Monthly Archives: April 2011
The Huffington Post Catharine Smith First Posted: 04/20/11 12:44 PM ET Updated: 04/20/11 12:44 PM ET
According to security researchers Pete Warden and Alasdair Allan, your iPhone or iPad is keeping a record of every step you take, storing this data and sharing it with the devices that sync with the iPhone or iPad. What’s troubling is that this information is unencrypted and can be accessed and viewed by anyone.
According to The Guardian, Warden and Allan discovered that devices running iOS 4 keep a record of time-stamped coordinates in a file called “consolidated.db.”
When the iPhone or iPad is connected to a laptop, this sensitive file is copied from the portable device to the laptop. Anyone who opens the file can scroll through and see a history of where you’ve been.
The pair have set up a site explaining their discovery. From their description:
Cell-phone providers collect similar data almost inevitably as part of their operations, but it’s kept behind their firewall. It normally requires a court order to gain access to it, whereas this is available to anyone who can get their hands on your phone or computer. […] By passively logging your location without your permission, Apple have made it possible for anyone from a jealous spouse to a private investigator to get a detailed picture of your movements.
Why are these Apple devices storing users’ geolocation data? The answers are not immediately apparent.
“One guess might be that they have new features in mind that require a history of your location, but that’s pure speculation. The fact that it’s transferred across devices when you restore or migrate is evidence the data-gathering isn’t accidental,” Warden and Allen say on their site.
They also believe that Apple may be the only company whose devices are storing customers’ geolocation data.
“Alasdair has looked for similar tracking code in [Google’s] Android phones and couldn’t find any,” Warden told The Guardian. “We haven’t come across any instances of other phone manufacturers doing this.”
Warden and Allen have developed an iPhone Tracker app that maps the location data stored in the iDevice. You can watch a video (below) to see a visualization of an iPhone owner’s trip from Washington D.C. to New York City and back.
WASHINGTON/BOSTON | Wed Apr 13, 2011 6:55pm EDT
(Reuters) – U.S. authorities claimed one of their biggest victories against cyber crime as they shut down a ring they said used malicious software to take control of more than 2 million PCs around the world, and may have led to theft of more than $100 million.
A computer virus, dubbed Coreflood, infected more than 2 million PCs, enslaving them into a “botnet” that grabbed banking credentials and other sensitive data its masters used to steal funds via fraudulent banking and wire transactions, the U.S. Department of Justice said on Wednesday.
The government shuttered that botnet, which had operated for a decade, by seizing hard drives used to run it after a federal court in Connecticut gave the go-ahead.
“This was big money stolen on a large scale by foreign criminals. The FBI wanted to stop it and they did an incredibly good job at it,” said Alan Paller, director of research at the SAN Institute, a nonprofit group that helps fight cyber crime.
The vast majority of the infected machines were in the United States, but the criminal gang was likely overseas.
“We’re pretty sure a Russian crime group was behind it,” said Paller.
Paller and other security experts said it was hard to know how much money the gang stole. It could easily be tens of millions of dollars and could go above $100 million, said Dave Marcus, McAfee Labs research and communications director.
A civil complaint against 13 unnamed foreign nationals was also filed by the U.S. district attorney in Connecticut. It accused them of wire and bank fraud. The Justice Department said it had an ongoing criminal investigation.
The malicious Coreflood software was used to infect computers with keylogging software that stole user names, passwords, financial data and other information, the Justice Department said.
“The seizure of the Coreflood servers and Internet domain names is expected to prevent criminals from using Coreflood or computers infected by Coreflood for their nefarious purposes,” U.S. Attorney David Fein said in a statement.
In March, law enforcement raids on servers used by a Rustock botnet were shut down after legal action against them by Microsoft Corp. Authorities severed the Rustock IP addresses, effectively disabling the botnet.
Rustock had been one of the biggest producers of spam e-mail, with some tech security experts estimating they produced half the spam that fills people’s junk mail bins.
A botnet is essentially one or more servers that spread malicious software and use the software to send spam or to steal personal information or data that can be used to empty a victim’s bank account.
U.S. government programmers shut down the Coreflood botnet on Tuesday. They also instructed the computers enslaved in the botnet to stop sending stolen data and to shut down. A similar tactic was used in a Dutch case, but it was the first time U.S. authorities had used this method to shut down a botnet, according to court documents.
Victims of the botnet included a real estate company in Michigan that lost $115,771, a South Carolina law firm that lost $78,421 and a Tennessee defense contractor that lost $241,866, according to the complaint filed in the U.S. District Court for the District of Connecticut.
The government plans to work with Internet service providers around the country to identify other victims.
By ERIC LIPTON and CHARLIE SAVAGE
Published: February 11, 2011
WASHINGTON — A fight between a group of pro-WikiLeaks hackers and a California-based Internet security business has opened a window onto the secretive world of private companies that offer to help corporations investigate and discredit their critics.
This week, hackers said they had penetrated the computers of HBGary Federal, a security company that sells investigative services to corporations, and posted tens of thousands of what appear to be its internal company e-mails on the Internet.
