Tag Archive: Malware

 photo facebook-nsaspying_zpsd164f9c0.png

Desert Rose Creations  (C)  2014


Snowden Docs Expose How the NSA “Infects” Millions of Computers, Impersonates Facebook Server

democracynow democracynow


Ryan Gallagher, reporter for The Intercept.

New disclosures from Edward Snowden show the NSA is massively expanding its computer hacking worldwide. Software that automatically hacks into computers — known as malware “implants” — had previously been kept to just a few hundred targets. But the news website The Intercept reports that the NSA is spreading the software to millions of computers under an automated system codenamed “Turbine.” The Intercept has also revealed the NSA has masqueraded as a fake Facebook server to infect a target’s computer and exfiltrate files from a hard drive. We are joined by The Intercept reporter Ryan Gallagher.


This is a rush transcript. Copy may not be in its final form.

AMY GOODMAN: We turn now to our last segment, the latest on leaks from Edward Snowden. TheIntercept.org reported last week the National Security Agency is dramatically expanding its ability to covertly hack into computers on a mass scale by using automated systems that reduce the level of human oversight in the process. The Intercept also revealed the NSA has masqueraded as a fake Facebook server to infect a target’s computer and exfiltrate files from a hard drive.

Joining us now is Ryan Gallagher from The Intercept, co-wrote the piece, “[How] the NSA Plans to Infect ‘Millions’ of Computers with Malware.” Explain, Ryan.

RYAN GALLAGHER: Hi, Amy. Yeah, and the story we wrote last week, really, the key thing about it is the extent to which these techniques have really rapidly escalated in the last decade. And what we can see and what we reported was that, since about 2004, the National Security Agency has expanded the use of what it calls these “implants,” which are sort of malicious software implants within computers and computer networks, and even phone networks, to basically steal data from those systems. About 10 years ago, they had, they say, about a hundred and a hundred and—between a hundred and 150 of these implants, but within the last decade that expanded to an estimated 100,000, in some reports, and they’re building a system to be capable of deploying “millions,” in their own words, of these implants.

AMY GOODMAN: The revelation around the issue of Facebook has led Facebook founder Mark Zuckerberg to call President Obama on Wednesday and demand an explanation. He later wrote in a blog post, quote, “I’ve been so confused and frustrated by the repeated reports of the behavior of the US government. When our engineers work tirelessly to improve security, we imagine we’re protecting you against criminals, not our own government.”

RYAN GALLAGHER: Yeah, and Mark Zuckerberg was definitely very agitated, we think, about the report and seems to have got on the phone to Obama. And interestingly, the NSA later issued a—actually claimed that they hadn’t impersonated U.S. websites. However, their own documents actually say that they pretended to be the Facebook server for this particular surveillance technique, so their denial sort of doesn’t really hold up to scrutiny when compared with their own documents. And there’s a bit of sort of a—you know, there’s questions to be asked about that.

Read More Here

Enhanced by Zemanta

Baby-faced teen’s malware eyed in Target data breach

This baby-faced teen is a key suspect in developing the software that was used in the massive security breach that hit as many as 110 million Target shoppers last holiday season, according to a shocking new report.

In addition, the malicious software, or malware, has infected the payment systems of six other retailers — a possible sign that a half-dozen other attacks are underway, a California cyber-security firm said in the report.

The firm, IntelCrawler, which has tracked the malware’s architect for months, said on Friday that its main suspect is a 17-year-old with “roots” in St.Petersburg, Russia, who goes by the online nickname “ree4.”

Read More Here


Mexican couple arrested crossing into the US in connection with Target credit card breach which affected 100million customers

  • McAllen, Texas Police arrested Mary Carmen Garcia, 27, and Daniel Guardiola Dominguez, 28, on Sunday
  • The couple were crossing into the U.S. with credit cards believed to contain stolen account information from Target customers
  • An estimated 100million Target customers had their personal information released in a December security breach

By Ashley Collman


Two Mexican nationals were arrested in south Texas yesterday in connection to the December Target credit card breach which compromised the personal bank information of an estimated 100million customers.

McAllen, Texas police arrested 27-year-old Mary Carmen Garcia and 28-year-old Daniel Guardiola Dominguez as they were trying to cross into the U.S. from Reynosa, Mexico. Both are from Monterrey, Mexico.

Police say the couple crossed into the U.S. last weekend with 100 fraudulent cards and spent tens of thousands of dollars and brought an addition 96 cards with them on Sunday.

Arrested: Police arrested 27-year-old Mary Carmen Garcia and 28-year-old Daniel Guardiola Dominguez trying to cross into the U.S. Sunday with credit card information believed to have been acquired in a December security breach of Target
Arrested: Police arrested 27-year-old Mary Carmen Garcia and 28-year-old Daniel Guardiola Dominguez trying to cross into the U.S. Sunday with credit card information believed to have been acquired in a December security breach of Target

Arrested: Police arrested 27-year-old Mary Carmen Garcia (left) and 28-year-old Daniel Guardiola Dominguez (right)  trying to cross into the U.S. Sunday with credit card information believed to have been acquired in a December security breach of Target

Read More here


Russian teen misidentified in Target breach, expert says

  • Target Breach-ap.jpg

    The Russian teenager identified as the author behind the software used in the security breach that hit Target Corp. during the crucial holiday season may be incorrect. (AP)

A cyber security firm that fingered a Russian teen for the malware used to steal 70 million Target customers’ credit card numbers appears to be backing off, but not quite backing down.

Last week, California-based IntelCrawler named 17-year-old Sergey Tarasov as the kid behind the massive breach, saying he had “roots” in St. Petersburg and goes by the online nickname “ree4.” Tarasov was subsequently identified in numerous media reports. But in an update to its report released Monday, IntelCrawler said another author crafted the code, though it still accused Tarasov of playing a role in the breach.

