Cyber-ketju: verkkovakoilu,kännyköiden ja wlanien seuranta, hakkerointi, virukset, DoS etc
"Sparking a fresh controversy, anti-secrecy site WikiLeaks has threatened to make the private details public of millions of people who have 'verified' Twitter accounts."
""We are thinking of making an online database with all 'verified' twitter accounts and their family/job/financial/housing relations," the WikiLeaks Task Force said in a tweet, which has now been deleted."

Sekä jossakin vaiheessa FACEBOOK:
"Wikileaks Founder: Facebook is the most appalling spy machine that has ever been invented. Here we have the world’s most comprehensive database about people, their relationships, their names, their addresses, their locations, their communications with each other, and their relatives, all sitting within the United States, all accessible to US Intelligence. Assange says his website’s revelations are “just the tip of the iceberg”, adding that it’s only a matter of time before more damaging information becomes known.”"

USA:n ja eiköhän myös Kiinan, Venäjän...


Episode three brings the release of source-code files for the CIA's secret anti-forensic Marble Framework. The technology is designed to make the CIA's malware harder for security researchers at antivirus firms to analyse, thus hampering attribution. It does this by hiding ("obfuscating") text fragments.

Obfuscating code and designing it so that it detects and doesn't run in virtual machine sandbox has not been an uncommon tool among mainstream cybercrooks for some years.

One feature in Marble stands out. It creates a means for virus writers to pretend that the malware was created by a speaker of a range of foreign languages (Chinese, Russian, Korean, Arabic and Farsi). These are, of course, the languages of the US's main cyber-adversaries – China, Russia, North Korea and (historically, at least) Iran.


The IAAF has been hacked and it blames the notorious Russian hacking group APT 28, also known as FANCY BEAR, for the attack which targeted athletes'Therapeutic Use Exemption (TUE) applications stored on IAAF servers.

The attack was uncovered by Context Information Security, a cyber incidence response firm contracted by the athletics' governing body in January to investigate IAAF systems. On 21 February, Context detected the "presence of unauthorised remote access to the IAAF network ... where meta data on athlete TUEs was collected from a file server and stored in a newly created file," the IAAF said.

"It is not known if this information was subsequently stolen from the network, but it does give a strong indication of the attackers’ interest and intent, and shows they had access and means to obtain content from this file at will."


Tyrmistyttävä pankkikeikka

Rather than picking off online banking customers one by one, ambitious hackers took control of a Brazilian bank's entire DNS infrastructure to rob punters blind.

The heist, detailed by security engineers at Kaspersky Lab, took place over about five hours on Saturday October 22, 2016, after the miscreants managed to get control of the bank's DNS hosting service using targeted attacks. They managed to transfer all 36 of the bank's domains to phony websites that used free HTTPS certs from Let's Encrypt. These sites masqueraded as the bank's legit online services, tricking marks into believing the malicious servers were the real deal. That allowed the crims to steal customers' usernames and passwords as they were typed into the sites' login boxes.

"All domains, including corporate domains, were in control of the bad guy," said Fabio Assolini, a senior security researcher at Kaspersky, in a blog post. He said the attackers also took over the bank's email servers so that staff couldn't warn customers not to log in.

During the attack, every time a customer logged in, they were handing over their details to the attackers, all of which were sent off to a command and control server in Canada. In addition, the dummy websites dropped malware onto each visitor's computer in the form of .zip'd Java plugin files: clicking on those would start an infection on machines capable of running the malicious code.

The malware had eight separate modules, covering abilities like credential-stealing for Microsoft Exchange, Thunderbird, and the local address book, updating systems, and a program called Avenger. This software is a legitimate rootkit removal tool that had been modified to shut down security software on any computer that downloaded it.

"The bad guys wanted to use that opportunity to hijack operations of the original bank, but also drop malware with the capacity to steal money from banks of other countries," said Dmitry Bestuzhev, director of Kaspersky Lab's global research and analysis team in Latin America.

