The Channel logo

Articles about Hacking

Frustrated accountant puts head in hands. Photo by Shutterstock

Insure against a cyberwhat now? How the heck do we crunch those numbers?

The head of a UK industry insurance organisation has called for the government to create a database where companies would be obliged to “record details of cyber attacks”. Insurers are struggling to assess premiums for newly introduced cyber insurance policies in the absence of background info, according to the head of the …
John Leyden, 24 May 2016
management regulation2

Quadsys Five: Judge dismisses abuse of process application

A Crown court judge has dismissed an abuse of process application made by three former directors of reseller Quadsys, who are facing trial over allegations of hacking into a rival’s database to steal customer and pricing info. In August, Thames Valley Police charged five men at the reseller including owner Paul Streeter, MD …
Paul Kunert, 13 May 2016

Quadsys Five enter 'not guilty' pleas to Crown court charges

The fraud case against five men from security reseller Quadsys will go to trial in September after they pleaded not guilty to allegations of hacking into a rival’s database to plunder customer and pricing data. The individuals charged include MD Paul Cox, owner Paul Streeter, director Alistair Barnard, account manager Steve …
Paul Kunert, 18 Mar 2016

Dell plans sale of non-core assets to reduce EMC buy debt

Dell and EMC have agreed on the documentation to be put to the latter's shareholders at a forthcoming meeting that will vote on the merger of the two companies. And the document reveals that Dell plans to sell off some non-core businesses after the merger. The document in question is a Form S-4, one of the many regulatory …
Simon Sharwood, 15 Mar 2016

Great news! Only 707,509,815 records breached in 2015

More than 700 million records were breached last year, according to security researchers at Gemalto. The firm's 2015 Breach Level report considered 1673 hacking incidents recorded during 2015, of which 964 were thanks to outsides and a whopping 398 thanks to bumbling staff and developers. Those figures are surprisingly …
Darren Pauli, 01 Mar 2016

DDoS attacks up 149 percent as brassy booter kids make bank

The number of distributed denial of service attacks rose 149 percent in dying months of 2015 according to Akamai's networking wonks. The latest figures in the State of the Internet Q4 2015 report (PDF) tracked some 3693 DDoS attacks during the final quarter finding 169 percent uptick in infrastructure attacks. Akamai finds …
Darren Pauli, 01 Mar 2016
recruitment_hired

Poor recruitment processes are causing the great security talent drought

RSA 2016 It's a refrain at this and past RSA conferences, that companies can't hire enough top-notch talent, but it's addressable if companies hire smartly and applicants learn how to play the game. "Far too many hackers have expectations that are unrealistic," said Tim O'Brien, director of threat research at Palerra – who has been on …
Iain Thomson, 29 Feb 2016

Fortinet tries to explain weird SSH 'backdoor' discovered in firewalls

Enterprise security vendor Fortinet has attempted to explain why its FortiOS firewalls were shipped with hardcoded SSH logins. It appears Fortinet's engineers implemented their own method of authentication for logging-into FortiOS-powered devices, and the mechanism ultimately uses a secret passphrase. This code was reverse- …
Iain Thomson, 12 Jan 2016
zombie_648

Come in Internet Explorers, your time is up. Or not. Up to you

A huge chunk of Microsoft users will today be cut off from the computing giant’s security lifeline, for January 12 is the day when Redmond will stop releasing security fixes for a swathe of legacy versions of Internet Explorer. Extended support has finished for IE8, 9 and 10 on Windows 7 SP1. Only the following are still …
Gavin Clarke, 12 Jan 2016
woman binoculars photo via Shutterstock

Missed our Christmas crackers? Top stories from the break were...

