hacked」タグアーカイブ

Google knows if your passwords were hacked

Google is attempting to make Chrome users more secure with the release of a new extension that automatically checks to see if the passwords you are using are safe. It’s called Password Checkup and it launched today.

It doesn’t matter how strong a password is, if the account your are protecting suffers a data breach it could end up in the hands of hackers. Keeping track of which data breaches affect you is difficult, and it’s why password managers started getting popular and offering to automatically update passwords for you on a regular basis. A good example of that is LastPass.

Now Google is making Chrome users more secure if they take the time to install a new, free extension called Password Checkup. Once installed, it will check every time you sign in to an account using a username and password. If the password used appears on any data breach lists the user will receive an alert urging them to reset the password. If the same password is used for other accounts then an alert will be sent for those, too.

Google is making it very clear that using Password Checkup does not share any identifying information about users, their accounts, passwords, or devices. The only information shared is anonymous and regarding the number of lookups that return an unsafe set of credentials. In other words, there’s no real downside to installing the extension and helping protect your online accounts.

More From PCmag

This article originally appeared on PCMag.com.

Hacked Nest security cameras watch Illinois family, hurl obscenities, as company blames ‘compromised passwords’

A family in Illinois was horrified when the Nest security system they’d purchased to give them peace of mind was taken over by a hacker — the latest example of what the tech company has called a “third-party hack.”

Arjun Sud was outside of his son’s room on Sunday when he heard a man’s voice talking to his 7-month-old via the security system’s speaker, according to CBS.

“I was shocked to hear a deep, manly voice talking to my 7-month-old son,” Sud told CBS. “My blood ran cold.”

The hidden intruder was reportedly taunting Sud and his family, uttering obscenities that included the N-word. The family also believes the hacker jacked up their thermostat to 90 degrees.

$ 190 MILLION GONE FOREVER? CRYPTO BOSS DIES WITH PASSWORDS NEEDED TO UNLOCK CUSTOMER ACCOUNTS

Sud’s wife called the incident “terrifying.”

The family, which has been using Nest for years, eventually unplugged all the cameras and called the police. They also called Nest.

“And then they said, ‘Well, you should have used a unique password and two-factor authentication, and if you did, you know, that would be that,'” Sud said.

Sud now questions Nest’s security.

GOT AN IPHONE X? TRY ON WARBY PARKER GLASSES AT HOME

“When I called Nest and I said, ‘How long has this been going on for? How long has someone kind of been watching us?’ ‘We don’t know. We can’t tell you. We don’t have the logs,’” Sud told CBS.

In January, a California family was warned of an impending missile attack from North Korea after their Nest home security system was taken over by hackers.

A spokesperson for Google, the parent company of Nest, previously sent Fox News the following statement:

“These recent reports are based on customers using compromised passwords (exposed through breaches on other websites). In nearly all cases, two-factor verification eliminates this type of security risk.”

CLICK HERE TO GET THE FOX NEWS APP

The Google spokesperson continued: “We take security in the home extremely seriously, and we’re actively introducing features that will reject compromised passwords, allow customers to monitor access to their accounts and track external entities that abuse credentials.”

Hacked Nest camera warned of North Korean ‘missile attack,’ family says

There are ballistic missiles headed to three American cities and President Trump has been moved to a secure facility.

That’s the highly disturbing message that Laura Lyons and her family received on Sunday in Orinda, Calif. Unsure of what to do, they comforted their son and tried to find media confirmation of the supposedly impending attack.

It warned that the United States had retaliated against Pyongyang and that people in the affected areas had three hours to evacuate,” Lyons told the Mercury News. “It sounded completely legit, and it was loud and got our attention right off the bat.  It was five minutes of sheer terror and another 30 minutes trying to figure out what was going on.”

Closer scrutiny revealed that the blaring sound was coming from their Nest home security camera, which was situated on top of their television.

MARINE CORPS BUILDS NEW AMPHIBIOUS COMBAT VEHICLE FOR ‘DEEP STRIKE’ ATTACKS

A manager at Nest told the family they were likely victims of a “third-party hack,” which allowed someone to access their camera and its speakers with a compromised password.

“These recent reports are based on customers using compromised passwords (exposed through breaches on other websites). In nearly all cases, two-factor verification eliminates this type of security risk,” a spokesperson for Google, which owns Nest, told Fox News via email.

Lyons told the newspaper that she wasn’t aware the device had speakers and a microphone, and she disabled them shortly after the incident.

