Saturday, June 9, 2012

North Korea rampant with Filesharing



North Koreans are subverting their government's censorship by sharing files on USB sticks and MP3 players, claims a report.
A Quiet Opening, by Nat Kretchin and Jane Kim, uses testimony from defectors and refugees to build a picture of how popular media originating from other countries is within the isolated dictatorship. The answer, you may be surprised to hear, appears to be "very".
North Korea—or to use its official name, the Democratic Peoples' Republic of Korea—is also known as the "Hermit Kingdom", a reflection of its isolation from the outside world. North Koreans are fed a strictly controlled and limited diet of media, and officially have no access to unvetted material. However, the collected testimony paints a picture of a people who are slowly gaining an understanding of the outside world—a process which began when the severe famine of the late 1990s shook many North Koreans' faith in their government.
Connected officials and elites are able to buy MP3 players, DVDs, and USB sticks from connections in China, and the contents are handed around surreptitiously. It's a modern twist on what was called "samizdat" in the USSR—forbidden books and pamphlets, copied and spread among activists in secret.
A 44-year-old male from Chongjin (the third largest city in the DPRK, close to the Chinese border) told the authors of the report: "About 70-80 percent of people that have MP3/4 players are young people. When you do a crackdown of MP3/4 players among high school and university students, you see that 100 percent of them have South Korean music."
The report also quotes several people who say that families and friends often gather together to watch the latest episodes of the most popular South Korean shows. Soap operas from the South are incredibly popular—and the gap between what they're told about the South (that it's poor and repressive) versus what they see (young people in designer clothes having parties) is contributing to widespread disbelief in the regime's propaganda.
The most important officials have always had access to material forbidden to the wider populace, but the implications of this latest report are that these illicit materials are filtering down to other families—and they're not scared to share their illegal media with others. A 47-year-old female from Pyongyang says kids in her childrens' class would use the class computer to copy files for each other—a crime that not long ago would have been considered unthinkable.
Recent visitors to North Korea will have noticed that mobile phones are a common sight even in the poorest areas of the country (the country has one of the highest levels of 3G penetration in the world), and in some of Pyongyang's more elite districts iPads are not unusual. While the penalties for accessing foreign media content are incredibly severe—ranging from three months to five years of forced labour, depending on how subversive it is—the proliferation of so many electronic devices is making it easier for people to communicate both with each other and the outside world.
While the North Korean government may restrict the access its people have to the Internet, it's nevertheless believed to have one of the most effective online foreign espionage operations in the world. In the wake of widespread GPS jamming in South Korea in May, information security professor Lee Dong-Hoon claimed that North Korea had the third most powerful cyberwar capabilities in the world after the US and Russia, and organisations which cover North Korea in the West are frequently subjected to hacking and DDoS attacks.
It's worth noting that this report, like most that come out of North Korea, relies on sampling a very small subsection of DPRK society. Most refugees come from either Pyongyang or other richer border regions with China, as those are the sections of society with the material wealth and connections that give them a chance of defecting in the first place. The majority of the population lives in much poorer rural conditions and with more chance of being persecuted if caught with forbidden media. The report points out that only 16 percent of those questioned for the report said they had access to some kind of computer. Frequent power shortages make it unlikely that number will dramatically increase any time soon.

Tuesday, July 12, 2011

Rhode Island Sets up a CyberSecurity Team.

Rhode Island has set up a cybersecurity team that it hopes will be a model for other states trying to address cybersecurity problems in an era of tight state government budgets.

The Rhode Island Cyber Disruption Team (RICDT) includes members of government agencies, law enforcement, academia, and private business who will work to protect critical infrastructure in the state.
“This team’s leaders recognize the sectors of our society most vulnerable in cyberspace and the damages that would most severely affect Rhode Islanders”, said Rep. Jim Langevin (D-RI) while unveiling the new cybersecurity team on July 11 at Dell SecureWorks in Providence, RI. IT security firm Dell SecureWorks will provide technology support to the team.

RICDT will provide analysis and support prior to and during catastrophic events affecting critical infrastructure in Rhode Island and ensure continuity and restoration of operations. The team will serve as a communications conduit between federal, state, military, and private entities.
Working under the Rhode Island Emergency Management Agency, RICDT will identify areas in which critical state assets are vulnerable to cyberattack and propose and implement solutions by studying existing cybersecurity practices and commissioning original research and development.

The core RICDT members are Nick Tella (team commander), Ken Bell, and Christine Crocker from the Rhode State Police; Robert Fitzpatrick from the City of Providence Police; Jacob Fonseca with the University of Rhode Island Digital Forensics Center, Anthony Heywood with the IT department of the City of Providence; Doug White, director of the Forensics Applied Networking and Security Center at Roger Williams University; and Theresa Murray with the Emergency Management Agency.
“The Cyber Disruption Team has a multipart role in ensuring critical cyber assets in Rhode Island: to proactively evaluate and advise on the State's cyber infrastructure, to support the State against cyber threats whether physical or virtual, and to act as a cornerstone of cybersecurity in the state”, explained White.

90,000 Military Email Accounts Leaked!