Things might have slowed down for Christmas and New Year in your workplace but the news did not take a break. Whether you were away for the Christmas and New Year period or logged on but not exactly present, here are the biggest stories you may have missed from The Reg. The death of Debian GNU/Linux daddy Ian Murdock aged …
Gavin Clarke, 04 Jan 2016

New bill would require public companies to disclose cybersecurity credentials

A new bill introduced to Congress on Thursday would require US publicly listed companies to disclose who on their Board has cybersecurity expertise. If it passes, the Cybersecurity Disclosure Act of 2015 would oblige companies to add details of which, if any, of their directors know about online security in filing to the …
Kieren McCarthy, 18 Dec 2015
shutterstock_222258445-roadblock

Predictable: How AV flaw hit Microsoft's Windows defences

Could it be that time spent by Microsoft on software security counts for naught? Possibly - based on the findings of an investigation by enSilo that found some of the best-known AV names are susceptible to new vulnerabilities. The results are alarming, suggesting an entire of ecosystem unwittingly opening a back door into …
John Leyden, 11 Dec 2015
Dell XPS 15

Dell computers bundled with backdoor that blurts hardware fingerprint to websites

Analysis Dell ships Windows computers with software that lets websites slurp up the machine's exact specifications, warranty status, and other details without the user knowing. This information can be used to build a fingerprint that potentially identifies a person while she browses across the web. It can be abused by phishers and …
Shaun Nichols, 25 Nov 2015
Blackhat

'Traditional' forms of thuggery decline in UK, cybercrime on the rise

The Office for National Statistics (ONS) has released information suggesting cybercrime incidents are growing more prevalent in British society than traditional criminal incidents, and has noted that this may be due to more criminal enterprises transitioning to the digital world. Included for the first time among the ONS's …

Quadsys Five hacking fraud trial set for mid-December

The fraud case against the Quadsys Five accused of hacking into a rival security reseller’s systems is due to start in earnest on 14 December. As we revealed last month, Quadsys owner Paul Streeter, director Alistair Barnard, account manager Steve Davies and in-house security consultant Jon Townsend were charged with …
Paul Kunert, 28 Sep 2015
spies_648

FireEye: The face of hacking is changing – and it's getting uglier

Cyberattacks from Russia have increased because of sanctions related to the Ukraine while assaults from Iran have dropped over recent months, thanks to the recent Iran nuclear deal. David DeWalt, FireEye chief exec, said these changes show how the diplomatic landscape affects what is happening in cyberspace even though the …
John Leyden, 21 Sep 2015

Now Ashley Madison hackers reveal 'CEO's emails and source code'

Updated Another load of internal files swiped by hackers from Ashley Madison have been leaked online – and they apparently feature the CEO's emails and the website's source code. The 18.5GB leak includes, it is claimed, archives of internal company emails, including one folder labeled Noel Biderman – the chief exec of Avid Life Media …
Iain Thomson, 20 Aug 2015
White Hat for Hackers by Zeevveez, Flickr under CC2.0

Ten years after the sellout, Black Hat is solidly corporate and that’s fine

Analysis When Jeff Moss sold the Black Hat security conference to CMP a decade ago for around $13m (£8.3m), he faced a barrage of abuse from some members of the hacker community as a sellout. They were a little bit right, and a lot wrong, as this year's cons have shown. Black Hat was always supposed to be a little bit corporate anyway …
Iain Thomson, 11 Aug 2015

Oracle pulls CSO's BONKERS anti-bug bounty and infosec rant

Updated While other IT industry heavyweights have embraced bug bounties and working with security researchers more generally, Oracle has set its face in the opposite direction in a blog post likening reverse engineering to cheating on your spouse. Mary Ann Davidson, Oracle's chief security officer (CSO), expressed corporate dislike …
John Leyden, 11 Aug 2015
Cash in brown paper envelope CC 2.0 attribution StockMonkeys.com

A third of workers admit they'd leak sensitive biz data for peanuts

A third of employees would sell information on company patents, financial records and customer credit card details if the price was right. A poll of 4,000 employees in the UK, Germany, USA and Australia found that for £5,000, a quarter would flog off sensitive data, potentially risking both their job and criminal convictions …
John Leyden, 29 Jul 2015
LG electronics US export photo from 1962

Infosec bigwigs rally against US cyber export control rule

Infosec heavyweights are uniting to oppose US government proposals to tighten up export controls against software exploits, a move critics argue threatens to imperil mainstream security research and information sharing. The proposed regulation, based on the Wassenaar Arrangement of 1996 and not originally intended to include …
John Leyden, 15 Jul 2015