FACEBOOK’S PETITION FEATURE COULD BE ITS NEXT BATTLEFIELD

The Google spokesperson continued: “We take security in the home extremely seriously, and we’re actively introducing features that will reject comprised passwords, allow customers to monitor access to their accounts and track external entities that abuse credentials.”

As more people use devices like Nest, Amazon’s Alexa and Google Home, and as tech companies push the notion of smart homes with a range of connected appliances, hackers and other bad actors will try to exploit technological vulnerabilities. According to a study from computer scientists at The College of William and Mary, home devices like smart plugs and light bulbs could provide an easy entry point for hackers.

Sure enough, incidents of data breaches have become much more commonplace.

Back in December, a family in Houston told The Washington Post that they heard a stranger’s voice spewing “sexual expletives” through a baby monitor in their infant’s room. Like something out of a horror movie, when they turned on the lights, their Nest security camera activated and the voice told them to turn off the lights before threatening to kidnap their child.

In November, a man who is part of a collective of so-called white-hat hackers, Hank Fordham, hacked into an Arizona man’s Nest security camera. His goal, he told Vice, was to warn people that their accounts may not be so secure.

According to Vice: “If you use the same email and password to log in to multiple accounts, a hacker can easily gain access to them just by popping in credentials leaked in a previous breach. There is even software that will automatically try the logins of all the users in a dataset to find which ones work.”

A gigantic set of data that included 772 million unique email addresses and 21 million unique passwords was exposed on a hacking forum earlier this month, detailed by security researcher Troy Hunt, who maintains Have I Been Pwned — which allows you to see whether your particular passwords or emails have been compromised.

A week ago, a cybersecurity researcher discovered that millions of FBI files, social security numbers and sensitive emails were leaked from the Oklahoma Securities Commission because the data was left “unprotected.” In November, Marriott International admitted that the personal details of up to 500 million guests had been exposed due to a breach of its guest database. Early last year, the credit reporting agency Equifax said the data breach it had previously announced was worse, impacting at least 147.9 million people.

In one of the largest data leaks in Germany’s history, a 20-year-old hacker exposed the private information of 900 public officials.

How a hacked phone may have led killers to Khashoggi

(CNN)Jamal Khashoggi probably thought the messages he was sending to fellow Saudi dissident Omar Abdulaziz were hidden, cloaked in WhatsApp security. In reality they were compromised -- along with the rest of Abdulaziz's phone, which had allegedly been infected by Pegasus, a powerful piece of malware designed to spy on its users.

Abdulaziz, as CNN reported last month, is suing the creators of Pegasus, Israel-based cyber company NSO Group, accusing them of violating international law by selling the software to oppressive regimes.
NSO has denied any involvement in the death of Khashoggi, insisting its software is "only for use fighting terrorism and crime."
The company was condemned as "the worst of the worst" by NSA whistleblower Edward Snowden during a video conference with an Israeli audience last November.
    "The NSO Group in today's world, based on the evidence we have, they are the worst of the worst in selling these burglary tools that are being actively currently used to violate the human rights of dissidents, opposition figures, and activists," Snowden said.

    Remembering Jamal Khashoggi, 100 days on

    Remembering Jamal Khashoggi, 100 days on

      JUST WATCHED

      Remembering Jamal Khashoggi, 100 days on

    MUST WATCH

    Remembering Jamal Khashoggi, 100 days on 18:33

    Big threat

    I witnessed the power of Pegasus two years ago. Mobile security experts at Check Point, one of the world leaders in cyber security, showed me how they could hack a phone with one click, gaining complete access to its microphone, camera, keyboard, and data.
    They say the malware they used was similar to Pegasus: An apparently innocent message appeared on my phone asking me to update my settings, and that was all they needed to access the phone.
    Cyber security expert Michael Shaulov launched a cybersecurity startup in 2010, partly in response to what he saw as the potential threat of Pegasus.
    "Even when [NSO Group sells] the software to specifically the law enforcement agency that specifically bought it, in the case that those guys want to go after what we call illegitimate targets, NSO has no control [over it]," he says. "They cannot really prevent it."
    NSO Group says it follows up all claims of misuse, and has the ability to terminate a contract if misuse is uncovered, or if a client running its technology refuses to allow it to carry out an investigation.
    The company's technology takes advantage of what is known as "zero days" -- hidden vulnerabilities in operating systems and apps that grant elite hackers access to the inner workings of the phone. The term is derived from the fact that software developers have had no time to fix them.
    Companies like NSO have teams of researchers continuously reverse-engineering Apple and Android operating systems to find bugs in the code they can then exploit, Shaulov says, describing the process of finding zero days as an "art" in the largely black and white world of cyber security.
    NSO Group's singular focus on mobile devices has made them the "alpha dog" in the market, Shaulov says.
    Finding a zero day can take anywhere from a few months to more than a year, and there is little guarantee of its long-term effectiveness. But if the weakness isn't fixed, it can be exploited repeatedly to hack phones. Software developers such as Apple and Google have teams devoted to finding and fixing vulnerabilities, but it's no easier for them than it is for hackers to find the weak link. In addition, developers' priorities may lie elsewhere, so even known bugs remain unfixed.
    "Unless Apple or Google fixes that bug, that vulnerability ... can stay for many, many years and NSO can continuously sell software that can go through those bugs in the software and infect those phones," says Shaulov.
    Researchers at the Toronto-based Citizen Lab have tracked the use of NSO Group's Pegasus software to 45 countries where operators "may be conducting surveillance operations," including at least 10 Pegasus operators who "appear to be actively engaged in cross-border surveillance."

