UAE surveillance unit used iPhone hacking software to track dissidents

UAE surveillance unit used iPhone hacking software to track dissidents


PeopleImages via Getty Images

Former US intelligence agents reportedly worked with UAE security officials to remotely hack into the iPhones of dissidents and world leaders using a spying tool. The so-called “Karma” software allowed the covert cyber-operations unit (code named Project Raven) to access “iPhones simply by uploading phone numbers or email accounts into an automated targeting system,” according to Reuters.

Karma reportedly didn’t work on Android devices, but was deemed especially powerful as it could plant malware on an iPhone without requiring an action from the target. Three former operatives said the tool relied partially on a flaw in iMessage. All it supposedly took to trigger the breach was for a text message to be sent to the target device using the cyber-tool. Both Apple and the UAE government declined to comment on the report.

In 2016 and 2017, the hacking unit composed of ex-American intelligence operatives working as contractors for the UAE’s intelligence services set up camp in Abu Dhabi. From there, they harnessed the tool to acquire photos, emails, texts and location data from targets’ iPhones. Karma also reportedly helped the team to scoop saved passwords for other breaches, according to several former operatives (who were not Emirati citizens) and program documents reviewed by Reuters.

In 2017, the operatives allegedly used Karma to hack an iPhone used by Qatar’s Emir Sheikh Tamim bin Hamad al-Thani, as well as the devices of Turkey’s former Deputy Prime Minister Mehmet Şimşek, and Oman’s head of foreign affairs, Yusuf bin Alawi bin Abdullah. Ultimately, the tool was apparently used to gain entry into the accounts of hundreds of prominent Middle Eastern political figures and activists across the region and in Europe. However, there’s no evidence (as of yet) to suggest that compromising information was leaked. The Washington embassies of Qatar, Oman and Turkey did not respond to the report. Nor could Reuters confirm the origin of Karma, though it said it was purchased from a vendor outside the UAE.

In a separate Reuters exposé, Lori Stroud (a former NSA staffer who later joined Project Raven) said Karma was also used to spy on American citizens. Whereas US contractors being hired for assistance with espionage remains a grey area, hacking or stealing info from America is considered illegal. Stroud told of how she’d been recruited by a Maryland cybersecurity contractor named CyberPoint only to wind up in the UAE in 2016. The small Middle-Eastern nation, and ally of Saudi Arabia, brought on Stroud (and other US contractors) to help launch its cyber-surveillance program, which was overseen by local cybersecurity firm DarkMatter.

By the end of 2017, Karma had apparently become far less effective due to Apple’s iOS security updates. But the timing of this report couldn’t be worse for Apple, arriving as it does in the wake of its FaceTime bug that let users eavesdrop on calls — and in light of CEO Tim Cook’s calls for increased privacy and GDPR-style regulations in the US).

Apple has infamously resisted calls from law enforcement to create a backdoor piece of software that could bypass the security protections built into iOS. Faced with the blockade, the FBI turned to a third-party to crack the iPhone 5c belonging to one of the San Bernardino attackers back in 2016. That in turn led to a lucrative market springing up for zero-day iPhone exploits.

View the Original Article . . .

{authorlink}
https://www.engadget.com/rss.xml Engadget RSS Feed

Engadget is a web magazine with obsessive daily coverage of everything new in gadgets and consumer electronics

https://www.blogsmithmedia.com/www.engadget.com/media/feedlogo.gif?cachebust=true

New Zealand blocks wireless carrier from using Huawei equipment

New Zealand blocks wireless carrier from using Huawei equipment


ASSOCIATED PRESS

New Zealand officials have blocked a major telecom carrier in the country from using Huawei equipment in its upcoming 5G mobile network, the New York Times reports. The company, Spark, said in a statement that New Zealand’s Director-General of the Government Communications Security Bureau believed using Huawei gear would “raise significant national security risks,” a sentiment that mirrors what has already been expressed by US and Australian governments. The US government in particular has been vocal about its concern that Huawei has connections to the Chinese government that make its products major national security risks.

Huawei has repeatedly denied such claims, and in response to this latest blow, it said that the process in New Zealand was ongoing and it would “actively address any concerns and work together to find a way forward.” The US Embassy in Australia released a statement saying, “The US advocates for secure telecoms networks and supply chains that are free from suppliers subject to foreign government control or undue influence. We routinely urge allies and friends to consider such risks and exercise similar vigilance in ensuring the security of their own telecoms networks and supply chains.”