US govt now says 21.5 million people exposed by OPM hack – here's what you need to know

The US Office of Personnel Management has come clean on the full extent of the massive data breach that it first disclosed in June, and it's far worse than what was initially thought. On Thursday, OPM announced that records including data from background checks of some 21.5 million people – including present, former, and …
Neil McAllister, 09 Jul 2015

Bank of England CIO: ‘Beware of the cloud, beware of vendors’

The Bank of England is loosening up on IT delivery and recruitment, but not its resistance to public cloud. John Finch, CIO of the UK's central bank since September 2013, Wednesday ruled out the use of any public cloud by the bank for the foreseeable future. Cloud has however crept into the Bank’s IT margins, where it’s been …
Gavin Clarke, 25 Jun 2015
firing range - target in cross hairs

SEC joins hunt for FIN4 attackers

America's Securities and Exchange Commission (SEC) has joined the hunt for the FIN4 hacking group. The bunch, revealed by FireEye in December 2014, used a phishing attack to get access to listed companies' computer systems. Their payoff was to get insider information to trade their targets' stocks. According to Reuters, the SEC …
man_from_uncle_648

GCHQ: Security software? We'll soon see about THAT

The UK's spook agency GCHQ has been working with the National Security Agency to subvert anti-virus software, according to the latest piece of spoon-fed Snowden info reported on The Intercept. According to Glenn Greenwald's rag, spooks reverse-engineered software products in order to obtain intel – a tactic that will surely come …
Kat Hall, 23 Jun 2015
Laurel and Hardy on the phone

Phone hacking blitz hammers UK.biz's poor VoIP handsets

UK businesses are getting disproportionately targeted by a surge of attacks against Voice over IP (VoIP) systems. The growing use of VoIP technology in business and a greater availability of hacking tools that dumb down the process of hacking into systems has led to an increase in attacks worldwide. UK-based systems are being …
John Leyden, 16 Jun 2015
Eugene Kaspersky in Sydney

Duqu 2.0: 'Terminator' malware that pwned Kaspersky could have come from Israel

Eugene Kaspersky reckons hacking into his firm's corporate network was a "silly" move by cyberspies, but independent experts are far from convinced. All seem agreed that the rare attack by a state against an leading information security firm is bad news for corporate security more generally, as it shows attacks are getting more …

We stand on the brink of global cyber war, warns encryption guru

We are in the early years of a cyber war arms race, security guru Bruce Schneier warned delegates at the Infosecurity Europe exhibition on Wednesday. Schneier, CTO of Resilient Systems, said the much publicised Stuxnet attacks on Iran by the US and Israel in 2010, Iran’s attack on Saudi Aramco, China’s apparent role in hacking …
John Leyden, 04 Jun 2015
Meme of a dog "typing" at a computer, with the large font phrase "I have no idea what I'm doing' above him.

It's official: David Brents are the weakest link in phishing attacks

Middle management are increasingly becoming the focus of phishing attacks, according to a new study. Managers received more malicious emails and doubled their click rates year-on-year, according to a study by security company ProofPoint. Senior staff seemed more clued up about dodgy emails, meaning managers and staff clicked on …
John Leyden, 22 Apr 2015
Hacked US CENTCOM Twitter account

IT'S WAR: Hacktivists throw in their lot with spies and the military

Feature Hacktivism has lost its innocence. Once characterised in the early days of Anonymous back in 2008 by assaults against the Church of Scientology, it has now become part and parcel of far darker plans, such as the spread of terrorist propaganda by Islamic militants. Meanwhile, over in the Ukraine, cyber militias of patriot hackers …
John Leyden, 20 Apr 2015
Non-sleeper

Self preservation is AWS security's biggest worry, says gros fromage

State-sponsored cyber armies, lone-wolf attackers, denial-of-service attacks ... which keep Amazon’s Web Services security boffins awake at night? None of the above. It’s customers – those who don’t protect themselves adequately against hackers and malware. That’s according AWS head of global security programs Bill Murray, who …
Gavin Clarke, 13 Apr 2015