    TIME magazine names 2018 'Person of the Year'

    TIME magazine names 2018 'Person of the Year'

      JUST WATCHED

      TIME magazine names 2018 'Person of the Year'

    MUST WATCH

    TIME magazine names 2018 'Person of the Year' 00:57

    Khashoggi: 'God help us'

    The software, able to infect a phone after a single click on a link in a fake text message, then grants hackers complete access to the phone. Data stored on the phone, messages, phone calls and even GPS location data are visible, allowing hackers to see where someone is, who he or she is talking to, and about what.
    In the case of Khashoggi, Citizen Lab researchers say the text message went to Abdulaziz, disguised as a shipping update about a package he had just ordered. The link, which Citizen Lab says it traced to a domain connected to Pegasus, led to Abdulaziz's phone becoming infected with the malware, giving hackers access to virtually his entire phone, including his daily conversations with Khashoggi.
    In one text, before his death on October 2 at the Saudi consulate in Istanbul, Khashoggi learned that his conversations with Abdulaziz may have been intercepted. "God help us," he wrote. CNN was granted access to the correspondence between Khashoggi and Montreal-based activist Abdulaziz.
    Two months later Khashoggi entered the building for what he thought was a routine appointment to pick up papers that would allow him to marry his Turkish fiancée, Hatice Cengiz. Minutes later, he was killed in what the Saudi attorney general later acknowledged was a premeditated murder.
    The Saudis have presented shifting stories about Khashoggi's fate, initially denying any knowledge before arguing that a group of rogue operators, many of whom belong to Saudi Crown Prince Mohammed bin Salman's inner circle, were responsible for the journalist's death.
    Riyadh has maintained that neither bin Salman nor King Salman knew of the operation to target Khashoggi. US officials, however, have said such a mission -- including 15 men sent from Riyadh -- could not have been carried out without the authorization of bin Salman.