In the US, lawmakers have banned government employees, contractors and agencies from using certain equipment made by Huawei and another Chinese firm ZTE, while the Pentagon issued an earlier decision that banned Huawei and ZTE phones in military base retailers. A number of government agencies, including the FBI, CIA and NSA, have warned Americans about using Huawei products. Similar warnings have also been issued to other countries, including Canada, Germany, Japan and Italy, among others.

View the Original Article . . .

{authorlink}
https://www.engadget.com/rss.xml Engadget RSS Feed

Engadget is a web magazine with obsessive daily coverage of everything new in gadgets and consumer electronics

https://www.blogsmithmedia.com/www.engadget.com/media/feedlogo.gif?cachebust=true

Twitter: It was a ‘mistake’ not to suspend bomb suspect for threats

Twitter: It was a ‘mistake’ not to suspend bomb suspect for threats

FBI Director Christopher Wray, accompanied by officials including Attorney General Jeff Sessions, speaks at a press conference about the apprehension of a suspect in the recent spate of mail bombings at the Department of Justice on October 26, 2018 in Washington, DC. Authorities arrested Cesar Sayoc in the attacks which targeted prominent Democrats and critics of President Trump.

Aaron P. Bernstein via Getty Images

Hours after FBI Director Christopher Wray announced the arrest of Cesar Sayoc in connection with sending 13 IEDs, Twitter finally suspended two accounts tied to Sayoc. Once he was identified, internet users quickly found posts of his showing videos and pictures taken at rallies for President Donald Trump, as well as a number of social media posts threatening various people, including some of the same people that the bombs were addressed to.

One of the people who received his threats was political analyst Rochelle Ritchie, who tweeted screenshots showing threats Sayoc made toward her, and Twitter’s response to her reports: to do nothing. Despite promising her a “nice silent air boat ride” on October 11th after she appeared on Fox News, the company inexplicably decided there was “no violation” of its rules. Now, after his arrest, and after removing both accounts, Twitter’s Safety account tweeted “We made a mistake when Rochelle Ritchie first alerted us to the threat made against her. The Tweet clearly violated our rules and should have been removed. We are deeply sorry for that error.”

While the company says it’s investigating, that holds cold comfort for anyone facing threats made via social media. While Twitter isn’t responsible for the man’s criminal actions, it does have policies in place that are supposed to intervene when users are threatening others on its platform. CNN reported that other tweets on the account sent to Trump specifically threatened Eric Holder and former vice president Joe Biden, in posts that were still live when Sayoc was arrested for his connection to the bombs that were actually targeting their homes. Ritchie later posted another message from Twitter, claiming its earlier dismissal was “sent in error.”

View the Original Article . . .

{authorlink}
https://www.engadget.com/rss.xml Engadget RSS Feed

Engadget is a web magazine with obsessive daily coverage of everything new in gadgets and consumer electronics

https://www.blogsmithmedia.com/www.engadget.com/media/feedlogo.gif?cachebust=true

Microsoft’s $7.5 billion GitHub acquisition is complete

Microsoft’s $7.5 billion GitHub acquisition is complete


Microsoft

It’s official: Microsoft now owns GitHub. After European Commission officials approved the deal last week, it seemed only a matter of time until the $7.5 billion acquisition was completed.

GitHub’s new CEO Nat Friedman, a former vice president of developer services at Microsoft, emphasized in a blog post that GitHub will operate independently of its owner. He noted the open-source repository will continue to support developers no matter the tools they choose to do their job (so you can opt for Amazon Web Services over Microsoft’s Azure Cloud Services, for instance).

Friedman wrote that GitHub has three core objectives: ensuring the platform is the best option for productive teams and communities; making the repository more accessible to developers everywhere; and boosting performance, reliability and security. There are plans to improve search, notifications and how you use GitHub on mobile, while GitHub Actions, which is currently in a public beta, will become more widely available for the platform’s 31 million developers.

View the Original Article . . .

{authorlink}
https://www.engadget.com/rss.xml Engadget RSS Feed

Engadget is a web magazine with obsessive daily coverage of everything new in gadgets and consumer electronics

https://www.blogsmithmedia.com/www.engadget.com/media/feedlogo.gif?cachebust=true

Russian woman indicted for interfering with 2018 US midterm elections

Russian woman indicted for interfering with 2018 US midterm elections


Getty Images

US officials aren’t waiting until after the midterm elections to take legal action against interference efforts. Federal authorities have charged Russian national Elena Khusyaynova for allegedly serving as the primary accountant for Project Lakhta, an influence campaign that targeted the US midterms as well as foreigners in the US, European Union member states, the Ukraine and even some Russian audiences. Khusyaynova reportedly managed expenses for activists, social networking ads and news post promotions, domain name registrations and proxy servers.