The burst of malware did set off alarms elsewhere, and the source was traced back to the bank. Security staff managed to get the original DNS credentials restored to the bank, however the attack shows the importance of managing such things much more tightly.

"Imagine if one employee is phished and the attackers had access to the DNS tables, man that would be very bad," Bestuzhev said. "If DNS was under control of the criminals, you're screwed." ®


UK companies are being targeted by a China-based global hacking group dubbed APT10.

The Operation Cloud Hopper campaign focuses on managed service providers (MSPs) which, when successful, gives the APT10 hackers access to their intellectual property, sensitive data, and global clients. A number of Japanese organisations have also been targeted by the same crew, according to a joint report by PwC and BAE Systems.

APT10 has significantly increased its scale and capability since early 2016, including the addition of new custom tools. The switch from using the Poison Ivy and PlugX malware to bespoke malware as well as open-source tools shows increased sophistication. The group still uses phishing and other social engineering techniques to push its wares.

The group focuses on espionage activity, targeting intellectual property and other sensitive data, PwC reports.

"APT10 is known to have exfiltrated a high volume of data from multiple victims, exploiting compromised MSP networks, and those of their customers, to stealthily move this data around the world," the researchers warn.

PwC UK and BAE Systems rate it "highly likely" that APT10 is a China-based threat actor. The group has been active since 2009, and has already been profiled by other security researchers at FireEye and CrowdStrike among others.

Targeting service providers in order to get at their clients represents a shift in tactics by cyber-spies that might be compelled to go after university research departments in an attempt to get at defence contractors or hacking the systems of lawyers and accountants of other intel targets.

Donato Capitella, senior security consultant at MWR InfoSecurity, commented: "In the past decade we have observed major, critical organisations raise their cyber defence profile, by allocating larger budgets into their prevention, detection and response capabilities. This naturally led to crime displacement or relocation, meaning that attackers have shifted their attention to the smaller third parties that supply services to these organisations."

Matt Walmsley, EMEA director at cybersecurity company Vectra Networks, added: "These criminals continue to play a long game, prepared to wait months – even years – to harvest valuable data without being noticed. Malicious code or indeed a live connection to a bad actor can sit, unnoticed like a leech, harvesting useful data slowly and consistently."
Viimeksi muokattu:


Pilvipalvelut ja online scannerit ovat valtiollisten seuraavia kohteita.

Malware scanning services could be the next listening outpost for criminals and nation-state attackers as more of these services such as VirusTotal are becoming containers for personal, business and even classified information because of some organizations’ policy decision to upload every file, document and email.

A U.S. cybersecurity company has uncovered a malicious script on the website of the National Foreign Trade Council, a public policy and lobbying organization devoted to U.S. trade policy. And John Bambenek, threat intelligence manager for Fidelis Cybersecurity, whose team found the script, says he is “highly confident” the script was placed there by Chinese state-sponsored actors.

The script is a tool known as a Scanbox. It has, to date, been used only by groups widely known to be affiliated with the Chinese government. “There's no evidence that anybody else has commandeered or used [Scanbox],” Bambenek says.

The script provides information about a victim's operating system, IP address, and software programs, which attackers can later use in targeted phishing campaigns. For example, if attackers learn that someone is using a browser with known software holes, they may target that person with an exploit that the hackers know will work for the user’s particular version.

Fidelis believes this particular operation, which was observed between 27 February and 1 March, was conducted as espionage in preparation for Chinese President Xi's meeting with U.S. President Trump on today and Friday. Bambenek believes the tool was being used to collect intelligence about trade policy rather than to steal trade secrets from U.S. companies.

Hidden within the National Foreign Trade Council’s site, the Scanbox script ran whenever a visitor navigated to a page with a registration form for an upcoming Board of Directors meeting. That means the script, which has been removed, likely targeted board members, many of whom are also from major U.S. companies.

Bambenek calls Scanbox “a fairly lightweight tool” that is primarily used for gathering information. Chinese groups have relied on it for reconnaissance since at least 2014. Once a victim closes the tab or browser in which Scanbox is operating, they are no longer affected.

