Dog Brothers Public Forum

HOME | PUBLIC FORUM | MEMBERS FORUM | INSTRUCTORS FORUM | TRIBE FORUM

Welcome, Guest. Please login or register.
September 29, 2016, 06:59:08 PM

Login with username, password and session length
Search:     Advanced search
Welcome to the Dog Brothers Public Forum.
97510 Posts in 2328 Topics by 1082 Members
Latest Member: James
* Home Help Search Login Register
+  Dog Brothers Public Forum
|-+  Politics, Religion, Science, Culture and Humanities
| |-+  Politics & Religion
| | |-+  Cyberwar, Cyber Crime, and American Freedom
« previous next »
Pages: 1 ... 6 7 [8] Print
Author Topic: Cyberwar, Cyber Crime, and American Freedom  (Read 83705 times)
Crafty_Dog
Administrator
Power User
*****
Posts: 37782


« Reply #350 on: January 27, 2016, 04:56:31 PM »

Years ago a computer geek friend of mine spoke of installing unauthorized back doors when he installed software so that if necessary he would have means of enforcing payment.
Logged
ccp
Power User
***
Posts: 6051


« Reply #351 on: January 27, 2016, 05:06:12 PM »

All of the software companies do that I believe.  One way or the other Juniper needs to be held accountable.
Logged
Crafty_Dog
Administrator
Power User
*****
Posts: 37782


« Reply #352 on: February 10, 2016, 11:05:20 PM »

Obama had a piece Monday on the editorial page of the WSJ about Cyber Security.  Could someone please find it and post it here?
Logged
Crafty_Dog
Administrator
Power User
*****
Posts: 37782


« Reply #353 on: March 01, 2016, 11:02:36 PM »

Utilities Cautioned About Potential for a Cyberattack After Ukraine’s

By DAVID E. SANGERFEB. 29, 2016

WASHINGTON — The Obama administration has warned the nation’s power companies, water suppliers and transportation networks that sophisticated cyberattack techniques used to bring down part of Ukraine’s power grid two months ago could easily be turned on them.
From Our Advertisers

After an extensive inquiry, American investigators concluded that the attack in Ukraine on Dec. 23 may well have been the first power blackout triggered by a cyberattack — a circumstance many have long predicted. Working remotely, the attackers conducted “extensive reconnaissance” of the power system’s networks, stole the credentials of system operators and learned how to switch off the breakers, plunging more than 225,000 Ukrainians into darkness.

In interviews, American officials said they have not completed their inquiry into who was responsible for the attack. But Ukrainian officials have blamed the Russians, saying it was part of the effort to intimidate the country’s political leaders by showing they could switch off the lights at any time.

“They could be right,” said one senior administration official. “But so far we don’t have the complete evidence, and the attackers went to some lengths to hide their tracks.”

Even after it has reached a conclusion, the White House might decide not to name the attackers, just as it decided not to publicly blame China for the theft of 22 million security files from the Office of Personnel Management.

But American intelligence officials have been intensely focused on the likelihood that the attack was engineered by the Russian military, or “patriotic hackers” operating on their behalf, since the first reports of the December blackout. The officials have found it intriguing that the attack did not appear designed to shut down the entire country. “This appears to be message-sending,” said one senior administration official with access to the intelligence, who requested anonymity to discuss the ongoing inquiry.

Equally interesting to investigators was the technique used: The malware designed for the Ukrainian power grid was directed at “industrial control systems,” systems that act as the intermediary between computers and the switches that distribute electricity and guide trains as they speed down the track, the valves that control water supplies, and the machinery that mixes chemicals at factories.

The most famous such attack was the Stuxnet worm, which destroyed the centrifuges that enriched uranium at the Natanz nuclear site in Iran. But that is not an example often cited by American officials — largely because the attack was conducted by the United States and Israel, a fact American officials have never publicly acknowledged.

Experts in cybersecurity regard the Ukraine attack as a teaching moment, a chance to drive home to American firms the vulnerability of their own systems. “There’s never been an intentional cyberattack that has taken the electric grid down before,” said Robert M. Lee of the SANS Institute. Mr. Lee said that while it was still not possible to determine who conducted the attack — what is called “attribution” in the cyber industry — he noted that it was clearly designed to send a political message.

“It was large enough to get everyone’s attention,” he said, “and small enough not to prompt a major response.”

The warning issued last Thursday by the Department of Homeland Security provided the first detailed account of the Ukrainian attack, based on the findings of a series of government experts who traveled to Ukraine to gather evidence.

