The Channel logo

Articles about Hacking

NSA, GCHQ and even Donald Trump are all after your data

Comment As production and usage of data keeps growing globally, it’s worth remembering that the US government wants access to your information and will use warrants, decryption or hacking to get to it. That’s not news and the US government has many tools in its box. Many had already heard of the Uniting and Strengthening America by …
Frank Jennings, 20 Oct 2016

In 2020, biz will chuck $100bn+ at protecting itself online

Security spending is predicted to grow from $73.7bn in 2016 to $101.6bn in 2020, according to analysts. This compound annual growth rate of 8.3 per cent, more than twice the rate of overall IT spending growth, will be increased security spending in healthcare as well as continued strong demand in banking and government. The …
John Leyden, 14 Oct 2016

You've been hacked. What are you liable for?

Hacking is big news and we’re all susceptible. In the UK, hackers could face jail time under the Computer Misuse Act, but the question on many businesses’ minds will be where the liability lies if they are hacked. The list of successful mega breaches continues to grow; extra-marital affairs site Ashley Madison hit the …
Frank Jennings, 14 Oct 2016
Crown courtroom. Pic: Shutterstock

Quadsys Five walk free after hacking rival company

Five senior staffers at security reseller Quadsys managed to avoid imprisonment today. The Quadsys Five walked free from Oxford Crown Court this afternoon after a sentencing hearing - they had pleaded guilty in July to charges of securing unauthorised access to computer material, contrary to section 1 of the Computer Misuse …

Microsoft snubs alert over Exchange hole

Microsoft has downplayed the seriousness of an alleged Exchange auto-discovery vulnerability, saying that it sees no need to patch the reported security weakness. Redmond contends that its existing security advice covers the issue, a point disputed by flaw-finder Marco van Beek. Van Beek explains: “I recently discovered that …
John Leyden, 19 Sep 2016

DDoSers do it more now, but they do it less fiercely*

The number of distributed denial of service attacks has doubled over the last 12 months. Akamai reports that Q2 saw a 129 per cent year-on-year increase in total DDoS attacks. During the second quarter, Akamai mitigated a total of 4,919 attacks, one of which (against a media company) reached an eye-watering 363n Gbps. Although …
John Leyden, 15 Sep 2016

Quadsys Five sentencing hearing delayed

The sentencing hearing for the Quadsys Five, who pleaded guilty in July to hacking into a rival security reseller, has been postponed as relevant paperwork remains uncompleted. Oxford Crown Court confirmed the “pre-sentence report” was not yet ready and 29 September is new date the defendants will be put before the beak. “It …
Paul Kunert, 09 Sep 2016

Kaspersky 'terminates' deal with security reseller Quadsys

Kaspersky Lab is the first big vendor to publicly rip up its contract with disgraced security reseller Quadsys in the wake of the hacking scandal that the company’s bosses recently admitted to. On 22 July, Quadsys owner Paul Streeter, MD Paul Cox, director Alistair Barnard, account manager Steve Davis and security consultant …
Paul Kunert, 02 Sep 2016
Ben Mezrich, Once Upon a Time in Russia: The Rise of the Oligarchs and the Greatest Wealth in History

Profit-hungry Ghouls raid corporate networks worldwide

A new wave of targeted attacks against corporations in multiple countries around the world has been launched. The so-called "Operation Ghoul" attacks use the tactics of cyberspies but are more likely to be the work of profit-motivated cybercrooks, according to Kaspersky Lab. Using spear-phishing emails and malware based on …
John Leyden, 17 Aug 2016
Tarah Wheeler

Symantec appoints first cybersecurity czar to woo hacking talent

DEF CON Hardcore hackers and the corporate security industry have never really got on that well. Symantec is looking to change that after hiring Tarah Wheeler to act as its website cybersecurity czar. Wheeler has a long career in the IT industry, including stints at Microsoft and Blackphone-maker Silent Circle. Both of her parents …
Iain Thomson, 06 Aug 2016

