Israeli Intelligence Reportedly Watched Russia Use Kaspersky Anti-Virus as Hackers’ ‘Search Tool’

Kaspersky Lab founder and CEO Eugene Kaspersky. Photo: Getty

Following a ban on Kaspersky Lab’s anti-virus software for use by the US federal government, the Wall Street Journal reported that officials believe hackers used the software to steal sensitive NSA documents. On Wednesday, the story deepened with reports that the US government was tipped off by Israeli intelligence after its spies observed Russian agents using the software as a personal back door.

Article preview thumbnail

According to a report from the Wall Street Journal, highly classified material from the NSA was…

Read more Read

The New York Times was the first to break the story that Israeli agents were able to hack into the Kaspersky Lab network in 2014, and observe in real time what the Israeli agents claimed were hackers working for the Russian government searching through the computers of Kaspersky’s 400 million users.

Citing “multiple people who have been briefed on the matter,” the Times claims that the hackers were looking for code names used by American intelligence programs. Officials from Israel then notified the US government of what its agents had seen, and this information allegedly prompted the decision to remove Kaspersky’s software from almost two dozen agencies’ computers. Though the NSA wasn’t one of those agencies—it has breached anti-virus software before, so it knows better—the list of departments that were using it included the State Department, Department of Defense, Department of Energy and the Army, Navy and Air Force. In the case of the NSA breach, it’s believed that an employee took the classified information home to complete some after-hours work, and hackers were able to access his personal computer through Kaspersky.

The Israeli breach was confirmed by Kaspersky publicly in a 2015 report. From the Times:

The report did not name Israel as the intruder but noted that the breach bore striking similarities to a previous attack, known as “Duqu,” which researchers had attributed to the same nation states responsible for the infamous Stuxnet cyberweapon. Stuxnet was a joint American-Israeli operation that successfully infiltrated Iran’s Natanz nuclear facility, and used malicious code to destroy a fifth of Iran’s uranium centrifuges in 2010….

Among the targets Kaspersky uncovered were hotels and conference venues used for closed-door meetings by members of the United Nations Security Council to negotiate the terms of the Iran nuclear deal — negotiations from which Israel was excluded. Several targets were in the United States, which suggested that the operation was Israel’s alone, not a joint American-Israeli operation like Stuxnet.

It’s Kaspersky Lab’s job to hunt for and catalog malware, whether the malware is created by an individual, organized crime, or a nation-state. So, when the NSA uses malware tools for its own hacking purposes, Kaspersky will catalog what it knows. If a rival nation were to gain access to Kaspersky, it could use known code names and malware designs to search through Kaspersky’s system to locate US government computers and possibly go further. According to the Washington Post, which confirmed the Israeli report through its own sources:

Over the past several years, the firm has, on occasion, used a standard industry technique that detects computer viruses but can also be employed to identify information and other data not related to malware, according to two industry officials, who spoke on the condition of anonymity to discuss sensitive information.

The tool is called “silent signatures”—strings of digital code that operate in stealth to find malware but which could also be written to search computers for potential classified documents, using keywords or acronyms.

No reports thus far have offered any detailed evidence that Kaspersky Lab’s software has been compromised and no public reports have shown analysis to back up these intelligence claims. Kaspersky has vehemently denied any willing cooperation in Russian spying operations and in a press release stated:

As the integrity of our products is fundamental to our business, Kaspersky Lab patches any vulnerabilities it identifies or that are reported to the company. Kaspersky Lab reiterates its willingness to work alongside U.S. authorities to address any concerns they may have about its products as well as its systems, and respectfully requests any relevant, verifiable information that would help the company in its own investigation to certifiably refute the false accusations….

Kaspersky Lab has never helped, nor will help, for any government in the world with its cyberespionage efforts, and contrary to erroneous reports, Kaspersky Lab software does not contain any undeclared capabilities such as backdoors as that would be illegal and unethical.

Unfortunately for the company’s founder, Eugene Kaspersky, he has a background that raises suspicion based on his attendance of a Russian intelligence institute and his time working for the Ministry of Defence. He’s a respected figure in the security company, as is his software, but his company is also the only major anti-virus provider that has to route its data through Russian ISPs which are monitored by the Russian government. Kaspersky argues that the data is encrypted but not everyone is convinced that encryption is enough. Andrei Soldatov, a Russian surveillance expert and author of “The Red Web,” tells the Washington Post, that Kaspersky has to obtain a license from the FSB and that “means your company is completely transparent.”

