Subscribe free to our newsletters via your
. 24/7 Space News .

Hackers target CEOs in 'Darkhotel' scheme
by Staff Writers
Washington (AFP) Nov 10, 2014

US Postal Service says hackers got employee data
Washington (AFP) Nov 10, 2014 - The US Postal Service said Monday hackers stole sensitive personal information from its employees in a large data breach this year, and got some customer data as well.

The postal service said in a statement it "recently learned of a cybersecurity intrusion into some of our information systems" and was cooperating with the FBI and other law enforcement agencies in an investigation.

It said the hackers appeared to have gotten "identifiable information about employees, including names, dates of birth, social security numbers, addresses, beginning and end dates of employment, emergency contact information and other information."

A USPS spokesman said the breach affected as many as 800,000 people who are paid by the agency, including employees and private contractors.

The statement said hackers also penetrated payment systems at post offices and online where customers pay for services.

It said the customer data included "names, addresses, telephone numbers, email addresses and other information" but that there was "no evidence that any customer credit card information from retail or online purchases" had been compromised.

The Washington Post, citing unnamed sources, said Chinese hackers were suspected in the breach.

The news comes with US President Barack Obama in China for high-level talks, amid heightened concerns about cyberattacks believed to originate from China.

The statement said some postal systems were taken offline over the weekend "as part of the cybersecurity intrusion mitigation efforts."

The postal service, which is an independent government agency, said it was offering free credit monitoring to employees whose information may have been stolen, to lessen the risk of identity theft.

Japan's NEC rolls out counterfeit spotting technology
Tokyo (AFP) Nov 10, 2014 - Japan's NEC on Monday unveiled a technology that sniffs out even the most convincing counterfeits by reading microscopic patterns on everything from a luxury purse to a metal bolt.

The technology can be also be used to trace the origin of mass-produced offerings by reading so-called "object fingerprints", or three-dimensional surface irregularities, the firm said.

"You can identify offspring that come from the same parental mold," said Toshihiko Hiroaki, assistant general manager at NEC's Information and Media Processing Laboratories.

"If you take a close look, you can tell one child from another."

The technology could let a customs official, for example, snap a smartphone picture of a specific spot on an object which is then instantly matched -- or not -- to a manufacturers' pre-registered image.

A genuine article can be matched with the time and location where it was produced, NEC said.

Hiroaki noted that the trade in counterfeit goods is estimated to reach into the hundreds of billions of dollars a year, and that a fake or defective part could have serious consequences for finished products.

The technology is currently in the testing phase and the firm plans to release a commercial version next year.

Hackers have developed a scheme to steal sensitive information from top executives by penetrating the Wi-Fi networks of luxury hotels, security researchers said Monday.

A report by Kaspersky Lab said the "Darkhotel" espionage effort "has lurked in the shadows for at least four years while stealing sensitive data from selected corporate executives traveling abroad."

Kaspersky said about 90 percent of the infections appear to be located in Japan, Taiwan, China, Russia and South Korea, but that the executives targeted include those traveling from the United States and other countries.

"The infection count numbers in the thousands," the report said.

"The more interesting traveling targets include top executives from the US and Asia doing business and investment in the (Asia-Pacific) region."

The hackers are able to compromise hotel Wi-Fi networks, and to then trick executives into downloading malicious software that can allow their information to accessed remotely.

"These tools collect data about the system and the anti-malware software installed on it, steal all keystrokes, and hunt for cached passwords in Firefox, Chrome and Internet Explorer; Gmail Notifier, Twitter, Facebook, Yahoo and Google login credentials; and other private information," the report said.

"Victims lose sensitive information -- likely the intellectual property of the business entities they represent. After the operation, the attackers carefully delete their tools from the hotel network and go back into hiding."

Kaspersky researcher Kurt Baumgartner said the attacks are highly sophisticated.

"This threat actor has operational competence, mathematical and crypto-analytical offensive capabilities, and other resources that are sufficient to abuse trusted commercial networks and target specific victim categories with strategic precision," he said.

Targets have included corporate chief executives, senior vice presidents, sales and marketing directors and top research staff at companies in the electronics, defense manufacturing, finance, automotive and pharmaceutical industries, among others. Some law enforcement, military and non-governmental officials have also been targeted.

"From our observations, the highest volume of offensive activity on hotel networks started in August 2010 and continued through 2013, and we are investigating some 2014 hotel network events," Kaspersky said.

The researchers said the risk can be mitigated by using a virtual private network that protects data.

The security team said that travelers should be extra cautious about software updates and should use software with protection against a broad range of threats in addition to viruses.

Hackers could trick way into Apple gadgets: researcher
San Francisco (AFP) Nov 11, 2014 - Cybersecurity firm FireEye warned Monday that hackers could trick owners of Apple gadgets into installing applications that steal information.

US-based FireEye maintained that "masque attacks" made possible by a vulnerability in software running iPhones, iPads and iPod touch devices posed "much bigger threats" than a recently disclosed WireLurker flaw patched by Apple.

"Masque attacks can replace authentic apps, such as banking and email apps, using attacker's malware through the Internet," FireEye said in a blog post.

