of 172 page(s)
TJX Fires Employee for Disclosing Security Problems
Wired Blog Network
by Kim Zetter
May 27, 2008
A TJX employee was fired last Wednesday after posting messages to an online forum disclosing that TJX has not improved security since it suffered a massive data breach in which the credit card information of 94 million customers was stolen.
The employee, Nick Benson, who worked at a TJ Maxx outlet in Lawrence, Kansas (which is owned by TJX), wrote that earlier this month the manager at his store changed the log-in protocol so that employees were able to log onto company servers using blank passwords.
Visit the Wrong Website, and the FBI Could End Up in Your Computer
by Kevin Poulsen
August 5, 2014
Security experts call it a "drive-by download": a hacker infiltrates a high-traffic website and then subverts it to deliver malware to every single visitor.
t's one of the most powerful tools in the black hat arsenal, capable of delivering thousands of fresh victims into a hackers' clutches within minutes. Now the technique is being adopted by a different kind of a hacker-the kind with a badge. For the last two years, the FBI has been quietly experimenting with drive-by hacks as a solution to one of law enforcement's knottiest Internet problems: how to identify and prosecute users of criminal websites hiding behind the powerful Tor anonymity system.
Feds' Silk Road Investigation Broke Privacy Laws, Defendant Tells Court
by Andy Greenberg
August 2, 2014
The Department of Justice sees its takedown of the billion-dollar Silk Road black market as a massive, victorious drug bust.
Ross Ulbricht, the alleged creator of that anonymous contraband bazaar, now wants to cast the case in a different light: as a landmark example of the government trampling privacy rights in the digital world. In a pre-trial motion filed in the case late Friday night, Ulbricht's lawyers laid out a series of arguments to dismiss all charges in the case based on Ulbricht's fourth amendment protections against warrantless searches of his digital property. As early as the FBI's initial discovery of servers in Iceland hosting the site on the Tor anonymity network-seemingly without obtaining a search warrant from a judge-Ulbricht argues that law enforcement violated his constitutional right to privacy, tainting all further evidence against him dug up in the investigation that followed.
If You Used This Secure Webmail Site, the FBI Has Your Inbox
by Kevin Poulsen
January 27, 2014
While investigating a hosting company known for sheltering child porn last year the FBI incidentally seized the entire e-mail database of a popular anonymous webmail service called TorMail.
Now the FBI is tapping that vast trove of e-mail in unrelated investigations. The bureau's data windfall, seized from a company called Freedom Hosting, surfaced in court papers last week when prosecutors indicted a Florida man for allegedly selling counterfeit credit cards online. The filings show the FBI built its case in part by executing a search warrant on a Gmail account used by the counterfeiters, where they found that orders for forged cards were being sent to a TorMail e-mail account: "email@example.com." Acting on that lead in September, the FBI obtained a search warrant for the TorMail account, and then accessed it from the bureau's own copy of "data and information from the TorMail e-mail server, including the content of TorMail e-mail accounts," according to the complaint (.pdf) sworn out by U.S. Postal Inspector Eric Malecki.
Edward Snowden's Email Provider Shuts Down Amid Secret Court Battle
by Kevin Poulsen
August 8, 2013
A nearly 10-year-old pro-privacy Texas email service long used by NSA leaker Edward Snowden abruptly shut down today, alluding in a statement to a secret U.S. court battle that it's been fighting for six weeks, and has so far lost.
"I have been forced to make a difficult decision: to become complicit in crimes against the American people or walk away from nearly ten years of hard work by shutting down Lavabit," wrote owner Ladar Levison. "After significant soul searching, I have decided to suspend operations." Lavabit came to attention last month when NSA leaker Edward Snowden used an email account with the firm to invite local human rights workers and lawyers to a press conference in the Moscow airport where he was then confined. PGP records suggest that Snowden has favored the service since January 2010 - well before he became the most important whistleblower in a generation.