    WaPo editor: Crown Prince in global thugs club

    WaPo editor: Crown Prince in global thugs club

      JUST WATCHED

      WaPo editor: Crown Prince in global thugs club

    MUST WATCH

    WaPo editor: Crown Prince in global thugs club 01:20

    NSO speaks out

    In the first interview given by NSO Group since the company was implicated in the Khashoggi case, CEO Shalev Hulio categorically denied any involvement in the tracking of the Saudi journalist or his killing. Calling his death a "shocking murder," Hulio said that following checks carried out by NSO Group, the company would have known immediately if their software had been used to track a journalist.
    "We conducted a thorough check of all our clients, not just one client who may be a potential suspect involved in the case, but also other clients who might perhaps have an interest in following him for some reason," explained Hulio in the interview with Yedioth Ahronoth, one of Israel's largest newspapers. "We checked all our clients, both through conversations with them, and through a fool-proof technological check. The systems produce their own documentation, and it is not possible to act against this or that target without us being able to check it."
    "I'm saying on the record that after all these checks there was no use of any NSO product or technology on Khashoggi; and that includes tapping, monitoring, finding location, or gathering intelligence. Exclamation mark! The story is simply not true."
    Shalev Hulio -- whose first name is the "S" in NSO -- says NSO Group can disconnect a client's software if it is used inappropriately or against improper targets, like journalists or human rights activists who are just doing their jobs.
    "In cases where the system is misused, assuming we are aware of it, the technological system that we sold them will be immediately disconnected; that is something we are able to do both technologically and legally."
    Hulio said that NSO has "permanently" shut off the systems of three clients because of misuse, though he did not specify which clients.
    Asked repeatedly if Pegasus had been sold to Saud al-Qahtani, a high-ranking Saudi official accused by Saudi prosecutors of playing a major role in Khashoggi's murder, who has close ties to Crown Prince Mohammed bin Salman, Hulio said it had not, and insisted that NSO does not sell to "private elements."
    "All sales are authorized by Israel's Defense Ministry and are only made to states and their police and law enforcement organizations," he said, and "only for use fighting terrorism and crime."
    Asked point blank if NSO Group sold the system to Saudi Arabia, Hulio said, "We do not comment on any questions about specific clients. We can neither deny or confirm."
    Worldwide, Hulio said there are no more than 150 "active targets" currently being tracked with NSO's technology. He said the previous year was the best in the company's history and that the system had been sold to "dozens of countries worldwide on all continents apart from Antarctica."
    Hulio repeatedly portrayed his company as one that helped the world's intelligence agencies fight terrorism, touting the lives saved by the technology.
    "I will say with modesty that thousands of people in Europe owe their lives to the hundreds of workers [we have] in Herzliya," he said referring to the Israeli town where the company is based. "I reiterate that any use [of our technology] that goes beyond the criteria of saving human lives at risk from crime or terror will prompt our company to take immediate steps, unequivocally and decisively."

    Potential attack surface

    The findings of Citizens Lab, which Hulio dismissed as inaccurate, paint "a bleak picture of the human rights risk" of Pegasus, Citizen Lab say, adding that "at least six countries with significant Pegasus operations have previously been linked to abusive use of spyware to target civil society, including Bahrain, Kazakhstan, Mexico, Morocco, Saudi Arabia, and the United Arab Emirates."
    Apple, Google and other tech firms are constantly working to fix bugs and close zero days in their software. New features they introduce brings with it new code, introducing the possibility of new vulnerabilities. The software developers devote millions of dollars to close these vulnerabilities before they're discovered; hackers devote time and energy to discover them before they're closed. It's a 21st century digital arms race.
    Adam Donenfeld, a researcher who focuses on mobile security at Zimperium, says the number of places to hack a phone, called potential attack surfaces, are nearly limitless.
    Donenfeld says it's hard to pin down precisely how many exist, "but way more than people think. There are a lot of them ... there are always new vulnerabilities being introduced to devices."
    Any interaction, however simple, between a device and a phone is a potential attack surface. Donenfeld uses the example of chat applications, but says it's not just chat apps that provide potential ways in for hackers.
    If a hacker sends a video to your phone, even before you open it, your phone has already received some metadata about the video. It has also notified the hacker that the video has been received. You don't need to click on the video or accept the message to create a potential attack surface.
    "I can send you a malicious data packet that can cause some memory corruption on your phone that can happen remotely just by you having [a chat app]," explains Donenfeld. "You receive messages even if the app is closed because it runs in the background, [so] there is the possibility of running code on your device without you knowing about it."

    Value of malware

    Though the number of potential attack surfaces may by nearly limitless, very few offer the complete access elite hackers seek. In addition, there are relatively few cyber experts who understand how to take advantage of the zero day vulnerabilities.
    The scarcity of zero days, coupled with the technical difficulty needed to uncover them, makes them incredibly valuable to the right buyer.
    "If you have a working complete chain, it is definitely [worth] more than a million dollars," says Donenfeld. "There's always demand. There's always someone going to buy them."
    NSO Group has apparently capitalized on that demand, making them a multi-million-dollar company with a powerful product.
    But that product -- Pegasus -- has also put NSO at the center of a series of lawsuits that alleged use of the malware, as in the case of Jamal Khashoggi, violated international law.
    NSO told CNN in December Abdulaziz's lawsuit was "completely unfounded," and that it showed "no evidence that the company's technology was used."
      "The lawsuit appears to be based on a collection of press clippings that have been generated for the sole purpose of creating news headlines," NSO said in a statement. "In addition, products supplied by NSO are operated by the government customer to whom they are supplied, without the involvement of NSO or its employees."
      This story has been updated to clarify how NSO Group investigates possible misuse of its products.

      Dems allege they were hacked, likely by Russian intel, after 2018 midterms

      The Democratic National Committee (DNC) claims it was targeted in a cyber attack – likely by Russian intelligence – just days after November’s midterm elections.

      The allegation was revealed in court documents filed overnight Thursday, with the DNC saying the hackers appear to have used the same techniques as the Russian hacking group “Cozy Bear” – or APT 29 – that is allegedly linked to Russian intelligence.

