We begin with a notable hack from TechWorm:
$104 and 8 hours of Amazon’s cloud computing is all it took to hack NSA’s website
Researchers hack NSA’s website with only $104 and 8 hours of Amazon’s cloud computing power using the #FREAK vulnerability
A group of researchers only needed $104 and 8 hours of Amazon’s cloud computing power and off course, FREAK to hack the NSA’s website. The researchers used NSA’s anti-encryption policies, which were the main reason for the newly disclosed internet flaw called FREAK, to make NSA’s own website a guinea pig.
The bug which was disclosed by Akamai and subsequently reported by Techworm on Monday allows any potential hacker to intercept a supposedly secure connection between people using Android or Apple devices and PC’s using Mac OS X and Safari browser. The websites vulnerable to this flaw may be in thousands including NSA.gov, FBI.gov and Whitehouse.gov.
Actually this isnt a flaw, it is a mis-implementation of encryption policies by United States and in a way NSA so that they could have a non-encrypted backdoor on every mobile. It would be stupid to assume that NSA created a massive security dark hole, that allows hackers to impersonate said website and steal confidential data like passwords and logins, without knowing it was doing that.
From the Register, ignoring the evident:
US watchdog: Anthem snubbed our security audits before and after enormous hack attack
Hackers probe where federal officials were forbidden
A year or so before American health insurer Anthem admitted it had been ruthlessly ransacked by hackers, a US federal watchdog had offered to audit the giant’s computer security – but was rebuffed.
And, after miscreants looted Anthem’s servers and accessed up to 88.8 million private records, the watchdog again offered to audit the insurer’s systems, and was again turned away.
“We do not know why Anthem refuses to cooperate,” government officials told The Register today.
The Office of the Inspector General (OIG) for the US Office of Personnel Management (OPM) told us it wanted to audit Anthem’s information security protections back in 2013, but was snubbed by the insurer.
From CBC News, a password showdown at the Canadian border:
Quebec resident Alain Philippon to fight charge for not giving up phone password at airport
Whether border officials can force you to provide password hasn’t been tested in Canadian courts
A Quebec man charged with obstructing border officials by refusing to give up his smartphone password says he will fight the charge.
The case has raised a new legal question in Canada, a law professor says.
Alain Philippon, 38, of Ste-Anne-des-Plaines, Que., refused to divulge his cellphone password to Canada Border Services Agency during a customs search Monday night at Halifax Stanfield International Airport.
Philippon had arrived in Halifax on a flight from Puerto Plata in the Dominican Republic. He’s been charged under section 153.1 (b) of the Customs Act for hindering or preventing border officers from performing their role under the act.
The Washington Post covers whistlblower fails at the FBI:
Report says procedures put a chilling effect on potential FBI whistleblowers
Jane Turner loved being a FBI agent.
It had been her dream job since she was 13, and she had been a good agent during her 25 years with the bureau.
But once she became a whistleblower, the FBI turned on her the way the mob turns on a snitch, by her telling. She wasn’t killed, but her career was.
Turner has become a prime example of the way the FBI should not treat whistleblowers. The Government Accountability Office (GAO) cites her case in a report that will be the focus of a Senate hearing Wednesday.
From the Associated Press, seeking access to the cloud:
Poland asks US for IT data vital in eavesdropping probe
A prosecutor says that Poland has asked U.S. authorities to release data from an IT company’s cloud that could be vital for the ongoing probe into a government eavesdropping scandal.
Spokeswoman for a Warsaw prosecutor’s office, Renata Mazur, said Thursday that a request was sent to U.S. justice authorities in January. She refused to name the IT company in question.
Polish prosecutors believe the cloud may hold some conversations between former government ministers and business people that were secretly taped in Warsaw restaurants. Some of the compromising conversations were published last year by the Wprost magazine, leading to some lower-ranking officials being fired, but many other recordings remain unknown.
The Guardian covers European net neutrality anxiety:
Freedom campaigners warn against dangers of two-speed internet
While the US voted to protect open internet, European ministers are accused of pushing to ‘permit every imaginable breach of net neutrality’
European ministers are pushing for new laws which would “permit every imaginable breach of net neutrality”, internet freedom campaigners have warned.
