Subscribe free to our newsletters via your
. Military Space News .




Subscribe free to our newsletters via your




















CYBER WARS
US charges two Russian spies in massive Yahoo cyberattack
By Rob Lever
Washington (AFP) March 15, 2017


Security flaw found in WhatsApp, Telegram: researchers
San Francisco (AFP) March 15, 2017 - A computer security firm on Wednesday revealed a flaw that could let hackers break into WhatsApp or Telegram messaging accounts using the very encryption intended to protect messages.

Check Point Software Technologies said that it alerted Telegram and Facebook-owned WhatsApp last week, waiting until the vulnerability was patched before making it public.

Check Point did not specify how many messaging accounts were at risk, but did say the flaw posed a danger to "hundreds of millions" of users accessing the messaging platform from web browsers in computers, as opposed to mobile applications.

"This new vulnerability put hundreds of millions of WhatsApp Web and Telegram Web users at risk of complete account take over," Check Point head of product vulnerability Oded Vanunu said in a release.

"By simply sending an innocent looking photo, an attacker could gain control over the account, access message history, all photos that were ever shared, and send messages on behalf of the user."

The vulnerability made it possible for an attacker to booby-trap a digital image with malicious code that could spring into action after the picture is clicked on for viewing, according to Check Point.

The malicious code could then hijack an account, and even spread itself like a virus by sending infected messages to those listed as contacts.

WhatsApp and Telegram use end-to-end encryption designed to make certain only senders and recipients can see what is in messages.

The privacy protection had the side effect of preventing the services from being able to discern whether message contents included malicious code, according to Check Point.

To remedy the situation, both services shifted to finding and blocking viruses before messages are encrypted, the security researchers said.

WhatsApp is one of the most popular instant messaging services in the world with more than a billion users. Telegram claims only 100 million or so users, but is often cited as a preferred communications tool of jihadists because of encryption to keep messages from the eyes of authorities.

Two Russian intelligence agents and a duo of hackers were indicted Wednesday over a data breach that compromised 500 million Yahoo accounts in one of the largest cyberattacks in history.

The indictment announced by the US Justice Department links Russia's top spy agency, the FSB, to the massive hacking operation which began in 2014 with the twin goals of espionage and financial gain.

It comes amid a high-stakes investigation into Russian cyber-meddling in the US election, potentially aimed at boosting the campaign of President Donald Trump.

The Russian agents were identified as Dmitry Dokuchaev and Igor Sushchin, both members of the successor agency to Russia's KGB.

Dokuchaev was an officer in the FSB Center for Information Security, known as "Center 18," which is tasked with investigating hacking and is the FBI's point of contact in Moscow for cyber crimes.

The 33-year-old Dokuchaev was reported to have been arrested in Moscow earlier this year on treason charges. He is accused of directing the Yahoo hack along with his superior, the 43-year-old Sushchin.

The two officers "protected, directed, facilitated and paid criminal hackers to collect information through computer intrusions in the United States and elsewhere," acting assistant attorney general Mary McCord told reporters.

They are accused of hiring hackers Alexsey Belan and Karim Baratov to carry out the attacks, which continued until late 2016.

Targets of the Yahoo breach included both Russian and US government officials, including cyber security, diplomatic and military personnel, according to McCord, who said it aimed to gather information "clearly some of which has intelligence value."

She added that "the criminal hackers used this to line their own pockets for private financial gain," seeking to cash in on the breach by accessing stolen credit or gift card numbers, and through a series of spam marketing schemes.

- Journalists, diplomats targeted -

The US indictment includes 47 criminal charges including conspiracy, computer fraud, economic espionage, theft of trade secrets and identity theft.

Asked if there were any links between the Yahoo hack and the wider question of Russian interference, McCord said, "We don't have anything that suggests... any relationship," but added that the election case "is an ongoing investigation."

The US statement said some targets were "of predictable interest" to the Russian spy agency including Russian and US government officials and employees of a prominent Russian cybersecurity company.

The Yahoo breach, McCord said, "also targeted Russian journalists; numerous employees of other providers whose networks the conspirators sought to exploit; and employees of financial services and other commercial entities."

Other accounts compromised by the hackers belonged to employees of commercial entities, such as a Russian investment banking firm, a French transportation company, US financial services and private equity firms, a Swiss bitcoin wallet and banking firm and a US airline, according to the Justice Department.

Baratov, a 22-year-old Canadian-Kazakh national, was arrested this week on a US warrant in Canada, she said.

Belan, 29, has been indicted twice in US cases involving the hacking of e-commerce companies, and is listed as one of the FBI's "Cyber Most Wanted criminals."

- 'State-sponsored' -

FBI executive assistant director Paul Abbate said the agency has asked Moscow for assistance in apprehending the suspects but noted that "we have had limited cooperation with that element of the Russian government."

In Russia a high-level official quoted by Russian news agencies said that "Washington did not communicate with Moscow about this issue through the available channels set up to address issues related to cybersecurity."

The source added that "the absence of specifics in this case suggests this is the latest twist in the use of the subject of Russian hackers in the internal political struggle in the US."

