Daily Archives: September 29, 2016

Interesting Group Behind the Epic Yahoo Hack

Posted on by

Seems Yahoo could by lying about who actually did the hack and this may be due to the merger between Verizon and Yahoo.

 

The Yahoo hackers weren’t state-sponsored, a security firm says

CSO: Common criminals, not state-sponsored hackers, carried out the massive 2014 data breach that exposed information about millions of Yahoo user accounts, a security firm said Wednesday.

Yahoo has blamed state actors for the attack, but it was actually elite hackers-for-hire who did it, according to InfoArmor, which claims to have some of the stolen information.

The independent security firm found the alleged data as part of its investigation into “Group E,” a team of five professional hackers believed to be from Eastern Europe.

InfoArmor’s claims dispute Yahoo’s contention that a “state-sponsored actor” was behind the data breach, in which information from 500 million user accounts was stolen. Some security experts have been skeptical of Yahoo’s claim and wonder why the company isn’t offering more details.

InfoArmor also claimed that Group E was behind high-profile breaches at LinkedIn, Dropbox and Tumblr. To sell that information, the team has used other hackers, such as Tessa88 and peace_of_mind, to offer the stolen goods on the digital black market.

“The group is really unique,” Komarov said. “They’re responsible for the largest hacks in history, in term of users affected.” More details here.

**** Advice****

You don’t care who has looked at your emails? Really? Consider:

Here’s a simple exercise I invite you to do. Open your email and take a look at everything that you keep on it, both sent and received conversations. Scan all of them, every attachment you ever sent or received, every personal and work conversation, every email draft.

The truth is, we aren’t aware that we are living a big part of our lives through our email inbox.

We keep it all there, in only one place: photos, contracts, invoices, tax forms, reset passwords for every other account, sometimes even passwords or credit card PINs.

And our emails are interconnected to all our other digital accounts, from bank accounts to social networks (LinkedIn, Twitter, Facebook, etc), cloud services (Google Drive, iCloud, Dropbox), online shops (Amazon, for, ex, where you most likely saved your credit card details as well) and so on.

By simply breaching the email, a malicious hacker can easily get access to all those. They know how to do that.  Read More here…you REALLY need to.

From Digital Guardian:

Wrapping your head around the idea of a breach that affects half a billion users is a difficult task, and it’s not one that anyone has had to contemplate until now. Yahoo’s data breach is far and away the largest on record in terms of the number of users involved. The economic effect on the company will take years to calculate, and it may never be fully known, as is often the case with these breaches. Though Yahoo, already on the ropes and in the middle of a sale to Verizon, may see some rather unpleasant effects quite soon.

From the user’s perspective, too, the massive amount of data taken in the compromise – including dates of birth, email addresses, physical addresses, and security questions and answers – could have far-reaching effects. The information is an identity thief’s starter kit, even without bank account or payment card data. Yahoo has pointed the finger at a state-sponsored attacker, as is customary in these incidents.

“Based on the ongoing investigation, Yahoo believes that information associated with at least 500 million user accounts was stolen and the investigation has found no evidence that the state-sponsored actor is currently in Yahoo’s network. Yahoo is working closely with law enforcement on this matter,” the company said in a statement on the compromise.

As gory as they are, the public details of the Yahoo compromise aren’t what’s really interesting or important here. The intriguing part in this case is how long it took Yahoo to uncover and disclose the data breach. In its public statements, the company said it discovered the compromise recently, but the data was stolen in 2014. That fact has drawn the attention of Capitol Hill and a group of senators is asking some very uncomfortable questions of Yahoo CEO Marissa Mayer.

In their letter, Sens. Ed Markey, Patrick Leahy, Elizabeth Warren, Al Franken, Richard Blumenthal and Ron Wyden asked Mayer when and how Yahoo learned of the breach, why the company took so long to uncover it, and whether any government agencies warned Yahoo of an attack by state-sponsored attackers. The lawmakers also said that the data taken from Yahoo could be used easily in other attacks.

“The stolen data included usernames, passwords, email addresses, telephone numbers, dates of birth, and security questions and answers,” the senators said. “This is highly sensitive, personal information that hackers can use not only to access Yahoo customer accounts, but also potentially to gain access to any other account or service that users access with similar login or personal information, including bank information and social media profiles.” Complete summary here.

Presidential Determination Signed to Accept 85,000 Refugees

Posted on by

No wonder the FBI is on a hiring blitz to attempt to vet what is told to be highly vetted and scrutinized refugee applicants.

****

The White House
Office of the Press Secretary
For Immediate Release
September 29, 2015

Presidential Determination — Presidential Determination on Refugee Admissions for Fiscal Year 2016

MEMORANDUM FOR THE SECRETARY OF STATE

SUBJECT:      Presidential Determination on Refugee Admissions for Fiscal Year 2016

In accordance with section 207 of the Immigration and Nationality Act (the “Act”) (8 U.S.C. 1157), and after appropriate consultations with the Congress, I hereby make the following determinations and authorize the following actions:

The admission of up to 85,000 refugees to the United States during Fiscal Year (FY) 2016 is justified by humanitarian concerns or is otherwise in the national interest; provided that this number shall be understood as including persons admitted to the United States during FY 2016 with Federal refugee resettlement assistance under the Amerasian immigrant admissions program, as provided below.

The admissions numbers shall be allocated among refugees of special humanitarian concern to the United States in accordance with the following regional allocations; provided that the number of admissions allocated to the East Asia region shall include persons admitted to the United States during FY 2016 with Federal refugee resettlement assistance under section 584 of the Foreign Operations, Export Financing, and Related Programs Appropriations Act of 1988, as contained in section 101(e) of Public Law 100-202 (Amerasian immigrants and their family members):

Africa . . . . . . . . . . . . . . . . . . . 25,000

East Asia. . . . . . . . . . . . . . . . . . 13,000

Europe and Central Asia . . . . . . . . . . . 4,000

Latin America/Caribbean. . . . . . . . . . .  3,000

Near East/South Asia. . . . . . . . . . . .  34,000

Unallocated Reserve . . . . . . . . . . . .  6,000

The 6,000 unallocated refugee numbers shall be allocated to regional ceilings, as needed.  Upon providing notification to the Judiciary Committees of the Congress, you are hereby authorized to use unallocated admissions in regions where the need for additional admissions arises.

Additionally, upon notification to the Judiciary Committees of the Congress, you are further authorized to transfer unused admissions allocated to a particular region to one or more other regions, if there is a need for greater admissions for the region or regions to which the admissions are being transferred.

Consistent with section 2(b)(2) of the Migration and Refugee Assistance Act of 1962, I hereby determine that assistance to or on behalf of persons applying for admission to the United States as part of the overseas refugee admissions program will contribute to the foreign policy interests of the United States and designate such persons for this purpose. Consistent with section 101(a)(42) of the Act (8 U.S.C. 1101 (a)(42)), and after appropriate consultation with the Congress, I also specify that, for FY 2016, the following persons may, if otherwise qualified, be considered refugees for the purpose of admission to the United States within their countries of nationality or habitual residence:

  1. Persons in Cuba
  2. Persons in Eurasia and the Baltics
  3. Persons in Iraq
  4. Persons in Honduras, Guatemala, and El Salvador
  5. In exceptional circumstances, persons identified by a United States Embassy in any location

You are authorized and directed to publish this determination in the Federal Register.

 

BARACK OBAMA