP SELLING LOCATION DATA IN A RARE PRIVACY WIN
June 26, 2018

WHAT'S THAT? A week with nearly as much good news as bad in the world of privacy and security? It's ...

Read more