Passwords can now be stolen by hackers reading your brainwaves
The researchers discovered that if you had a user playing a video game using a EEG headset, if the user then paused the game and logged into their online banking account while wearing the headset, their brainwaves could be used to reliably guess their passwords. EEG headsets on the rise “In a real-world attack, a hacker could facilitate the training step required for the malicious program to be most accurate, by requesting that the user enter a predefined set of numbers in order to restart the game after pausing it to take a break, similar to the way CAPTCHA is used to verify users when logging onto websites, ” said Dr Nitesh Saxena, an associate professor in the UAB College of Arts and Sciences Department of Computer and Information Sciences who co-authored the paper. Analysing brainwaves The computer scientists asked a group of 12 individuals to type a string of randomly generated PIN numbers and passwords into a text box while wearing consumer EEG headsets and high-end medical grade EEG headsets. When a person does this, brainwaves are generated as the individual thinks about the password and then coordinates their hand, eye and head muscle movements to type on a keyboard and move the mouse on the screen to click on the text box. These neural signals are captured by the EEG headset as data, and the researchers found that once a user had entered 200 characters using a physical keyboard, computer algorithms were able to guess four-digit PIN numbers with a 46. Computer scientists from the University of Alabama at Birmingham (UAB) and the University of California Riverside conducted a study looking at electroencephalograph (EEG) headsets, which are increasingly being used in the gaming sphere to let players control games with their minds.
Ukraine blames Russia for NotPetya, claims ‘terminating distribution’ of global attacks
Ukraine’s security service (SBU) has blamed Russia for perpetrating the recent global attacks leveraging the NotPetya wiper malware, which affected the critical infrastructure of Ukraine, as well as hit numerous businesses worldwide. Ukraine’s state power firm was hit by a ransomware attack similar to WannaCry just days after it faced attacks from NotPetya. Ukraine’s SBU said in a statement that it had “terminated” NotPetya’s distribution, which it added was “built up by Russia special services. The NotPetya attacks, which are how they are now widely being characterised, saw hackers launch a wiper malware, designed to destroy systems, but posing as regular ransomware to hoodwink victims. The malware was first thought to be the Petya ransomware, however, further analysis by security researchers revealed that the malicious software was masquerading as Petya, but in actuality was far more sinister. The attacks appear to have been specifically targeted at Ukraine, but given that the malware used was based on leaked NSA exploit EternalBlue, it also came with features similar to those that WannaCry possessed such as its self-propagating ability. “Keep in mind, however, that this ransomware also makes use of credential re-use, ” Klijnsma added. SBU suspects that the attacks were aimed at disrupting the operations of Ukraine ‘s private and government organisations and causing political destabilisation. “It is almost certain that we will see more attacks, especially as this is using the ExternalBlue exploit again, ” Yonathan Klijnsma, Threat Researcher at RiskIQ, told IBTimes UK. Ukraine ‘s security service also said that the ransom demand was a cover-up.
Petya ransomware: What were the hackers’ motives and how much money have they raked in so far?
A Twitter account with the handle @petya_payments has been tracking bitcoin payments since the attacks began on Tuesday. Similar to the WannaCry bitcoin tracking Twitter account @actual_ransom, the Petya equivalent account has been tweeting out the number of payments made to the bitcoin address tied to the Petya attacks. “It means that if anyone paying the ransom to unencrypt their files tries to do so, the criminals who distributed the attack are unable to access the bitcoin account the ransom goes to; so they will not be able to release the keys for the encrypted files – even if they ever intended to do so, ” Digital Shadows told us. “The attacker may not be a particularly smart criminal, however, as using a single bitcoin wallet, and a single e-mail account for contact, was not the best way to get payment. The attacker may have a difficult time making use of the ransom payments, ” Gorman added. The e-mail account was rapidly suspended by its provider, thus disabling the ability of the attacker to interact with victims. Security experts at Digital Shadows are warning those affected by the Petya not to pay the $300 ransom. On Tuesday (27 June), what first appeared to be a massive ransomware attack, hit victims in 25 countries across the world. In comparison to WannaCry, Petya reportedly made $20,000 less in the first 24 hours of the attack. Effectively wiping hard drives through the pretense of ransomware confuses the issue, leaving victims and investigators to ask: ‘Are the attackers politically motivated, or criminally motivated.