Fidelis was alerted to the script when cybersecurity programs it had developed were automatically triggered by software that appeared to be Scanbox. Fidelis says it has shared the information about Scanbox with the Federal Bureau of Investigation.

Mike Buratowski, vice president of cybersecurity services with Fidelis, says nonprofits and think tanks are increasingly targeted by state-sponsored attackers because they have access to privileged information and are in touch with government agencies.

“The reality is that almost every government in the world has think tanks and policy organizations, and all of these are really the soft targets of government,” Bambenek says.
Viimeksi muokattu:


The traditional model of hacking a bank isn’t so different from the old-fashioned method of robbing one. Thieves get in, get the goods, and get out. But one enterprising group of hackers targeting a Brazilian bank seems to have taken a more comprehensive and devious approach: One weekend afternoon, they rerouted all of the bank’s online customers to perfectly reconstructed fakes of the bank’s properties, where the marks obediently handed over their account information.

Researchers at the security firm Kaspersky on Tuesday described an unprecedented case of wholesale bank fraud, one that essentially hijacked a bank’s entire internet footprint. At 1 pm on October 22 of last year, the researchers say, hackers changed the Domain Name System registrations of all 36 of the bank’s online properties, commandeering the bank’s desktop and mobile website domains to take users to phishing sites. In practice, that meant the hackers could steal login credentials at sites hosted at the bank’s legitimate web addresses. Kaspersky researchers believe the hackers may have even simultaneously redirected all transactions at ATMs or point-of-sale systems to their own servers, collecting the credit card details of anyone who used their card that Saturday afternoon.

“Absolutely all of the bank’s online operations were under the attackers’ control for five to six hours,” says Dmitry Bestuzhev, one of the Kaspersky researchers who analyzed the attack in real time after seeing malware infecting customers from what appeared to be the bank’s fully valid domain. From the hackers’ point of view, as Bestuzhev puts it, the DNS attack meant that “you become the bank. Everything belongs to you now.”



The transition to internet protocol version 6 has opened up a whole new range of threat vectors that allow attackers to set up undetectable communications channels across networks, researchers have found.

A paper has been published by researchers at the NATO defence alliance's Cooperative Cyber Defence Centre of Excellence and Estonia's Tallinn University of Technology. It outlines how attackers can create covert data exfiltration channels and system remote control, using IPv6 transition mechanisms.

IPv6 aims to remove the technical drawbacks of the older IPv4 addressing scheme but brings its own fresh set of dangers, the researchers warned.

Since IPv6 implementations and security solutions are relatively new and untested, and systems engineers aren't fully aware of them, the new protocol can become a network backdoor attackers can exploit undetected.

The researchers developed proofs of concept with tunnel-based IPv6 transition tools over IPv4-only, or IPv4/IPv6 dual-stack networks, that were able to pass traffic undetected by common network intrusion detection systems (NIDS) such as Snort, Suricata, Bro and Moloch.

Defending against such IPv6 tunnelling attacks is very difficult with current NIDS.



Hacking tools that WikiLeaks says were developed by the CIA have now been linked to an operation that targeted governments and corporations all over the world during the past six years. The tools, which include malware that can be used to take control of myriad devices and applications, were described in 9,000 documents and files that WikiLeaks released last month in an archive it calls Vault 7.

After analyzing the details of the malware described in the archive, investigators at Symantec found close forensic matches to several pieces of invasive software they had been tracking since 2014. That malware had infected at least 40 targets in 16 countries since 2011, the company said in a blog post, and was possibly active as far back as 2007.

Long before WikiLeaks claimed the malware was created by the CIA, Symantec had already assumed the group responsible—which it dubbed “Longhorn”—was government-sponsored. That assumption was based on several factors, such as the global scope of the group’s operation, the level of sophistication of the malware itself, and one other telling detail:

“The group appeared to work a standard Monday to Friday working week, based on timestamps and domain name registration dates, behavior which is consistent with state-sponsored groups,” the company said in a blog post about its analysis, published April 10


Videoluentoja kyypermaailmasta.