The attack on Yahoo, disclosed last year, was one of the largest ever data breaches and at the time was blamed on a "nation-state" attacker.

Yahoo's assistant general counsel Chris Madsen said in a statement that the indictment "unequivocally shows the attacks on Yahoo were state-sponsored."

Chief executive Marissa Mayer tweeted that Yahoo was "very grateful to the FBI & DOJ" for their work.

The internet pioneer, which is in the process of selling its core assets, has been rocked by the disclosure of the breach and a separate case that affected one billion users.

- Cookies, erectile dysfunction -

The indictment unsealed in federal court in San Francisco showed a series of techniques used by the hackers in accessing user accounts.

In some cases, they used emails disguised as legitimate messages, a technique known as "phishing."

Another scheme directed users searching for erectile dysfunction medications to a fake website that included malicious software.

The hackers were also able to produce forged "cookies" or bits of software used to authenticate users, and used stolen Yahoo credentials to compromise accounts of other webmail providers, including Google.

These efforts enabled the hackers to obtain a backup copy of Yahoo's user database and eventually its "account management tool" that controlled passwords and other personal information, the indictment said.

CYBER WARS
Russian woman pardoned by Putin over text message freed
Moscow (AFP) March 12, 2017
A Russian woman pardoned by President Vladimir Putin after she was sentenced to seven years in jail for treason over a text message about movements of military equipment was released Sunday, local media reported. Shopkeeper Oxana Sevastidi, 46, was convicted in March 2016 over an SMS sent eight years earlier about a train carrying military hardware towards neighbouring Georgia, months before ... read more

Related Links
Cyberwar - Internet Security News - Systems and Policy Issues

Thanks for being here;
We need your help. The SpaceDaily news network continues to grow but revenues have never been harder to maintain.

With the rise of Ad Blockers, and Facebook - our traditional revenue sources via quality network advertising continues to decline. And unlike so many other news sites, we don't have a paywall - with those annoying usernames and passwords.

Our news coverage takes time and effort to publish 365 days a year.

If you find our news sites informative and useful then please consider becoming a regular supporter or for now make a one off contribution.

SpaceDaily Contributor
$5 Billed Once


credit card or paypal
SpaceDaily Monthly Supporter
$5 Billed Monthly


paypal only

Comment on this article using your Disqus, Facebook, Google or Twitter login.

Share this article via these popular social media networks
del.icio.usdel.icio.us DiggDigg RedditReddit GoogleGoogle

CYBER WARS
Raytheon developing next-gen missile defense communications

Australia's HMAS Hobart completes sea trials with Aegis

UN hopes for easing of tensions after Chinese anger over THAAD

China vows 'resolute' measures after THAAD deployment

CYBER WARS
MBDA unveils new short-range air defense platform

India test fires BrahMos Extended Range missile

Russia denies US claims it has violated arms treaty

U.S. Navy test fires surface to surface missile module

CYBER WARS
Trump gives CIA power to conduct drone strikes

US military deploys attack drones to S. Korea

Leonardo subsidiary to buy laser technology company Daylight Solutions

Kelvin Hughes launching counter-drone system

CYBER WARS
Harris radio system gains NSA certification

Intelsat General becomes Airbus channel partner for military satellite communications

Rockwell Collins, Australian air force test WBHF communication system

Space aggressors jam AF, allies' systems

CYBER WARS
U.S. Army picks Revision Military for new helmets

Navistar supplying MRAP armored vehicles to Pakistan, UAE

Supacat teams in bid for Dutch Army contract

Electro-magnetic energy module developed for Railgun

CYBER WARS
Trump to press Congress for defense spending boost

BAE Systems eyes defence spending by Trump

UAE signs over $5 bln in deals at arms fair

Pentagon chief says military running smoothly amid turbulent transition

CYBER WARS
Moscow apparently has forces at base in Egypt

Chinese ships allowed to survey Philippine territory: Duterte

China slams US election 'farce' in annual rights report

Chinese ships enter Philippine waters; Sri Lanka scales back China port

CYBER WARS
The world's first international race for molecule-cars, the Nanocar Race is on

Phonon nanoengineering: Vibrations of nanoislands dissipate heat more effectively

Small nanoparticles have surprisingly big effects on polymer nanocomposites

Most complex nanoparticle crystal ever made by design




Memory Foam Mattress Review
Newsletters :: SpaceDaily :: SpaceWar :: TerraDaily :: Energy Daily
XML Feeds :: Space News :: Earth News :: War News :: Solar Energy News








The content herein, unless otherwise known to be public domain, are Copyright 1995-2017 - Space Media Network. All websites are published in Australia and are solely subject to Australian law and governed by Fair Use principals for news reporting and research purposes. AFP, UPI and IANS news wire stories are copyright Agence France-Presse, United Press International and Indo-Asia News Service. ESA news reports are copyright European Space Agency. All NASA sourced material is public domain. Additional copyrights may apply in whole or part to other bona fide parties. Advertising does not imply endorsement, agreement or approval of any opinions, statements or information provided by Space Media Network on any Web page published or hosted by Space Media Network. Privacy Statement