The attack described by the Homeland Security document was highly sophisticated. The attackers gained entry, it appears, by sending a series of “spearphishing” messages that led someone in Ukraine to unintentionally give them access. Once they had that, the attackers mapped the system, much as the North Koreans mapped Sony Entertainment’s computers before attacking them in the fall of 2014.

Then a series of cyberattacks were carefully coordinated to occur within 30 minutes of one another on Dec. 23. The “breakers” that disconnected power were operated “by multiple external humans” through secure communication channels. The hackers then wiped many of the systems clean using a form of malware aptly named “KillDisk” which erased files on the systems and disabled them. They wiped out the “human-machine interface” that enables operators of the electric system to run those systems — or get them back in service — from their computers.

For extra measure, the hackers even managed to disconnect backup power supplies, so that once the power failed, the computers could not turn them back on.

Investigators say that in the end, the Ukrainians may have been saved by the fact that their country relies on old technology and is still not as fully wired as many Western nations — meaning they were able to restore power by manually flipping old-style circuit breakers.

“The bad news for the United States is that we can’t do the same thing,” said Ted Koppel, the former ABC News anchor who published a best seller last year, entitled “Lights Out,” about the vulnerability of the American electric grid.

“We have 3,200 power companies, and we need a precise balance between the amount of electricity that is generated and the amount that is used,” he said. “And that can only be done over a system run on the Internet. The Ukrainians were lucky to have antiquated systems.”

The report from Homeland Security recommended a series of common-sense steps: Make sure that outsiders accessing power systems or other networks that operate vital infrastructure can monitor the system, but not change it; close “back doors” — system flaws that can give an intruder unauthorized access; have a contingency plan to shut down systems that have been infected, or invaded, by outsiders.

But all those systems make it harder for legitimate operators to use the Internet to keep vast systems operating, from a smartphone or laptop if necessary.
Logged
G M
Power User
***
Posts: 13941


« Reply #354 on: March 02, 2016, 02:21:46 PM »

Better plan on it happening here.
Logged
Crafty_Dog
Administrator
Power User
*****
Posts: 37782


« Reply #355 on: March 02, 2016, 05:21:18 PM »

What can we do to save our data, our websites, the contents of our computers?
Logged
G M
Power User
***
Posts: 13941


« Reply #356 on: March 02, 2016, 06:10:56 PM »

What can we do to save our data, our websites, the contents of our computers?


I'd worry more about saving your family because a prolonged grid down scenario has an estimated 90% fatality rate.
Logged
Crafty_Dog
Administrator
Power User
*****
Posts: 37782


« Reply #357 on: April 05, 2016, 08:45:32 PM »

http://motherboard.vice.com/en_ca/read/fbi-flash-alert-hacking-group-has-had-access-to-us-govt-files-for-years
Logged
ccp
Power User
***
Posts: 6051


« Reply #358 on: April 06, 2016, 08:54:59 PM »

"80%" of law firms have been hacked according to this.  As a doctor who has had to comply with HIPPA laws or risk jail , and forced  by lawyers and politicians to have to shell out thousands for electronic records and their security,  how would anyone think I might feel when reading this:

http://www.breitbart.com/video/2016/04/06/watch-matthews-presses-sanders-supporter-on-paying-for-free-college-supporter-says-i-dont-need-to-know-at-this-moment/?utm_source=facebook&utm_medium=social

I doubt we will see the public outrage against lawyers from the politicians most of whom are the same.
Logged
Crafty_Dog
Administrator
Power User
*****
Posts: 37782


« Reply #359 on: August 18, 2016, 01:27:59 AM »

http://www.nytimes.com/2016/08/17/us/shadow-brokers-leak-raises-alarming-question-was-the-nsa-hacked.html?emc=edit_th_20160817&nl=todaysheadlines&nlid=49641193&_r=1

rters of the National Security Agency in Fort Meade, Md. Credit Jim Lo Scalzo/European Pressphoto Agency

The release on websites this week of what appears to be top-secret computer code that the National Security Agency has used to break into the networks of foreign governments and other espionage targets has caused deep concern inside American intelligence agencies, raising the question of whether America’s own elite operatives have been hacked and their methods revealed.

Most outside experts who examined the posts, by a group calling itself the Shadow Brokers, said they contained what appeared to be genuine samples of the code — though somewhat outdated — used in the production of the N.S.A.’s custom-built malware.

Most of the code was designed to break through network firewalls and get inside the computer systems of competitors like Russia, China and Iran. That, in turn, allows the N.S.A. to place “implants” in the system, which can lurk unseen for years and be used to monitor network traffic or enable a debilitating computer attack.