Days after the US voted to protect an open internet where all traffic is considered equal, proposals agreed by the telecoms ministers of 28 members states could allow a two–speed internet, where companies such as YouTube or Netflix could legally pay mobile networks or broadband providers for faster, more reliable delivery of their content – potentially to the detriment of other internet users.
Campaigners warn the move could stifle online innovation and undermine the digital economy.
From the Associated Press, spooky imbalance and the permafrost:
UK report: Spy agencies should seek female recruits online
British lawmakers say the country’s intelligence agencies, which inspired James Bond, aren’t doing enough to promote real-life Jane Bonds.
A report on women in the intelligence services says female staff members are being held back by a layer of middle managers, dubbed “the permafrost,” who have “a very traditional male mentality and outlook.”
The report published Thursday by Parliament’s Intelligence and Security Committee said that women make up 37 percent of the workforce at domestic spy service MI5, overseas intelligence agency MI6 and electronic eavesdropping center GCHQ. But women account for only 19 percent of senior staff.
The lawmakers said the agencies should cast a wider net to recruit middle-aged women and mothers, who had “valuable life experience.” It said agencies in which all staff “are cut from the same cloth” could lead to unacknowledged biases that hampered the work of espionage.
From BBC News, food for conspiratorial thought:
German BND spy agency hit by ‘Watergate’ leak
Germany’s Federal Intelligence Service (BND) is dealing with what media have described as its own “Watergate” scandal, after taps were removed from its unfinished new Berlin headquarters.
The removal happened on Tuesday and left large parts of the building flooded, police say.
An investigation has begun into the theft, but police have so far found no signs of a break-in. The incident is seen as embarrassing for the BND, as well as expensive.
From the Guardian, an old-fashioned spookery:
Russian police officer found guilty of spying for US
Roman Ushakov convicted of treason for handing over classified material and sentenced to 15 years in prison, in case likely to inflame US-Russian tensions
A Russian police officer has been convicted Thursday on charges of spying for the United States – using a cache disguised as a rock – and sentenced to 15 years in prison. It was the latest in a host of spy cases amid rising Russia-west tensions over Ukraine.
The Moscow city court on Thursday found Roman Ushakov guilty of treason for handing over classified information to the United States. Prosecutors produced his messages, which contained sensitive information about the interior ministry, as well as a rock-like cache with cash and a letter from the CIA, according to the Interfax news agency.
Interfax quoted prosecutor Viktor Antipov as saying Ushakov was caught red-handed, pleaded guilty and gave detailed testimony about his contacts with US intelligence. Antipov said Ushakov worked in Siberia, but gave no further details.
From the Associated Press, Bolivia’s former top narc investigated:
Former chief of Bolivia drug police under investigation
The retired police general who reorganized Bolivia’s counter-narcotics force after President Evo Morales expelled U.S. drug agents is under investigation for illicit enrichment and drug trafficking ties.
A judge was to decide Wednesday whether Gen. Oscar Nina should be jailed. Nina’s wife and two children were ordered jailed late Tuesday for suspected laundering of illicit earnings.
Interior Minister Hugo Moldiz cited “serious suspicions” that Nina and his family had links to drug trafficking. Prosecutor Gomer Padilla said investigators had discovered assets unsubstantiated by income but did not disclose their nature.
After the jump, another hotel chain hacked, Another piece of point of sale malware targets credit card data, a social engineering death threat, a privacy half-measure, drones to target cell phones with ads, on to the ISIS front, first, with oil fields ignited to block advance on Tikrit,, thousands take flight, U.S. strategies rely on Iranian help and an Iranian general becomes a star at home, ISIS bulldozes a legendary archaeological site, and an air strike kills Syrian Al Qaeda leaders, Afghanistan’s security forces dwindle, on to the Boko Haram front, first with an abundance of potential recruits, a massacre in a Nigerian village, and victims very young and very old, the South China Seas Game of Zone drives out a British oil exploration company, North Korea praises an attack on a U.S. ambassador, China refuses Japan’s plea to silence a Game of Zones website, but Beijing and Tokyo agree to security talks, Shinzo Abe’s team proposes streamlining the army command structure for combat readiness, and to close, Tokyo sues Okinawa to block release of an American base relocation agreement. . .