Microsoft has stopped cutting sales fees for resellers? Yep

Microsoft has quit hacking into fees paid for channel software sales, and reselling clouds is getting more profitable – these seemed to be the major takeaways from top brass at Insight Enterprises in an enterprising Q2. Revenue at group level went up two per cent to $1.46bn, but this top line expansion was driven purely by the …
Clodagh Doyle, 04 Aug 2016

IBM stalks Vegas to swell newly-formed pen-test squad

Black Hat IBM has used the biggest week on the security calendar to launch and poach heads for its large security, penetration testing and red teaming unit. Big Blue's new X-Force Red unit is the culmination of nine months fermentation which began in earnest with the hiring of security veteran Charles Henderson. He's had the job of …
Darren Pauli, 03 Aug 2016

Is digital fraud big in UK? British abacus-botherers finally have some answers

Reports of fraud have doubled, according to official statistics – because the Office for National Statistics (ONS) is now including cyber crimes in its figures. The UK's ONS reckons, in crime statistics released last week, that more than two million computer misuse offences and 3.8 million online fraud offences took place in …
John Leyden, 25 Jul 2016

Bosses at UK infosec biz Quadsys confess to hacking rival reseller

Five men working at UK-based IT security reseller Quadsys confessed today to hacking into a rival's database. Owner Paul Streeter, managing director Paul Cox, director Alistair Barnard, account manager Steve Davies and security consultant Jon Townsend appeared before the beak at Oxford Crown Court. All five pleaded guilty to …
Paul Kunert, 21 Jul 2016

UKFast owner slurps app security biz Pentest

Secarma, the cyber security business owned by UKFast chief exec Lawrence Jones, has bought application security specialists Pentest Limited reportedly for £10m. The CHECK and CREST accredited company, whose 45-strong team work with global blue chip organisations, will add a team of ethical hackers to Secarma's roster. John …
John Leyden, 18 Jul 2016
Sad man stares glumly over boxed contents of desk. Image via shutterstock (Baranq)

900 Hewlett Packard Enterprise staff to leave building by month end

Nearly 900 UK-based personnel at Hewlett Packard Enterprise are to be released into the wilds at the end of this month, according to the redundancy schedule seen by The Register. The majority of those made to walk the plank come from Enterprise Services, which is the area that has been hit hardest in HPE’s continuous cost- …
Paul Kunert, 04 Jul 2016
Cartoon of employee asking wky boss makes hium wear suspenders (while pincer through open trapdoor remains poised above his head) illustration by Cartoon resource for Shutterstock

Hey cloud lawyer: Can I take my client list with me?

You spend months or years building up a client list for your employer. You nurture the relationship and build up personal ties with the client. When you leave the employer, naturally the client goes with you. And so does the client list, via a USB stick or Dropbox or your webmail account. If you don’t get all the details before …
Frank Jennings, 20 Jun 2016
 Can't See You... by  cc 2.0 attribution sharealike generic

Half of Brit small biz hit by cyber crime. 10% spend zilch on infosec

Almost half (48 per cent) of Britain's small businesses were hit by cyber-crime in the last year, with 10 per cent targeted many times. Despite this only one in five see cybersecurity as a business priority, and just 15 per cent are confident that they have adequate measures in place to prevent cybercrime, according to a …
John Leyden, 14 Jun 2016

NetSuite hacker thrown in the cooler for a year, fined $124,000

A hacker has been jailed for a year and fined $124,000 (£86,000) after admitting he infiltrated a protected computer system. He has also had all his computer equipment confiscated and faces a three-year probation period when he gets out. Robert Saunders, 30, repeatedly hacked into the corporate network of cloud business …
Kieren McCarthy, 06 Jun 2016
Nemo and Dory "just keep swimming". Photo copyright Walt Disney Studios Motion Pictures

Unprecedented number of customers swimming off to cloud, says Barracuda

Comment Barracuda customers have started moving data and applications to the public cloud at a surprisingly fast and unprecedented rate, with on-premises IT facing a rocky road to becoming a wasteland. So says Michael Hughes, the company’s EVP for worldwide sales. For every app and accompanying data that is moved to the public cloud …
Chris Mellor, 02 Jun 2016
Frustrated accountant puts head in hands. Photo by Shutterstock

Insure against a cyberwhat now? How the heck do we crunch those numbers?

