Have you created a ShazzleMail account on your smartphone? This is a required first step.

Yes No

Free Encrypted Email

Posts Tagged ‘ShazzleMail’

CnLLlWSVYAM8NTZ

You Are Unknowingly A CIA Subcontractor Agent If You Play PokemonGO. And Here Is Why.

August 29, 2016

Before going in to explanations on why, let me take you to some areas you need to know previous to heading more deeply into this matter. Have you ever before heard of the NGA?
No, not the National Governors Associations, and neither a National Galery of Art.
The NGA which is a National Geospatial-Intelligence Agency (Wikipedia) – is a US Department Of Defense agency that provides location, mapping and imagery intelligence support to NSA and CIA in combat operations.
In 1999 a venture capital firm called In-Q-Tell was founded by former Lockheed Martin CEO Norman Augustine. In-Q-Tel invests in high-tech companies for the sole purpose of keeping the Central Intelligence Agency, and other intelligence agencies, equipped with the latest in information technology in support of United States intelligence capability.
In-Q-Tel’s mission is to identify and invest in companies developing cutting-edge technologies that serve United States national security interests. And much of the In-Q-tel’s funding comes’ from National Geospatial-Intelligence Agency
The firm is seen as a trend-setter in the information technology industry, with the average dollar invested by In-Q-Tel in 2012 attracting nine dollars of investment from other companies.
Former CIA director George Tenet who was Director of Central Intelligence from July 1997 to July 2004 says:
“We [the CIA] decided to use our limited dollars to leverage technology developed elsewhere. In 1999 we chartered … In-Q-Tel. … While we pay the bills, In-Q-Tel is independent of CIA. CIA identifies pressing problems, and In-Q-Tel provides the technology to address them. The In-Q-Tel alliance has put the Agency back at the leading edge of technology … This … collaboration … enabled CIA to take advantage of the technology that Las Vegas uses to identify corrupt card players and apply it to link analysis for terrorists and to adapt the technology that online booksellers use and convert it to scour millions of pages of documents looking for unexpected results”
In 2001, In-Q-Tel invested in “Keyhole Inc.” founded by John Hanke, who previously worked in a “foreign affairs” position within the U.S. government. Key Hole developed 3D “flyby” images of buildings and terrain from geospatial data collected by satellites with the name of the product known to public at that time as “Earth”
In 2004 In-Q-Tel sold it’s shares to Google which resulted in Google’s acquisition of “Key Hole”- the CIA funded satellite mapping software, which after the take over Google rolled it to what we now know as “Google Earth”
As of August 2006, In-Q-Tel had reviewed more than 5,800 business plans, invested some $150 million in more than 90 companies, and delivered more than 130 technology solutions to the intelligence community. In 2005 it was said to be funded with about $37 million a year from the CIA.
In 2010, John Hanke, the founder of Keyhole, has founded Niantic Labs, an internal start up at Google. Over the next few years, Niantic created two location-based apps/games. The first was Field Trip, a smartphone application where users walk around and find things. The second was Ingress, a sci-fi-themed game where players walk around and between locations in the real world.
And here is an interesting connection. The name of the first company founded by John Hanke – “Keyhole Inc” was a homage, a tribute to KH – code name of the satellites utilized in Corona program – a program that was launched back in 1959 by CIA to conduct photographic surveillance of the USSR, People’s Republic of China and other areas with the help of satellites. The Corona satellites were designated KH-1, KH-2, KH-3, KH-4, KH-4A and KH-4B.
KH stood for “Key Hole” or “Keyhole” with the name being an analogy to the act of spying into a person’s room by peering through their door’s keyhole.
It’s easy to see why the CIA would have an interest in the software behind Pokémon Go; the game utilizes the player’s camera and gyroscope to display an image of a Pokémon as though it were in the real world, such as the player’s apartment complex or workplace bathroom.
Software like that could theoretically turn millions of smartphone users into ‘Imperial probe droids’ who take real-time, ground-level footage of their cities and homes, reaching into dark alleyways and basements which spy satellites and Google cars can’t reach. Pokemon Go could be reasonably considered a logical continuation of the Corona program.
Going back to In-Q-Tel, the CIA is not just using games for its purposes in global surveillance, it’s venture firm’s start up projects in App and gaming industry are attracting public interest and participation in promotion of its startups which when successful create global buzz and generate $ billions of profit what in the end brings return on investment to the CIA initially having invested in these startups.
Young people have been tricked by the Pokemon Go into giving up their privacy to these intelligence agencies.And if you already downloaded Pokemon Go, what means you gave access to your Google User ID, Google account and email address, primarily your Gmail account- your email box, it’s a right time to think of moving to a secure and private email services like Shazzlemail which is free and offers end-to-end encryption of your email communications and is on guard of your privacy.