Hacking a favorite of the one percent, via the Associated Press:
Hotel chain Mandarin Oriental confirms credit card hack
High-end hotel chain Mandarin Oriental is the latest company to reveal that its credit card systems were hacked.
The company said Thursday that its hotels in the U.S. and Europe were affected, but did not specify which ones.
Mandarin Oriental operates about 30 hotels in cities across the world including Paris, London, Geneva, New York, Miami, San Francisco, Las Vegas as well as Shanghai, Hong Kong and Macau.
The company said it removed the bad software from its systems. Its investigation is continuing. It did not give details on the extent of the hack or if customers’ data were exposed.
Another piece of point of sale malware targets credit card data, via SecurityWeek:
PoS Malware Family Targeting SMBs Operated Under the Radar
Point-of-sale (PoS) malware has become one of the chief weapons used by attackers to steal credit and debit card data, and now researchers at Trend Micro say they have found yet another threat to add to the list of tools in criminals’ toolboxes.
The malware is dubbed PwnPOS, and has managed to stay under the radar despite being active since at least 2013. According to Trend Micro, it has been spotted targeting small-to-midsized businesses (SMBs) in Japan, Australia, India, Canada, Germany, Romania and the United States.
Trend Micro Threat Analyst Jay Yaneza called PwnPOS an example of malware that’s been “able to fly under the radar all these years due to its simple but thoughtful construction.”
From BBC News, a social engineering death threat:
Death threat issued in bogus tech support call
A bogus PC support call turned nasty when a victim asked the scammer why he was trying to steal money from people, reports CBC.
The conman threatened to send someone to kill Canadian Jakob Dulisse after the challenge.
Despite the conversation turning nasty, Mr Dulisse said the threat was just a way to get him to pay money.
Microsoft estimates fraudsters make about $1.5bn (£1bn) a year through fake Windows support calls.
From Network World, a privacy half-measure:
Lawmakers target data brokers in privacy bill
Four U.S. senators have resurrected legislation that would allow consumers to see and correct personal information held by data brokers and tell those businesses to stop sharing or selling it for marketing purposes.
The Data Broker Accountability and Transparency Act, introduced by four Democratic senators Thursday, also would require the U.S. Federal Trade Commission to craft rules for a centralized website for consumers to view a list of data brokers covered by the bill.
Data brokers collect personal information about consumers, often without their knowledge, and resell it to other businesses.
From Schneier on Security, drones to target cell phones with ads:
Now Corporate Drones are Spying on Cell Phones
The marketing firm Adnear is using drones to track cell phone users:
The capture does not involve conversations or personally identifiable information, according to director of marketing and research Smriti Kataria. It uses signal strength, cell tower triangulation, and other indicators to determine where the device is, and that information is then used to map the user’s travel patterns.
“Let’s say someone is walking near a coffee shop,” Kataria said by way of example.
The coffee shop may want to offer in-app ads or discount coupons to people who often walk by but don’t enter, as well as to frequent patrons when they are elsewhere. Adnear’s client would be the coffee shop or other retailers who want to entice passersby.
And on to the ISIS front, first, with oil fields ignited to block advance on Tikrit, via Reuters:
Islamic State torches oil field near Tikrit as militia advance
Islamic State militants have set fire to oil wells northeast of the city of Tikrit to obstruct an assault by Shi’ite militiamen and Iraqi soldiers trying to drive them from the Sunni Muslim city and surrounding towns, a witness said.
The witness and a military source said Islamic State fighters ignited the fire at the Ajil oil field to shield themselves from attack by Iraqi military helicopters.
The offensive is the biggest Iraqi forces have yet mounted against IS, which has declared an Islamic caliphate on captured territory in Iraq and Syria and spread fear across the region by slaughtering Arab and Western hostages and killing or kidnapping members of religious minorities like Yazidis and Christians.
