Security & Privacy

Hacker accused of massive Stratfor attack pleads guilty

Jeremy Hammond was arrested in a major federal sweep last year on charges of computer hacking conspiracy, computer hacking, and conspiracy to commit access device fraud.

The self-described hacktivist pled guilty to these counts in court on Tuesday, according to the Associated Press.

"As part of each of these hacks, I took and decimated confidential information stored on computer systems websites used by each of the entities," Hammond told a judge in federal court in Manhattan, according to the Associated Press. "For each of these hacks, I knew what I was doing was against the law."… Read more

China's military to train on digital warfare

China, often linked to alleged cyberattacks, is apparently training military forces on digital combat and "informationalized" war.

According to state-sponsored news agency Xinhua, the People's Liberation Army plans to launch digital war games next month focused on developing new combat forces that specialize in cyberwarfare.

The news agency says this will be the first time the army "has focused on combat forces including digitalized units, special operations forces, army aviation and electronic counter forces." Drills will be carried out late next month at the Zhurihe training base in northern China.

The army's general staff … Read more

Chinese hackers reportedly accessed U.S. weapons designs

The designs for some of the most sensitive advanced U.S. weapons systems were reportedly accessed by Chinese hackers, according to a confidential report prepared by the Defense Science Board for the Pentagon.

The report, a copy of which was obtained by the Washington Post, listed more than two dozen compromised weapons systems, including missile defenses and combat aircraft. The security breaches, the latest linked to China, could allow the country to accelerate development of its own systems and weakens the U.S. military position, experts told the Post.

The public version of the report, titled "Resilient Military Systems … Read more

Sky's Android apps, Twitter account hacked

British satellite broadcaster Sky is the latest media company to fall victim to the Syrian Electronic Army.

Sky's Android apps and Twitter account have been hacked by the Syrian Electronic Army. A Sky spokesperson also told CNET UK that a tweet from the Sky Help Team advising people to uninstall their Android apps is not from the company.

The Sky Help Team's Twitter account has been compromised, and the tweet that states customers should uninstall their apps is not guidance from Sky. We are currently investigating the situation. We will provide a further update when we have more … Read more

Two-factor authentication: What you need to know (FAQ)

Twitter announced on Wednesday that they've started supporting two-factor authentication, joining a growing list of major Web services that offer the more secure login method.

Two-factor authentication, or 2FA as it's commonly abbreviated, adds an extra step to your basic login procedure. Without 2FA, you enter in your username and password, and then you're done. The password is your single factor of authentication. The second factor makes your account more secure, in theory.

"Twitter made the decision to use SMS [to deliver its second factor] because it makes sense from their position," said Jon Oberheide, … Read more

Is protecting intellectual property from cyberthieves futile?

LAGUNA BEACH, Calif. -- After the publication of the Mandiant report earlier in the year linking China's People's Liberation Army to ongoing and massive cyberattacks against U.S. corporations, government agencies, universities, and other organizations, policy makers and industry experts have been trying to figure out how to better secure their intellectual property against cyberattacks.

Call it a work in progress.

"The frustration for me is that in the U.S., parties who have valuable intellectual property are not adequately protecting their data," said Richard Marshall, former director of Global Cyber Security Management for the Department … Read more

Help protect yourself from signed malware in OS X

There is no question that regardless of the computing platform you use, malware happens. To help prevent these and other unwanted programs from running, Apple includes a data execution prevention routine called GateKeeper, which offers three layers of protection. The first allows everything to run, the second allows only applications signed with a valid Apple Developer ID to run, and the third allows only programs distributed through the Mac App Store to run.

Apple provides the Developer ID option with the assumption that most who use its Developer program create legitimate and trustworthy code, since their works will be easily … Read more

The wide world of hacking in China

China has been cited as allegedly hacking into U.S. government and corporate networks for years now. Generally, the thinking has been that the government is the only entity in the country actively hacking. But a new report seems to indicate that's not even close to the truth.

The News York Times on Thursday released a report on hacking across China. The Times found that not only does hacking occur at the highest levels of the government, but that everyone on down from local law enforcement officials to company owners to criminals are using their hacking techniques to take … Read more

Kim Dotcom threatens to sue Twitter, others over patent

Kim Dotcom says he doesn't really want to sue Google, Facebook, Twitter, and other companies, but he really needs some help funding his defense.

The eclectic and controversial MegaUpload founder today said he invented two-factor authentication, which is being used by more and more companies to secure access to their sites. The verification steps aim to reduce the likelihood of online identity theft, phishing, and other scams because the victim's password would no longer be enough to give a thief access to their information.

Along with Twitter's recent introduction, Microsoft, Apple, Google, Facebook, PayPal, and countless other … Read more

SAP touts service that sells customer data from phone firms

Verizon Wireless already sells its customers' mobile data to marketers. Now European enterprise-software giant SAP is taking things a step further by testing a service that will sell data collected by a number of wireless providers.

SAP announced its Consumer Insight 365 mobile service this week at the CTIA 2013 wireless show in Las Vegas. The service will, the company said in a release, pull data from SAP's "extensive partner network" including "over 990 mobile operators;" aggregate and analyze it "without drilling down into user-specific information;" and make results available to subscribers through … Read more