Author Archives: Patrick Howell O'Neill

Top U.S. counterintelligence official: Kaspersky’s move to Switzerland doesn’t matter

Posted on by

The ongoing fight between the U.S. government and Moscow-based Kaspersky Lab led the company to begin moving “a good part” of its infrastructure to Switzerland in a highly-visible move toward transparency in the face of spying accusations. The U.S.’s top counterintelligence official, however, says Kaspersky’s move to Switzerland makes no difference to him. William Evanina, the Director of the National Counterintelligence and Security Center, looks at the way the U.S. government handles Kaspersky — which is now banned from the U.S. federal government and is losing ground in the private sector — as “an opportunity to create a model,” he said. “This will not be the last time this happens. I think there will be more to come along, I call them ‘nation-state threats that emanate through the global business process.’ ” Kaspersky’s opening of a “Transparency Center” in Switzerland is significant but leaves open a wide range of questions. The company has […]

The post Top U.S. counterintelligence official: Kaspersky’s move to Switzerland doesn’t matter appeared first on Cyberscoop.

Continue reading Top U.S. counterintelligence official: Kaspersky’s move to Switzerland doesn’t matter

U.S. sanctions Russian companies linked to FSB

Posted on by

The U.S. sanctioned five Russian entities and three Russian individuals on Monday under the authority of an Obama-era executive order on sanctioning those “engaging in significant malicious cyber-enabled activities.” Officials are targeting companies and individuals that they say worked with Russia’s Federal Security Service (FSB), the country’s chief intelligence agency, for offensive hacking capabilities. Some of the companies have offices in the U.S. The chief target of the sanctions is Digital Security, a Russia-based cybersecurity company that Treasury says “worked on a project that would increase Russia’s offensive cyber capabilities for the Russian Intelligence Services, to include the FSB.” Two other cybersecurity companies, ERPScan and Embedi, were sanctioned, as well as subsidiaries of Digital Security. Both of those companies have addresses in or around California’s Silicon Valley. None of the companies answered requests for comment. “The United States is engaged in an ongoing effort to counter malicious actors working at the behest of the Russian […]

The post U.S. sanctions Russian companies linked to FSB appeared first on Cyberscoop.

Continue reading U.S. sanctions Russian companies linked to FSB

Extradited Russian hacking suspect is in solitary confinement, lawyer says

Posted on by

The accused Russian hacker Yevgeniy Nikulin is currently in solitary confinement in Santa Rita Jail located in Alameda County, California. Nikulin faces charges of hacking data from the U.S. tech firms LinkedIn, Dropbox and Formspring. Nikulin, who denies all charges, has been in solitary for two months, defense lawyer Arkady Bukh told CyberScoop. Santa Rita Jail did not respond to a request for comment. When Nikulin first appeared in a U.S. courtroom in April, the Russian was in shackles because of what the U.S. Marshals described as an escape attempt and physical confrontations with officers. Bukh said the same reason is being used to justify the solitary confinement. “He says they’re harassing him,” Bukh said. Solitary confinement and its consequences on the prisoner are considered torture by some prominent psychologists as well as organizations including the American Medical Association and the United Nations. The Russian government has repeatedly expressed concerns about Nikulin’s mental and physical condition. Bukh, who has described Nikulin as […]

The post Extradited Russian hacking suspect is in solitary confinement, lawyer says appeared first on Cyberscoop.

Continue reading Extradited Russian hacking suspect is in solitary confinement, lawyer says

Marcus Hutchins faces new charges of developing malware and lying to FBI

Posted on by

The British man charged in the U.S. with developing the “Kronos” banking malware has been indicted under a new set of criminal accusations that say he developed and sold the “UPAS Kit” spybot virus. The new indictment also charges the man, Marcus Hutchins, with lying to the FBI about knowing his code was a part of Kronos. Hutchins, who has repeatedly denied any illegal activity and is now living in California on bail, responded quickly on Twitter, saying “these [expletive]nuggets just won’t give up.” He quickly deleted that tweet. Hutchins’ defense team has been continuously battling federal prosecutors over evidence used in the case. While the court continues to consider the defense’s arguments about the original charges, prosecutors dropped a new indictment this week. The charges of lying come from an exchange that Hutchins’ defense team is disputing and hoping to see dismissed. It was an Aug. 2, 2017, discussion — while Hutchins was in federal custody — […]

The post Marcus Hutchins faces new charges of developing malware and lying to FBI appeared first on Cyberscoop.

Continue reading Marcus Hutchins faces new charges of developing malware and lying to FBI

PGP creator Phil Zimmerman joins StartPage.com to develop ‘next-generation PGP’

Posted on by

PGP creator Phil Zimmerman is joining privacy-focused internet company StartPage.com, the firm announced on Tuesday. Zimmerman is best known as the creator of “Pretty Good Privacy” (PGP), an email encryption program first developed in 1991. At StartPage.com, Zimmerman’s main focus will be the development of a “next-generation PGP-encrypted email service.” At 27 years old — ancient in terms of consumer technology products — PGP has fallen into disuse even among the privacy crowd. Other tools like Signal, an encrypted chat application, are widely considered easier and more secure in almost all circumstances. Zimmerman himself stopped using PGP several years ago. “I decided to join Startpage.com because they are ideologically aligned on privacy issues. They really care. And they make products everyone can use,” Zimmermann said in a statement. “A few years back I stopped using PGP on Apple Mail because it was never compatible with current MacOS versions. Creating a web-based PGP-compatible […]

The post PGP creator Phil Zimmerman joins StartPage.com to develop ‘next-generation PGP’ appeared first on Cyberscoop.