Kyber kaikkialla - Mitä Sinun tulee tietää?
Jyväskylän yliopiston informaatioteknologian tiedekunta ja Keski-Suomen kadettipiiri järjestävät syksyn 2016 aikana kaikille avoimen luentosarjan, jossa tarkastellaan monipuolisesti kybermaailman vaikutusta suomalaiseen toimintaympäristöön ja turvallisuuteen.



Oman kokemuksen mukaan aivan täyttä totta, mutta kuitenkin korostaisin tässä sitä että kaikki ei ole tehty samasta puusta ja jotkut lähtevät pimeisiin puuhiin, koska lulz. Suurin osa heistä tiedostaa sen faktan notta jos rahaan kosket, niin se on lopun alku. Täten on helpompi jatkaa operaatiota muualla kuin finanssisaiteilla.

Teenage hackers are motivated by idealism and impressing their mates rather than money, according to a study by the National Crime Agency.

The law enforcement organisation interviewed teenagers and children as young as 12 who had been arrested or cautioned for computer-based crimes.

It found that those interviewed, who had an average age of 17, were unlikely to be involved in theft, fraud or harassment. Instead they saw hacking as a “moral crusade”, said Paul Hoare, senior manager at the NCA’s cybercrime unit, who led the research.

Others were motivated by a desire to tackle technical problems and prove themselves to friends, the report found.

Speaking to BBC Radio 4’s Today programme, Hoare said: “They don’t understand the implications on business, government websites and individuals.”

He said young hackers could profit from their skills if they avoided cybercrime: “A lot of the skill sets these people have are hugely marketable. The world has a lack of cybersecurity and there are lucrative careers to be had, but which are much harder to come by if you already have a criminal conviction.”

Jake Davis, a former member of the Anonymous hacking collective who was arrested aged 18 in 2011 for attacking government websites, said he had no desire to profit from his crimes but wanted to challenge secrecy.

He said: “It was not financially motivated at all, as the NCA report says, it was mostly politically motivated. I was motivated as a teenager by the idea that this internet was this utopian space that shouldn’t be controlled or filtered or segmented or chopped up into little blocks and distributed out, and that it should be open and free, and anyone in the world should be able to use it.”

Davis, who served time in a young offender institution and was banned from the internet for two years, said he had not lost his idealism. “There is still a place for that kind of idea of freedom online, but we got a little bit out of hand,” he said.

He suggested there were more opportunities to get involved in “ethical hacking”. Davis said: “Companies and governments love hiring hackers. There are systems in place called bug bounties. You get to hack to prevent them being hacked. Companies will put out a message to say: ‘this is within scope, if you hack us responsibly, tell us about it, we will patch it up and then we will pay you’.

“The hackers will message the company saying: ‘I’ve found this bug in your system, here is what damage it can cause.’ If you take a company like Twitter they have paid over $800,000 to hackers over the last few years.”


Turvallisuuskomitea puskee kyberturvallisuutta parantavia hankkeita eteenpäin
Turvallisuuskomitea julkaisi 20.4.2017 Suomen kyberturvallisuusstrategian toimeenpano-ohjelman, joka kokoaa yhteen julkisen hallinnon merkittävät kyberturvallisuutta parantavat hankkeet ja toimenpiteet vuosille 2017?2020.
Ohjelma on jaettu kolmeen kokonaisuuteen, joissa ensimmäisessä ovat johtamiseen, säädöksiin ynnä muihin liittyvät ei-teknisluontoiset toimenpiteet. Toisessa kokonaisuudessa ovat digitaalisiin palveluihin liittyvät parannustoimet ja kolmannessa kokonaisuudessa jatkuvaluontoiset toimenpiteet, kuten koulutukseen, tutkimukseen ja harjoituksiin liittyvät asiat.
- Uusi toimeenpano-ohjelma on koottu niin, että kunkin toimenpiteen haltijan kanssa on käyty kahdenvälinen keskustelu siitä, että jokainen on todellakin valmis sitoutumaan, edistämään ja resursoimaan kyseistä toimenpidettä, kertoo turvallisuuskomitean puheenjohtaja kansliapäällikkö Jukka Juusti.

