Lawsuit: Fox News group hacked, surveilled, and stalked ex-host Andrea Tantaros

Comparing their actions to the plot this season on the Showtime series Homeland, an attorney for former Fox News host Andrea Tantaros has filed a complaint in federal court against Fox News, current and former Fox executives, Peter Snyder and his financial firm Disruptor Inc., and 50 “John Doe” defendants. The suit alleges that collective participated in a hacking and surveillance campaign against her.

Tantaros filed a sexual harassment suit against Roger Ailes and Fox News in August of 2016, after filing internal complaints with the company about harassment dating back to February of 2015. She was fired by the network in April of 2016, as Tantaros continued to press complaints against Fox News’ then-Chairman and CEO Roger Ailes, Bill O’Reilly, and others. Tantaros had informed Fox that she would be filing a lawsuit over the alleged sexual harassment.

Tantaros claims that as early as February of 2015, a group run out of a “black room” at Fox News engaged in surveillance and electronic harassment of her, including the use of “sock puppet” social media accounts to electronically stalk her. According to the lawsuit:

Read 7 remaining paragraphs | Comments

Russian-controlled telecom hijacks financial services’ Internet traffic

On Wednesday, large chunks of network traffic belonging to MasterCard, Visa, and more than two dozen other financial services companies were briefly routed through a Russian government-controlled telecom under unexplained circumstances that renew lingering questions about the trust and reliability of some of the most sensitive Internet communications.

Anomalies in the border gateway protocol—which routes large-scale amounts of traffic among Internet backbones, ISPs, and other large networks—are common and usually the result of human error. While it’s possible Wednesday’s five- to seven-minute hijack of 36 large network blocks may also have been inadvertent, the high concentration of technology and financial services companies affected made the incident “curious” to engineers at network monitoring service BGPmon. What’s more, the way some of the affected networks were redirected indicated their underlying prefixes had been manually inserted into BGP tables, most likely by someone at Rostelecom, the Russian government-controlled telecom that improperly announced ownership of the blocks.

“Quite suspicious”

“I would classify this as quite suspicious,” Doug Madory, director of Internet analysis at network management firm Dyn, told Ars. “Typically accidental leaks appear more voluminous and indiscriminate. This would appear to be targeted to financial institutions. A typical cause of these errors [is] in some sort of internal traffic engineering, but it would seem strange that someone would limit their traffic engineering to mostly financial networks.”

Read 8 remaining paragraphs | Comments

A vigilante is putting a huge amount of work into infecting IoT devices

Last week, Ars introduced readers to Hajime, the vigilante botnet that infects IoT devices before blackhats can hijack them. A technical analysis published Wednesday reveals for the first time just how much technical acumen went into designing and building the renegade network, which just may be the Internet’s most advanced IoT botnet.

As previously reported, Hajime uses the same list of user name and password combinations used by Mirai, the IoT botnet that spawned several, record-setting denial-of-service attacks last year. Once Hajime infects an Internet-connected camera, DVR, and other Internet-of-things device, the malware blocks access to four ports known to be the most widely used vectors for infecting IoT devices. It also displays a cryptographically signed message on infected device terminals that describes its creator as “just a white hat, securing some systems.”

Not your father’s IoT botnet

But unlike the bare-bones functionality found in Mirai, Hajime is a full-featured package that gives the botnet reliability, stealth, and reliance that’s largely unparalleled in the IoT landscape. Wednesday’s technical analysis, which was written by Pascal Geenens, a researcher at security firm Radware, makes clear that the unknown person or people behind Hajime invested plenty of time and talent.

Read 5 remaining paragraphs | Comments

Picture this: Senate staffers’ ID cards have photo of smart chip, no security

When Congress held hearings following the breach of the systems of the Office of Personnel Management (OPM) in 2015, one of the issues that caused great consternation among lawmakers was that the OPM had failed to implement two-factor authentication for employees, particularly when using virtual private networks. Federal information security standards in place at the time called for strong user authentication for any federal information system, but the OPM hadn’t figured out how to implement two-factor authentication principles—something users know (a password), plus something they have (which, in government, is typically a “smartcard” ID with digital authentication keys programmed onto a chip).

The OPM wasn’t alone. While the Department of Defense began issuing Common Access Cards in 2008 to be used for two-factor authentication on DOD systems and to control physical access to DOD facilities, most of the civilian agencies of the US federal government still hadn’t implemented their own smartcard (Personal Identity Verification, or PIV) systems at the time of the OPM breach.