According to these experts, the coding resembled a series of “products” developed inside the N.S.A.’s highly classified Tailored Access Operations unit, some of which were described in general terms in documents stolen three years ago by Edward J. Snowden, the former N.S.A. contractor now living in Russia.

But the code does not appear to have come from Mr. Snowden’s archive, which was mostly composed of PowerPoint files and other documents that described N.S.A. programs. The documents released by Mr. Snowden and his associates contained no actual source code used to break into the networks of foreign powers.

Whoever obtained the source code apparently broke into either the top-secret, highly compartmentalized computer servers of the N.S.A. or other servers around the world that the agency would have used to store the files. The code that was published on Monday dates to mid-2013, when, after Mr. Snowden’s disclosures, the agency shuttered many of its existing servers and moved code to new ones as a security measure.

By midday Tuesday Mr. Snowden himself, in a Twitter message from his exile in Moscow, declared that “circumstantial evidence and conventional wisdom indicates Russian responsibility” for publication, which he interpreted as a warning shot to the American government in case it was thinking of imposing sanctions against Russia in the cybertheft of documents from the Democratic National Committee.

“Why did they do it?” Mr. Snowden asked. “No one knows, but I suspect this is more diplomacy than intelligence, related to the escalation around the DNC hack.”

Around the same time, WikiLeaks declared that it had a full set of the files — it did not say how it had obtained them — and would release them all in the future. The “Shadow Brokers” had said they would auction them off to the highest bidder.

“I think it’s Snowden-era stuff, repackaged for resale now,” said James A. Lewis, a computer expert at the Center for Strategic and International Studies, a Washington think tank. “This is probably some Russian mind game, down to the bogus accent” of some of the messages sent to media organizations by the Shadow Brokers group, delivered in broken English that seemed right out of a bad spy movie.

The N.S.A. would say nothing on Tuesday about whether the coding released was real or where it came from. Its public affairs office did not respond to inquiries.

“It certainly feels all real,” said Bruce Schneier, a leading authority on state-sponsored breaches. “The question is why would someone steal it in 2013 and release it this week? That’s what is making people think this is likely the work of Russian intelligence.”

There are other theories, including one that some unknown group was trying to impersonate hackers working for Russian or other intelligence agencies. Impersonation is relatively easy on the internet, and it could take considerable time to determine who is behind the release of the code.

The Shadow Brokers first emerged online on Saturday, creating accounts on sites like Twitter and Tumblr and announcing plans for an auction. The group said that “we give you some Equation Group files free” and that it would auction the best ones. The Equation Group is a code name that Kaspersky Labs, a Russian cybersecurity firm, has given to the N.S.A.

While still widely considered the most talented group of state-sponsored hackers in the world, the N.S.A. is still recovering from Mr. Snowden’s disclosures; it has spent hundreds of millions of dollars reconfiguring and locking down its systems.

Mr. Snowden revealed plans, code names and some operations, including against targets like China. The Shadow Brokers disclosures are much more detailed, the actual code and instructions for breaking into foreign systems as of three summers ago.

“From an operational standpoint, this is not a catastrophic leak,” Nicholas Weaver, a researcher at the International Computer Science Institute in Berkeley, Calif., wrote on the Lawfare blog on Tuesday.

But he added that “the big picture is a far scarier one.” In the weeks after Mr. Snowden fled Hawaii, landing in Hong Kong before ultimately going to Russia, it appears that someone obtained that source code. That, he suggested, would be an even bigger security breach for the N.S.A. than Mr. Snowden’s departure with his trove of files.

However, the fact that the code is dated from 2013 suggests that the hackers’ access was cut off around then, perhaps because the agency imposed new security measures.

The attack on the Democratic National Committee has raised questions about whether the Russian government is trying to influence the American election. If so, it is unclear how — or whether — President Obama will respond. A response could be public or private, and it could involve sanctions, diplomatic warnings or even a counterattack.

“The real problem for us is that the Russians seem to have taken the gloves off in the cyberdomain,” said Mr. Lewis, of the Center for Strategic and International Studies, “and we don’t know how to respond.”
Logged
ccp
Power User
***
Posts: 6051


« Reply #360 on: August 20, 2016, 04:15:36 PM »

From ABC news curtesy of Drudge:

http://abcnews.go.com/Politics/hack-election/story?id=41489017

"Those experiences confirm my belief that if sophisticated hackers want to get into any computer or electronic device, even one that is not connected to the internet, they can do so"

I could have told him this many years ago.  We are endlessly hacked and our devices are no where the internet.   I wondered years ago if the excuse was device makers where making this possible for law enforcement in the age of terrorism .   I also wondered if they just did it to control us for business reasons, such as to make sure people were not using subscriptions illegally for free or to see what our preferences are for their data and statistical analyses or just for snooping for any other reasons one can dream up.