The head of a UK industry insurance organisation has called for the government to create a database where companies would be obliged to “record details of cyber attacks”. Insurers are struggling to assess premiums for newly introduced cyber insurance policies in the absence of background info, according to the head of the …
John Leyden, 24 May 2016
management regulation2

Quadsys Five: Judge dismisses abuse of process application

A Crown court judge has dismissed an abuse of process application made by three former directors of reseller Quadsys, who are facing trial over allegations of hacking into a rival’s database to steal customer and pricing info. In August, Thames Valley Police charged five men at the reseller including owner Paul Streeter, MD …
Paul Kunert, 13 May 2016

Quadsys Five enter 'not guilty' pleas to Crown court charges

The fraud case against five men from security reseller Quadsys will go to trial in September after they pleaded not guilty to allegations of hacking into a rival’s database to plunder customer and pricing data. The individuals charged include MD Paul Cox, owner Paul Streeter, director Alistair Barnard, account manager Steve …
Paul Kunert, 18 Mar 2016

Dell plans sale of non-core assets to reduce EMC buy debt

Dell and EMC have agreed on the documentation to be put to the latter's shareholders at a forthcoming meeting that will vote on the merger of the two companies. And the document reveals that Dell plans to sell off some non-core businesses after the merger. The document in question is a Form S-4, one of the many regulatory …
Simon Sharwood, 15 Mar 2016

Great news! Only 707,509,815 records breached in 2015

More than 700 million records were breached last year, according to security researchers at Gemalto. The firm's 2015 Breach Level report considered 1673 hacking incidents recorded during 2015, of which 964 were thanks to outsides and a whopping 398 thanks to bumbling staff and developers. Those figures are surprisingly …
Darren Pauli, 01 Mar 2016

DDoS attacks up 149 percent as brassy booter kids make bank

The number of distributed denial of service attacks rose 149 percent in dying months of 2015 according to Akamai's networking wonks. The latest figures in the State of the Internet Q4 2015 report (PDF) tracked some 3693 DDoS attacks during the final quarter finding 169 percent uptick in infrastructure attacks. Akamai finds …
Darren Pauli, 01 Mar 2016

Poor recruitment processes are causing the great security talent drought

RSA 2016 It's a refrain at this and past RSA conferences, that companies can't hire enough top-notch talent, but it's addressable if companies hire smartly and applicants learn how to play the game. "Far too many hackers have expectations that are unrealistic," said Tim O'Brien, director of threat research at Palerra – who has been on …
Iain Thomson, 29 Feb 2016

Fortinet tries to explain weird SSH 'backdoor' discovered in firewalls

Enterprise security vendor Fortinet has attempted to explain why its FortiOS firewalls were shipped with hardcoded SSH logins. It appears Fortinet's engineers implemented their own method of authentication for logging-into FortiOS-powered devices, and the mechanism ultimately uses a secret passphrase. This code was reverse- …
Iain Thomson, 12 Jan 2016

Come in Internet Explorers, your time is up. Or not. Up to you

A huge chunk of Microsoft users will today be cut off from the computing giant’s security lifeline, for January 12 is the day when Redmond will stop releasing security fixes for a swathe of legacy versions of Internet Explorer. Extended support has finished for IE8, 9 and 10 on Windows 7 SP1. Only the following are still …
Gavin Clarke, 12 Jan 2016
woman binoculars photo via Shutterstock

Missed our Christmas crackers? Top stories from the break were...

