NSA and British Governments Break Into Billions of SIM Cards

gemalto_logoU.S. and U.K. intelligence agencies have reportedly hacked into the computer network of giant SIM card maker Gemalto and taken smartphone encryption keys potentially used by customers of hundreds of mobile phone carriers worldwide.

The British Government Communications Headquarters (GCHQ), allowed the two spy agencies to monitor a large portion of the world’s mobile phone voice and data traffic, according to a story in The Intercept.

The hack was detailed in a 2010 GCHQ document leaked by former NSA contractor Edward Snowden, the story said. About 450 mobile carriers, including AT&T, T-Mobile, Verizon Wireless and Sprint, use the company’s SIM cards.

With the compromised encryption keys, the surveillance agencies would be able to monitor mobile communications without the approval of the carriers or foreign governments, The Intercept story said. The encryption keys would allow the agencies to intercept mobile traffic without court-ordered warrants or wiretaps, the story said.

GCHQ also said it had access to billing servers of mobile carriers, allowing it to manipulate customer charges in an effort to hide surveillance on phones, the story said.

Representatives of the NSA and Gemalto did not immediately respond to requests for comments on the story.

Print Friendly

Lenovo Computers Vulnerable to Hacks Thanks to Superfish

Superfish_Adware_On_Your_LenovoWe recently learned that PC manufacturer Lenovo is selling computers preinstalled with a dangerous piece of software, called Superfish, that uses a man-in-the-middle attack to break Windows’ encrypted Web connections for the sake of advertising.

Research from EFF’s Decentralized SSL Observatory has seen many thousands of Superfish certificates that have all been signed with the same root certificate, showing that HTTPS security for at least Internet Explorer, Chrome, and Safari for Windows, on all of these Lenovo laptops, is now broken.

For example, shortly after this news became widespread, security researcher Robert Graham was able to extract the certificate from the Superfish adware and quickly cracked the password. With this password, a malicious attacker would be able to intercept encrypted communications on the same network (like at a cafe Wi-Fi hotspot).

To find out if this issue affects you, go to Filippo Valsorda’s Superfish CA test page in Internet Explorer or Chrome first.

Print Friendly

Erik Knight of SimpleWAN Joins Us – Business Tips – Security Hacks

SimpleWan_TechnologyAcross the Internet and in many industry publications, 2014 was dubbed “The Year of the Security Breach.” But veterans of the IT security field believe 2015 will actually be the year where information security changes forever. The latest in a long line of attacks is Anthem. Inc, the country’s second-biggest insurers who claim hackers accessed records of about 80 million people including their names, Social Security numbers and email accounts. The attack has now even led to “phishing” scams.

Despite the ongoing high-profile breaches of retailers like Target and Home Depot, financial institutions like JP Morgan and Anthem, along with a host of government agencies, SimpleWan CEO Erik Knight says most organizations are still taking an “it won’t happen to me” approach similar. But Knight cited a startling statistic as evidence that breaches are more common than many vendors believe—40 percent of companies across the globe were breached in 2014. That number, he said, is not going to drop in 2015.Knight stresses that proactive action is paramount. The average time it takes for an organization to realize it’s been breached is six months (breaches, after all, are meant to fly under the radar) and the intrusion can do tremendous damage during the time it goes unnoticed. In other words, by the time companies recognize that they might have a problem it’s likely too late already. Instead, these businesses should consider regular audits from security experts.

Knight is a 20-year veteran of the security tech industry and President of SimpleWan, a provider of cloud-based security routers. He just came back from IT Expo where he spoke about the current state of business security and why businesses must now take data breach insurance seriously and get a handle on their IT department.

Print Friendly

Anthem Heath Care Hacked – What to do about it

anthemfacts_comI’m not going to say “I told you so,” but… the year of the medical hack has started, and it looks like it was the Russian Mob this time.

Current and previous Anthem health insurance customers woke Thursday morning to an e-mail from the company telling them hackers had gained access to the company’s computers and that their names, birthdays, Social Security numbers, addresses and employment data including income might have been stolen. The database that was hacked contained records for 80 Million People!

If you’ve ever had Anthem heath care insurance, contact them now. Don’t provide information to anyone who contacts you about the hack — could be other criminals trying to trick you into revealing your personal information to them as well.

To find out more, go to www.AnthemFacts.com or call 877-263-7995

The company is still investigating exactly how many records were actually stolen but, “at this point we believe it was tens of millions,” said Cindy Wakefield, an Anthem spokeswoman.

Hackers could use stolen information to conduct “phishing” attacks on customers who unwittingly provide access to their companies’ networks. Government officials have been investigating whether foreign interests are using personal, financial or medical information as leverage to gain intelligence from people who want their information to stay private, according to the U.S. official.

Anthem “will provide credit monitoring and identity protection services free of charge so that those who have been affected can have peace of mind.”

Print Friendly

Show Notes With Jack Heath – February 2nd, 2015

Looking for a cheap tablet?

How about an $84 Amazon Fire HD? The Fire HD 6 goes anywhere with its pocketable design–featuring a beautiful 6″ HD display,  unsurpassed reliability in its class. Watch movies, read books, download Apps. It’s a full Android tablet.

http://bit.ly/1zMvD4I

Bill Gates is worried about artificial intelligence too.

He has a warning for humanity: Beware of artificial intelligence in
the coming decades, before it’s too late.

IBM’s Watson supercomputer has moved on from besting Jeopardy
contestants to conducting medical research and diagnosis, and
researchers earlier this month detailed a new computer program that
can beat anyone at poker.

Musk in October called AI development “summoning the demon,” and
has invested in the space to keep his eye on it.

http://cnet.co/165sijA

Expect Faster Internet

If your ISP doesn’t provide download speeds
of 25Mbps, it can no longer tell you you’re getting broadband
internet.

The Federal Communications Commission has just voted to change the
definition of “broadband”, raising the minimum download speed from
4Mbps to 25Mbps and the minimum upload speed from 1Mbps to 3Mbps.

http://bit.ly/1wVZ7We

Right to Be Forgotten in Europe is Extending Worldwide

Europe’s highest court ruled that anyone with connections to Europe could
ask that links about themselves be removed from search results.

A judge ordered Google’s French subsidiary to pay daily fines of
roughly $1,100 until links to the defamatory content were removed
from all searches worldwide.

http://nyti.ms/1Aii7Wj

Movie Making With an iPhone 5S

How one of the best films at Sundance was shot using an iPhone
5S. Add a steadycam rig, a special lens and a lot of post-editing
work and you’ve got a real movie.

http://bit.ly/1Aijswe

Print Friendly