An international team of law enforcement agencies and security firms just took down “Avalanche,” a botnet that has been engaged in phishing attacks and at least 17 different malware families since at least late 2009. The team took offline more than 221 servers and more than 800,000 domain names used by Avalanche, and conducted searches and arrests in five countries, according to a statement released by the FBI and U.S. Department of Justice. Avalanche malware impacted victims in over 180 countries. Continue reading International Law Enforcement Takes Down Avalanche Botnet

In response to a classified edict from the National Security Agency or the FBI, Yahoo scanned all of its users’ incoming emails for a specific “set of characters,” keeping the scans and the software system it built to do so a secret. Millions of emails were scanned, but neither federal agency nor Yahoo will say if they found what they were looking for. Experts say this is the first case of a U.S. Internet company agreeing to search all arriving emails, rather than stored messages or a small number of email accounts. Continue reading In a First, Yahoo Secretly Scans All Incoming Emails for Feds

Six years ago, the Chinese military hacked Google, Yahoo and other technology companies. Google, whose co-founder Sergey Brin vowed “never again,” hired hundreds of security engineers to make good on that promise. Yahoo, under the leadership of Marissa Mayer, however, focused on other problems the ailing company faced and reportedly failed to take more stringent security measures. Now, Yahoo reports another serious breach, undetected for two years, with 500 million users’ credentials stolen. Yahoo and the FBI are investigating. Continue reading With Breach, Yahoo Pays the Price For Skimping on Security

In what could mark the largest-ever theft of personal data, Yahoo has confirmed that more than 500 million of its user accounts were hacked in late 2014. The Internet company is pointing the blame at state-sponsored hackers who reportedly stole names, email addresses, birth dates, phone numbers and encrypted passwords after breaking into the Yahoo network. The company does not believe the hack impacted unprotected passwords or financial data such as payment card or bank account info. The breach was discovered after Yahoo began investigating a claim by hackers who were attempting to sell 280 million usernames and passwords. Continue reading Hackers Steal Data From Half a Billion Yahoo User Accounts

Apple has announced its new “security bounty” initiative that will offer payments up to $200,000 to any hackers who inform the company about critical vulnerabilities to its products. In doing so, Apple joins major tech companies that have similar programs in place. Alphabet, Facebook and Microsoft “have paid out millions of dollars in bug bounties over the past few years,” reports The Wall Street Journal. Automobile companies such as Tesla and GM are also introducing bounty programs as vehicles are relying more on software to control their systems. Continue reading Apple is the Latest Tech Giant to Launch Bug Bounty Program

Although the FBI was finally able to decrypt the iPhone belonging to San Bernardino terrorist Syed Rizwan Farook by paying for a third party private hack, the issues around accessing content on a personal smartphone are not resolved. The FBI is figuring out how and if it can re-use the hack, but it’s not simply interested in what’s called “data at rest,” says FBI director James Comey. The FBI is also interested in “data in motion,” the emails, texts and other information in transit over the Internet as “hugely significant” for national security. Continue reading FBI iPhone Hack Could Impact the Future of Law Enforcement

As the result of a court order, Facebook-owned WhatsApp was shut down in Brazil yesterday. In an effort to obtain user data for a criminal investigation involving drug trafficking, Judge Marcel Maia Montalvão ordered telecoms to suspend the popular messaging service for 72 hours throughout Brazil. In March, Judge Montalvão ordered the arrest of Facebook exec Diego Dzodan, who was briefly taken into custody for refusing to turn over WhatsApp data (a higher court ordered the release of Dzodan after one night). WhatsApp says it has cooperated to the “full extent of [its] ability with local courts.” Continue reading Messaging Service WhatsApp Temporarily Shut Down in Brazil