“Three days ago, IntelCrawler researchers claimed that they had found out who is the brains behind the malware used in the Target breach,” security expert Brian Krebs told FoxNews.com in an email. “A couple of hours ago, IntelCrawler changed their version of the events, publishing data that links another Russian VK profile to the affair, this time Rinat Shabayev.”

IntelCrawler had originally released the name of Sergey Tarasov, which Krebs says was misspelled as Taraspov. While IntelCrawler has revised its initial report, the company still believes Tarasov is connected to the malware.

Read More Here


Enhanced by Zemanta

Patients notified about UW Medicine security breach


Posted on November 30, 2013 at 4:18 PM

Updated yesterday at 5:24 PM

The University of Washington is warning thousands of patients that their personal information may have been compromised.  In early October, an employee opened an email that contained malicious malware that took control of a computer containing patient information.

The hospital says it could impact about 90,000 patient records and is sending letters to warn people about the potential security breach.  Some patients are wondering why it took so long to let them know about the possible problem.

The letters say the incident happened more than a month ago, but Patricia Shiras says she didn’t receive a letter until Friday.

“The delay in letting us know is appalling, if it happened October 2nd why are we just being notified the day after Thanksgiving,” Patricia Shiras said.

Read More Here

Enhanced by Zemanta

Internet Blackout Arrives For Thousands as FBI shuts down Internet users infected by US counter-cyberintelligence operation

Thomas Hendrick
7News The Denver Channel

Who needs a ‘conspiracy theory’ when the government is run by psychopaths?

Users Whose Computers Infected With DNSChanger Won’t Be Able To Access Web

Having trouble getting online? Some may find their smartphones working overtime because the family computer couldn’t seem to connect to the Internet Monday morning. You may be one of thousands across the United States who waited too long or simply didn’t believe the warnings, and your Internet may have shut down just after midnight because of malware that took over computers around the world more than a year ago.

At 12:01 a.m. EDT, the FBI turned off the Internet servers that were functioning as a temporary safety net to keep infected computers online for the past eight months. The court order the agency had gotten to keep the servers running expired, and it was not renewed. Now, if your computer is infected, your only hope is your Internet service provider’s help desk.

In South Korea, there were no reports from affected computers Monday. As many as 80 computers there are believed to be infected with the malware that may cause problems in Web surfing, down from 1,798 computers in February, according to the government.

“The impact will be limited,” said Lee Sang-hun, head of network security at the Korea Communications Commission, a government body. The government and private broadband providers opened helplines and issued warnings. They also asked users to check if their computers were infected and to download antivirus software. South Korea is one of the most wired countries in the world, with more than 90 percent of households connected to broadband Internet.

The problem began when international hackers ran an online advertising scam to take control of more than 570,000 infected computers around the world. When the FBI went in to take down the hackers late last year, agents realized that if they turned off the malicious servers being used to control the computers, all the victims would lose their Internet service.

In a highly unusual move, the FBI set up the safety net. They brought in a private company to install two clean Internet servers to take over for the malicious servers so that people would not suddenly lose their Internet.

And they arranged for a private company to run a website (www.dcwg.org), to help computer users determine whether their computer was infected and find links to other computer security business sites where they could find fixes for the problem.

From the onset, most victims didn’t even know their computers had been infected, although the malicious software probably slowed their web surfing and disabled their antivirus software, making their machines more vulnerable to other problems.

Efforts to solve the issue have been hindered a bit by a few factors: Many computer users don’t fully understand the technologically complex machines they use every day to send e-mail, shop, and surf for information. The cyber world of viruses, malware, bank fraud and Internet scams is often distant and confusing, and warning messages may go unseen or unheeded.

And other people simply don’t trust the government, and believe that federal authorities are only trying to spy on them, or take over the Internet, by pushing solutions to the infection. Blogs and other Internet forums are riddled with postings warning of the government using the malware as a ploy to breach American citizens’ computers — a charge that the FBI and other cybersecurity experts familiar with the malware quickly denounced as ridiculous.

Still, the Internet is flooded with conspiracy theories:

“I think the FBI just wants everyone to go to that website to check our computers so they can check our computers as well. Just a way to steal data for their own research,” one computer user said in a posting on the Internet.

Another observed: “Yet another ploy to get everyone freaked out … remember Y2K.”

There is an underlying sense that this has been much ado about nothing — like the hoopla over Y2K — when the transition to the year 2000 presented technical problems and fears that some computers would stop working because they were not set up for the date change. In the end there were very few problems.

Considering that there are millions of Internet users across the country, several thousand losing access isn’t a big deal — unless you are one of them.

Rep. Jim Langevin, D-R.I., who co-founded the cybersecurity caucus in Congress, said computer users have a responsibility to practice good cyber hygiene and make sure their computers have not been infected or hijacked by criminals. “These types of issues are only going to increase as our society relies more and more on the Internet, so it is a reminder that everyone can do their part,” he said.

FBI officials have been tracking the number of computers they believe still may be infected by the malware. As of July 4, there were about 45,600 in the U.S. — nearly 20,000 less than a week earlier. Worldwide, the total is roughly 250,000 infected. The numbers have been steadily declining, and recent efforts by Internet service providers may limit the problems Monday.

Tom Grasso, an FBI supervisory special agent, said many Internet providers have plans to try to help their customers. And some may put technical solutions in place Monday that will correct the server problem. It they do that, the Internet will work, but the malware will remain on victims’ computers and could pose future problems.

Other Internet providers have simply braced for the calls to their help lines.


To check and clean computers, http://www.dcwg.org

Comcast Warning