Black smoke could be seen rising from the oil field since Wednesday afternoon, said the witness, who accompanied Iraqi militia and soldiers as they advanced on Tikrit from the east.
Taking flight with BBC News:
Islamic State crisis: Thousands flee Iraqi advance on Tikrit
A military operation to retake the Iraqi city of Tikrit from Islamic State (IS) has caused about 28,000 people to flee their homes, the UN says.
Those displaced are headed towards the city of Samarra, the UN said, but many families are stranded at checkpoints. Aid convoys carrying relief supplies are being sent to the area by UN agencies to help those affected.
The operation to retake Tikrit, involving some 30,000 soldiers and Shia militiamen, is now in its fourth day.
From the New York Times, U.S. strategies rely on Iranian help:
U.S. Strategy in Iraq Increasingly Relies on Iran
At a time when President Obama is under political pressure from congressional Republicans over negotiations to rein in Tehran’s nuclear ambitions, a startling paradox has emerged: Mr. Obama is becoming increasingly dependent on Iranian fighters as he tries to contain the Islamic State militant group in Iraq and Syria without committing American ground troops.
In the four days since Iranian troops joined 30,000 Iraqi forces to try to wrest Saddam Hussein’s hometown of Tikrit back from Islamic State control, American officials have said the United States is not coordinating with Iran, one of its fiercest global foes, in the fight against a common enemy.
That may be technically true. But American war planners have been closely monitoring Iran’s parallel war against the Islamic State, also known as ISIS or ISIL, through a range of channels, including conversations on radio frequencies that each side knows the other is monitoring. And the two militaries frequently seek to avoid conflict in their activities by using Iraqi command centers as an intermediary.
From the Washington Post, and an Iranian general becomes a star at home:
Qassem Suleimani, Iran’s spy commander, introduced to a new generation
Qassem Suleimani, the Iranian general helping militias fight the Islamic State in Iraq, is known by many names.
He’s the “Shadow Commander,” according to a profile by the New Yorker’s Dexter Filkins. He’s the “Dark Knight,” according to a piece by Foreign Policy magazine. And he’s the Iranian regime’s “Mr. Fix-It,” according to the Weekly Standard, which threw in a comparison to the Most Interesting Man in the World from the Dos Equis beer commercials for good measure.
He’s also been designated a terrorist by the United States on more than one occasion, and accused of playing a leading role in arming Shiite militias in Iraq to attack and kill U.S. troops during the Iraq war. The general is also thought to be a fierce supporter of Syrian President Bashar al-Assad.
From the New York Times, annihilating human history:
ISIS Attacks Archaeological Site at Nimrud
The Islamic State militant group attacked the ancient archaeological site of Nimrud in northern Iraq and damaged it with heavy vehicles, Iraq’s Ministry of Tourism and Antiquities said Thursday.
It was the latest in a series of attacks on ancient structures and artifacts in Syria and Iraq that the group has destroyed in the name of its harsh interpretation of Islamic law. Last week, Islamic State militants videotaped themselves destroying statues and artifacts in the Mosul Museum and at the Nergal Gate entryway to ancient Nineveh. The militants captured the city during its offensive blitz through much of Iraq last June.
“The terrorist gangs of ISIS are continuing to defy the will of the world and the feelings of humanity after they committed a new crime that belongs to its idiotic series,” the ministry said in a statement on its Facebook page, referring to the Islamic State, also known as ISIS, ISIL or Daesh.
Nimrud is the sprawling site of a city founded by the Assyrian King Shalamansar I, who died in 1245 B.C.
And an air strike kills Syrian Al Qaeda leaders, via Reuters:
Blast in Syria kills top al Qaeda commander, three others
Al Qaeda’s official Syrian wing, the Nusra Front, announced on Thursday the death of its top military commander, who insurgent sources said fell victim to a blast targeting a high-level militant meeting.
General Military Commander Abu Humam al-Shami, a veteran of Islamist militant fighting in Afghanistan, Iraq and Syria, was the senior-most member of the group to die in the Syria war, an insurgent source said.