Ohjelmaan kuuluu myös seurantamekanismi. Tavoitteena on vuosittaisen arvioinnin yhteydessä seurata sitä, miten toimenpiteet etenevät. Tämän myötä tarkentuu kuva Suomen kyberturvallisuuden tilasta. Seurannan myötä toimenpiteitä voidaan muokata tavoitetta palvelevasti.

Uusi Kodin kyberopas auttaa turvalliseen liikkumiseen tietoverkoissa

Turvallisuuskomitea on nyt julkaissut toimittaja Jaana Laitisen kirjoittaman Kodin kyberoppaan, joka auttaa kansalaisia liikkumaan turvallisesti internetissä. Opas on perusteos kaikille tietoverkoissa liikkuville.
Kodin kyberopas opastaa paitsi oman tietokoneen, lähiverkon ja älykodinkoneiden suojaamiseen, myös turvalliseen maksamiseen ja turvalliseen asiointiin verkkokaupoissa. Lisäksi siinä on konkreettisia neuvoja sosiaalisessa mediassa liikkumiseen, huijareiden tunnistamiseen, yksityisyyden suojaamiseen sekä evästyksiä tilanteisiin, joissa jotain pahaa on jo ennättänyt tapahtua.

Internetissä liikkumisen riskit on ilman muuta hyvä tiedostaa, mutta vielä tärkeämpää on nauttia digitaalisten palveluiden iloista ja hyödyistä.
Suomen kyberturvallisuusstrategian toimeenpano-ohjelma 2017?2020 ja Kodin kyberopas ovat luettavissa Turvallisuuskomitean sivuilla osoitteessa, kohdassa Materiaalit.
Tämä kannattaa käydä selaamassa. Mukava määrä alakohtia edistymässä.


The NSA's Equation Group hacking tools, leaked last Friday by the Shadow Brokers, have now been used to infect thousands of Windows machines worldwide, we're told.

On Thursday, Dan Tentler, founder of security shop Phobos Group, told The Register he's seen rising numbers of boxes on the public internet showing signs they have DOUBLEPULSAR installed on them. These hijacked machines can be used to sling malware, spam netizens, launch further attacks on other victims, and so on.

DOUBLEPULSAR is a backdoor used to inject and run malicious code on an infected system, and is installed using the ETERNALBLUE exploit that attacks SMB file-sharing services on Windows XP to Server 2008 R2. That means to compromise a computer, it must be running a vulnerable version of Windows and expose an SMB service to the attacker. Both DOUBLEPULSAR and ETERNALBLUE are leaked Equation Group tools, now available for any script kiddie or hardened crim to download and wield against vulnerable systems.

In March, Microsoft patched the SMB Server vulnerability (MS17-010) exploited by ETERNALBLUE, and it's clear that some people have been slow to apply the critical update, are unable to do so, or possibly just don't care.

The fix is available for Windows Vista SP2, Windows 7, Windows 8.1, Windows RT 8.1, Windows 10, Windows Server 2008 SP2, Windows Server 2008 R2 SP1, Windows Server 2012 and Windows Server 2012 R2, Windows Server 2016, and Server Core. If you have an older vulnerable system, such as XP or Server 2003, you're out of luck.

Tentler said that a preliminary scan of the public internet on Thursday using revealed 15,196 infections, with four-fifths of those coming from IP ranges in the US. These numbers increase with each followup scan. A DOUBLEPULSAR-riddled system can be identified by the way it responds to a special ping to port 445.