Trustwave's off to Singapore as Singtel slurps security company

Singapore's dominant telco and aspiring services player, Singtel, has acquired Trustwave for about US$810m. Trustwave offers managed security services and the SpiderLabs ethical hacking research outfit, plus a range of network, content and endpoint security products. The company operates in 26 nations and has 1,200 people on the …
Simon Sharwood, 08 Apr 2015
Routers

Cisco posts kit to empty houses to dodge NSA chop shops

Cisco will ship boxes to vacant addresses in a bid to foil the NSA, security chief John Stewart says. The dead drop shipments help to foil a Snowden-revealed operation whereby the NSA would intercept networking kit and install backdoors before boxen reached customers. The interception campaign was revealed last May. Speaking …
Darren Pauli, 18 Mar 2015
US Pentagon. Pic: DoD photo by MSgt Ken Hammond, USAF

Respect mah privacy! EU delegation begs US to play nice with data

A delegation of MEPs is in Washington this week to put pressure on the US authorities to respect EU privacy laws. The 11-strong group from the European Parliament’s Civil Liberties Committee (LIBE) is led by British Labour MEP Claude Moraes. He said the Parliament hasn’t forgotten about the National Security Agency (NSA)'s …
Jennifer Baker, 17 Mar 2015
HMS Belfast on the Thames. Pic: Nick Hewson

Hurry shipmates - the black hats have hacked our fire control system

The final instalment of Blighty's Cyber Security Challenge, a ten-month process to find new talent for Blighty's infosec workforce, will conclude this afternoon. The Cyber Security Challenge Masterclass, organised by BT, and described as "a series of national competitions, learning programmes, and networking initiatives …
LIZARD WEARING A TOP HAT SITS ON A BRANCH.  Brett Weinstein pic - ALTERED BY JUDE KARABUS - licensed under  CC 3.0

Oh No, Lenovo! Lizard Squad on the attack, flashes swiped emails

Updated Lenovo's domain name lenovo.com appears to have fallen victim to cyber-mischief-makers Lizard Squad. In the past few minutes, the computer giant's website has been updated to display a slideshow of webcam photos of a bored-looking youth instead of its normal wares. There's some God awful slushy pop music playing in the …
Shaun Nichols, 25 Feb 2015

Don't be fooled! He's not from the IT crowd... he's a CYBERSPY – FireEye

Impersonating IT departments in spear-phishing attacks is becoming an increasingly popular tactic among hackers, particularly in cyber-espionage attacks. IT staff themed phishing emails comprised 78 per cent of observed phishing schemes picked up by FireEye in 2014, compared to just 44 per cent in 2013. The sixth annual FireEye …
John Leyden, 24 Feb 2015
Bart Simpson

Microsoft will give away Windows 10 FREE - for ONE year

Microsoft is planning a big push for Windows 10 and will be giving away the new operating system to Windows 7, Windows 8.1, and Windows Phone 8 users in the first year of release. "With Windows 10, we think of the operating system as 'Windows as a service'," said Terry Myerson, Microsoft's VP of operating systems. "In next few …
Iain Thomson, 21 Jan 2015
The future of air war

US and UK declare red-team CYBER WAR – on EACH OTHER

The US and the UK are planning a series of joint war games involving cyber-warriors from either side attacking each other in a bid to expose security weaknesses before they are abused by criminal hackers or hostile governments. The exercises, which will initially test the security defences and procedures at banks on Wall Street …
John Leyden, 16 Jan 2015
Old Bailey Lady Justice

Microsoft vs US.gov, Internet of Stuff, Big Data: Some of 2015's legal cloudy issues

Cloud, Big Data, the Internet of Things are among the hottest topics that vendors are driving in 2015, but there are five legal developments in each that are worth tracking. 1. Microsoft and US government go to court Again, Microsoft is resisting attempts by the US government to get access to the user data it is holding …
Frank Jennings, 15 Jan 2015

Roll up, come see the BOOMING HACKER BAZAAR!