Whether Kaspersky software is vulnerable or not, anti-virus protection is largely about trust. Anti-virus software itself is a big ol’ back door that relies on public trust and the security community’s mutual respect. These reports put the company in a bind because Kaspersky offered to go over the US and Israeli evidence to either further secure its product or defend itself against accusations. Those governments are likely unwilling to cooperate out of fear of revealing sources and methods. Likewise, whatever officials are leaking that this info came from Israel probably aren’t making that country’s intelligence arm very happy. For the average consumer, you’ll have to ask who you trust.

[New York Times, Washington Post]

from Gizmodo http://ift.tt/2zg3pSj
via IFTTT

Teens get their own Amazon accounts (if their parents let them)

Amazon’s terms of service state that anyone under the age of 18 can only use the service with "the involvement of a parent or guardian." Now, the online retailer is making it easier for parents to do just that. The company has introduced a new service that allows teenagers aged 13–17 to create their own logins tied to their parents’ account.

There are multiple ways parents can set limits on how their teens shop on Amazon. Once the order is placed, the parent will receive a text or an email with the item, cost, shipping address and payment information. Teens can also input a reason they need an item. Amazon’s default setting with this service is autoapproval of orders, but parents can individually approve them via text if they so prefer.

If parents want to give their teen more autonomy, they can skip the approval step altogether and just set spending limits. Once the order is placed, parents can see an itemized invoice and are able to cancel and return items, according to Amazon.com’s normal terms.

What’s more, parents can share Prime Video and Twitch Prime with their teens, allowing them to have their own account on these services. To get started, parents can visit amazon.com/forteens or sign up via a text or email invitation from their teens.

Source: Business Wire

from Engadget http://ift.tt/2g0vJzF
via IFTTT

11 million U.S. driver’s licenses compromised in Equifax cyber breach

The Wall Street Journal on Tuesday reported that 10.9 million Americans’ driver’s license numbers were compromised in the massive Equifax cyberattack disclosed last month.

Overall, around 145.5 million people had their information compromised, including Social Security numbers, birth dates and addresses.

The Journal reported (subscription required) that the driver’s licenses had been requested from customers to verify their identities when they went onto an Equifax web page to dispute their credit-report information — a page that later became one of the entry points hackers used to access the agency’s files. And of course a driver’s license is commonly used for confirming a person’s identity — or for stealing it.

While most of that 145.5 million customer total was in the United States, Equifax said Tuesday that 15.2 million client records in Britain were compromised, including sensitive information about nearly 700,000 consumers. The U.S.-based company said 14.5 million of the records, which dated from 2011 to 2016, did not contain information that put British consumers at risk.

Equifax said it would notify the 693,665 affected U.K. consumers by mail and offer them several of its own and third-party risk-mitigation products for free to help minimize the risk of criminal activity.

Equifax has faced seething criticism from consumers, regulators and lawmakers over its handling of the breach, which occurred between mid-May and late July and was not disclosed until Sept. 7. Since then, the company has parted ways with its chief executive officer, chief information officer and chief security officer.

“Once again, I would like to extend my most sincere apologies to anyone who has been concerned about or impacted by this criminal act,” said Patricio Remon, Equifax’s president for Europe. “Let me take this opportunity to emphasize that protecting the data of our consumers and clients is always our top priority.”

The company was alerted in March that a software security vulnerability existed in one or more of its systems, but it failed to fix the problem because of “both human error and technology failures,” former CEO Richard Smith told a U.S. congressional committee.

As a credit reporting agency, Equifax keeps vast amounts of consumer data for banks and other creditors to use to determine the chances of their customers’ defaulting.

The breach has prompted investigations by multiple federal and state agencies, including a criminal probe by the U.S. Department of Justice.

Equifax said earlier this month that it had determined some 8,000 Canadian consumers were also impacted by the breach, far fewer than the 100,000 it had previously warned were at risk.