UK government data site suffers massive security breach, user details exposed for nearly 2 years
The UK ‘s Government Digital Service (GDS) is urging users of its data website to change their passwords following a massive security breach that saw the names and email addresses of thousands of people exposed for nearly two years. In an email sent to users on Thursday (29 June), the GDS advised users to change their passwords as a “precautionary measure ” and reset the login details on other websites if they happened to use the same password across different platforms and services. A routine security review on 9 May discovered that a file containing the names, email addresses and hashed passwords of registered users who used the Cabinet Office ‘s data. uk website allows registered users to browse information published by various government departments, agencies and local authorities to “learn more about how government works, carry out research or build applications and services . As a result of the security breach, about 68,216 accounts who signed up on the website on or before 20 June 2015 have been suspended until users ‘ reset their passwords. Officials blamed the number of successfully breached inboxes on “the use of weak passwords that did not conform to guidance . “It was very recently discovered, and action was taken to notify users, and the information commissioner ‘s office, as soon as possible “, a GDS spokesman told The Times. The Information Commissioner ‘s Office (ICO) has also been informed of the leak. uk accounts, noting that people with separate accounts for other government websites were not affected by the intrusion. A GDS spokeswoman told the BBC that the breach only affected data.
Ruthless online romance scams target lonely hearts on an industrial scale
The online fraudster orchestrating a romance scam plays the long game and will work to earn the trust of their victim over time. Figures released in January by the National Fraud Intelligence Bureau revealed there were 3,389 victims of romance fraud in 2016, losing a combined total of more than £39m ($50m. Another high-profile case was that of 68-year-old Judith Lathlean, a university professor who fell victim to a romance scam in 2015 via an online dating website. The victims are mounting There are numerous victims who have spoken out about being fooled by romance scams over the years – and for some the personal consequences are more severe that financial ruin. Online fraudsters using fake identities on dating websites and social media networks to trick victims out of their money has become a lucrative underground industry and is only set to grow over the next 18 months. The fraud, known as a romance scam, is being bolstered by leaks from major dating and pornography websites which can reveal a victim ‘s intimate secrets, according to the UK National Crime Agency (NCA. “A lot of the online dating fraudsters we know are abroad, ” Steve Proffitt, deputy head of Action Fraud, told the BBC earlier this year. The advice comes courtesy of Action Fraud, the primary UK reporting centre for scams and cybercrime. In March this year, 54-year-old Pam Wareing was taken to court after allegedly stealing more than £500,000 from her employer, a UK solicitor, to send to a conman she met online. ” Luckily, there are a number of steps you can take to protect yourself from romance scams, as well as a number of key signs to look out for if you are suspicious of someone online.
First Petya, now Ukrainian state power firm hit by second cyberattack ‘similar to WannaCry’
Shortly after suffering a major cyberattack linked to Petya ransomware on Tuesday 27 June, beleaguered Ukrainian state power company Ukrenergo was targeted yet again by a second cyberattack two days later. The attack on Thursday 29 June reportedly used a completely different strain of malware from Petya, the malicious piece of software that ripped through tens of thousands computers in the region before spreading across the world earlier this week. WannaCry was a ransomware which caused chaos in May across the British national healthcare system, before eventually infecting computers across 150 countries. Ukraine was the most impacted country in the latest Petya ransomware attack. This matches findings of numerous cybersecurity experts, who discovered a widely-used accounting software called Medoc had been hacked to spread the virus. Law enforcement found that hackers – possibly of the nation state variety – had tampered with its systems. No luck in decrypting files One expert, Matthieu Suiche, found Petya ‘s internal code contained “disk wiping ” capabilities which meant it was purposely designed to destroy computers. During the Friday press conference, Kovalchuk said evidence suggested the initial Petya infection was caused by a software update. Indeed, on the day of the second Ukrenergo incident, a researcher known as MalwareHunterTeam found evidence that a “WannaCry clone ” was active in Ukraine. However, the multiple attacks indicate hackers remain highly interested in targeting Ukraine ‘s critical infrastructure.
8tracks data breach: Hackers steal 18 million accounts from popular internet radio and playlist site
The company confirmed the breach in a blog post on Tuesday (27 June), saying a copy of its user database, which included users ‘ email addresses and encrypted passwords, had been leaked. 8tracks said they were alerted about the breach by an unauthorized password change attempt via Github and later independently verified it by examining data from journalists and for-profit breach notification site LeakBase. Motherboard, who obtained a dataset of about 6 million usernames, email addresses and hashed passwords from LeakBase, reported that the passwords seemed to be hashed with the weak SHA1 algorithm. However, the breach did give the threat actors access to a system that contained a backup of database tables, including user data. “We have secured the account in question, changed passwords for our storage systems, and added access logging to our backup system, ” 8tracks said. Popular internet radio and social networking service 8tracks has suffered a major data breach that compromised details of at least 18 million users. 8tracks said it does not believe the hackers gained access to its database or production servers that are secured by public/private SSH-key pairs. “8tracks does not store passwords in a plain text format, but rather uses one-way hashes to ensure they remain difficult to access. “If you signed up via Google or Facebook authentication, then your password is not affected by this leak “, 8tracks CEO and founder David Porter wrote. Only users who signed up for the service using email were affected by the breach.
