Daily Archives: June 25, 2015

US personel files and intelligence agents copied – multiple disclosures, could be 18million records out

Posted on by
Reply

And let the shouting begin about who’s fault it was.

‘Most devastating cyber attack in US history’

Source: As the US realises it’s been PWNED, when will OPM heads roll? • The Register

“Incidentally, the stolen OPM database was reportedly being offered on Hell, an onion site hosting a e-crim forum. According to Brian Krebs. However, the database being flogged actually originated from a different, undisclosed, data breach of Unicor.gov, also known as Federal Prison Industries.”

Chances are that everyone now knows how to infiltrate the US government as SF-86 government clearance forms were copied as well:

“Likely included in the hackers’ haul: information about workers’ sexual partners, drug and alcohol abuse, debts, gambling compulsions, marital troubles, and any criminal activity.”

Extortion bonanza: OPM hack exposed “intimate details” of cleared personnel

The best analysis I have found of the hack so far is on Ars Technica, Why the “biggest government hack ever” got past the feds

The way the OPM is handling this is extremely poor, with them admititng first to a breach of 4m records, then the FBI publically telling them it’s 18m. There’s even a 32m record breach being reported somewhere.

Fake Mobile Phone Towers Operating In The UK

Posted on by
Reply

Sky News has found evidence that rogue mobile phone towers, which can listen in on people’s calls without their knowledge, are being operated in the UK.IMSI catchers, also known as Stingrays, mimic mobile phone masts and trick phones into logging on.The controversial surveillance technology is used by police agencies worldwide to target the communications of criminals.However, Stingrays also collect the data of all other phones in the area, meaning innocent people’s communications are spied on.

NB this means they can also collect en masse without a warrant…

US Gov wants your 0-day exploits first and free using Wassenaar Arrangement

Posted on by
Reply

BSecurity researchers have voiced their concerns in the two weeks since the proposed rules were made public that the U.S. rules definition of intrusion software is too broad, and legitimate vulnerability research and proof-of-concept development will come under regulation. – See more at: https://threatpost.com/bug-bounties-in-crosshairs-of-proposed-us-wassenaar-rules/113204#sthash.cL00eTWJ.dpuf

Source: Wassenaar, Bug Bounties and Vulnerability Rewards Programs | Threatpost | The first stop for security news

Not only that, but using vague terminology means that the US could basically force almost anything they want to have to be cleared through the government before being able to export it.