ELSO 3.0
Piuhat kuuntelulle:
Sotilaat äkkäsivät oikopolun verkkotiedusteluun - Venäjän tietoliikennettä saa nuuskia perustuslakia muuttamatta
Perjantai 21.4.2017 klo 20.40
Puolustusvoimat pystyy ottamaan ison osan kaipaamistaan uusista tiedustelutyökaluistaan käyttöönsä jo ensi vuoden alussa perustuslakia muuttamatta.

    • Puolustusministeriön mukaan Suomi voi perustuslakia muuttamatta aloittaa laajamittaisen tiedustelun, joka kohdistuu vieraiden valtioiden kuten esimerkiksi Venäjän tietoliikenteeseen.
    • Tiedustelu alkaisi heti sen jälkeen, kun sotilastiedustelulaki olisi tullut voimaan.
    • Suomi sijaitsee sopivasti itä-länsi-suuntaisen tietoliikenteen varrella. Peräti 14 tietoliikennekaapelia kuljettaa kansainvälistä dataa Suomen halki.
Sotilaat ovat niin varmoja asiastaan, että pääesikunta on jo varannut määrärahatkin toimintansa kasvattamisen eli uusien tiedustelutyöntekijöiden palkkoihin ja toimintamenojen kattamiseksi.
Puolustusministeriö nimittäin tulkitsee, että sotilastiedustelu voi perustuslakia muuttamatta aloittaa laajamittaisen tiedustelun, joka kohdistuu vieraiden valtioiden kuten esimerkiksi Venäjän ja sen turvallisuus-, sotilas- ja tiedusteluorganisaatioiden sekä näiden palveluksessa olevien henkilöiden tietoliikenteeseen.
Vieraisiin valtioihin ja ulkomaalaisiin turvallisuusviranomaisiin kohdistuva tietoliikennetiedustelu alkaa pian sen jälkeen, kun sotilastiedustelulaki on hyväksytty eduskunnassa tavallisena lakina yksinkertaisella ääntenenemmistöllä ja laki on tullut voimaan. Kun ulkomaisiin toimijoihin kohdistuva tietoliikennetiedustelu pääsee ministeriön mielestä käyntiin näin näppärästi, kotimaisten poliittisten ongelmien kokoluokka on yleisesti luultua pienempi
Vasemmistoliitto nihkeänä
Jos puolustushallinnon laintulkinnat pitävät kutinsa myös eduskunnan perustuslakivaliokunnassa, sotilastiedustelu ei siis jää tyhjäkäynnille, vaikka suureen tiedustelulakipakettiin kuuluvaa perustuslain muutosyksityiskohtaa ei pystyttäisi päättämään lopullisesti kuluvan vaalikauden aikana esimerkiksi poliittisen jarrutuksen vuoksi.
Eduskuntapuolueista vain vasemmistoliitto on sanonut vierastavansa perustuslakimuutoksen kiirehtimistä. Vasemmistoliiton voima ei kylläkään yksin riitä. Puolueella on vain 12 kansanedustajaa, kun kiireellisen perustuslakikäsittelyn estämiseen tarvitaan 32 edustajaa, mikäli äänestykseen osallistuisi koko eduskunta.
Perustuslain muutos tarvitaan kuitenkin sellaiseen tiedusteluun, joka kohdistuu muihin kuin valtiollisiin toimijoihin - eli käytännössä Suomessa asuviin ihmisiin; Suomen kansalaisiin ja täällä oleskeluluvalla asuviin.
Luteet kiinni