Things might have slowed down for Christmas and New Year in your workplace but the news did not take a break. Whether you were away for the Christmas and New Year period or logged on but not exactly present, here are the biggest stories you may have missed from The Reg. The death of Debian GNU/Linux daddy Ian Murdock aged …
Gavin Clarke, 04 Jan 2016

New bill would require public companies to disclose cybersecurity credentials

A new bill introduced to Congress on Thursday would require US publicly listed companies to disclose who on their Board has cybersecurity expertise. If it passes, the Cybersecurity Disclosure Act of 2015 would oblige companies to add details of which, if any, of their directors know about online security in filing to the …
Kieren McCarthy, 18 Dec 2015

Predictable: How AV flaw hit Microsoft's Windows defences

Could it be that time spent by Microsoft on software security counts for naught? Possibly - based on the findings of an investigation by enSilo that found some of the best-known AV names are susceptible to new vulnerabilities. The results are alarming, suggesting an entire of ecosystem unwittingly opening a back door into …
John Leyden, 11 Dec 2015
Dell XPS 15

Dell computers bundled with backdoor that blurts hardware fingerprint to websites

Analysis Dell ships Windows computers with software that lets websites slurp up the machine's exact specifications, warranty status, and other details without the user knowing. This information can be used to build a fingerprint that potentially identifies a person while she browses across the web. It can be abused by phishers and …
Shaun Nichols, 25 Nov 2015

'Traditional' forms of thuggery decline in UK, cybercrime on the rise

The Office for National Statistics (ONS) has released information suggesting cybercrime incidents are growing more prevalent in British society than traditional criminal incidents, and has noted that this may be due to more criminal enterprises transitioning to the digital world. Included for the first time among the ONS's …

Quadsys Five hacking fraud trial set for mid-December

The fraud case against the Quadsys Five accused of hacking into a rival security reseller’s systems is due to start in earnest on 14 December. As we revealed last month, Quadsys owner Paul Streeter, director Alistair Barnard, account manager Steve Davies and in-house security consultant Jon Townsend were charged with …
Paul Kunert, 28 Sep 2015

FireEye: The face of hacking is changing – and it's getting uglier

Cyberattacks from Russia have increased because of sanctions related to the Ukraine while assaults from Iran have dropped over recent months, thanks to the recent Iran nuclear deal. David DeWalt, FireEye chief exec, said these changes show how the diplomatic landscape affects what is happening in cyberspace even though the …
John Leyden, 21 Sep 2015

Now Ashley Madison hackers reveal 'CEO's emails and source code'

Updated Another load of internal files swiped by hackers from Ashley Madison have been leaked online – and they apparently feature the CEO's emails and the website's source code. The 18.5GB leak includes, it is claimed, archives of internal company emails, including one folder labeled Noel Biderman – the chief exec of Avid Life Media …
Iain Thomson, 20 Aug 2015
White Hat for Hackers by Zeevveez, Flickr under CC2.0

Ten years after the sellout, Black Hat is solidly corporate and that’s fine

Analysis When Jeff Moss sold the Black Hat security conference to CMP a decade ago for around $13m (£8.3m), he faced a barrage of abuse from some members of the hacker community as a sellout. They were a little bit right, and a lot wrong, as this year's cons have shown. Black Hat was always supposed to be a little bit corporate anyway …
Iain Thomson, 11 Aug 2015

Oracle pulls CSO's BONKERS anti-bug bounty and infosec rant

Updated While other IT industry heavyweights have embraced bug bounties and working with security researchers more generally, Oracle has set its face in the opposite direction in a blog post likening reverse engineering to cheating on your spouse. Mary Ann Davidson, Oracle's chief security officer (CSO), expressed corporate dislike …
John Leyden, 11 Aug 2015
Cash in brown paper envelope CC 2.0 attribution

A third of workers admit they'd leak sensitive biz data for peanuts

A third of employees would sell information on company patents, financial records and customer credit card details if the price was right. A poll of 4,000 employees in the UK, Germany, USA and Australia found that for £5,000, a quarter would flog off sensitive data, potentially risking both their job and criminal convictions …
John Leyden, 29 Jul 2015
LG electronics US export photo from 1962

Infosec bigwigs rally against US cyber export control rule

Infosec heavyweights are uniting to oppose US government proposals to tighten up export controls against software exploits, a move critics argue threatens to imperil mainstream security research and information sharing. The proposed regulation, based on the Wassenaar Arrangement of 1996 and not originally intended to include …
John Leyden, 15 Jul 2015

US govt now says 21.5 million people exposed by OPM hack – here's what you need to know

