Wednesday, May 21, 2014

How NSA Allegedly Hacks into your Network ?

How NSA Allegedly Hacks into your Network ?

The United States' National Security Agency succeeded years ago in penetrating the company's digital firewalls. An NSA division called ANT has burrowed its way into nearly all the security architecture made by the major players in the industry -- including American global market leader Cisco and its Chinese competitor Huawei, but also producers of mass-market goods, such as US computer-maker Dell.
The specialists at ANT, which presumably stands for Advanced or Access Network Technology, could be described as master carpenters for the NSA's department for Tailored Access Operations (TAO). In cases where TAO's usual hacking and data-skimming methods don't suffice, ANT workers step in with their special tools, penetrating networking equipment, monitoring mobile phones and computers and diverting or even modifying data. Such "implants," as they are referred to in NSA parlance, have played a considerable role in the intelligence agency's ability to establish a global covert network that operates alongside the Internet.
Some of the equipment available is quite inexpensive. A rigged monitor cable that allows "TAO personnel to see what is displayed on the targeted monitor," for example, is available for just $30. But an "active GSM base station"  a tool that makes it possible to mimic a mobile phone tower and thus monitor cell phones costs a full $40,000. Computer bugging devices disguised as normal USB plugs, capable of sending and receiving data via radio undetected, are available in packs of 50 for over $1 million.
The ANT division doesn't just manufacture surveillance hardware. It also develops software for special tasks. The ANT developers have a clear preference for planting their malicious code in so-called BIOS, software located on a computer's motherboard that is the first thing to load when a computer is turned on.
This has a number of valuable advantages: an infected PC or server appears to be functioning normally, so the infection remains invisible to virus protection and other security programs. And even if the hard drive of an infected computer has been completely erased and a new operating system is installed, the ANT malware can continue to function and ensures that new spyware can once again be loaded onto what is presumed to be a clean computer. The ANT developers call this "Persistence" and believe this approach has provided them with the possibility of permanent access.
Another program attacks the firmware in hard drives manufactured by Western Digital, Seagate, Maxtor and Samsung, all of which, with the exception of the latter, are American companies. Here, too, it appears the US intelligence agency is compromising the technology and products of American companies.

Other ANT programs target Internet routers meant for professional use or hardware firewalls intended to protect company networks from online attacks. Many digital attack weapons are "remotely installable"  in other words, over the Internet. Others require a direct attack on an end-user device , an "interdiction," as it is known in NSA jargon,  in order to install malware or bugging equipment.

Wednesday, May 14, 2014

Court in EU Backs 'Right to be Forgotten on Google"

Court in EU Backs 'Right to be Forgotten'

European Union Internet users now can ask Google and other search engines to remove certain sensitive information from Internet search results, Europe's highest court ruled on May 13,2014.
The ruling, handed down by the Court of Justice of the European Union, states the "operator of the search engine ... is, in certain circumstances, obliged to remove links to Web pages that are published by third parties and contain information relating to a person from the list of results displayed following a search made on the basis of that person's name."
The court's ruling on the "right to be forgotten" stems from a case involving a man in Spain who argued that Google's search results disclosed details about the auction of his repossessed home over unpaid debts. "[The man] stated that the proceedings concerning him had been fully resolved for a number of years and that reference to them was now entirely irrelevant," the ruling states.
Google, in a statement provided to Information Security Media Group, said: "This is a disappointing ruling for search engines and online publishers in general. We now need to take time to analyze the implications."

EU Justice Commissioner Viviane Reding, the European Commission's vice president, said on her Facebook page May 13 that the judgment is a "clear victory" for the protection of Europeans' personal data.

"Companies can no longer hide behind their servers being based in California or anywhere else in the world," she wrote. "Today's judgment is a strong tailwind for the data protection reform that the European Commission proposed in January 2012 as it confirms the main pillars of what we have inscribed in the data protection regulation. The ruling confirms the need to bring today's data protection rules from the 'digital stone age' into today's modern computing world."

The Implications

This judgement should make it easier for individuals who seek the removal or blocking of links to information that they find offensive, irrelevant or obsolete to obtain redress if the search engine ignores their request.This is finding a balance between the public's right to have access to any information that has been legally published, and the individual's right to obtain the blocking of data that might be inadequate, not relevant or no longer relevant, or excessive in relation to the purpose for which they were processed, and in the light of the time that has passed.
The ruling changes the risk landscape for not only services that are publishing information as first-party original content, but any service that aggregates data from other websites, such as Facebook, Twitter and search engines, This is an incredibly significant decision for all of them.
In India some one has to file a writ in any Courts of jurisdiction and get the same judgement passed here.

DDoS Analysis for 2014-A Serious Risk

DDoS Analysis for 2014
DDoS attacks are evolving in complex, dangerous ways. Companies assessing their risk and protection should consider:
• Nearly twice as many companies (60 percent) report being attacked in 2013.
• Almost 92 percent of those attacked were hit repeatedly.
• 57% of DDoS targets were victims of theft: funds, customer data or intellectual property.
• Though attack duration is down, the number of attacks between 1–5 Gbps shot up nearly three times.
• DDoS drains manpower: over half of businesses (57 percent) need 6 or more people to mitigate DDoS attacks.
• Risks of $1M a day (estimated outage losses) are common: 4 in 10 companies would suffer this much or more.
• DDoS is costly across the enterprise. Customer service and other public-facing areas now take as large a hit as IT/Security.
In protecting against DDoS attacks, companies must ask: What do they stand to lose if they’re hit hard? Rigorous risk, threat and cost analysis is in order. 
Predicting DDoS is as unpredictable as the attacks themselves.

Navy man in Jail for 2 years for Child Pornography, cyber crime in India

Navy man gets 2 years Jail for Child Pornography, cyber crime in India : Cyber crime conviction By Prashant Mali In the case of D...