Underground hacker markets are booming with counterfeit documents, premiere credit cards, hacker tutorials, and "complete satisfaction guarantees", according to a new report from Dell SecureWorks. The means to create a false identity are easily purchased through the cracker bazaars. A fake social security card can be obtain for …
John Leyden, 15 Dec 2014
Money image

NASA's British cloudy collab provider scores $51m from VCs

Cloudy storage and collaboration service provider Huddle has trousered millions more cash from vulture venture capitalists to spend on biz development on both sides of the Atlantic. The UK-based outfit, started by CEO Alastair Mitchell in 2007, last night took home a $51m Series D round of funding, valuing the business at …
Paul Kunert, 12 Dec 2014
balaclava_thief_burglar

Crims at vendors could crock kit says ENISA

Before you sign on the dotted line to acquire some kit or sign up a service provider, ask the vendor you're considering if any of their staff have criminal records. That's just one of many, many, suggestions made by the European Union Agency for Network and Information Security (ENISA), in a new guide to Secure ICT Procurement …
Simon Sharwood, 11 Dec 2014

Silver-tongued phish bait lures execs, hooks M&A deals

A hacking group has been stealing identity information and reading emails to get the inside edge on stock markets to buy and sell to make quick profits. Vendor FireEye reckons the group sent articulate phishing emails with malicious attachments demonstrating "deep" knowledge of financial markets and corporate communications. In …
Darren Pauli, 02 Dec 2014

Why did it take antivirus giants YEARS to drill into super-scary Regin? Symantec responds...

After Symantec published its report on the Regin super-spyware, there were many questions raised. Who coded it? What can it do? And – above all – why did it take so long for security vendors to notice it? Regin is a sophisticated piece of software. It can be customized for particular missions by inserting into its framework …
Iain Thomson, 26 Nov 2014
Files

UK.gov teams up with moneymen on HACK ATTACK INSURANCE

+Comment The UK government last week partnered with 12 insurance companies to develop the "cyber-insurance" market. But experts are split on whether encouraging the development of the nascent market will result in the adoption of improved security practices. Cabinet Office Minister Francis Maude said that while cyber insurance adds an …
John Leyden, 13 Nov 2014
Hacker image

'A motivated, funded, skilled hacker will always get in' – Schneier

IP Expo Hacking attacks are more or less inevitable, so organisations need to move on from the protection and detection of attacks towards managing their response to breaches so as to minimise harm, according to security guru Bruce Schneier. Prevention and detection are necessary, but not sufficient, he said. Improving response means …
John Leyden, 09 Oct 2014
FBI badge and gun

TOR users become FBI's No.1 hacking target after legal power grab

The FBI wants greater authority to hack overseas computers, according to a law professor. A Department of Justice proposal to amend Rule 41 of the Federal Rules of Criminal Procedure would make it easier for domestic law enforcement to hack into the computers of people attempting to protect their anonymity on the internet. The …
John Leyden, 19 Sep 2014
Spying image

New software ported from Windows to Mac! You'll never guess what. Yes, it's spyware

Miscreants have ported five-year-old spyware XSLCmd to OS X. The Windows version of the malware has been around since 2009, and the Apple Mac edition of XSLCmd shares significant portions of the same code. It can open a reverse shell to its masters, automatically transfer your documents to a remote system, install executables, …
John Leyden, 05 Sep 2014

Cost-cutting pays off for Symantec as profit lifts

+Comment Software security, data management and protection behemoth Symantec has cashed in on hacking fears with an upswing in product sales, giving itself a revenue and profits lift. Revenues for its first fiscal 2015 quarter, which finished on 4 July, were $1.74bn, up a mere 1.5 per cent on a year ago, and a more flattering 6.4 per …
Chris Mellor, 07 Aug 2014

Opinion

Privacy image

Frank Jennings

Two working parties, ministers galore... but data transfer law remains in limbo
EMC_Unity_bezel

Chris Evans

It does simplify the hardware setup, whatever it is
A microscopic view of the biometric shark skin. Pic: James Weaver

Chris Mellor

Do something and stop faffing about in the bush league

Kat Hall

International system in general needs greater transparency

Features

Nerd fail photo via Shutterstock
Shouting match
Single market vs. rest of the world
hacker
Mostly it's financial crime. Here's what all the cool kids' terms mean in English
Apple logo. Pic: Blake Patterson
Plenty of bumps in the 40-year road for Mac makers