As the annual mega-week of hacking meetings gale down in Las Vegas, more news surfaced about the DNC hack, and the usual percolate of vulnerabilities and violates continued. A researcher proved methods for unlocking high security consumer electronic safe without leaving any evidence of the attack, Oracle's payment system Micros( which is used at approximately 330,000 cash registers around the world) was hacked, and a Windows vulnerability served as a reminder of why putting backdoors in secure process doesn't make sense.
WIRED reportedon vulnerabilities in the keyless entry systems of approximately 100 million Volkswagens, open Internet advocates are petitioning to keep web access unfettered in Brazil, and hacking newswires to get embargoed press releases is actually a decent route to do insider trading. Oh, and a hardware vulnerability exposed 900 million Android devices. Casual.
But theres more: Each Saturday we round up the news tales that we didnt break or cover in depth at WIRED, but which deserve your attention nonetheless. As always, click on the headlines to read the full story in each link posted. And remain safe out there.
On top ofbreaching the Democratic National Committee and Democratic Congressional Campaign Committee, researchers say that Russian hackers targeted and compromised personal email accounts and the accounts of other organizations related to Hillary Clinton's presidential campaign. The proof is strong enough that officials have been notifying people associated with the Clinton campaign that their email data may have been compromised. Datum about who was actually hacked is trickling out slowly. For instance, Democrat feared that the Democratic Governors Association had been breached, but so far different groups tells it doesn't see evidence that its networks were affected. Law enforcement officials say they're confident Russia was behind the two attacks, but it's still unclear whether Moscow was doing routine surveillance or actively looking to impact the US presidential election.
White House officials are considering utilizing economic sanctions against Russia as retaliation for the DNC hack. That action would require the US to definitively accuse Russia of orchestrating the two attacks. So far investigators and lawmakers say they are very confident about the attribution, but the White House hasn't made any such allegations.
The move has some recent precedents: In January of last year, President Obama issued economic sanctions against North Korea in response to the Sony Pictures hack. Then in April of the same year, he signed an executive order expanding the government's ability to impose sanctions against international hackers.
The U.S. government tends to tolerate a certain amount of foreign espionage, given that the US itself participates in digital surveillance and information-gathering. In this case, however, White House may decide that it needs to respond, since the DNC breach involved a trove of information that was released publicly. On the other hand, the US already has sanctions in place against some Russian groups because of the country's intrusion of Ukraine and annexation of Crimea, and officials could decide it's too problematic to strain the relationship further.
If that wasn't enough state-sponsored hacking news for your week, researchers at Kaspersky Lab and Symantec reported that they'd detected a previously unknown type of malware that's so sophisticated it was most likely was established by state-sponsored hackers. Dubbed “Project Sauron” by Kaspersky Lab and “Remsec” by Symantec, the malware has been around since 2011( if not earlier) and has now been identified on dozens of systems. And the program's stealthy enough that it seems likely to have infected many more.
Both groups of researchers say that the malware targets sensitive data on computers used by international government and military groups, financial organizations, and infrastructure companies like airlines and telecoms. Project Sauron has shown up in Russia, China, Sweden, Belgium, Iran, and Rwanda so far. It can even infect computers that aren't and have never been connected to the Internet through USB drives. The malware conceals on flashing drives, undetectable by Windows and virus scanners, and then probably exploits a zero day vulnerability to infiltrate its targets.
Project Sauron is aimed at collecting IP addresses, passwords, encryption keys and network details. It's sophisticated enough that it was likely built by a group of experts with millions of dollars in backing, which points to a nation state( or nations) as the likely sponsor. Given Sauron's targets, plenty of experts are pointing thumbs at the NSA and American allies.
Forum Data Breach Compromises 3,000 Login Credentials Including Those of Apple, Google, Samsung, Intel Employees
Hackers accessed the login credentials of a popular developer forum, exposing 2,955 accounts, many of which are used by programmers from tech companies like Apple and Google. The data came from the Khronos Group, which runs a popular application programming interface for rendering graphics called OpenGL. The violate uncovered usernames and passwords, but also email addresses and the IP address users were on when they signed up for their accounts. It could be a potentially problematic data trove in the hands of bad actors since so many of the accounts are for tech company employees who could have valuable access and privileges inside their companies' networks.