Jos eduskunta hyväksyy sotilastiedustelulain, puolustusvoimat saa aloittaa tiedusteluun tarvittavien tarkkailu- ja keräilylaitteistojen sekä ohjelmistojen asentamisen tammikuussa. Laki edellyttää, että Suomen rajan ylittävän tietoliikennekaapelin käyttäjän pitää järjestää kaapeliin kytkentä sotilaiden vaatimalla tavalla.
Käytännössä tämä tapahtuu siten, että ulkomailta tulevaan kaapeliin lisätään ”lude”, joka robotin avulla vahtii kaikkea liikennettä sopivassa laitesuojassa.
Sotilaille avautuu tiedon kultasuoni, sillä Suomi sijaitsee sopivasti itä-länsi-suuntaisen tietoliikenteen varrella. Peräti 14 tietoliikennekaapelia kuljettaa kansainvälistä dataa Suomen halki. Jokaisessa kaapelissa on satoja kuituja ja kussakin niissä tukku eri taajuuksia.
Tulevaisuudessa tietovirta kasvaa entisestään, jos Koillisväylän datakaapeli toteutuu. Tällöin myös Aasian ja Euroopan välistä tietoliikennettä päätyy Suomen viranomaisten haaviin.
Höttöä perusteluissa
Puolustusministeriö on kirjoittanut perustuslakitulkintansa sotilastiedustelua koskevaan lakiluonnokseen.
Puolustusministeriö sanoo, että ”voimassa olevan tulkinnan mukaan” valtio ja muut julkisyhteisöt jäävät perusoikeussuojan ulkopuolelle eli valtiollinen viestintä ei nauti perustuslaillista luottamuksellisen viestin salaisuuden suojaa.
Suomen perustuslaki lähtee siitä, että perusoikeudet koskevat ”ihmisyksiköitä” mutta eivät oikeushenkilöitä kuten esimerkiksi valtiota, kuntia, yrityksiä ja niin edelleen.
Ministeriön perustelu on osin höttöinen, sillä ministeriö viittaa perustuslakivaliokunnan kahden vuoden takaiseen rutiinilausuntoon. Tuossa lausunnossaan valiokunta otti kantaa määräaikaiseen kuntien palveluiden järjestämistä koskevaan lakiin ja tuli samalla todenneeksi, että perusoikeussuoja on kuntalaisella eikä kunnalla.
Myös puolustusvoimat on sidosryhmätilaisuuksissaan tuputtanut samaa. Puolustusvoimien apulaistiedustelupäällikkö Martti J. Kari sanoi tammikuussa, että perustuslakitulkinnan on vahvistanut perustuslakivaliokunnan puheenjohtaja.
- Kukaan ei ole minulta mitään kysynyt, enkä siis ole vahvistanut mitään tähän liittyvää kenellekään, nykyinen perustuslakivaliokunnan puheenjohtaja Annika Lapintie (vas) vastasi Iltalehdelle tekstiviestillä perjantaina.
Puolustusministeriö on ottanut lakiluonnoksessaan huomioon perustuslain muuttamista tarvittavat kohdat.
Säännösehdotukset, jotka koskevat muun muassa ”ihmisyksilöiden” viestinnän tarkkailua, tulisivat voimaan vasta sen jälkeen, kun perustuslain muutos on hyväksytty. Jos perustuslain muutos hyväksytään kiireellisenä, ”ihmisyksilöiden” viestintään saa kajota jo tammikuussa 2018. Jos muutos pitää käsitellä kaksilla valtiopäivillä, nämä kohdat tulevat voimaan vasta vuonna 2020.
Sotilastiedustelulakia valmistellut työryhmä listasi tiedusteluvaltuudet, jotka vaativat perustuslain muuttamista ja ne, jotka voidaan ottaa käyttöön perustuslakia muuttamatta. (IL)