Washington and Silicon Valley are poised to clash again in the ongoing debate over encryption technology in relation to data privacy, law enforcement and national security. Senate Intelligence Committee chair Richard Burr (Republican, NC) and Dianne Feinstein (Democrat, CA), the panel’s vice chair, have introduced proposed legislation that would require companies to unlock encrypted devices when served a court order. Congress has been working on a balance between security and privacy regarding encryption, especially in the wake of the recent iPhone case. Continue reading Proposed Encryption Bill Faces Opposition from Silicon Valley

Since the FBI broke the encryption of the iPhone 5C belonging to terrorist Syed Rizwan Farook, most likely with the help of the Israeli office of the Japanese mobile phone security firm Cellebrite Mobile Synchronization, it has been testing the method on other iPhone versions. It will not, however, disclose the phone’s flaw or the information found on Farook’s phone. European cases regarding locked phones are heating up, with France and England considering fines for companies that don’t help crack their phones’ encryption. Continue reading FBI Tries to Unlock More iPhones, Debate Continues in Europe

The Justice Department revealed it has learned a way to unlock Syed Rizwan Farook’s iPhone without help from Apple. Farook was a gunman in the San Bernardino shooting that killed 14 people. The announcement stalls the legal standoff between the federal government and Apple; the Justice Department will withdraw its efforts to enlist the tech company’s help in the investigation. While the news suspends the privacy vs. security debate, at least temporarily, law enforcement’s ability to open the device without Apple’s assistance raises new concerns. Continue reading Government Says iPhone Unlocked, Apple No Longer Needed

As the issue of digital encryption versus privacy roiled in the U.S. over the FBI’s demand that Apple unlock the iPhone of a mass murderer in California, recent violence in Brussels and Paris has brought those same issues to the fore in Europe. Although privacy is enshrined as a basic right in much of Europe, lawmakers in some countries are considering proposals that would give greater powers to law enforcement to access personal digital data. But privacy advocates in those same countries are fighting back. Continue reading Europe Divides in Battle Between Privacy, Digital Decryption

The FBI asked to postpone a hearing scheduled for today regarding the Apple encryption case. The Justice Department may no longer need the tech company’s help in opening an iPhone used by gunman Syed Rizwan Farook in the San Bernardino shootings. A third party has reportedly come forward with a technique to help unlock the phone, which is currently being tested. Judge Sheri Pym of the U.S. District Court for the Central District of California granted the Justice Department’s motion to postpone. The government is required to provide an update to the court by April 5. Continue reading FBI Tests Method to Unlock iPhone, Cancels Today’s Hearing

Although President Obama finally stated that he sides with the Justice Department in the ongoing battles between law enforcement and Apple over encryption of the San Bernardino shooter’s iPhone, U.S. citizens aren’t so sure. A Wall Street Journal/NBC News survey revealed that 47 percent of Americans believe Apple shouldn’t cooperate with law enforcement. The government is not just facing a difficult battle with Apple but another, even more crucial one with Facebook’s WhatsApp popular messaging application. Continue reading Apple, WhatsApp Cases Focus on Law Enforcement vs. Privacy

By now, everyone knows the general outline of the argument between Apple and the FBI, over the latter’s request for a backdoor into the San Bernardino shooter’s iPhone. Apple’s refusal to do so has sparked a war of words and legal actions between Apple and other proponents of data protection/digital privacy and the government, as well as others who believe national security trumps digital privacy. More recently, at the RSA Conference, an information security event, more nuances were revealed. Continue reading RSA Conference Reveals More Nuances in FBI-Apple Battle

Apple’s ongoing privacy battle with law enforcement received a boost yesterday when U.S. Magistrate Judge James Orenstein of New York’s Eastern District denied the federal government’s request that the company release data from an iPhone relevant to a New York drug case. The ruling could provide Apple with a leg up as it pushes forward with its defense of privacy concerns regarding its smartphones, and may impact other cases such as efforts by the FBI to compel Apple to open the iPhone related to last year’s mass shooting in San Bernardino, California. Continue reading Judge Sides with Apple in Closely Watched Encryption Case