Category: US-Government

nsa-hacking-tool-exploitsIf you are a hacker, you might have enjoyed the NSA’s private zero-day exploits, malware and hacking tools that were leaked last month. But the question is: How these hacking tools ended up into the hands of hackers? It has been found that the NSA itself was not directly hacked, but a former NSA employee carelessly left those hacking tools on a remote server three years ago after an operation and a group of Russian hackers found them, sources close to the investigation told Reuters. The leaked hacking tools, which enable hackers to exploit vulnerabilities in systems from big vendors like Cisco Systems, Juniper, and Fortinet, were dumped publicly online by the group calling itself “The Shadow Brokers.”

Read more at
http://thehackernews.com/2016/09/nsa-hacking-tool-exploits.html

fbi-cia-director-hacked-crackas-with-attitudeUS authorities have arrested two North Carolina men on charges that they were part of the notorious hacking group “Crackas With Attitude.” Crackas with Attitude is the group of hackers who allegedly was behind a series of audacious and embarrassing hacks that targeted personal email accounts of senior officials at the CIA, FBI, the White House, Homeland Security Department, and other US federal agencies. Andrew Otto Boggs, 22, of North Wilkesboro, N.C., who allegedly used the handle “INCURSIO,” and Justin Gray Liverman, 24, of Morehead City, who known online as “D3F4ULT,” were arrested on Thursday morning on charges related to their alleged roles in the computer hacking, according to a press release by Department of Justice. A 16-year-old British teenager suspected of being part of the group was arrested in February by the FBI and British police.

Read more at
http://thehackernews.com/2016/09/fbi-cia-hacker-arrested.html

US-EU-Privacy-ShieldGoogle has become the latest American tech giant to sign on to the US-EU Privacy Shield. “We are committed to applying the protections of the Privacy Shield to personal data transferred between Europe and the United States,” Google’s Caroline Atkinson, head of Global Public Policy, noted in a blog. “As a company operating on both sides of the Atlantic, we welcome the legal certainty the Privacy Shield brings. Restoring trust—in international data flows and in the Transatlantic Digital Agenda—is crucial to continued growth in the digital economy.” Microsoft, Salesforce.com and Workday got on board with the joint initiative between the US Department of Commerce and European Commission earlier this month.

Read more at
http://www.infosecurity-magazine.com/news/google-signs-on-for-useu-privacy/

Hillary-Clinton-Presidential-Campaign-hackedThere’s a lot more to come from the DNC Hack. The Associated Press confirmed yesterday that the computer systems used by Hillary Clinton’s presidential campaign were hacked as part of the recent Democratic National Convention (DNC) hack.

Last week’s email dump containing almost 20,000 emails from top DNC officials was just the beginning, which led DNC Chairwoman Debbie Wasserman Schultz to resign as the group’s leader, as WikiLeaks announced that it was part one of its new Hillary Leaks series.

This suggests WikiLeaks Founder Julian Assange has had his hands on more data from the DNC hack that, according to him, could eventually result in the arrest of Hillary Clinton.

Assange — Wikileaks’ Next Leak will lead to Arrest of Hillary Clinton

In an interview with Robert Preston of ITV last month, Assange made it clear that he hopes to harm Hillary Clinton’s chances from becoming president of the United States, opposing her candidacy on both policies as well as personal grounds.

Read more at
http://thehackernews.com/2016/07/hillary-clinton-hacked.html

US-Homeland-SecurityThe U.S. Department of Homeland Security (DHS) has published guidelines on when, how and to which government agency US organizations should report cyber incidents. This follows last week’s release of Presidential Policy Directive 41 (PPD-41) on United States Cyber Incident Coordination — which specifically requires the DHS to ‘maintain and update’ such a fact sheet.

The fact sheet (PDF) makes no mention of PPD-41’s Incident Severity Schema. That schema defined six levels (0-5) that provide a common framework for evaluating incident severity; and according to PPD-41, government agencies should get involved from level 3 upwards.

The DHS guidelines first define a cyber incident (“an event that could jeopardize the confidentiality, integrity, or availability of digital information or information systems”), and then define whether the severity of the incident warrants reporting. “Victims,” it explains, “are encouraged to report all cyber incidents that result in significant loss; impact a large number of victims; indicate a compromise of critical IT systems; affect the critical infrastructure; or impact national security, economic security, or public health and safety. Fundamentally, it remains a value judgment by the affected organization.

Read more at
http://www.securityweek.com/dhs-details-cyber-incident-reporting-process