Tags: , , , , , , , ,

leikkausali_neo

Are Unsecure Medical Devices Opening the Backdoor for Hackers?

August 17, 2016

The increased adoption of connected devices into medical services and processes is streamlining and improving the manner in which medicine can be tracked, developed, sourced and distributed.
On call/off site medical staff are also able to access information and source medicine on site, improving service levels and productivity. However, the exponential advantages of integrating connected devices into this industry can potentially open up points of vulnerability which should increase security fears for decision makers.
The biggest threat to any organization, large or small, is understanding who actually has access to information and at what levels they can access the network. With the Internet of Things (IoT), access can come in many shapes and sizes, from an off site doctor accessing medical history and prescription requirements to ambulance and emergency staff needing to log cases.
Medical/health institutions must prioritize the management of user access if they want to ensure they have the adequate security levels around these access points. The variety of job roles that need to access a vast array of files from a connected network will also require different levels of access, for example a doctor on call will need access to all previous medical history and prescription requirements, whereas an on-call care worker may only need medical history and is not qualified to distribute or access prescriptive files.
Therefore organizations must ensure that the right person is accessing the network or device, each time a request takes place with the correct level of attributed trust. However, individual access identification may now not be sufficient enough to fully eliminate security and safety fears in this area.
Although the correct person may have access to a network from a specific place and use the correct logins, there is no guarantee that a rogue infiltrator hasn’t “piggy backed” the connection giving them the same level of access as the individual.
Through effectively moonlighting as the employee or third party, hackers can utilize the open connection to the network to gain the same level of access as the member of staff. This may encourage hackers to potentially target gateway devices such as medical distribution tools that require a network connection. The device in this instance doesn’t hold or contain sensitive information, however it does act as a gateway onto the network.
Now, it is here that access management solutions must be considered to allow damage limitation to take place if a hack does happen, providing granular access controls and monitoring for every access request.
We know hackers use a variety of methods to gain access from rogue emails to downloadable PDF’s that open access to personal and organizational data. However, security implications must also be considered on a more tangible level, in addition to digital and internet driven attacks. If we take reference from the Barclays hack that took place in 2013 and cost the bank £1.3 million, it helps us uncover the level of simplicity, but outright tenacity that some hackers will go to in hope of gaining access to data. This hack saw insiders pose as IT engineers and fitted a device that gave access to its network remotely and allowed them to transfer money into their own accounts.
There are two recommended strategies for organizations to protect themselves against hacks such as this. Firstly, to ensure all staff are trained on the variety of risks that are present when exchanging emails or other digital communications. Secondly, organizations need to protect their networks by securely supervising, auditing and controlling access to their assets, data and IP via a privileged access managed solution.
The increased adoption of connected devices into medical services and processes is streamlining and improving the manner in which medicine can be tracked, developed, sourced and distributed.