In the AntiSec Movement (Anti Security) going on Anonymous has taken and leaked 90,000 military email accounts from Booz Allen Hamilton which is a security firm. Anonymous classified this as 
"Military Meltdown Monday: Mangling Booz Allen Hamilton". 
  A anouncement posted on Twitter by @AnonymousIRC


The leak itself include 90,000 login accounts for military personnel; including personnel from US CENTCOM, SOCOM, Marine Corps, Air Force, Homeland Security, State Department staff, and what looks like private sector contractors. This does in fact compromise some members of these departments but I do understand why this would happen; to be a security contractor and work in the IT department and have only the basic security on your network should show that people shouldn't put trust into these companies and if your working for the military this shows how easy it really is. Just because people have badges and high egos they think they can secure the internet, there network, and try and charge people for actually battling for their rights this is why I agree with the movement, but to stay professional I would also like to state that if the government personnel don't to be compromised or there information then it's best to actual secure the data and not leave it to some contractor actually put a group to test these sites and your own data.
 
The release by anonymous was via Torrent of 130.5 MB archive file.




Sunday, July 10, 2011

Tips, Tricks, and Fun!

Alright most of the time DISecurity brings you the latest news in the IT industry, I will also be adding to the blog is something new; tips, tricks, and fun things to do and learn using the power of the internet and your own mind.
Most people know about Google but what they don't know is Google has more power than anyone really knows, I love Google myself but power can also be bad and good. But this article is not about anything bad for mopey like most news we hear this article and many other like this will be to help you out, maybe improve your own online security, learn something new, or even give you a new insight on what it like to be a little more than a novice using the internet.

So today were going to do something 'simple, easy, and fun to do' but before we start I just want to let everyone to know if you read my blog and you enjoy it send it to others to read. Knowledge is the true power!

  1. Alright so what I would like everyone to do is open up their web browser via: Internet explorer, Mozilla Firefox, Safari, Opera, or Chrome.
  2. Go to www.google.com
  3.  Type this in search: inurl:/ view index.shtml
Alright now you should see a bunch of different numbers, names, or other identifiers, what your about to view is a network of Security Cameras around the world, you can even take full control over them and change what everyone is looking at.

This is an old trick, but it's always fun to play security... But this should also give you an Idea of what anyone and everyone is really doing, I can monitor action of others and this is truly how easy it really is. So what would stop a person finding a good camera getting into them and stalking you? Maybe track your movements?
These are all things you should consider about everyday life, who is watching me? Am I really protected? do I have my privacy? the Answer is simple Everyone, No, and No.  But there are ways to get back what is now lost in the new area of SECURITY > FREEDOM! we have.

Next week: I will teach you how to get back as much privacy as you can.

DISec News

As most people would know there is a trend going on called the "ANTI-Sec Movement" which I am neither against or for simply for the reason some companies do deserve to get slammed with security breaches and show the customers how easy it truly is to get there lives taken from them simply by... you guest it "Trusting a Corporation."

Does anyone remember the days people wanted the 'Mom and Pop Shops' and no one trusted the corporations? I don't know what happen but I do miss those days, But with people actually "trusting" these big corporations all the independent 'Mom & Pop Shops' lose out and are forced to either sell or shutdown.

But the reason why I also disagree with the new movement is some of these websites that can't truly afford an IT Staff and is more like a low market will still get plucked and yes I understand that it's to prove a point but people are also at risk of getting there identity taken away from them; most people in this movement are actually not leaking most of the user database, it still will show up though so you always must take the precautions when playing in the digital world.

Tuesday, July 5, 2011

Massachusetts data breaches touch five million residents

Data breaches have affected five million residents of Massachusetts since October 2007, when the state’s strict data breach law was enacted, according to Barbara Anthony, head of the Office of Consumer Affairs and Business Regulation.

Anthony told the Boston Herald newspaper that the state has received around 2,200 data breach notification letters from companies and agencies reporting lost or stolen personal information since the law was enacted, affecting around five million state residents.
“We get about 50 [letters] a month. Our reporting law is very stringent. Even if it’s one credit card that’s been lost, the company has to report it to us”, Anthony told the newspaper.
Data breaches in the state range from the relatively innocuous to major events, as illustrated by two incidents in May of this year.
Belmont Savings Bank reported that a back-up computer tape containing the personal information of 13,380 customers accidentally fell in the trash, but it was determined that the tape was incinerated “in the ordinary course” of disposal.
The state's Executive Office of Labor and Workforce announced a virus had infected 1,500 computers at the agency’s offices and career centers, putting as many as 210,000 unemployed residents’ data at risk.
The Massachusetts Attorney General’s office investigates serious data breaches, while Anthony’s office compiles data breach reports and educates consumers and businesses about security risks.
“If you’re storing a lot of sensitive information, you need to take very strong steps to secure that information. If you don’t, and you have a breach, there are going to be problems”, Anthony concluded.

Hacker Dumps Details of Florida Voter Database

 Rigged voting might be as old as US election systems themselves, so what happens when a hacker collects the voting database?

The AntiSec movement is definitely rolling along, Anonymous is pointing to a recent hack that could raise some serious questions over the integrity of voting in Florida. It seems that a hacker who uses Twitter obtained parts of the Florida voting database which has been subsequently posted to Paste2. It appears that the hacker in question wanted to show that voting fraud can easily happen today and dumped parts of the Florida database to prove it.

The content was posted to PasteBin (same content) while Abhaxas tweeted, “Who believes voting isn’t tampered with?”
It’s the latest in a long string of hacks since LulzSec was disbanded. Previously, the Arizona Polce Force had details leak about them not not once, not twice, but three times. In another leak, the AntiSec movement leaked details of Viacom and Universal Music along with content from various government servers.
This latest hack clearly demonstrates that Anonymous isn’t the only organization that is doing the hacking these days. One thing is for sure though, it’s hard to imagine that this would not have very big political implications.

This resent security breach is under investigation.