Continue reading PGP creator Phil Zimmerman joins StartPage.com to develop ‘next-generation PGP’

Data from 92 million accounts stolen from DNA testing site MyHeritage

Posted on by

More than 92 million users had data stolen from the online DNA and genealogy platform MyHeritage, the site announced on Tuesday. Omer Deutsch, the company’s chief information security officer, said an independent security researcher discovered a file containing the collection tens of millions of email addresses and hashed passwords located outside of MyHeritage. “We determined that the file was legitimate and included the email addresses and hashed passwords of 92,283,889 users who had signed up to MyHeritage up to and including Oct 26, 2017 which is the date of the breach,” Deutsch wrote in a blog post on Tuesday morning. The customer DNA and genealogy data that makes up the heart of the company’s work is stored on systems segregated from the breached material, the company said. There is “no reason to believe” the systems with genetic data “have been compromised,” Deutsch said. The Israeli company said it has hired an […]

The post Data from 92 million accounts stolen from DNA testing site MyHeritage appeared first on Cyberscoop.

Continue reading Data from 92 million accounts stolen from DNA testing site MyHeritage

The zero-day industry tries ‘transparency’ in Dubai

Posted on by

In an industry that tends to be quiet by design, a new international firm is deliberately making noise. Headquartered in the United Arab Emirates, Crowdfense first attracted attention in April when it announced a $10 million fund to pay enterprising hackers for zero-day exploits that the company then turns around to sell to government customers. The payouts include up to $3 million for hackers who break into iOS and Android devices. The big money comes paired with an earnest promise of “transparency” that is unique in an industry where secrecy is standard operating procedure. Crowdfense director Andrea Zapparoli Manzoni told CyberScoop that he wants to “do things differently.” The zero-day industry uncovers — through research or by purchase — exploits in computer systems and then sells them to the highest bidder. Many governments and even some private companies are involved in the business. Crowdfense shares a lot in common with its closest competitor […]

The post The zero-day industry tries ‘transparency’ in Dubai appeared first on Cyberscoop.

Continue reading The zero-day industry tries ‘transparency’ in Dubai

Pentagon’s latest bug bounty program pays out $80,000

Posted on by

The Department of Defense’s latest bug bounty program exposed more than 100 security vulnerabilities worth $80,000 to the hackers who looked through the department’s travel booking system, officials said. HackerOne, a company that has supported bug bounty programs for the Air Force, Army and the Pentagon at large, ran Hack the DTS (Defense Travel System), which lasted 29 days and concluded April 29, 2018. DTS is used by millions of Pentagon employees around the world making it one of the wide-reaching pieces of enterprise software in the U.S. government. “Securing sensitive information for millions of government employees and contractors is no easy task,” Reina Staley, Chief of Staff and Hack the Pentagon program manager at Defense Digital Service, said in a statement. “No system is infallible, and this assessment was the first time we employed a crowd-sourced approach to improve the security aspect of DTS.” Just 19 vetted hackers took part in the program. They found 65 unique vulnerabilities including 28 ranking high […]

The post Pentagon’s latest bug bounty program pays out $80,000 appeared first on Cyberscoop.

Continue reading Pentagon’s latest bug bounty program pays out $80,000

Judge dismisses Kaspersky lawsuits, U.S. government ban will stand

Posted on by

Two lawsuits filed by the Russian cybersecurity firm Kaspersky Lab were dismissed Wednesday, ending the Moscow-based company’s attempt to lift the U.S. government’s ban on its products. Kaspersky filed the lawsuits after its products were banned from U.S. government systems in both a Binding Operational Directive from the Department of Homeland Security and the 2018 National Defense Authorization Act. That ban goes into effect on Oct. 1, 2o18. “The NDAA does not inflict ‘punishment’ on Kaspersky Lab,” Colleen Kollar-Kotelly, U.S. District Judge for the District of Columbia, wrote in her opinion. “It eliminates a perceived risk to the nation’s cybersecurity and, in so doing, has the secondary effect of foreclosing one small source of revenue for a large multinational corporation.” The basis of Kaspersky’s lawsuit was that the bans were unconstitutional and caused undue harm to the company. The ban is constitutional, the judge concluded. “These defensive actions may very well have […]

The post Judge dismisses Kaspersky lawsuits, U.S. government ban will stand appeared first on Cyberscoop.

Continue reading Judge dismisses Kaspersky lawsuits, U.S. government ban will stand

Hacker linked to Russian intelligence sentenced to five years in prison

Posted on by

A 23-year-old man who pleaded guilty for his role in helping Russian spies hack into email accounts was sentenced to five years in prison on Tuesday. Karim Baratov, a Kazakhstan-born Canadian citizen, was arrested in Toronto last year before being extradited to the United States. Prosecutors say he was part of a group working with two intelligence agents from Russia’s Federal Security Service (FSB). Baratov pleaded guilty in November for playing a role in the massive 2014 Yahoo data breach. That breach saw information tied to 500 million accounts stolen from the company. He was also charged with helping Russian spies hack into 11,000 email accounts. Sentencing came later than initially planned after Judge Vince Chhabria told prosecutors last month that their request of an eight-year sentence seemed “way out of whack compared to most hackers.” Baratov’s lawyers were asking for a 45-month sentence.  After further filings from the government […]

The post Hacker linked to Russian intelligence sentenced to five years in prison appeared first on Cyberscoop.

Continue reading Hacker linked to Russian intelligence sentenced to five years in prison