Tags: , , , , , , ,

ransomware

Ransomware Is So Hot Criminals Are Sabotaging Each Other’s Ransomware

August 1, 2016

Ransomware, the strain of malware which cryptographically locks a victim’s hard drive until they pay the author an electronic ransom, is super popular among cybercriminals right now. The strategy is so successful, in fact, that some ransomware-makers have apparently begun sabotaging each other’s ransomware to try and take out their competition.
Earlier this week, 3,500 keys for a ransomware known as “Chimera” leaked online, purportedly allowing anyone targeted by it to safely decrypt their ransomed files without having to pony up bitcoins. The decryption keys were apparently posted by the authors of a rival ransomware package called Petya and Mischa, who claimed they had hacked Chimera’s development system, pilfered the keys, and stolen parts of the code.
“Earlier this year we got access to big parts of their deveolpment [sic] system, and included parts of Chimera in our project,” the authors write in a post on Pastebin. “Additionally we now release about 3500 decryption keys from Chimera.”
Chimera is a particularly nasty strain of ransomware which not only locks a victim’s hard drive but threatens to leak their private files online if the ransom isn’t paid. It’s still not clear whether the supposedly-leaked keys will actually decrypt machines affected by the malware, however—the security firm MalwareBytes, which first noticed the leak, says that verifying all the keys will take some time.
In any case, Petya and Mischa’s authors seem to have timed the leak to promote their own ransomware, which is based on the stolen Chimera code and is now being offered as a service to any two-bit cybercriminal willing to shell out bitcoins for it.
The in-fighting seems to indicate another significant, albeit predictable shift in the criminal hacking economy. Previously, ransomware authors have expressed anger at a recent rash of fake ransomware, which display scary messages but don’t actually lock or unlock a victim’s hard drive when the ransom is paid; the thinking is that enough of this fake ransomware could cause people to stop believing they can get their files back when they’re hit with the real thing, endangering future profits.

Tags: , , , , , , ,

hackers-cybercriminals-kris-fenton-under-attack

Old Data Breaches With Personal Information Led To New Cyber Attacks

July 22, 2016

Old breaches led to new breaches as cybercriminals’ ability to use and monetize personal information rose significantly across all industries.
Past cyber-attacks and the tools used to carry them out have led to new breaches, according to key findings in a new mid-year trend report by cyber threat intelligence provider, SurfWatch Labs. In a study of cybercrime events that occurred in the first half of 2016, the stockpile of personal information garnered from old data breaches led to new compromises and lucrative payoffs for cyber criminals.
“When LinkedIn announced in May of this year that their 2012 breach actually impacted 100 million more users than originally thought, other organizations began to see data breaches they attributed to the LinkedIn compromise, widespread password reuse by users and remote access software from services such as GoToMyPC, LogMeIn, and TeamViewer,” said Adam Meyer, chief security strategist, SurfWatch Labs. “Other breached organizations only widened the pool of information available to be stockpiled by bad actors.”
No industry was left untouched, and the tactics used were not new or sophisticated, according to the report that offers a breakdown of industries targeted, the effects of cybercrime and the tactics criminals employed.
SurfWatch Labs collected cyber event activity from thousands of open and Dark Web sources and then categorized, normalized and measured the data for impact based on their CyberFact information model. Highlights from the SurfWatch Labs Cyber Risk Report: 2016 Mid-Year Review include:
• IT and global government were the most targeted industries. Of all the CyberFacts analyzed, the information technology industry was hit the hardest in the first half of 2016. Microsoft was second behind LinkedIn as the top target. After IT, the government sector had the highest number of publicly discussed cybercrime targets, led by a breach at the Commission on Elections in the Philippines.
• The consumer goods sector made up the largest share of industry targets with information bought, sold or otherwise discussed on the dark web.
• Credentials theft is on the rise. Credentials stolen/leaked appeared in 12.7% of the negative CyberFacts in the first half of 2016, up from 8.3% in all of 2015. That rise is driven by massive credential breaches such as LinkedIn, which was the most talked about event over the period.
• Ransomware and extortion are the methods of choice. The first half of 2016 saw a significant spike in ransomware and extortion as researchers, organizations, and government officials scrambled to deal with the growing and costly problem of data or services being held hostage.
“Our research indicates the familiar cadence of ‘we were breached by a sophisticated attack but it has now been contained’ actually contradicts what has really happened so far this year,” said Meyer. “By understanding what the bad guys are up to, we can make better informed forecasts of how cybercrime will impact organizations going forward and therefore what should be done to reduce risk in the future.”