The US Office of Personnel Management has come clean on the full extent of the massive data breach that it first disclosed in June, and it's far worse than what was initially thought. On Thursday, OPM announced that records including data from background checks of some 21.5 million people – including present, former, and …
Neil McAllister, 09 Jul 2015

Bank of England CIO: ‘Beware of the cloud, beware of vendors’

The Bank of England is loosening up on IT delivery and recruitment, but not its resistance to public cloud. John Finch, CIO of the UK's central bank since September 2013, Wednesday ruled out the use of any public cloud by the bank for the foreseeable future. Cloud has however crept into the Bank’s IT margins, where it’s been …
Gavin Clarke, 25 Jun 2015
firing range - target in cross hairs

SEC joins hunt for FIN4 attackers

America's Securities and Exchange Commission (SEC) has joined the hunt for the FIN4 hacking group. The bunch, revealed by FireEye in December 2014, used a phishing attack to get access to listed companies' computer systems. Their payoff was to get insider information to trade their targets' stocks. According to Reuters, the SEC …

GCHQ: Security software? We'll soon see about THAT

The UK's spook agency GCHQ has been working with the National Security Agency to subvert anti-virus software, according to the latest piece of spoon-fed Snowden info reported on The Intercept. According to Glenn Greenwald's rag, spooks reverse-engineered software products in order to obtain intel – a tactic that will surely come …
Kat Hall, 23 Jun 2015
Laurel and Hardy on the phone

Phone hacking blitz hammers's poor VoIP handsets

UK businesses are getting disproportionately targeted by a surge of attacks against Voice over IP (VoIP) systems. The growing use of VoIP technology in business and a greater availability of hacking tools that dumb down the process of hacking into systems has led to an increase in attacks worldwide. UK-based systems are being …
John Leyden, 16 Jun 2015
Eugene Kaspersky in Sydney

Duqu 2.0: 'Terminator' malware that pwned Kaspersky could have come from Israel

Eugene Kaspersky reckons hacking into his firm's corporate network was a "silly" move by cyberspies, but independent experts are far from convinced. All seem agreed that the rare attack by a state against an leading information security firm is bad news for corporate security more generally, as it shows attacks are getting more …

We stand on the brink of global cyber war, warns encryption guru

We are in the early years of a cyber war arms race, security guru Bruce Schneier warned delegates at the Infosecurity Europe exhibition on Wednesday. Schneier, CTO of Resilient Systems, said the much publicised Stuxnet attacks on Iran by the US and Israel in 2010, Iran’s attack on Saudi Aramco, China’s apparent role in hacking …
John Leyden, 04 Jun 2015
Meme of a dog "typing" at a computer, with the large font phrase "I have no idea what I'm doing' above him.

It's official: David Brents are the weakest link in phishing attacks

Middle management are increasingly becoming the focus of phishing attacks, according to a new study. Managers received more malicious emails and doubled their click rates year-on-year, according to a study by security company ProofPoint. Senior staff seemed more clued up about dodgy emails, meaning managers and staff clicked on …
John Leyden, 22 Apr 2015
Hacked US CENTCOM Twitter account

IT'S WAR: Hacktivists throw in their lot with spies and the military

Feature Hacktivism has lost its innocence. Once characterised in the early days of Anonymous back in 2008 by assaults against the Church of Scientology, it has now become part and parcel of far darker plans, such as the spread of terrorist propaganda by Islamic militants. Meanwhile, over in the Ukraine, cyber militias of patriot hackers …
John Leyden, 20 Apr 2015


Frank Jennings

What do you do? Use manual typwriters or live in a Scottish croft? Our man advises
A rusty petrol pump at an abandoned gas station. Pic by Silvia B. Jakiello via shutterstock

Trevor Pott

Among other things, Active Directory needs an overhaul
Baby looks taken aback/shocked/affronted. Photo by Shutterstock

Kat Hall

Plans for 2 million FTTP connections in next four years 'not enough'
Microsoft CEO Satya Nadella


League of gentlemen poster - Tubbs and Edward at the local shop. Copyright BBC
One reselling man tells his tale of woe