The Government Accountability Office repeatedly warned of gaps in federal information security, including the lack of two-factor authentication on critical federal systems like those at OPM. And during President Barack Obama’s “cyber-sprint,” many more agencies did roll out smartcards for authentication.

Read 2 remaining paragraphs | Comments

NSA backdoor detected on >55,000 Windows boxes can now be remotely removed

After Microsoft officials dismissed evidence that more than 10,000 Windows machines on the Internet were infected by a highly advanced National Security Agency backdoor, private researchers are stepping in to fill the void. The latest example of this open source self-help came on Tuesday with the release of a tool that can remotely uninstall the DoublePulsar implant.

On late Friday afternoon, Microsoft officials issued a one-sentence statement saying that they doubted the accuracy of multiple Internet-wide scans that found anywhere from 30,000 to slightly more than 100,000 infected machines. The statement didn’t provide any factual basis for the doubt, and officials have yet to respond on the record to requests on Tuesday for an update. Over the weekend, Below0day released the results of a scan that detected 56,586 infected Windows boxes, an 85-percent jump in the 30,626 infections the security firm found three days earlier.

Both numbers are in the conservative end of widely ranging results from scans independently carried out by other researchers over the past week. On Monday, Rendition Infosec published a blog post saying DoublePulsar infections were on the rise and that company researchers are confident the scan results accurately reflect real-world conditions. Rendition founder Jake Williams told Ars that the number of infected machines is “well over 120k, but that number is a floor.”

Read 5 remaining paragraphs | Comments

AV provider Webroot melts down as update nukes hundreds of legit files

Antivirus provider Webroot is causing a world of trouble for customers. A signature update just nuked hundreds of benign files needed to run Microsoft Windows, as well as apps that run on top of the operating system.

Social media sites ignited on late Monday afternoon with customers reporting that servers and computers alike stopped working as a result of the mishap. The admin and security pundit who goes by the Twitter handle SwiftOnSecurity told Ars that, at the company he or she worked for, the false positive quarantined “several hundred” files used by Windows Insider Preview. Hundreds of “line of business” apps, such as those that track patient appointments or manage office equipment, suffered the same fate. Webroot was also flagging Facebook as a phishing site.

As this post was going live, Webroot’s cloud-based system for issuing commands to clients was unable to revert the quarantined files. Officials have yet to confirm they would be able to revert all the bad determinations.

Read 4 remaining paragraphs | Comments

BrickerBot, the permanent denial-of-service botnet, is back with a vengeance

BrickerBot, the botnet that permanently incapacitates poorly secured Internet of Things devices before they can be conscripted into Internet-crippling denial-of-service armies, is back with a new squadron of foot soldiers armed with a meaner arsenal of weapons.

Pascal Geenens, the researcher who first documented what he calls the permanent denial-of-service botnet, has dubbed the fiercest new instance BrickerBot.3. It appeared out of nowhere on April 20, exactly one month after BrickerBot.1 first surfaced. Not only did BrickerBot.3 mount a much quicker number of attacks—with 1,295 attacks coming in just 15 hours—it used a modified attack script that added several commands designed to more completely shock and awe its targets. BrickerBot.1, by comparison, fired 1,895 volleys during the four days it was active, and the still-active BrickerBot.2 has spit out close to 12 attacks per day.

“Just like BrickerBot.1, this attack was a short but intense burst,” Geenens told Ars. “Shorter than the four days BrickerBot.1 lasted, but even more intense. The attacks from BrickerBot.3 came in on a different honeypot than the one that recorded BrickerBot.1. There is, however, no correlation between the devices used in the previous attack versus the ones in this attack.”

Read 5 remaining paragraphs | Comments

Russian man gets longest-ever US hacking sentence, 27 years in prison

Russian hacker Roman Seleznev was sentenced to 27 years in prison today. He was convicted of causing more than $169 million in damage by hacking into point-of-sale computers.

Seleznev, aka “Track2,” would hack into computers belonging to both small businesses and large financial institutions, according to prosecutors. He was arrested in the Maldives in 2014 with a laptop that had more than 1.7 million credit card numbers. After an August 2016 trial, Seleznev was convicted on 38 counts, including wire fraud, intentional damage to a protected computer, and aggravated identity theft.

The sentence is quite close to the 30 years that the government asked for. Prosecutors said Seleznev deserved the harsh sentence because he was “a pioneer” who helped grow the market for stolen credit card data and because he “became one of the most revered point-of-sale hackers in the criminal underworld.”

Read 6 remaining paragraphs | Comments