The Gaurdian

Keyboard warrior: the British hacker fighting for his life – podcast

Guardian Security - Fri, 09/22/2017 - 7:00am

Lauri Love is charged with masterminding a 2013 attack by Anonymous on US government websites. Will Britain allow him to spend the rest of his days in an American prison?

Read the text version here

Subscribe via Audioboom, Apple Podcasts, Soundcloud, Mixcloud, Acast & Sticher and join the discussion on Facebook and Twitter

Continue reading...
Categories: The Gaurdian

Equifax: credit firm was breached before massive May hack

Guardian Security - Tue, 09/19/2017 - 5:53am

Maligned Atlanta-based agency finally goes public on earlier data breach, which happened in March, following reports company only notified payroll customers

Equifax, the credit monitoring agency that lost personal data of 143 million US customers in a massive hack in May, has revealed that it was also the victim of an earlier breach in March.

The earlier breach was serious enough for the company to notify customers, and bring in the information security firm Mandiant to investigate. But the millions of Americans whose personal data the company stockpiles to power its services are not technically customers of the company, and so it did not inform them.

Continue reading...
Categories: The Gaurdian

CCleaner: 2m users install anti-malware program … that contains malware

Guardian Security - Tue, 09/19/2017 - 2:00am

Tool now owned by security firm Avast was hacked via a supply chain attack, an increasingly common method of infection

More than two million users of anti-malware tool CCleaner installed a version of the software that had been hacked to include malware, the app’s developer confirmed on Monday.

Piriform, the developer of CCleaner now owned by security firm Avast, says that its download servers were compromised at some point between 15 August, when it released version v5.33.6162 of the software, and 12 September, when it updated the servers with a new version.

Continue reading...
Categories: The Gaurdian

It’s one rule for big data, another for its victims | John Naughton

Guardian Security - Sun, 09/17/2017 - 2:00am
The massive – and avoidable – data breach at credit agency Equifax has left millions of consumers at risk, but don’t expect anyone to be held to account

Last week, much of the tech world was temporarily unhinged by a circus in Cupertino, where a group of ageing hipster billionaires unveiled some impressive technology while miming the argot of teenage fandom (incredible, amazing, awesome, etc) and pretending that they were changing the world. Meanwhile, over in the real world, another tech story was unfolding. Except that this is not just a tech story: it’s a morality tale about how we have come to inhabit a world in which corporate irresponsibility, incompetence and greed goes unpunished, while little people can’t get a loan because they have an incorrect blemish on their credit records, which is almost impossible to detect and correct.

This story concerns Equifax, an outfit of which I’m guessing you’ve never heard. Nor had I. It’s one of the three largest American credit agencies (the others are Experian and TransUnion). Its business – its only business – is to collect, securely store and aggregate information on more than 800 million individual consumers and nearly 90m businesses worldwide. If your application for a loan is declined, or your credit card suddenly ceases to work, the chances are that it’s because some kind of warning flag has popped up on the screens of one of these three companies. So the personal information that these agencies hold is the most sensitive and potent kind of data there is.

Equifax will continue its erratic custody of precious data because it’s too important to the US economy to be shut down

Related: How credit score agencies have the power to make or break lives

Continue reading...
Categories: The Gaurdian

Equifax hack puts data of 400,000 UK customers at risk

Guardian Security - Sat, 09/16/2017 - 6:23am

US credit rating firm’s announcement comes after UK authorities order it to alert British clients of cybersecurity breach

About 400,000 people in the UK may have had their information stolen following a cybersecurity breach at the credit monitoring firm Equifax.

The US company said an investigation had revealed that a file containing UK consumer information “may potentially have been accessed”.

Related: Equifax hack: two executives to leave company after breach

Related: Equifax hack: credit monitoring company criticized for poor response

Continue reading...
Categories: The Gaurdian

Why do big hacks happen? Blame Big Data | Jathan Sadowski

Guardian Security - Fri, 09/08/2017 - 10:35am

The Equifax hack, which exposed 143 million people, is a reminder that data companies have too much power

Equifax, one of the largest credit reporting agencies, revealed on Thursday that it was hacked back in May, exposing the personal data of up to 143 million people. The data accessed by hackers contains extremely sensitive information like social security numbers, birth data, consumer’s names, driver’s license numbers and credit card numbers.

This breach is a monumental failure of cybersecurity, which raises many pressing privacy concerns. However, beyond those issues, it also illustrates a fundamental problem of the data economy as a whole: databanks like Equifax are too big.