Insurgent sources said a U.S.-led coalition air strike hit the meeting in the northwestern province of Idlib, but a coalition spokesman said it had not conducted air strikes in the province during the past 24 hours.
From Deutsche Welle, Afghanistan’s security forces dwindle:
Why Afghanistan’s security forces are dwindling
Combat casualties, desertions – a new US report reveals the number of Afghan security forces has dropped as they take on the Taliban with little support from foreign troops. But there also seem to be “accounting” issues.
The report, issued on March 3 by Special Inspector General for Afghanistan Reconstruction (SIGAR) John Sopko, states that the number of Afghan National Army (ANA) members has declined by more than 15,500 or 8.5 percent since February 2014 to 169,203 – the lowest force strength since August 2011. But it also stated that the US military had overestimated the size of the Afghan national security forces (ANSF) by a significant margin.
But are the Afghan security forces shrinking? There seem to be a number of factors. According to SIGAR, which is the US government watchdog for spending and projects in Afghanistan, one reason for this is that the ANA continues to suffer “serious combat losses.”
According to the newly declassified data, more than 1,300 ANA troops were killed and 6,200 others were wounded in action between October 2013 and September 2014. Police forces are estimated to have suffered similar, or even slightly higher, casualties.
On to the Boko Haram front, first with an abundance of potential recruits, via IRIN:
No shortage of recruits for Boko Haram in Cameroon’s Far North
Hundreds, perhaps thousands, of young people in northern Cameroon, who lack access to school and employment, are increasingly fighting alongside Boko Haram, local authorities say.
“We know Boko Haram is recruiting [youth] in Cameroon,” said Colonel Joseph Nouma of the Maroua Defense Regiment, speaking from the capital city of the Far North. “When you go to border villages, all you see are women and children and old people. Young [men], between the ages of 10 and 45 are no longer there. They are across the [Nigerian] border with Boko Haram militants.”
Underemployment, among all age groups, is at least 75 percent. Many young people, especially recent graduates, say it is impossible to find decent work.
Poverty rates in the Far North, which is already known for its high levels of food insecurity and malnutrition, have been on the rise since 2012, when Boko Haram attacks in the region began to impact the local economy.
From the Guardian, a massacre:
Boko Haram extremists kill at least 45 in Nigerian village
Group’s six-year campaign to carve out Islamic state in north-east of Nigeria has killed thousands and displaced over 1.5 million people
At least 45 people were killed on Tuesday by suspected Boko Haram militants in a remote village in the north-eastern Borno state of Nigeria, according to sources from the military and authorised vigilante groups.
The insurgents started shooting into houses in Njaba at about 5.30am, local time, a military source in Maiduguri told Reuters on Thursday. The village is close to the town of Damboa and about 60 miles south of the state capital, Maiduguri.
“The attack was not immediately known because the village is very remote and our men couldn’t access the area,” the source said.
Deutsche Welle covers the victims:
Nigerian ‘teenagers, elderly’ among scores killed by Boko Haram
Gunmen have attacked the remote village of Njaba in northeast Nigeria, killing scores of residents, including many teenagers. Survivors and military sources have blamed Boko Haram insurgents.
Survivors said as many as 68 people were killed in the dawn attack on Thursday and accused the gunmen of deliberately targeting children.
The AFP news agency quoted witnesses as saying heavily armed militants stormed the village in Borno state “from all directions” and then fired on fleeing residents, including “teenagers and the elderly.”
“The terrorists were armed to the teeth,” added Falmata Bisika. “Four of my grandchildren have been killed.”
The South China Seas Game of Zone drives out a British oil exploration company, via Want China Times:
Dispute forces UK company to stop drilling in South China Sea
A UK-listed company has been forced to suspend exploration in the South China Sea due to an ongoing territorial dispute between China and the Philippines.
Forum Energy, a UK-incorporated oil and gas exploration company with a focus on the Philippines, announced on March 2 that the Philippine Department of Energy has granted a force majeure on Service Contact 72 because the contract area falls within a disputed area subject to a UN arbitration process between the Philippines and China.