"That means the attacker can steal user's banking credentials by replacing an authentic banking app with an malware that has identical UI (user interface)."

Cyber crooks could prompt Apple gadget owners to install what deceptively claims to be an update to an existing application, such as a popular mobile game.

Instead of an update, users would get an application that mimics and replaces a legitimate program, sending information entered by users to hackers, according to FireEye.

FireEye said it alerted Apple to the vulnerability months ago and that the California-based company is working to fix it.

FireEye said that people can guard against trouble by only installing applications or updates through Apple's official online App Store.

The researchers advised people to never resort to using "install" prompts that pop up on third-party Web pages.

If opening an application on an Apple device triggers a message warning it was created by an "Untrusted App Developer," immediately remove the mini-program, FireEye advised.

Last week, researchers at cybersecurity firm Palo Alto Networks revealed a newly discovered family of malware that has the capacity to infect iPhones via Apple computers, posing a security threat to devices that have been largely resistant to cyber criminals.

The malware, dubbed WireLurker, "is capable of stealing a variety of information from the mobile devices it infects and regularly requests updates from the attackers command and control server," according to a report by the security firm, which added that "its creator's ultimate goal is not yet clear."

Apple, in a statement to AFP, said it had acted to block the malware.

As Apple computers and mobile devices have grown in popularity, they have become coveted targets for hackers eager to get to the ranks of users.

According to the researchers, WireLurker malware first infects a Mac computer, which uses the OS X operating system, and then installs itself on iOS devices -- iPads or iPhones -- when they are connected to the computers via USB ports.

The malware was traced back to a third-party Chinese app store.


Related Links
Cyberwar - Internet Security News - Systems and Policy Issues

Comment on this article via your Facebook, Yahoo, AOL, Hotmail login.

Share this article via these popular social media networks DiggDigg RedditReddit GoogleGoogle

Memory Foam Mattress Review
Newsletters :: SpaceDaily :: SpaceWar :: TerraDaily :: Energy Daily
XML Feeds :: Space News :: Earth News :: War News :: Solar Energy News

US mulls new tactics to stem wave of cyberattacks
Washington (AFP) Nov 06, 2014
As hacking attacks reach epidemic proportions, the US cybersecurity community is looking at new ways to step up defense, including counterattacking the hackers themselves. US cybersecurity firms have begun unprecedented levels of cooperation to shore up America's key computer networks, and some experts argue in favor of "hacking back," or using offensive tools to improve defense. Last mo ... read more

China examines the three stages of lunar test run

China gears up for lunar mission after round-trip success

NASA's LRO Spacecraft Captures Images of LADEE's Impact Crater

New lunar mission to test Chang'e-5 technology

Comet flyby of Mars changed chemistry of atmosphere: NASA

NASA's Curiosity Mars Rover Finds Mineral Match

MAVEN Continues Mars Exploration Begun 50 Years Ago by Mariner 4

You can't get to Mars, but your name can

A New Australian Spacecraft Begins Concept Testing

Synthetic Biology for Space Exploration

India to launch unmanned crew module in December

Orion Takes Big Step Before Moving to the Launch Pad

China plans to launch about 120 applied satellites

China to build global quantum communication network in 2030

China's Lunar Orbiter Makes Safe Landing, First in 40 Years

China's First Lunar Return Mission A Stunning Success

International Space Station astronauts put GoPro camera in a floating ball of water

ISS Agency Heads Issue Joint Statement

Station Trio Prepares for Departure amid Ongoing Science

Students text International Space Station using a 20-foot antenna

SpaceX chief Musk confirms Internet satellite plan

Japanese Satellites Orbited as Part of Russia-Ukraine Program

Experimental flight of GSLV Mark 3 in December

SpaceX chief Elon Musk eyes Internet satellites

Peering into Planetary Atmospheres

VLTI detects exozodiacal light

Yale finds a planet that won't stick to a schedule

In a first, astronomers map comets around another star

ORNL materials researchers get first look at atom-thin boundaries

Lockheed Martin partners for space debris research

Shaking the topological cocktail of success

From earphones to jet engines, 3D printing takes off

The content herein, unless otherwise known to be public domain, are Copyright 1995-2014 - Space Media Network. All websites are published in Australia and are solely subject to Australian law and governed by Fair Use principals for news reporting and research purposes. AFP, UPI and IANS news wire stories are copyright Agence France-Presse, United Press International and Indo-Asia News Service. ESA news reports are copyright European Space Agency. All NASA sourced material is public domain. Additional copyrights may apply in whole or part to other bona fide parties. Advertising does not imply endorsement, agreement or approval of any opinions, statements or information provided by Space Media Network on any Web page published or hosted by Space Media Network. Privacy Statement All images and articles appearing on Space Media Network have been edited or digitally altered in some way. Any requests to remove copyright material will be acted upon in a timely and appropriate manner. Any attempt to extort money from Space Media Network will be ignored and reported to Australian Law Enforcement Agencies as a potential case of financial fraud involving the use of a telephonic carriage device or postal service.