Can the CIA hack Linux? WikiLeaks’ new dump reveals spy agency’s OutlawCountry malware
The malware consists of a kernel module that creates a hidden netfilter table on a Linux target; with knowledge of the table name, an operator can create rules that take precedence over existing netfilter/iptables rules and are concealed from an user or even system administrator, ” WikiLeaks said in its blog, explaining the malware ‘s capabilities. The malware allegedly targets Linux operating systems (OS) and allows spies to steal data from targeted computers. So far, the whistleblowing organisation has released details of 14 alleged CIA exploits, detailing all the different and terrifying ways the spy agency could have hacked and spied on Americans as well as foreign targets. WikiLeaks has released the user manual for yet another alleged CIA hacking tool called OutlawCountry. However, WikiLeaks ‘ latest dump indicates that even this particular OS may now be in danger of being increasingly targeted by hackers. Notably, Linux is popularly used in some of the world ‘s fastest supercomputers. The whistleblowing site said that the spy agency ‘s operators would instead need to depend on other CIA exploits and backdoors to infect systems with the malware. OutlawCountry has been designed to work under the radar so victims and targeted systems remain none-the-wiser as the malware goes about infiltrating files. According to WikiLeaks, not much is known about the malware ‘s “installation and persistence methods . Although Linux is not widely used among the consumer base, in comparison to its competitors Windows or Mac, the OS is still popular among some.
What is WikiLeaks’ new dump Elsa? CIA’s creepy location-tracking malware targeted offline PCs
Although Elsa was designed specifically to target computers running Windows 7, experts reportedly believe that the CIA could also have a version targeting all Windows versions, given the malware ‘s use of fairly simple techniqueELSA is a geo-location malware for WiFi-enabled devices like laptops running the Micorosoft Windows operating system. The malware itself does not beacon this data to a CIA back-end; instead the operator must actively retrieve the log file from the device – again using separate CIA exploits and backdoors, ” WikiLeaks documents said. ” In case the targeted systems are connected to the internet, the malware automatically attempts to use data from geo-location databases from Google or Microsoft. ” Elsa targets offline computers According to WikiLeaks files, Elsa can perform “data collection ” on offline computers. “The collected access point/geo-location information is stored in encrypted form on the device for later exfiltration. Once persistently installed on a target machine using separate CIA exploits, the malware scans visible WiFi access points and records the ESS identifier, MAC address and signal strength at regular intervals. Wikileaks has released its latest Vault 7 files that allegedly reveal the CIA ‘s creepy location-tracking malware dubbed Elsa. The spy agency ‘s malware, specifically designed to target Windows PC, dates back to 2013. “It ‘s like give me all the information from the radios on your [device] to try to get a better fix on your location. The malware only needs to be “running with an enabled WiFi device.
America vs Kaspersky Lab: Why the US wants to outlaw Russia’s most popular cyber firm
“As a private company, Kaspersky Lab has no ties to any government, and the company has never helped, nor will help, any government in the world with its cyberespionage efforts, ” Kaspersky said in May, ” adding the location of the company ‘s HQ does not impact on its core aims. For months, US government officials have voiced concerns about Russian cybersecurity firm Kaspersky Lab. “Just as a US-based cybersecurity company doesn ‘t allow access or send any sensitive data from its products to the US government, Kaspersky Lab products also do not allow any access or provide any private data to any country ‘s government, ” he continued. Democratic senator Jeanne Shaheen, who reportedly inserted the lines about Kaspersky Lab, told Reuters that alleged “ties between Kaspersky Lab and the Kremlin are very alarming ” and claimed it “cannot be trusted to protect critical infrastructure, particularly computer systems. “During the last 10 years, Kaspersky Lab has discovered and publicly reported on multiple Russian-speaking cyber-espionage campaigns, which is more than any other US-based company. In May, Kaspersky Lab was forced to address accusations from unnamed US sources who claimed the company ‘s products could be exploited by the Russian state to let hackers infiltrate American targets, including spying on home computers to read emails or steal documents. “Under the title ‘countering Russian aggression ‘, the bill stated: “The committee believes the United States must do more to deter Russian aggression, whether across its borders or in cyberspace. 12) the DoD may prohibit Kaspersky products, which could include anti-virus software, over fears the firm could be vulnerable to “Russian government influence. ” Is Eugene Kaspersky linked to Russian intelligence. ” US officials believe Kaspersky, who graduated from the KGB-backed Institute of Cryptography, Telecommunications, and Computer Science in 1987, is somehow linked to Russian intelligence.