The documents appear to include pitches for unseemly ways to undermine adversaries of Bank of America and theU.S. Chamber of Commerce, like doing background research on their critics and then distributing fake documents to embarrass them.
The bank and the chamber do not appear to have directly solicited the spylike services of HBGary Federal. Rather, HBGary Federal offered to do the work for Hunton & Williams, a corporate law firm that has represented them.
A Hunton & Williams spokesman did not comment. But spokesmen for Bank of America and the chamber said Friday that they had not known about the presentations and that HBGary Federal was never hired on their behalf. A chamber spokesman characterized the proposal as “abhorrent.”
Since the hacked e-mails appeared on a file-sharing network several days ago, a broad range of bloggers and journalists have been scouring them and discussing highlights on the Internet. The New York Times also obtained a copy of the archive.
One document that has received particular attention is a PowerPoint presentation that said a trio of data-related companies — HBGary Federal, Palantir Technologies and Berico Technologies — could help attack WikiLeaks, which is rumored to be preparing to release internal e-mails from Bank of America.
One idea was to submit fake documents covertly to WikiLeaks, and then expose them as forgeries to discredit the group. It also suggested pressuring WikiLeaks’ supporters — notably Glenn Greenwald of Salon.com — by threatening their careers.
“Without the support of people like Glenn, WikiLeaks would fold,” the presentation said.
Another set of documents proposed similar ways to embarrass adversaries of the Chamber of Commerce for an initial fee of $200,000 and $2 million later.
The e-mails include what appears to be an exchange on Nov. 9, 2010, between Aaron Barr, HBGary Federal’s chief executive, and John W. Woods, a Hunton & Williams partner who focuses on corporate investigations. Mr. Barr recounted biographical tidbits about the family of a one-time employee of a union-backed group that had challenged the chamber’s opposition to Obama administration initiatives like health care legislation.
“They go to a Jewish church in DC,” Mr. Barr apparently wrote. “They have 2 kids, son and daughter.”
A week later, Mr. Barr submitted a detailed plan to Hunton & Williams for an extensive investigation into U.S. Chamber Watch and other critics of the chamber, including the possible creation of “in-depth target dossiers” and the identification of vulnerabilities in their computer networks that might be exploited.
Another PowerPoint presentation prepared for Hunton & Williams said the research that HBGary Federal and its partners could do for the law firm on behalf of the Chamber of Commerce would “mitigate effect of adversarial groups” like U.S. Chamber Watch. The presentation discussed the alleged criminal record of one leader of an antichamber group, and said the goal of its research would be to “discredit, confuse, shame, combat, infiltrate, fracture” the antichamber organizations.
HBGary acknowledged Tuesday in a statement that it had been the victim of a “criminal cyberattack,” but suggested that documents placed in the public domain might be “falsified.”
The other two businesses referred to in the apparent proposals as planned partners in the corporate investigations put out statements that distanced themselves from HBGary Federal but did not say the documents were fake.
The co-founders of Berico, Guy Filippelli and Nick Hallam, confirmed that Berico had been “asked to develop a proposal to support a law firm” that was helping companies “analyze internal information security and public relations challenges,” but said their proposal had been limited to “analyzing publicly available information.” They called efforts to target people “reprehensible” and said they were breaking all ties to HBGary Federal, a move that Palantir executives also said they were making.
The episode traces back to a dispute in December, when corporations includingMasterCard, Visa and PayPal severed ties to WikiLeaks, temporarily cutting off its ability to accept donations. WikiLeaks had just begun releasing leaked State Department cables in conjunction with a consortium of news organizations, including The New York Times.
Calling the companies’ severing of such ties an affront to Internet freedom, a loose-knit group of computer users named Anonymous coordinated attacks on the Web sites of such companies. Mr. Barr apparently began trying to uncover the identities of those involved with Anonymous. But after he boasted of his efforts in a newspaper article, hackers attacked his company’s Web site and made public the e-mails.
Jonathan E. Turner, who runs a Tennessee-based business that gathers intelligence for corporate clients, said that companies nationwide relied on investigators to gather potentially damaging information on possible business partners or rivals. “Information is power,” said Mr. Turner, former chairman of the Association of Certified Fraud Examiners.
He estimated that the “competitive intelligence” industry had 9,700 companies offering these services, with an annual market of more than $2 billion, but said there were limits to what tactics should be used.
Bank of America and the Chamber of Commerce distanced themselves on Friday from any effort to embarrass or collect disparaging information about their critics. “We have not engaged in, nor do we have any plans to engage in, the practices discussed in this alleged presentation by HBGary,” said Lawrence DiRita, a Bank of America spokesman.
Tom Collamore, a chamber spokesman, said, “The leaked e-mails appear to show that HBGary Federal was willing to propose questionable actions in an attempt to drum up business, but the chamber was not aware of these proposals until HBGary’s e-mails leaked.”
ICORP Investigations can be your source for Competitive Intelligence. Call 866-984-2677 to speak with a private investigator.