It said the initial estimate “was preliminary and did not materialize” and that the company planned to mail notifications to those affected with information about free credit monitoring and identity theft protection services.

Reporting by John McCrank and Alastair Sharp

Related Video:

from Autoblog http://ift.tt/2gvIClL
via IFTTT

Kobe Steel falsified data on steel, aluminum, raises safety fears for cars, airplanes

TOKYO — Japan’s Kobe Steel Ltd plunged deeper into crisis on Wednesday over fresh revelations of widespread data fabrication, heightening a safety scare involving cars, trains and airplanes.

Investors, worried about the potential legal ramifications and the financial impact for Kobe, dumped the stock for a second day, wiping out nearly two-fifths of the market value of Japan’s third-biggest steelmaker.

Earlier on Wednesday, Kobe Steel said it may have fabricated data on iron powder products used in components such as automotive gears and was investigating the issue after media reported the abuses.The new revelations came after the steelmaker admitted over the weekend it had falsified data about the strength and durability of aluminum and copper products used in cars, aircraft, space rockets and defense equipment in a fresh blow to Japanese manufacturers’ s vaunted reputation for quality production.

Kobe Steel has said it was examining other possible data falsifications going back 10 years.

JAPAN-KOBE STEEL/

It has also launched an investigation into Kobelco Research Institute, which tests products for the company, the steelmaker said. The Nikkei newspaper reported the unit had shipped materials used for making semiconductors to customers without inspecting them.

​​​The company faces potential costs from any recalls, replacements and any legal action, including class-action suits in the U.S., Yuji Matsumoto, an analyst at Nomura Securities, said in a report.

The revelations about data tampering in its aluminum unit could also hit its plans to expand the business as carmakers increasingly use the material, which is lighter than steel, to meet tighter environmental rules.

“Aluminum is one of the key focus areas in the medium term as part of its strategy to help lighten vehicles (and) this will certainly have a negative impact on the expansion,” Matsumoto said in the report.

Multinationals, including automakers like Toyota and Ford, and aircraft manufacturers Boeing and Mitsubishi Heavy Industries, have said they are investigating.

SHARES DIVE

The market impact on Kobe Steel has been unforgiving, with its stock tumbling 18 percent to 878 yen after dropping 22 percent on Tuesday, wiping about $1.6 billion off its market value over two days.

The deepening scandal has forced the government to push the company to speedily resolve the crisis.

“This inappropriate behavior shakes the foundation of fair trading,” Deputy Chief Cabinet Secretary Kotaro Nogami told a regular news conference on Tuesday.

“We ask Kobe Steel to thoroughly look into the causes … and take steps to prevent a recurrence as well as to make utmost efforts to restore the trust of not only its customers but of society as a whole.”

The misconduct at Kobe Steel follows scandals involving falsified data at household names such as Nissan, Mitsubishi and Takata, which filed for bankruptcy earlier this year.

Toshiba is still battling the fallout of a scandal involving reporting inflated profits. The corrosive business practices have raised broader questions over corporate governance in Japan and cast doubts about the integrity of nation’s once-admired manufacturing industry.

EARLIER MISCONDUCT

The revelations of tampered data and specifications aren’t the first for Kobe Steel.

The company said in June 2016 that an affiliate, Shinko Wire Stainless Co., had falsified data on tests for tensile strength of some stainless steel wire for springs over a period of more than nine years.

In 2006, Kobe Steel said its Kakogawa steel works in western Japan had falsified data on soot emissions for a period of five years.

The Nikkei business daily reported that Kobe Steel intended to put its real estate business on the block in an effort to shore up already shaky finances now threatened by the data falsification scandal.

In a statement Kobe Steel denied the report, saying it was assessing its options.

The steelmaker has reported losses in the last two full financial years but is expecting to return to profit in the current period.

Sales of Kobe Steel’s aluminum and copper division fell 6.4 percent year on year to 323.3 billion yen ($2.9 billion) in the financial year ending March 2017, with recurring profit falling 20.5 percent to 12 billion yen.