NSA Phone Snooping Cannot Be Challenged in Court, Feds Say
by David Kravets
July 19, 2013
The Obama administration for the first time responded to a Spygate lawsuit, telling a federal judge the wholesale vacuuming up of all phone-call metadata in the United States is in the "public interest," does not breach the constitutional rights of Americans and cannot be challenged in a court of law. Thursday's response marks the first time the administration has officially answered one of at least four lawsuits challenging the constitutionality of a secret U.S. snooping program the Guardian newspaper disclosed last month. The administration's filing sets the stage for what is to be a lengthy legal odyssey - one likely to outlive the Obama presidency - that will define the privacy rights of Americans for years to come. The New York federal district court lawsuit, brought by the American Civil Liberties Union, demands a federal judge immediately halt the spy program the civil rights group labeled as "one of the largest surveillance efforts ever launched by a democratic government."
Snowden Smuggled Documents From NSA on a Thumb Drive
by Kim Zetter
June 13, 2013
The dreaded thumb drive has struck the Defense Department again as word comes that NSA whistleblower Edward Snowden smuggled out thousands of classified documents on one of the portable devices, despite the military's efforts to ban them.
Investigators also know how many documents Snowden downloaded from the NSA network and what server he took them from, according to The Los Angeles Times, quoting an unnamed official. Officials have not indicated how many documents Snowden swiped, but the Guardian reported this week that Snowden left Hawaii with four laptops that "enabled him to gain access to some of the US government's most highly-classified secrets." Snowden was a systems administrator, contracted out to the NSA by Booz Allan Hamilton. He worked at the NSA's facility in Hawaii just four weeks before he asked for a leave of absence without pay, then absconded with the documents he'd siphoned from the NSA network on the thumb drive and flew to Hong Kong, where he's been since May 20.
American Gets Targeted by Digital Spy Tool Sold to Foreign Governments
by Kim Zetter
June 4, 2013
The email appeared to come from a trusted colleague at a renowned academic institution and referenced a subject that was a hot-button issue for the recipient, including a link to a website where she could obtain more information about it.
But when the recipient looked closely at the sender's email address, a tell-tale misspelling gave the phishing attempt away - the email purported to come from a professor at Harvard University, but instead of harvard.edu, the email address read "hardward.edu". Not exactly a professional con-job from nation-state hackers, but that's exactly who may have sent the email to an American woman, who believes she was targeted by forces in Turkey connected to or sympathetic to the powerful Gülen Movement, which has infiltrated parts of the Turkish government.
FBI's Latest Proposal for a Wiretap-Ready Internet Should Be Trashed
by Julian Sanchez
May 10, 2013
The FBI has some strange ideas about how to "update" federal surveillance laws: They're calling for legislation to penalize online services that provide users with too much security.
I'm not kidding. The proposal was revealed in The Washington Post last week - and a couple days ago, a front-page story in The New York Times reported the Obama administration is preparing to back it. Why? Federal law enforcement agencies like the FBI have long feared their wiretap capabilities would begin "going dark" as criminals and terrorists - along with ordinary citizens - shift from telephone networks, which are required to be wiretap-ready under the 1994 Communications Assistance for Law Enforcement Act (CALEA), to the dizzying array of online communications platforms available today. While it's not yet clear how dire the going-dark scenario really is, the statutory "cure" proposed by the FBI - with fines starting at $25,000 a day for companies that aren't wiretap capable - would surely be worse than the disease.
GoDaddy Goes Down After Apparent DNS Server Outage
by Robert McMillan
September 10, 2012
Many users of GoDaddy's web hosting services found their websites down and their e-mail not going through on Monday afternoon, apparently following a failure of the company's Domain Name Service servers.
GoDaddy announced the problems around 11 a.m. Pacific with a short Twitter message, saying: "We're aware of the trouble people are having with our site. We're working on it." At the same time, posters to the Outages mailing list were reporting that GoDaddy's DNS servers - the computers that tell, among other things, internet browsers where to find web servers - had been knocked offline. GoDaddy's website was offline too.
Help keep this page up-to-date. Submit a Virus Information News link for inclusion on this page.