      The cyber attack appears to have been unsuccessful, the DNC said in the complaint — which is also a part of the lawsuit against the Russian government over claims the organizations was hacked during the 2016 presidential election.

      12 RUSSIAN INTEL OFFICIALS INDICTED FOR ALLEGEDLY HACKING CLINTON CAMPAIGN, DNC EMAILS: WHAT TO KNOW

      “On November 14, 2018, dozens of DNC email addresses were targeted in a spear-phishing campaign, although there is no evidence that the attack was successful,” the DNC wrote in the complaint, according to ABC News.

      “Therefore, it is probable that Russian intelligence again attempted to unlawfully infiltrate DNC computers in November 2018,” the filing added.

      The filings indicate that the alleged Russian group used the so-called “spear-phishing” technique in which hackers send a malicious link from a supposedly legitimate person or a source to people in an attempt to trick them into opening the link that would allow the hackers to steal data.

      WIKILEAKS REQUESTS DISMISSAL OF DNC LAWSUIT, CITING FIRST AMENDMENT RIGHTS: REPORTS

      In the most recent alleged cyber attack against the DNC, hackers used email accounts that falsely gave an impression they were from the U.S. State Department, cybersecurity firm FireEye said in an article. They reportedly targeted various entities, including defense contractors.

      But FireEye doesn’t say that the cyber attack definitely came from Russia – only that the effort mirrors the techniques used by groups linked to Russian intelligence.

      “There are several similarities and technical overlaps between the 14 November 2018, phishing campaign and the suspected APT29 phishing campaign on 9 November 2016, both of which occurred shortly after U.S. elections,” the firm wrote.

      CLICK HERE TO GET THE FOX NEWS APP

      “APT29 is a sophisticated actor, and while sophisticated actors are not infallible, seemingly blatant mistakes are cause for pause when considering historical uses of deception by Russian intelligence services,” it added.

      How a hacked phone may have led killers to Khashoggi

      Video may show Khashoggi's body being moved

        JUST WATCHED

        Video may show Khashoggi’s body being moved

      MUST WATCH

      Video may show Khashoggi’s body being moved 02:54

      (CNN)Jamal Khashoggi probably thought the messages he was sending to fellow Saudi dissident Omar Abdulaziz were hidden, cloaked in WhatsApp security. In reality they were compromised — along with the rest of Abdulaziz’s phone, which had allegedly been infected by Pegasus, a powerful piece of malware designed to spy on its users.

      Abdulaziz, as CNN reported last month, is suing the creators of Pegasus, Israel-based cyber company NSO Group, accusing them of violating international law by selling the software to oppressive regimes.
      NSO has denied any involvement in the death of Khashoggi, insisting its software is “only for use fighting terrorism and crime.”
      The company was condemned as “the worst of the worst” by NSA whistleblower Edward Snowden during a video conference with an Israeli audience last November.
        “The NSO Group in today’s world, based on the evidence we have, they are the worst of the worst in selling these burglary tools that are being actively currently used to violate the human rights of dissidents, opposition figures, and activists,” Snowden said.