Reporting by Makiko Yamazaki, Hideyuki Sano, Yuka Obayashi and Kaneko Kaori

Related Video:

from Autoblog http://ift.tt/2yfOKrA
via IFTTT

Cadillac’s hands-free feature fixes the worst parts about driving

The 145-mile jaunt between Flagstaff, Arizona, and Phoenix is almost entirely downhill. With a drop of approximately 5,800 feet between the two cities, the road that joins them — Interstate 17 — has multiple warnings about saving your brakes (meant mostly for big rigs) and is peppered with sharper twists and turns than your typical highway. Yet, while I was behind the wheel, I did almost nothing for the entire drive thanks to Cadillac’s new Super Cruise feature on the 2018 CT6.

Super Cruise is Cadillac’s answer to semi-autonomous features from BMW, Mercedes and of course, Tesla’s Autopilot. But unlike those systems where you’re chastised by the car within moments of removing your mitts from the wheel until you return them, Super Cruise is totally hands-free.

Before we get into the nitty-gritty of the car and Super Cruise, let’s talk about the steering wheel with a built-in light. I’ll admit when Cadillac announced its semi-autonomous feature and showed off the light-infused steering wheel, I rolled my eyes. It seemed gimmicky and more importantly, ugly. When you drop a big wad of cash on a luxury car, the last thing you want is a feature that just annoys your senses. And yet, when I sat behind of the wheel CT6, it didn’t seem so bad. While I was actually driving, the wheel’s notification lights made sure I knew exactly which driving mode I was in.

When the car is in Super Cruise mode, the wheel glows green. When it determines that you’re not paying enough attention to the road it flashes green and when you’ve ignored that or the vehicle encounters something it can’t handle on its own, it flashes red.

Super Cruise also has a sort of "standby" mode — if you take the wheel to switch lanes (the car will not switch lanes for you) the lights will pulse blue to indicate that as soon as the car is back in the middle of a lane, Super Cruise will take over again.

This all leads me writing something I didn’t expect: I like the light on the steering wheel. It’s helpful without being overbearing. Yeah, I’m also surprised by that admission. But there you have it. Yes, having a light bar embedded in a steering wheel is slightly odd, but it adds a layer of safety to a feature that’ll be brand new to most of the people that buy this car. Changing the way people drive usually involves changing the way they interact with their vehicles, especially when they’re told they can take their hands off the wheel for an extended period of time.

Because you can leave your hands by your sides, the system uses an infrared camera mounted on the steering column to make sure you’re still ready to take over if things go south. It tracks your eyes, nose, mouth and ears and figures out where you’re looking. If you’re looking forward out the windshield or checking your mirrors, you’re fine. But let’s say you start staring out the side window or worse, at your phone, the car prompts you to start paying attention by flashing the green steering wheel light. If you ignore that, the flashing light on the wheel and accompanying audible warning for too long, the car will slow down, stop, turn on the flashers and call the authorities via OnStar.

I did turn my head to test the feature (while keeping a side eye on the road), and the car reacted by first flashing green then red to get my attention. Even when I was wearing dark sunglasses, it was able to determine where I was looking. Cadillac says that if the IR camera can’t see your eyes, it uses the rest of your facial features to see where you’re looking. The only time the system failed is when it had direct sunlight blinding its sensor. In the nearly 1,000 miles I drove the car that only happened for about 10 minutes. I continued on the same heading on the painfully straight Interstate 10, the sun moved slightly in the sky, and the feature was back in business and I was back to sort-of driving.

During my two very long drives with the 2018 $85,300 high-end Platinum trim level of the CT6 with Super Cruise (first from Sante Fe to Phoenix then from Phoenix to LA), 80 percent of the time the car was doing all the work while I rested my hands on my legs. Like all new semi-autonomous features, it was initially unnerving to give up that much control while cruising down the highway at 70 miles per hour. I’ve seen videos of, and experienced, features like this suddenly jerk out of their lane so as we started to pass our first big rig I had my hands hovering over the steering wheel.

In fact, I did that for the first dozen or so semitrucks, and yet at no time did the car drift into danger or deviate from the center of the lane. By the end of the first day’s drive, Super Cruise’s promise of truly hands-free cruising down the freeway had delivered. Sure there were a few hiccups; none of these systems are infallible and you should always, ALWAYS, give the road your full attention and be ready to take over control at any time. But I’m a fan of Super Cruise even though it comes with a few caveats.

