Der Spiegel reports on the NSA's "plumbers" at the Office of Tailored Access Operations, who collect and deploy exploits to infiltrate computers and even redirect shipments so they can install malware and hardware backdoors on electronics ordered by those they are targeting.
Jacob Appelbaum [AKA ioerror] reports
on the NSA's 'catalog', which ranges from $30 monitor cables that send back screenshots, to exploits for network security hardware from Cisco and Huawei, to backdoored BIOS code and firmware for all major hard drive manucfacturers.
While some of the NSA's malware requires physical access or proximity, much of it is remotely installable over the Internet.
At the 30c3 conference in Hamburg,
Appelbaum gives an in-depth talk about the NSA's Tailored Access Operations hacking activities
and its 'interdiction' process, whereby computers are tampered with during shipping or as part of a 'black-bag' operation.
Appelbaum, a Wikileaks affiliate who has reported on documents leaked by Edward Snowden, has been personally targeted
by such operations, as have his family members.
posted by anemone of the state
on Dec 30, 2013 -
A recent strain of malware called Cryptolocker (technical description from BleepingComputer
) has been infecting computers across the Internet. It's of the Ransomware (wiki)
genre of attack, and searches a computer's drive for critical files by browsing their extensions (for example, focusing on word processing documents, images and music) and encrypts them with its own key that you can then buy back from the hacker for a fee of $100 to $300 dollars payable in Bitcoins. More information about the virus and how to avoid it is available at Krebs On Security
, and the Malwarebytes Blog
, with more recent developments on Naked Security
posted by codacorolla
on Nov 7, 2013 -
Meet the men who spy on women through their webcams - "If you are unlucky enough to have your computer infected with a RAT, prepare to be sold or traded to the kind of person who enters forums to ask, "Can I get some slaves for my rat please? I got 2 bucks lol I will give it to you :b" At that point, the indignities you will suffer—and the horrific website images you may see—will be limited only by the imagination of that most terrifying person: a 14-year-old boy with an unsupervised Internet connection."
posted by madamjujujive
on Mar 10, 2013 -
“On the one hand the government is freaking out about cyber-security, and on the other the U.S. is participating in a global market in vulnerabilities and pushing up the prices,” says Soghoian, who says he has spoken with people involved in the trade and that prices range from the thousands to the hundreds of thousands. Even civilian law-enforcement agencies pay for zero-days
, Soghoian says, in order to sneak spy software onto suspects’ computers or mobile phones.
posted by Chrysostom
on Feb 14, 2013 -
Facebook has been criticized repeatedly for how it treats its users' privacy (this topic
to MeFi), but with the introduction of OpenGraph
) earlier this year, some are arguing that Facebook has gone beyond general privacy concerns and has become Malware
Now, we've shown that Facebook promotes captive content on its network ahead of content on the web, prohibits users from bringing open content into their network, warns users not to visit web content, and places obstacles in front of visits to web sites even if they've embraced Facebook's technologies and registered in Facebook's centralized database of sites on the web. [more inside]
posted by Kimberly
on Nov 22, 2011 -
Researchers at UCSD
have modified an MP3 file so that when it is played on a car's stereo system it modifies the stereo's firmware and opens up a security back door into the car's operating system. Using it, they were then able to control the door locks, the car ignition, and change the speedometer reading. [more inside]
posted by Chocolate Pickle
on Mar 13, 2011 -
Conficker C is scary as hell. Conficker C
represents a best-of-breed specimen of malware, with its swiss-army-knife-from-hell approach
to digging in, staying hidden, and making your life generally miserable. Telltale symptoms: you can't view such web sites as Microsoft.com, symantec.com, avast.com, or any other computer security-related sites the worm authors have thought to include in the blacklist; you can't run any of the superb Sysinternals utilities
, or many other utilities, because they get killed within a second of starting them up; your antiviral software is impotent. But none of that is the point of the worm. [more inside]
posted by e.e. coli
on Mar 21, 2009 -
Online communities to become more 'all-encompassing.'
If you join the SHC community on Sears.com, all web traffic to and from your computer thereafter will be copied and sent to a third party marketing research firm - including, for example, your secure sessions with your bank! The Sears.com proxy will send your logins and passwords along with a cleartext copy of all the supposedly secure data. But wait, it gets better
: you can only view the true TOS once the proxy has already been installed. [more inside]
posted by ikkyu2
on Jan 3, 2008 -
"In some cases,
there really is no way to recover without nuking the systems from orbit." -- Mike Danseglio, program manager in the Security Solutions group at Microsoft
posted by Steven C. Den Beste
on Apr 4, 2006 -
So if you run the CD in your personal computer, by the end of it, the Minnesota GOP will not only know what you think on particular issues, but also who you are.
So you finish, and then the phone rings. "Hello, Mr/Mrs. Voters, it's Joe and I notice you support gun control and the marriage amendment, would you like to donate some money to us?" That might startle the person who may have thought he/she was viewing the presentation in the privacy of the computer room. ...
posted by amberglow
on Feb 28, 2006 -
Microsoft's newest version of Windows....
billed as the most secure ever, contains several serious flaws that allow hackers to steal or destroy a victim's data files across the Internet or implant rogue computer software. The company released a free fix Thursday.
A Microsoft official acknowledged that the risk to consumers was unprecedented because the glitches allow hackers to seize control of all Windows XP operating system software without requiring a computer user to do anything except connect to the Internet.
posted by bkdelong
on Dec 20, 2001 -
Fight back against sneaky scumware
posted by cfj
on Aug 31, 2001 -