No longer can these companies be allowed to exist in the shadows quietly sucking up alarming amounts of personal data

Continue reading...
Categories: The Gaurdian

Equifax told to inform Britons whether they are at risk after data breach

Guardian Security - Fri, 09/08/2017 - 9:42am

US-based credit ratings firm says records of UK citizens were among those unlawfully accessed during cyber-attack in July

Equifax, the US credit ratings firm victim to an unlawful breach of security, has been told to inform British residents “at the earliest opportunity” if their personal information has been put at risk, the Information Commissioner said on Friday.

Equifax says it holds details on over 44 million Britons, and said that records of UK and Canadians citizens were among the unlawfully accessed confidential data for 143 million Americans.

Continue reading...
Categories: The Gaurdian

Keyboard warrior: the British hacker fighting for his life

Guardian Security - Fri, 09/08/2017 - 1:00am

Lauri Love is charged with masterminding a 2013 attack by Anonymous on US government websites. Will Britain allow him to spend the rest of his days in an American prison?

In October 2013, Lauri Love was drinking coffee in his dressing gown in his bedroom at his parents’ house in the village of Stradishall, Suffolk, when his mother called upstairs to say there was a deliveryman at the front door. Love, whose first name is pronounced “Lowry”, like the English painter, clomped downstairs. In the front doorway was a man dressed in a UPS uniform. “Are you Lauri Love?” the man asked. “Yes,” Love said. In a single motion, the man grabbed Love’s arm while presenting, not a package, but a pair of rattling handcuffs.

For the next five hours, while dusk turned to evening outside, Love, then 28, and his parents sat in the front room as a dozen or so men from the National Crime Agency, which investigates organised crime and other serious offences, checked the computers in the house. In Love’s bedroom, they found two laptops, and a PC tower humming on his desk. Among the bewildering Rolodex of open tabs in Love’s internet browsers, the officers found accounts logged into several hacker forums and arcane internet chatrooms. Downstairs, Love, who knew that anything said in these limbo moments of investigation could be later used against him, kept the conversation to small talk about the weather and football.

Continue reading...
Categories: The Gaurdian

Hacking risk leads to recall of 500,000 pacemakers due to patient death fears

Guardian Security - Thu, 08/31/2017 - 8:23am

FDA overseeing crucial firmware update in US to patch security holes and prevent hijacking of pacemakers implanted in half a million people

Almost half a million pacemakers have been recalled by the US Food and Drug Administration (FDA) due to fears that their lax cybersecurity could be hacked to run the batteries down or even alter the patient’s heartbeat.

The recall won’t see the pacemakers removed, which would be an invasive and dangerous medical procedure for the 465,000 people who have them implanted: instead, the manufacturer has issued a firmware update which will be applied by medical staff to patch the security holes.

Continue reading...
Categories: The Gaurdian

Instagram: celebrity contact details leaked after nude Bieber photos posted

Guardian Security - Thu, 08/31/2017 - 6:11am

Phone numbers and email addresses of high-profile users exposed just days after Selena Gomez’s account posted naked shots of ex-boyfriend Bieber

A bug in Instagram that allowed criminals to steal the private information of celebrities has come to light just days after hackers took over the account of Selena Gomez to post nude pictures of Justin Bieber.

Instagram admitted that the bug within its application programming interface (API) allowed at least one person to gain access to the private email addresses and phone numbers of high-profile users.

Continue reading...
Categories: The Gaurdian

WikiLeaks 'hacked' as OurMine group answers 'hack us' challenge

Guardian Security - Thu, 08/31/2017 - 5:32am

Julian Assange’s data-leaking site defaced via DNS attack, showing humiliating messages for organisation that prides itself on being tech savvy

WikiLeaks suffered an embarrassing cyber-attack when Saudi Arabian-based hacking group OurMine took over its web address.

The attack saw visitors to WikiLeaks.org redirected to a page created by OurMine which claimed that the attack was a response to a challenge from the organisation to hack them.

Related: Explainer: what is 'DNS', why does it matter and how does it work?

Continue reading...
Categories: The Gaurdian

Spambot leaks more than 700m email addresses in huge data breach

Guardian Security - Wed, 08/30/2017 - 5:53am

Millions of passwords also contained in breach, a result of spammers collecting information in attempt to break in to users’ email accounts

More than 700m email addresses, as well as a number of passwords, have leaked publicly thanks to a misconfigured spambot, in one of the largest data breaches ever.

The number of real humans’ contact details contained in the dump is likely to be lower, however, due to the number of fake, malformed and repeated email addresses contained in the dataset, according to data breach experts.

Continue reading...
Categories: The Gaurdian