Tags: , , , , , ,

static2.politico.com

Cyber Ransom Attacks Panic Hospitals, Alarm Congress

July 21, 2016

When the Obama administration pushed out a $35 billion incentive program to pay doctors and hospitals to convert to electronic records, the idea was to modernize the health care industry, not serve it up on a platter to cyber criminals.
But now, American hospitals face weekly ransom threats. If they don’t pay up, files get frozen, surgeries delayed and patients sent across town. One of these days, someone could die as a result. And no one in government has a clear plan to handle it.
Such are the unintended consequences of shovel-ready projects.
The incentive program, which started paying out cash in 2011, “thrust tens of thousands of health care providers into the digital age before they were ready,” says David Brailer, chief of health IT in the second Bush administration. “One area where they were woefully unprepared is security. It created thousands of vulnerabilities in hospitals and practices that lack the budget, staff or access to technical skills to deal with them.”
Desperate hospitals have asked the feds for new financial incentives to boost their security. But Congress seems in no mood to cough up the necessary billions. It created a task force to come up with a report on how an alphabet soup of federal agencies can establish a chain of command for health care security.
Meanwhile, cybercrime attacks are mounting so rapidly that they challenge the financial stability of some health systems, according to experts in information security. The intrusions are interfering with efforts to improve data sharing in health care — and could even threaten patient safety.
Just this week, a Kansas hospital said it paid a large ransom to unblock frozen records — then was told it had to pay more in order to free all the files.
“It’s only a matter of time before someone gets hurt,” Sen. Sheldon Whitehouse (D-R.I.) said during a hearing this month after well-publicized ransomware attacks hit hospitals in Kentucky, California and the nation’s capital.
Whitehouse and Sen. Lindsey Graham (R-S.C.) filed a bill this month to punish cyber criminals if their attacks result in health care system deaths or injuries. But first, they’d have to find perpetrators — in Russia, Eastern Europe or in hidden recesses of the Dark Web.
More rules won’t help, Brailer says. Hospital licensing requirements and medical privacy laws already include extensive security requirements, but providers rarely follow best practices, he said.
The FDA and the Office for Civil Rights in the Health and Human Services department use penalties and guidance documents to push providers and device makers to use better “cyber hygiene.”
Members of Congress also want hospitals to be more dutiful. “If you aren’t following good practices, the regulatory environment isn’t going to save you,” says Rep. Will Hurd (R-Texas), leader of the House Oversight cybersecurity subcommittee. While FBI and other agencies can do better at sharing threat intelligence, “health care has to help itself.”
More federal inspections might increase readiness, but none of these measures attack the underlying problem — the massive gap between the industry’s needs and its resources, Brailer said.
Meanwhile, hackers are launching billions of health care-focused attacks. One major health system was bombarded with a million emails in March alone seeking to implant ransomware in its computers. A small Kentucky hospital had 3,500 attacks on Mother’s Day, according to Leslie Krigstein, vice president of the CHIME.
Last year there were 54 “zero-day,” or brand new attacks; approximately once a week, in other words, hackers sent out an electronic bug so novel that no computer could recognize it.
Ransomware is of particular concern. In these attacks, hackers send out code that freeze computer files until the owner pays ransom in untraceable Bitcoins in exchange for a numeric decryption to unfreeze them. The attacks allow hackers to cash in quickly, whereas stolen medical records may be more difficult to monetize. (More than 100 million records were stolen in 2015 — some for sale on the black market or use in Medicare fraud, some by state actors, apparently for intelligence purposes).
Freakout in the C-Suite
For the first time, the threat of cyberattacks is grabbing the attention of senior health care executives, said Russell Branzell, CHIME’s CEO, who says the executives are “freaking out” as we “enter into a security war for health care.”
Cybersecurity legislation signed into law last year allows health care companies to share information about threats they’ve encountered without risk of being sued for any data breaches they reveal. Other privately run organizations also serve this purpose.
But complying with such recommendations can require major investments — millions to hire new security teams and consultants and to buy new software. Added security spending might mean forgoing a new MRI system, or delaying the hiring of new nurses.
“Cyberthreats are knocking on your door every time you open your laptop or your phone,” said Ty Faulkner, a cyber consultant. “If you aren’t monitoring and checking your data, I question whether you are following good business processes.”
But “many of our members can’t afford the technology and tools they need at this point,” said Branzell. “It’s moving so fast that you could update everything, spend way more than you’re budgeting for, then the next wave of bad guy stuff comes up and you’re already behind again.”
