Saturday, August 25, 2012

State & National Data Breach Reports

2012 National Data-Breach Count -- Breaches: 284 Exposed Records: 9,143,028

To date this year, according to the Identity Theft Resource Center there have been 284 reported data breaches by US based firms.  Health-care and private-sector business each represent 1/3 of all breaches, with the remaining third mainly consumed between educational institutions, government, and the military sectors.  Financial institutions are running 3 percent of all breaches (but showing a much higher percent of total exposed records).  Full report.

US States with available online data-breach reports include:

State Data Breach Requirements & Statutes:
Handy State-by-State Links to Data-Breach Statutes (National Council of State Legislatures)

Wednesday, June 27, 2012

5 Dirty Tricks For Using Your Stolen LinkedIn Password

(In response to the LinkedIn spill of 6.5 million passwords into the wild.  Here are five actions your password's new owners might take for personal enrichment.)

1) Use your liberated password to cull your LinkedIn account for the people who know things, like for instance: your confidential sources, your Department of Defense contacts (if you have any), your IT admins, your client contacts, and the people you know in other compartmentalized aspects of projects.
2) Use it to get to know who you know: to sell to and steal from the people you know in business - to review your correspondence for tips on what you share and with whom, as prep for trick #3.
3) Use password to lock you out of your own account while corresponding with other people in your network to set up spear-phishing attacks -- use correspondence to create a very passable facsimile of you.  You've just been cloned.  
4) Get into other accounts on other sites using your password . . . in other words, use this 6.5 million password database when conducting brute-force attacks on other sites across the web.
5) Add your password to help grow black-market databases kept on individuals from data spilled, scraped, stolen, and subpoenaed from across the web.  In other words, resell it in association with other related data on you.

Please add your own dirty trick to comments back on Associated Blogs.

Wednesday, December 14, 2011

How to Hack Cell Phone Voicemail like Kevin Mitnick

If you haven’t seen this yet – Kevin Mitnick, author of The New York Times bestselling memoir Ghost in the Wires, demos a quick way for bypassing the password prompt and hacking cellphone voicemail. He shows here a wickedly simple way to listen to other people’s cellphone voicemail.

As effective as it may be, the specific hacker tool Mitnick chooses to show in the video appears more like a toy compared to the far more advanced monitoring techniques now available with the planet’s top 120 surveillance and spyware firms.

RSA 2012: Alperovitch, Libicki, Lewis, and Segal on Net-Based Warfare Tactics and Strategies

RSA Conference: Feb 27- Mar 2, 2012 San Francisco, CA

Speaker Profile: Dmitri Alperovitch
Panel Moderator for Cyber Battlefield: The Future of Conflict

Now that Dmitri Alperovitch has moved from his post as VP of Threat Research at McAfee to become President of Asymmetric Cyber Operations, he continues to speak and publish freely on global corporate/governmental hacking, espionage, and surveillance efforts.

To that end, Alperovitch will moderate an insider's panel at RSA 2012 on data and surveillance warfare over the net. Alperovitch’s years of research into these threats and vulnerabilities made news in August with the release of his McAfee report on wide-scale IP compromise among the Fortune Global 2000.

RSA Panel Title: Cyber Battlefield: The Future of Conflict (for a full list of RSA events & presenters visit here).

Moderator: Dmitri Alperovitch President, Asymmetric Cyber Operations LLC
Panelists: Martin Libicki Senior Scientist, RAND; James Lewis Senior Fellow & Program Director, Center for Strategic and International Studies; Adam Segal Senior Fellow for Counterterrorism & National Security Studies, Council on Foreign Relations
Scheduled Date(s)/Time(s): Wednesday, February 29, 08:00 a.m.,
Room 103
Session Length: 70 minutes

Session Abstract: Panel of leading experts in the field will explore complex policy issues tied to conflict in cyberspace. The session will discuss the current state of nation-state espionage, armed reconnaissance and cyber warfare operations, the evolution in strategic cyber deterrence doctrines and review the diplomatic initiatives to establish norms of behavior in cyberspace between US, Russia and China.

Prerequisite knowledge: The audience must understand the technical challenges of attribution, the impact cyber attacks can cause to national critical infrastructure, financial system and military readiness. They must be familiar with recent major nation-state attributable cyber-attacks and be aware of the current state of national security policy in cyberspace Session learning objectives We would like the audience to recognize the dramatic national and economic security impact of today's pervasive nation-state sponsored cyber espionage attacks and evaluate the potential diplomatic and military solutions to this problem. The panel will also provide an overview of the cyber war doctrines of US, Russia and China and the impact of the militarization of cyberspace on commercial and government sectors of the global economy. Finally, we will demonstrate that attribution is not an unsolvable problem in cyber and that diplomatic approaches are possible to help resolve what remains as a very challenging technical problem.

Friday, December 9, 2011

The Spyware 120: Lawbot's Top Picks of Global Surveillance Firms

Here are Lawbot’s top picks of the global surveillance firms outed in Wikileaks’ release last week of spyware promotional material. In a stunning marketing coup for surveillance and spyware manufactures, Wikileaks released the names and files of 160 firms now working with their clients for civilian, criminal, governmental, and corporate monitoring over the net.

Consider the language in the brochure for the Alcatel-Lucent surveillance solution:

“The Alcatel-Lucent 1357 ULIS is a complete communications interception solution. It provides government authorities/LEAs and network operators with an integrated system for transparently intercepting and extracting realtime information from vast amounts of voice, data and multimedia communications over virtually any type of network.”

Consider also the videos by Gamma Group, promoting their software and strategies for placing an entire internet cafĂ© under surveillance, including real-time Skype and Gmail monitoring. Or Gamma Group’s video highlighting their ability to place an entire hotel under surveillance through the hotel’s own network. You might want to reconsider the people who give PowerPoint presentations at your firm after watching this short video on injection by firewire. Also consider this short video on cool new tools for monitoring your target’s (read anybody’s) Blackberry.

Company Name / Website Wikleaks File
Area spa
Ability Files
Access Data
Alcatel Files
Amdocs Ltd
Amesys (Bull) Files
ATIS systems GmbH (ATIS UHER) Files
Audiotel International
BAE Systems
BEA Files
BlueCoat Files
Cisco Systems
ClearTrail Files
Creativity Software Files
Datakom Files
Datong Files
Delta SPE Files
DigiTask Files
Dreamlab Technologies AG
EBS Electronic
Elaman Files
Elta systems
Endace accelerated Files
ETI Connect
Gamma Group Files
Glimmerglass Files
Group 2000 Files
Hacking Team Files
Hidden Technology Systems Int'l Ltd
HP Files
Huawei Technologies
Inforcept Networks
Innova Files
Inveatech Files
Inveatech Files
IP Fabrics
Ipoque Files
Ips Files
Macro System
Medav GmbH Files
Net Optics Files
NetQuest Files
News Datacom Research Ltd
Nice Systems
Northop Grumman
Nuances technology
Omni Wildpackets
Packet Forensics Files
Panoptech Files
Pen Link
Pine Digital Security Files
Polaris wireless
Resi group
Rohde & Schwartz
Scan & Target Files
Seartech Files
Security Software International
Semptian Technologies
Septier Files
Shield Security
Shogi Communications Files
Sonus Networks
Spectronic Systems A/S
SS8 Networks Files
Suntech Intelligence
Telesoft Technologies Files
Utimaco Safeware (Sophos) Files
VAS Tech Files
Vineyard networks
ZTE Corp