        Remembering Jamal Khashoggi, 100 days on

        Remembering Jamal Khashoggi, 100 days on

          JUST WATCHED

          Remembering Jamal Khashoggi, 100 days on

        MUST WATCH

        Remembering Jamal Khashoggi, 100 days on 18:33

        Big threat

        I witnessed the power of Pegasus two years ago. Mobile security experts at Check Point, one of the world leaders in cyber security, showed me how they could hack a phone with one click, gaining complete access to its microphone, camera, keyboard, and data.
        They say the malware they used was similar to Pegasus: An apparently innocent message appeared on my phone asking me to update my settings, and that was all they needed to access the phone.
        Cyber security expert Michael Shaulov launched a cybersecurity startup in 2010, partly in response to what he saw as the potential threat of Pegasus.
        “Even when [NSO Group sells] the software to specifically the law enforcement agency that specifically bought it, in the case that those guys want to go after what we call illegitimate targets, NSO has no control [over it],” he says. “They cannot really prevent it.”
        NSO Group says it can monitor the usage of all of its software by all of its clients, but would need to actively check how clients were using their products before becoming aware of any possible misuse.
        The company’s technology takes advantage of what is known as “zero days” — hidden vulnerabilities in operating systems and apps that grant elite hackers access to the inner workings of the phone. The term is derived from the fact that software developers have had no time to fix them.
        Companies like NSO have teams of researchers continuously reverse-engineering Apple and Android operating systems to find bugs in the code they can then exploit, Shaulov says, describing the process of finding zero days as an “art” in the largely black and white world of cyber security.
        NSO Group’s singular focus on mobile devices has made them the “alpha dog” in the market, Shaulov says.
        Finding a zero day can take anywhere from a few months to more than a year, and there is little guarantee of its long-term effectiveness. But if the weakness isn’t fixed, it can be exploited repeatedly to hack phones. Software developers such as Apple and Google have teams devoted to finding and fixing vulnerabilities, but it’s no easier for them than it is for hackers to find the weak link. In addition, developers’ priorities may lie elsewhere, so even known bugs remain unfixed.
        “Unless Apple or Google fixes that bug, that vulnerability … can stay for many, many years and NSO can continuously sell software that can go through those bugs in the software and infect those phones,” says Shaulov.
        Researchers at the Toronto-based Citizen Lab have tracked the use of NSO Group’s Pegasus software to 45 countries where operators “may be conducting surveillance operations,” including at least 10 Pegasus operators who “appear to be actively engaged in cross-border surveillance.”

        TIME magazine names 2018 'Person of the Year'

        TIME magazine names 2018 'Person of the Year'

          JUST WATCHED

          TIME magazine names 2018 ‘Person of the Year’

        MUST WATCH

        TIME magazine names 2018 ‘Person of the Year’ 00:57

        Khashoggi: ‘God help us’

        The software, able to infect a phone after a single click on a link in a fake text message, then grants hackers complete access to the phone. Data stored on the phone, messages, phone calls and even GPS location data are visible, allowing hackers to see where someone is, who he or she is talking to, and about what.
        In the case of Khashoggi, Citizen Lab researchers say the text message went to Abdulaziz, disguised as a shipping update about a package he had just ordered. The link, which Citizen Lab says it traced to a domain connected to Pegasus, led to Abdulaziz’s phone becoming infected with the malware, giving hackers access to virtually his entire phone, including his daily conversations with Khashoggi.
        In one text, before his death on October 2 at the Saudi consulate in Istanbul, Khashoggi learned that his conversations with Abdulaziz may have been intercepted. “God help us,” he wrote. CNN was granted access to the correspondence between Khashoggi and Montreal-based activist Abdulaziz.
        Two months later Khashoggi entered the building for what he thought was a routine appointment to pick up papers that would allow him to marry his Turkish fiancée, Hatice Cengiz. Minutes later, he was killed in what the Saudi attorney general later acknowledged was a premeditated murder.
        The Saudis have presented shifting stories about Khashoggi’s fate, initially denying any knowledge before arguing that a group of rogue operators, many of whom belong to Saudi Crown Prince Mohammed bin Salman’s inner circle, were responsible for the journalist’s death.
        Riyadh has maintained that neither bin Salman nor King Salman knew of the operation to target Khashoggi. US officials, however, have said such a mission — including 15 men sent from Riyadh — could not have been carried out without the authorization of bin Salman.

