The US may be in hot water with France following reports that the NSA snooped on a large number of French citizens.
A report published Monday by French paper Le Monde revealed the spying activities on the part of the National Security Agency, based on documents leaked by former NSA contractor Edward Snowden. From December 10, 2012, to January 8, 2013, the NSA made 70.3 million recordings of phone calls conducted by French citizens. The recordings, which also gathered SMS messages, were apparently triggered automatically based on certain key words.
Read the rest of the story at CNET
U.S. authorities have charged three foreign nationals with creating and distributing a virus that allowed thieves to steal tens of millions of dollars from victims” bank accounts.
The three are accused of creating the Trojan virus Gozi, which infected more than 1 million computers worldwide and 40,000 in the United States, including computers belonging to NASA, according to court documents unsealed today by U.S. Attorney Preet Bharara in Manhattan. Nikita Kuzmin, 25, Deniss Calovskis, 27, and Mihai Ionut Paunescu, 28, are accused of creating “one of the most financially destructive computer viruses in history.”
The malware installed itself on computers after users clicked on an apparently benign PDF file embedded in an e-mail, allowing the cybercriminals to siphon user names, passwords, and other security information used to hijack online bank accounts, prosecutors alleged.
“Banking Trojans are to cybercriminals what safe-cracking or acetylene torches are to traditional bank burglars — but far more effective and less detectable,” FBI Assistant Director-in-Charge George Venizelos said in a statement. “The investigation put an end to the Gozi virus.”
Kuzmin, a Russian national who was arrested in 2010, pleaded guilty to bank fraud charges in 2011 and agreed to cooperate with federal prosecutors. Kuzmin began conceiving Gozi in 2005 to steal bank account information and hired co-conspirators to write the virus” source code, prosecutors said today.
Read the rest of the story at ZDNET
A group of hackers claims to have stolen thousands of personal records by breaching the servers of more than 50 universities around the world, including Harvard, Stanford, Cornell, and Princeton.
A group calling itself GhostShell posted to text-sharing site Pastebin more than 120,000 records from the breached servers, including thousands of names, usernames, passwords, addresses, and phone numbers of students and faculty. While most hacker activity is motivated by a desire to steal identities or pranksterism, GhostShell said the goal of its data dump was to focus public attention on the state of higher education
Some of the data appears to have been already publicly available, but some records included sensitive information such as birth dates and employee payroll information. However, GhostShell said in its statement that it sought to limit the amount of information it released.
“We tried to keep the leaked information to a minimum, so just around 120,000+ accounts and records are here, leaving in their servers hundreds of thousands more,” the message said, adding a warning to school regarding the security of their networks. “When we got there, we found out that a lot of them have malware injected. No surprise there since some have credit card information stored.”
Read the rest of the story at CNET
Iranian authorities explained that their decision to block access to Google services, including Gmail, was due to an anti-Islam movie which caused protests throughout the globe.
The film in question, Innocence of Muslims, which appears to have been created to trigger riots in Arab countries, has finally put the search giant in a position where Iran wanted. The matter is that Iran had been looking for a reason to ban Google for a while, but couldn’t find a good one until YouTube refused to remove the anti-Islam movie. Now the local authorities can claim they are saving their citizens from the evil Google.
Abdolsamad Khoramabadi, an Iranian official responsible for censorship in the web and computer crimes, announced that both Google and Gmail will be censored throughout Iran until further notice. However, there was no indication whether the filtering would be temporary or permanent. Actually, the country is going to pull itself out of the web and run the nation as a huge Intranet of state controlled data. Of course, such giants as Google and its mail service would have no place in this scheme anyway.
At the moment, Iranians don’t really care about the anti-Islam film, but aren’t happy that they’ve lost their Gmail accounts. They understand that this move is just a beginning of their cunning Internet plan.
Ali Hakim-Javadi, deputy communications and technology minister, told during the interview that all governmental agencies and offices have already been connected to the national data network (Intranet). In the meantime, the country is worried about another outside hacker attack, especially if Iran gets involved in a war with Israel or the United States.
Researchers have uncovered active malware attacks that exploit a critical and previously unknown vulnerability in the latest versions of Microsoft’s Internet Explorer browser.
The attacks are being waged by the same malware group that recently exploited a separate, zero-day vulnerability in Oracle’s Java software framework. The attacks install the Poison Ivy backdoor trojan when unsuspecting people browse a booby-trapped website using a fully patched version of Windows XP running the latest versions of IE 7 or IE 8, according to a blog post published Monday Morning by Jaime Blasco, a researcher with security firm Alien Vault.
The underlying vulnerability can be exploited on many computers running Windows Vista and Windows 7, and it also affects version 9 of the Microsoft browser, said HD Moore, CSO of security firm Rapid7 (and the chief architect of the open-source Metasploit tool kit used by penetration testers and hackers). He said a Metasploit module researchers already added to the framework works against the later operating systems when Oracle’s Java Standard Edition 6 or Microsoft’s Visual C runtime library is installed. The software add-ons make otherwise protected systems vulnerable by allowing attackers to bypass a malware defense known as ASLR, or address space layout randomization, that debuted in Windows Vista.
“What may be most worrying is that Windows Vista and 7 don’t protect you,” Moore told Ars. “This is one of the few times that a vulnerability has been successfully exploited across all the production shipping versions of the browser and OS. The surprising thing about this is the fact they (Metasploit researchers) got to work across every one of these platforms.”
The exploits circulating in the wild may be relying on other methods to override the more limited defenses included in the Service Pack 3 version of Windows XP. According to Eric Romang, the researcher who disclosed the IE attacks over the weekend, they require the victim to be running Adobe’s Flash Player, possibly to carry out what’s known as a “heap spray” (another technique for bypassing ASLR). The attacks are being carried out by the same gang that waged the recent stealth attacks against critical vulnerabilities in Java. The files used in the latest wave of attacks (cataloged here, here, here, and here) had little or no detection by the 34 most widely used antivirus programs, at least at the time Romang published his blog post. It wouldn’t be surprising for detection to ramp up quickly in the next few hours.
Yunsun Wee, director, Microsoft Trustworthy Computing, said in a statement that Microsoft is aware of “targeted attacks potentially affecting some versions of Internet Explorer” and are investigating.
“We have confirmed that Internet Explorer 10 is not affected by this issue,” she wrote. She went on to recommend customers install EMET 3.0. Short for Enhanced Mitigation Experience Toolkit, the Microsoft utility brings enhanced security protections to Windows, particularly earlier versions of the operating system. Later in the day, Microsoft expanded on those recommendations in an advisory posted to the company’s website.
Read the rest of the story at http://arstechnica.com/security/2012/09/critical-zero-day-bug-in-microsoft-internet-explorer/