Valtiolliset kokoontuu

The highly secretive meeting being held in Queenstown this weekend is a gathering of intelligence and security agencies related to the Five Eyes spying network, the Herald understands.

Among the people believed to be attending are Federal Bureau of Investigation (FBI) director James Comey and Central Intelligence Agency (CIA) director Mike Pompeo.

It is understood about 15 agencies which carry out intelligence for Five Eyes – the spying partnership of the United States, Australia, Canada, the United Kingdom and New Zealand – are attending the conference.

In a statement released yesterday, a spokesman for Prime Minister Bill English confirmed a number of senior officials were coming for a conference hosted by the Government, but would not reveal what the conference was.


Verizon's 2017 edition of its annual Data Breach Investigations Report (DBIR) was based on an analysis of more than 42,000 security incidents and 1,935 confirmed data breaches, across 84 countries. A total of 65 partners contributed to the report, making its the industry's most authoritative study on breach prevalence, trends and causes.

The top three industries for data breaches are financial services (24 per cent); healthcare (15 per cent) and the public sector (12 per cent). Four in five (81 per cent) of breaches using either stolen passwords and/or weak or guessable passwords.

Organised criminal groups were behind 51 per cent of breaches and state-affiliated groups were involved in 18 per cent. Financial services firms were the most prevalent victims (24 per cent of breaches), with financial gain (72 per cent) and espionage (21 per cent) the top two motives for cybercriminals.

Ransomware continued its seemingly inexorable rise with a 50 per cent year-on-year increase.

Some industries are under greater threat from ransomware than others. For example, ransomware accounted for 72 per cent of all malware incidents in the healthcare sector, according to Verizon's tenth annual DBIR.

Elsewhere inadequate password security is still causing problems. Four in five (81 per cent) of hacking-related breaches succeed through either stolen, weak or easily guessable passwords. Greater awareness of phishing, or the use of two-factor authentication, would limit the effect of these shortcoming but many firms are still failing to apply basic security control, leaving them more open to attack as a result.


Amazon today announced a new device for the Echo family: the Echo Look, a “style assistant” camera that helps catalog your outfits and rates your look based on “machine learning algorithms with advice from fashion specialists.” Imagine it as a smart mirror of sorts — you can talk to the Echo Look to take full-length photos or short videos to check out your outfit from seldom-seen angles.

The Echo Look first leaked as a “security camera” back in March, and the photo matches exactly with what Amazon has announced today. The device comes with a built-in LED light, a microphone, and a base mount for you to attach it to the wall or leave it freestanding.

And while it’s not designed to be a security camera, it does seem like it has enough components to double as one that could periodically snap photos while you’re away from home. We’ll check out the hardware on this more when we are able to snag a review unit. For now, if you do decide to buy it, it’s probably best to not get dressed in front of it.


Hajime – the "vigilante" IoT worm that blocks rival botnets – has built up a compromised network of 300,000 malware-compromised devices, according to new figures from Kaspersky Lab.

The steadily spreading Hajime IoT worm fights the Mirai botnet for control of easy-to-hack IoT products. The malware is billed as a vigilante-style internet clean-up operation but it might easily be abused as a resource for cyber-attacks, hence a growing concern among security watchers.

Hajime avoids several networks, including those of General Electric, Hewlett-Packard, the US Postal Service, the United States Department of Defense, and a number of private networks. Infections had primarily come from Vietnam (over 20 per cent), Taiwan (almost 13 per cent) and Brazil (around 9 per cent).

The resiliency of Hajime surpasses Mirai, security researchers say. Features such as a peer-to-peer rather than centralised control network and hidden processes make it harder to interfere with the operation of Hajime (meaning "beginning" in Japanese) than comparable botnets.

Botnets of compromised devices can be harnessed for a variety of cyber-crimes ranging from DDoS attacks on targeted web sites to running credential-stuffing attacks or scanning websites for SQL injection vulnerabilities. The malware – which is not doing anything malign, at least for now – displays a message that says a "white hat" is "securing some systems". The worm blocks access to ports 23, 7547, 5555, and 5358, common entry points for the rival Mirai worm and other threats.

There is no attacking code or capability in Hajime – only a propagation module. Despite its (current) benign state Hajime is a still concern, not least because the malware's real purpose remains unknown.

"The most intriguing thing about Hajime is its purpose. While the botnet is getting bigger and bigger, its objective remains unknown. We have not seen its traces in any type of attack or additional malicious activity. Nevertheless, we advise owners of IoT devices to change the password of their devices to one that's difficult to brute force, and to update their firmware if possible," said Konstantin Zykov, senior security researcher at Kaspersky Lab.