        WaPo editor: Crown Prince in global thugs club

        WaPo editor: Crown Prince in global thugs club

          JUST WATCHED

          WaPo editor: Crown Prince in global thugs club

        MUST WATCH

        WaPo editor: Crown Prince in global thugs club 01:20

        NSO speaks out

        In the first interview given by NSO Group since the company was implicated in the Khashoggi case, CEO Shalev Hulio categorically denied any involvement in the tracking of the Saudi journalist or his killing. Calling his death a “shocking murder,” Hulio said that following checks carried out by NSO Group, the company would have known immediately if their software had been used to track a journalist.
        “We conducted a thorough check of all our clients, not just one client who may be a potential suspect involved in the case, but also other clients who might perhaps have an interest in following him for some reason,” explained Hulio in the interview with Yedioth Ahronoth, one of Israel’s largest newspapers. “We checked all our clients, both through conversations with them, and through a fool-proof technological check. The systems produce their own documentation, and it is not possible to act against this or that target without us being able to check it.”
        “I’m saying on the record that after all these checks there was no use of any NSO product or technology on Khashoggi; and that includes tapping, monitoring, finding location, or gathering intelligence. Exclamation mark! The story is simply not true.”
        Shalev Hulio — whose first name is the “S” in NSO — says NSO Group can disconnect a client’s software if it is used inappropriately or against improper targets, like journalists or human rights activists who are just doing their jobs.
        “In cases where the system is misused, assuming we are aware of it, the technological system that we sold them will be immediately disconnected; that is something we are able to do both technologically and legally.”
        Hulio said that NSO has “permanently” shut off the systems of three clients because of misuse, though he did not specify which clients.
        Asked repeatedly if Pegasus had been sold to Saud al-Qahtani, a high-ranking Saudi official accused by Saudi prosecutors of playing a major role in Khashoggi’s murder, who has close ties to Crown Prince Mohammed bin Salman, Hulio said it had not, and insisted that NSO does not sell to “private elements.”
        “All sales are authorized by Israel’s Defense Ministry and are only made to states and their police and law enforcement organizations,” he said, and “only for use fighting terrorism and crime.”
        Asked point blank if NSO Group sold the system to Saudi Arabia, Hulio said, “We do not comment on any questions about specific clients. We can neither deny or confirm.”
        Worldwide, Hulio said there are no more than 150 “active targets” currently being tracked with NSO’s technology. He said the previous year was the best in the company’s history and that the system had been sold to “dozens of countries worldwide on all continents apart from Antarctica.”
        Hulio repeatedly portrayed his company as one that helped the world’s intelligence agencies fight terrorism, touting the lives saved by the technology.
        “I will say with modesty that thousands of people in Europe owe their lives to the hundreds of workers [we have] in Herzliya,” he said referring to the Israeli town where the company is based. “I reiterate that any use [of our technology] that goes beyond the criteria of saving human lives at risk from crime or terror will prompt our company to take immediate steps, unequivocally and decisively.”

        Potential attack surface

        The findings of Citizens Lab, which Hulio dismissed as inaccurate, paint “a bleak picture of the human rights risk” of Pegasus, Citizen Lab say, adding that “at least six countries with significant Pegasus operations have previously been linked to abusive use of spyware to target civil society, including Bahrain, Kazakhstan, Mexico, Morocco, Saudi Arabia, and the United Arab Emirates.”
        Apple, Google and other tech firms are constantly working to fix bugs and close zero days in their software. New features they introduce brings with it new code, introducing the possibility of new vulnerabilities. The software developers devote millions of dollars to close these vulnerabilities before they’re discovered; hackers devote time and energy to discover them before they’re closed. It’s a 21st century digital arms race.
        Adam Donenfeld, a researcher who focuses on mobile security at Zimperium, says the number of places to hack a phone, called potential attack surfaces, are nearly limitless.
        Donenfeld says it’s hard to pin down precisely how many exist, “but way more than people think. There are a lot of them … there are always new vulnerabilities being introduced to devices.”
        Any interaction, however simple, between a device and a phone is a potential attack surface. Donenfeld uses the example of chat applications, but says it’s not just chat apps that provide potential ways in for hackers.
        If a hacker sends a video to your phone, even before you open it, your phone has already received some metadata about the video. It has also notified the hacker that the video has been received. You don’t need to click on the video or accept the message to create a potential attack surface.
        “I can send you a malicious data packet that can cause some memory corruption on your phone that can happen remotely just by you having [a chat app],” explains Donenfeld. “You receive messages even if the app is closed because it runs in the background, [so] there is the possibility of running code on your device without you knowing about it.”

        Value of malware

        Though the number of potential attack surfaces may by nearly limitless, very few offer the complete access elite hackers seek. In addition, there are relatively few cyber experts who understand how to take advantage of the zero day vulnerabilities.
        The scarcity of zero days, coupled with the technical difficulty needed to uncover them, makes them incredibly valuable to the right buyer.
        “If you have a working complete chain, it is definitely [worth] more than a million dollars,” says Donenfeld. “There’s always demand. There’s always someone going to buy them.”
        NSO Group has apparently capitalized on that demand, making them a multi-million-dollar company with a powerful product.
        But that product — Pegasus — has also put NSO at the center of a series of lawsuits that alleged use of the malware, as in the case of Jamal Khashoggi, violated international law.
          NSO told CNN in December Abdulaziz’s lawsuit was “completely unfounded,” and that it showed “no evidence that the company’s technology was used.”
          “The lawsuit appears to be based on a collection of press clippings that have been generated for the sole purpose of creating news headlines,” NSO said in a statement. “In addition, products supplied by NSO are operated by the government customer to whom they are supplied, without the involvement of NSO or its employees.”

          ‘Avengers,’ ‘Captain America’ star Hayley Atwell nude photos hacked: report

          Hackers claim to have posted naked photos of Hollywood star Hayley Atwell online.

          The British actress, 36, is apparently shown in a nude “selfie” shot on a seedy website that features leaked celebrity snaps.