“If you peer into the dark minds of a lot of hospital executives, they are rolling the dice as to where they allocate their budgets,” said Clinton Mikel, an attorney with Health Law Partners.
Health care firms are spending vast sums to lure chief information security officers away from the financial and energy sector. The job description hardly existed in health care two years ago — now there are 500 just in Branzell’s organization.
Some companies are hiring security consultants on a semi-permanent basis, said Mac McMillan, co-founder and CEO of CynergisTek — one of those firms. If they don’t spend that big dough, many worry, a criminal breach of their information could result in bankruptcy levels of litigation.
Cyber insurance protects against some costs, but underwriters won’t write a policy unless the hospital system can demonstrate it is already spending plenty to defend itself.
Successful attacks are inevitable, security experts say. They talk of techniques such as compartmentalizing software, so hacks can be confined to a small area of the computer system, or programs that detect unusual computer activity within an organization, signs a bug has already penetrated the system.
“Most organizations can’t do that for themselves,” McMillan said. “More and more, people are saying to us, ‘I want a partner’ because cybercrime has become an industry.”
Medical devices: A ripe target?
The targets of attack within health care are practically limitless. “It’s hard to imagine a more complex and diverse environment than a hospital,” said Dave Palmer of Darktrace, a company whose technology searches for unusual behavior within networks.
“You have doctors and staff walking around with tablets, millions of dollars worth of scanners and sensitive machinery, all of it digitally integrated. You have visiting consultants there, maybe only a few days a week. Staff, porters, cleaning people.”
Users may not understand that bedside devices like monitors need to be secured, said Dennis Gallitano, a leading cyber attorney. Most cyber strategies are built around detecting and keeping out bugs, but “what about tunnels through the backdoor — a fax machine or pump?”
Device manufacturers are not required to meet the privacy and security standards of the Health Insurance Portability and Accountability Act (HIPAA); security experts say their protection is often lax, offering an attractive target for hackers looking for new ways into health systems. The FDA has begun working with manufacturers to improve device cybersecurity.
Security conflicts with transparency
One of the main purposes of electronic health records is to encourage information sharing among doctors, so that patients can be looked after in a more holistic way. Cyberthreats, some worry, could lead to a clampdown, because health care companies are leery of sharing data with institutions that might not be secure.
“There is very much a conflict in health care,” Branzell acknowledged. “The traditional model is, ‘Lock the world down.’ That doesn’t work in a world where we’re being asked to become more and more transparent and engage with our patients … With more patient engagement you’ve got people working from home on their Wi-Fi networks.”
Security should not be used as an excuse to block transparency, says Fred Trotter, a hacker and data journalist who serves on HHS’ Cybersecurity Task Force. In Trotter’s view, the solution is to make a distinction between ordinary cybertheft and hacking that has patient safety implications.
Cyberattacks that might, say, cripple an MRI machine until a ransom is paid, he believes, should be classed with other health IT safety issues, such as poor usability or bad software design that could lead to medical errors.
An evil genius and a wayward duck (or chicken, or pig) are equally capable of starting a lethal viral epidemic. By the same token, it shouldn’t matter whether a hacker or a stuck mouse button creates a clinical safety problem, he said.
HHS’ Office of the National Coordinator for Health IT has tried for years to create a safety center where threats and problems with software can be shared, discussed and remedied.
Congress has refused to provide the budget.

Tags: , , , , , ,

Introducing ShazzleMail Email and How it Works

Privacy is your Fundamental Human Right.

Our Daily Blog
4000
Wikipedia co-founder slams Mark Zuckerberg, Twitter and the ‘appalling’ internet
July 8, 2019

Elizabeth Schulze Wikpedia Co-Founder Larry Sanger said in an interview social media companies ...

Read more
venmo_pub_priv
Why America Needs a Thoughtful Federal Privacy Law
June 26, 2019

More than a dozen privacy bills have been introduced in this Congress. Here’s what it needs to do....

Read more
privacy-coins-and-bitcoin-dominance-guide
9 Important Privacy Settings for Windows 10
June 3, 2019

Matt Powell On Jun 3, 2019 At first glance, the Digital Age may seem like a wonderful thing. And ...

Read more
apple
Apple exec dismisses Google CEO’s criticism over turning privacy into a ‘luxury good’
May 29, 2019

By Jacob Kastrenakes@jake_k May 27, 2019, 12:18pm EDT Apple’s software chief, Craig Federigh...

Read more
telegram-3m
Your Privacy Is Our Business
April 30, 2019

Let us reassure you: You’re worried only because you don’t understand anything about anything. ...

Read more