All I can ask is if law enforcement is NOT up to the task of even protecting the big shots then the rest of us average folks have NO chance.  I have been saying this for years.  Sadly for me I have seen it personally over and over again and had to sit here watching it first hand while others have gotten very rich and we suffer.

The extent of the crime that is committed this way is STILL surprisingly apparently not even realized by many.  I think I read Bill Gates himself once said the biggest challenge is security in the IT age.  Yet another time he told a reporter the security he uses for his computers is the standard retail stuff we all use.  THAT is hard to believe.



« Last Edit: August 23, 2016, 05:59:15 AM by Crafty_Dog » Logged
ccp
Power User
***
Posts: 6051


« Reply #361 on: September 08, 2016, 04:18:53 PM »

It ain't always the "Russians" or the "Chinese".  But if you as victim are not the CIA this kind of crime is rampant and unpunished:

https://www.yahoo.com/news/2-men-arrested-charged-hacking-senior-us-officials-154755704.html
« Last Edit: September 09, 2016, 12:45:22 AM by Crafty_Dog » Logged
DDF
Power User
***
Posts: 504


« Reply #362 on: September 19, 2016, 08:31:30 AM »

And you're correct. It is not without significant risk.

I personally would avoid the dark web altogether. Big boy rules apply.



People are afraid of the deepweb or don't know how to access it. They shouldn't be afraid and it isn't difficult to access.

Just download the TOR browser (from TOR), have a deicated computer for specifically that with no personal info on it or use a thumb drive to boot your system, a VPN, and you're good to go. Don't download anything from there, and obviously avoid the smut pages and whatnot, but it's surprising what is on there that Google and company don't register in their search engines. You can basically find whatever you want.

Edit: Make sure you cover up your camera physically as well and don't speak while surfing, or any background noise for that matter.
Drawing the attention of lots of entities that you don't want attention from.

Just as GM stated, plus they could potentially hack into your computer, steal your files, id your location, control your computer remotely, you could potentially access websites that have criminal activities - thus drawing the attention of alphabet soup type organizations (NSA, CIA, FBI, USSS, ATF, DEA, NCIS and INS), or even if none of that happened, the fact that you have to use a TOR browser (which can also access "http:www" sites), your local internet service provider (even using a VPN with TOR), they'll know you're accessing onion sites BECAUSE of where their exit traffic is going - Note the following: "A user is talking to a clear net website instead of the onion so in theory the proxy can read all the information you're sending and getting from the onion. Also, you are far from anonymous because the Tor2Web-gateway sees your IP." https://chloe.re/2016/05/20/killing-tor2web-once-and-for-all/

 And (note the web address in the photo here). You WILL get attention from someone. There's no avoiding that. There are also a couple of things I didn't provide above to disguise where you are or who you are, but the bottom line, is if someone wants to find you, they will.  A quick query of TOR security precautions will make it so that most people won't find you, but the government and good hackers will if they want to.

I've used the deep web on and off for about two years. Then again, I work where I work and do what I do, so I'm not overly concerned about having uninvited guests. For the most part, I've seen a lot of bit coin operated sites that offer whatever service you can think of, blueprints, how to's, and seedier things. The bit coin sites all work off of an escrow service that can be used to locate someone as well.

GM is correct in saying that it has its risks. I'll add, for what I've seen on it, it isn't worth the hassle, other than just to go cruising downtown Tijuana to go see things that no one else sees for the "been there, done that trip."

Edit: I forgot to add, that if you do decide to access it, disable java. If anyone reading his doesn't know how to disable java, they shouldn't go. Period.
Edit II: Do not use TOR with windows to access the web. As I stated above, the best way is a dedicated machine, using Linux and TOR on a thumb drive into that.

It really isn't worth the hassle. Those curious, can go youtube query "deeb web sites" and get an idea that way without risking themselves.



« Last Edit: September 19, 2016, 08:34:42 AM by DDF » Logged

It's all a matter of perspective.
Pages: 1 ... 6 7 [8] Print 
« previous next »
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.21 | SMF © 2015, Simple Machines Valid XHTML 1.0! Valid CSS!