SC 72 is a Philippine government concession to extract oil and gas in the resource-rich Reed Bank, also known as the Recto Bank, situated about 85 nautical miles off the west coast of the Philippine province of Palawan in the South China Sea. It has been estimated that there is around 96.3 billion cubic meters of natural gas and 440 million barrels of crude oil in the bank.
Pyongyang lashes out to support a slasher, via the Washington Post:
North Korea: Knife attack on U.S. ambassador was ‘deserved punishment’
North Korea hailed a slashing attack against the U.S. ambassador in Seoul as “deserved punishment” for U.S. participation in military exercises on the Korean Peninsula, adding possible new tensions Thursday amid the political fallout after the assault.
The brief dispatch by North Korea’s official news agency did not assert any claims of responsibility or suggest ties to the knife-wielding man who lunged at Ambassador Mark Lippert at a public event Wednesday, leaving the diplomat with wounds across his face and hands.
But the provocative message carried by the Korean Central News Agency reflected sharpened rhetoric and optics — including images of the North’s leader Kim Jong Un conferring with commanders — in response to the joint military drills that began earlier this week.
From People’s Daily, a Game of Zones denial:
China rejects Japanese request to shut down Diaoyu Islands website
China rejected Japanese protest against a website for the Diaoyu Islands on Thursday, saying the Japanese demand to shut down the website is “unreasonable” .
Following China’s launch of the English and Japanese versions of a website for the Diaoyu Islands to demonstrate sovereignty, Japanese Chief Cabinet Secretary Yoshihide Suga said on Wednesday the site “distorts facts and reiterates China’s own claim,” which Japan “can never accept.”
Chinese Foreign Ministry spokesperson Hua Chunying said the Diaoyu Islands and their affiliated islands have been an inherent part of Chinese territory and China has abundant historical and legal evidence for that.
But Beijing and Tokyo agree to security talks, via Reuters:
Japan, China to hold first security talks in four years
Japanese and Chinese officials will hold their first security talks in four years in Tokyo later this month, Japan’s Foreign Ministry said on Thursday, the latest sign of a possible improvement in ties strained by a territorial dispute.
Relations between the world’s second- and third-largest economies have been damaged by conflicting claims to a group of tiny East China Sea islands and the legacy of Japan’s wartime occupation of its larger Asian neighbor.
Patrol ships and fighter jets from both countries have shadowed each other regularly near the uninhabited islands that are controlled by Japan, prompting fears that an accidental collision could escalate into conflict.
The security meeting, to be held on March 19, will involve top officials from the two countries’ foreign and defense ministries, the Foreign Ministry said in a statement. The last such meeting was in January 2011 in Beijing.
From the Asahi Shimbun, Shinzo Abe’s team proposes streamlining the army command structure for combat readiness:
Ground SDF to change command structure to ensure rapid response
The Defense Ministry is moving to place the Ground Self-Defense Force under unified command like the other two branches of the armed services to ensure a speedier response to natural disasters and security threats.
Ministry officials presented a proposal March 4 to the ruling Liberal Democratic Party’s National Defense Policy Division that would establish a ground defense command by fiscal 2017.
The new command structure is intended to speed up the process of issuing orders to the five GSDF regional armies in the event action has to be taken to defend the 6,800-plus outlying islands spread out along the Japanese archipelago.
Currently, the chief of staff of the Joint Staff issues orders separately to each of the units. Once they are given, the commander of each of the regional armies then issues orders to subordinate bases.
And from Jiji Press, Tokyo sues Okinawa to block release of an American base relocation agreement:
Japan Govt Sues Okinawa to Block Disclosure of Deal with U.S.
The Japanese government has filed a lawsuit to annul a decision by the prefectural government of Okinawa to disclose documents on a deal between the Japanese and U.S. governments on the sharing of prefectural roads within a U.S. military site, it was learned on Thursday.
Okinawa District Court has ordered the prefectural government to suspend the decision, according to the Defense Ministry’s Okinawa Defense Bureau.
The prefecture made the decision on Feb. 19, the day after the defense bureau, based on consultations with the U.S. side, submitted a written request not to release the documents.
