IEEE Computer Society Newsfeed

Subscribe RSS

New Report Casts Blame for Widespread Cyberattacks on Iranian Hackers

A new report contends Iranian hackers stole confidential information from government agencies and major companies in 16 countries during at least the last two years. Security vendor Cylance says the ongoing attacks, which it calls  “Operation Cleaver," stole documents and wrested control of computer networks of organizations located in nations including Canada, China, India, Israel, Mexico, Pakistan, South Korea, Turkey, the United Arab Emirates, and the US. The organizations were in the military, energy, transportation, telecommunications, technology, and other industry sectors. Cylance says it has evidence these intrusions were made by the same Iran-based group responsible for a 2013 attack on the US Navy computer network. Hamid Babaei, spokesperson for Iran's mission to the United Nations, said these claims are “a baseless and unfounded allegation fabricated to tarnish the Iranian government image, particularly aimed at hampering current nuclear talks.”. According to Cylance’s report, the hackers used a combination of off-the-shelf and custom tools to infiltrate target computer systems. “We discovered the scope and damage of these operations during investigations of what we thought were separate cases,” said company CEO Stuart McClure. “Due to the choice of critical infrastructure victims and the Iranian team’s quickly improving skillset, we are compelled to publish this report.” Although based in Tehran, the company said, the hackers receive help from people in Canada, the Netherlands, and the UK. Cylance said it has traced the attacks to June 2012, although they may have begun as early as 2010. Cylance shared its findings with the victims and the US Federal Bureau of Investigation. (PC Mag)(USA Today)(Reuters)


Hackers Leak More Sony Confidential Documents Online

Hackers have posted online more private documents that they stole from Sony Pictures Entertainment in late November. In addition to stealing files, the attackers, known as Guardians of Peace or #GOP, crippled the movie studio’s computer systems. The hackers uploaded five unreleased Sony films online, but the latest documents to surface were spreadsheets containing employee home addresses and compensation, including pre-bonus salaries of executives, a carefully guarded industry secret. The hackers uploaded the files to Pastebin, an anonymous Internet posting site. Security experts say North Korea may have launched the attack in response to a forthcoming Sony comedy about an assassination attempt on the country’s leader, Kim Jong-un, which the nation’s leaders have criticized. (International Business Times)(Gizmodo)(The New York Times)

US FBI Issues Warning to Businesses about Destructive Malware

The US Federal Bureau of Investigation has issued a “flash” warning to US businesses stating that hackers are using malware to launch a destructive domestic cyberattack. The five-page, confidential report contained technical details about the malware and how to prevent and respond to it. The malware reportedly overrides all data on computer hard drives, including the master boot record, and thus keeps infected computers from booting up. The malware is thought to be the same as that used in breach last week at Sony Pictures Entertainment. The FBI has not commented publicly on its warning and did not say how many companies were victims of the destructive software. However, the agency did say these are the first such attacks of this type in the US. “I believe the coordinated cyberattack with destructive payloads against a corporation in the US represents a watershed event,” Tom Kellermann, chief cybersecurity officer with security-software maker Trend Micro Inc., told Reuters. (CNET)(Engadget)(Reuters)

Apple iPod Antitrust Jury Trial Starts

A class action antitrust suit originally filed against Apple on 3 January 2005, which could cause the company to pay about $1 billion in damages, will finally be heard in an Oakland, California, court. The original plaintiffs—Melanie (Tucker) Wilson and Marianna Rosen —claim Apple unduly influenced the market for music players between 2006 and 2009, thereby making iPod prices higher than they would have been otherwise. The key in the case is security updates from Apple that used the company’s FairPlay digital-rights management technology to prevent files from music stores other than Apple’s iTunes from working with the iPod. , The plaintiffs say thie updates were solely designed to "suppress new products that threatened [Apple's] monopolies in the relevant product markets." Apple says that it blocked competitors’ files to ensure both security and quality and that this practice benefitted consumers. Several key Apple executives are expected to testify and jurors could hear a deposition taken from Steve Jobs before he died. (CNET)(Businessweek)

Security Experts Uncover Corporate Espionage Hacking Ring

US security firm FireEye has uncovered a cyberespionage ring targeting corporate intelligence that would give the hackers inside knowledge they could use illegally to invest well in various stock markets. Starting in mid-2013, said the company, the FIN4 hacker group attacked 100 firms, primarily pharmaceutical and healthcare businesses but also investment bankers, attorneys, and investor-relations firms serving companies in these fields.  However, data was stolen from just a few publicly held companies trading on the New York Stock Exchange and NASDAQ, according to FireEye, which didn’t identify the victims. It is unclear whether the hackers made trades based on the information stolen, which included draft US Securities and Exchange Commission filings, and documents on mergers and board meetings. FIN4 stole passwords to email accounts, accessed emails, and then launched phishing attacks tailored to individual victims. The hackers reportedly used Tor to anonymize their location, but FireEye said the content of their phishing emails and the way they operate indicated they’re based in the US or Western Europe. FireEye also suspects they were trained at Western investment banks, based on how they identified targets and worded their emails. In some cases, they used information they stole as a phishing lure to make their e-mail more convincing by using privileged information. FireEye says it notified the victims it identified and the US Federal Bureau of Investigation about the attacks. (Reuters)(The New York Times)

Showing 1 - 5 of 4,575 results.
Items per Page 5
of 915