          Other comments on the sick site are too graphic to print.

          Atwell shot to global stardom as Agent Peggy Carter in Marvel’s “Captain America” franchise.

          She is also known for playing wholesome roles like Julia Flyte in “Brideshead Revisited” and Margaret Schlegel in “Howards End.”

          Her latest role is as Evelyn Robin opposite Ewan McGregor in the Disney Winnie the Pooh film “Christopher Robin.”

          But in Netflix series “Black Mirror” she has a lengthy sex scene with co-star Domhnall Gleeson.

          And in the 2010 film “The Pillars of the Earth” her character romps with Eddie Redmayne playing Jack.

          It is likely that she will persue legal action over the alleged hacking, according to industry insiders.

          One told the Daily Star: “This is a nightmare for Hayley.

          Hayley Atwell as Agent Peggy Carter in "Agent Carter"

          Hayley Atwell as Agent Peggy Carter in “Agent Carter” (Marvel)

          “In recent years she has hit the big time in Hollywood, so this is the last thing she will have wanted to happen.”

          Sharing intimate photos of someone without their consent is a crime under revenge porn laws in England and Wales.

          If the photos are her, Atwell would be the latest celeb to have a personal photo leaked.

          Jennifer Lawrence and Kirsten Dunst were among actresses who were targeted in 2014.

          The Sun Online contacted a spokesman for Atwell.

          This story originally appeared on The Sun.

          House Republican campaign arm hacked during 2018 midterms

          Washington (CNN)Emails from top officials at the National Republican Congressional Committee were hacked during the 2018 midterm elections, Republican sources tell CNN, exposing the GOP’s House campaign arm to an intrusion by an “unknown entity.”

          The hack, which was first reported by Politico, was discovered by a vendor in April after emails from four senior committee aides had been surveilled for months, a Republican official with knowledge of the intrusion tells CNN.
          The revelation of the hack comes weeks after House Republicans lost their majority and saw Democrats pick up close to 40 seats in the House. In a sign of how serious the committee believed the hack to be, they brought on the law firm Covington and Burling to handle the issue, as well as Mercury Public Affairs to deal with the public relations around the intrusion.
          After the NRCC was alerted to the hack, top officials then informed CrowdStrike, a Republican official said, the cybersecurity firm that helped Democrats expel the Russians from their computer systems in 2016, and later shared information with the FBI as it investigated the election-season hacks.
            Ian Prior, a spokesman for the committee, said Tuesday that they were hacked “by an unknown entity.”
            “The NRCC can confirm that it was the victim of a cyber intrusion by an unknown entity,” said Prior. “The cybersecurity of the Committee’s data is paramount, and upon learning of the intrusion, the NRCC immediately launched an internal investigation and notified the FBI, which is now investigating the matter.”
            “To protect the integrity of that investigation, the NRCC will offer no further comment on the incident,” he added.
            The use of hacked material during electoral campaigns has been a focus ever since the 2016 campaign, when emails from the upper echelons of the Clinton campaign were leaked in the closing weeks of the campaign.
            The Democratic Congressional Campaign Committee was also hacked in 2016. Kremlin-backed hackers published internal documents stolen from DCCC servers as part of the Russian government’s wide-ranging effort to interfere in the US election and some of those sensitive internal campaign documents were later used in Republican ads.
            The heads of the NRCC and the DCCC engaged in prolonged negotiations over not using hacked materials in election ads during the 2018 midterms, but the talks broke down months before Election Day due to an erosion of trust between the parties.
            Despite not signing any agreement, the head of the NRCC issued a statement saying the committee had no intention of using hacked material.
            “We are not seeking stolen or hacked material, we do not want stolen or hacked material, we have no intention of using stolen or hacked material,” then NRCC chairman Steve Stivers of Ohio said at the time.
              The hack of the NRCC could prove awkward for Republicans, given President Donald Trump has mocked his political opponents when they got hacked by foreign actors, and he has praised Republicans for investing in stronger cyber protections.
              Shortly after Trump was briefed during the transition by senior US intelligence officials about the hacks at the Democratic National Committee, he gloated in his first comments and said the Republican National Committee was also targeted but “had strong hacking defenses and the hackers were unsuccessful.”

              Clinton’s emails were hacked by China, Trump says in tweet; appears to call for investigation

              Hillary Clinton’s emails, including “many” that were classified, were hacked by China, President Trump tweeted early Wednesday before calling on the FBI and Department of Justice to make the “next move.”
              Read more…