First off, it’s geo-fenced to divided highways without any sort of cross traffic. You can’t trick it into working on a back road or highway with grade crossing. But as the saying goes, that’s not a bug, it’s a feature. A big portion of the system that makes Super Cruise possible is the high-definition LiDAR maps that ship with every car.

Cadillac teamed up with mapping company Ushr to create LiDAR maps of approximately 160,000 miles of divided highway in the United States and Canada. The automaker uses those maps along with the car’s high-precision GPS, long-range radar and camera to keep the car centered in a lane. Cadillac says the LiDAR maps are precise within 10 centimeters and are updated quarterly to take into account changes to the roads.

While the maps help power a feature that keeps the CT6 centered, it also removes any chance that you’ll be able to use this feature anywhere Cadillac has deemed unworthy of Super Cruise. This could turn off some potential buyers. For others, it’s a stop gap from them trying to make the car do something it’s not ready to accomplish. I don’t see it as an issue and judging by the amount of YouTube videos of Tesla owners "hacking" their cars to run hands-free in environments Autopilot is not built to handle, it’s probably a worthy restriction at least for the sake of other drivers on the road.

Super Cruise will work between zero and 85 miles per hour, which makes it great for long boring road trips and the worst part of driving: commuting. In addition to solidly staying in a lane for long periods of time at highway speeds, it was also handled dense Los Angeles traffic with ease for the most part.

Cadillac annotated its LiDAR maps with information about interchanges, on- and off-ramps, lane endings, toll booths and other items you’ll encounter on the road. When those are approaching, the system will instruct you take over driving. Because the map can see 2,500 meters (about 1.5 miles) in front of the car, it’s usually before the driver notices something is about to happen.

On more than a few occasions, I was prompted take control for a mysterious reason that would later reveal itself. While driving on Interstate 10 through the Arizona and California desert, those instances were few and far between. Los Angeles’ complex interchanges (which frankly confuse most humans) on the other hand meant I was taking control of the car on a regular basis. It wasn’t annoying but it’s worth noting. Yet it was when LA traffic came to a standstill that the value of Super Cruise was really apparent.

The ability to track the vehicle ahead of it and stop and start with traffic while staying in its lane is a blessing for commuters. Yes, you’re still stuck in traffic, but your stress level is going to go down because the car is doing all the monotonous work. A few vehicles did cut me off and the CT6 reacted by slowing down or stopping without my input, but one driver decided to throw caution to the wind and turned into my lane with only inches to spare and the car had me take over. It’s a nice reminder that you need to stay alert with these systems and that people are horrible drivers.

All that tech is crammed into the luxury CT6 sedan that we reviewed last year. Other than Super Cruise, it’s essentially the exact same car. It’s comfortable and chock full amenities like massaging seats and rear passenger video screens. The Platinum edition I drove had twin-turbo 3.0 liter engine pumping out 404 horsepower and 400 pounds of torque. It’s a beast that cruises smoothly on the high, but when it’s needed can chew up the pavement. I’m still not a fan of the eight-speed automatic transmission during spirited driving, but the paddle shifters are solid in that type of environment and frankly 95 percent of the time, it’s not even remotely an issue.

Of course all that fancy and Super Cruise means you’re going to be shelling out some big money. On the Premium trim of the car, which starts at $66,300, Super Cruise is part of a $5,000 option that includes adaptive cruise control. Meanwhile, the top-of-the-line Platinum edition starts at $85,300 with Super Cruise standard.

While Super Cruise is currently only available on the CT6, expect to see it land on the Escalade in the next few years and if enough buyers tack it onto their cars, it’s very likely the feature will permeate the entire Cadillac line and other GM vehicles.

Will those cars get the light steering wheel though? It’s tough to tell. As drivers become more accustomed to semi-autonomous features determining which mode a car is in might become second nature. For now, though, Super Cruise is a surprisingly solid solution to highway driving with a totally not annoying green light at the top of the wheel leading the way.

from Engadget http://ift.tt/2y9wssW
via IFTTT


Notice: Undefined property: wpdb::$is_admin in /homepages/23/d91462540/htdocs/wp-includes/wp-db.php on line 625