The initiative explicitly set out to conduct “information warfare” against the US by spreading distrust of American political candidates and the system at large, according to the Department of Justice. It also went out of its way to disguise its origins, using VPNs and fake social accounts in order to stoke political tensions. Some of these accounts had been used in the 2016 elections.

While the charges don’t directly tie Khusyaynova back to the Russian government, the DOJ said Russian oligarch Yevgeniy Prigozhin funded the effort both himself and through companies he owns, Concord Catering Concord Management and Consulting. Officials stressed that there was no evidence the group had succeeded in interfering with the election.

The news came just as the Office of the Director of National Intelligence, the DOJ, the FBI and the Department of Homeland Security issued a joint statement saying they were “concerned” about interference efforts from Russina, China, Iran and other countries, including social network campaigns. They also suggested that there were few direct hacking attempts. While there have been attempts to compromise local and state governments (not to mention politicians), there isn’t evidence that hackers have compromised the voting process, according to the statement. Still, it appears that attempts at manipulation are very much underway — whether or not they’ve been successful.

View the Original Article . . .

{authorlink}
https://www.engadget.com/rss.xml Engadget RSS Feed

Engadget is a web magazine with obsessive daily coverage of everything new in gadgets and consumer electronics

https://www.blogsmithmedia.com/www.engadget.com/media/feedlogo.gif?cachebust=true

DOJ charges seven Russian officials for hacking doping agencies

DOJ charges seven Russian officials for hacking doping agencies

Today, the US Department of Justice charged seven Russian officers of the Russian intelligence directorate, the GRU, with hacking organizations, including doping agencies. These charges are not connected to Robert Mueller’s investigation into Russian…

Continue reading . . .

{authorlink}
https://www.engadget.com/rss.xml Engadget RSS Feed

Engadget is a web magazine with obsessive daily coverage of everything new in gadgets and consumer electronics

https://www.blogsmithmedia.com/www.engadget.com/media/feedlogo.gif?cachebust=true

Google CEO Sundar Pichai will meet US officials to discuss censorship

Google CEO Sundar Pichai will meet US officials to discuss censorship

Sundar Pichai, the CEO of Google, will appear at a private meeting with Republican lawmakers on the Capitol Hill on Friday, September 28th, following recent allegations that the company had previously censored search results. In addition to that, Pic…

Continue reading . . .

{authorlink}
https://www.engadget.com/rss.xml Engadget RSS Feed

Engadget is a web magazine with obsessive daily coverage of everything new in gadgets and consumer electronics

https://www.blogsmithmedia.com/www.engadget.com/media/feedlogo.gif?cachebust=true

3D gun distributor Cody Wilson deported to the US

3D gun distributor Cody Wilson deported to the US

Authorities aren’t wasting any time bringing Cody Wilson, the owner of 3D-printed gun maker Defense Distributed, back to the US. Taiwan officials deported Wilson to the US on September 22nd following his arrest a day earlier over his annulled legal s…

Continue reading . . .

{authorlink}
https://www.engadget.com/rss.xml Engadget RSS Feed

Engadget is a web magazine with obsessive daily coverage of everything new in gadgets and consumer electronics

https://www.blogsmithmedia.com/www.engadget.com/media/feedlogo.gif?cachebust=true

Equifax faces £500,000 fine in the UK over massive data breach

Equifax faces £500,000 fine in the UK over massive data breach

UK officials have slapped Equifax with a £500,000 (US$660,000) fine for failing to protect up to 15 million citizens’ personal data. The Information Commissioner’s Office (ICO) has announced its verdict after almost a year-long investigation wi…

Continue reading . . .

{authorlink}
https://www.engadget.com/rss.xml Engadget RSS Feed

Engadget is a web magazine with obsessive daily coverage of everything new in gadgets and consumer electronics

https://www.blogsmithmedia.com/www.engadget.com/media/feedlogo.gif?cachebust=true

India Sends Officials to US, Japan and Switzerland to Study Cryptocurrency and ICOs

India Sends Officials to US, Japan and Switzerland to Study Cryptocurrency and ICOs

Continue reading . . .

{authorlink}
https://news.google.com/news/rss/headlines/section/q/cryptocurrency/cryptocurrency?ned=us&hl=en&gl=US cryptocurrency – Google News

Google News

https://ssl.gstatic.com/news-static/gnrss.png

Facebook bans Myanmar military officials following damning UN report

Facebook bans Myanmar military officials following damning UN report

Facebook is taking action to halt the spread of hate speech and misinformation in Myanmar, banning Senior General Min Aung Hlaing, the Myawady military TV network and other people and groups. It said that international experts, working with the UN Hu…

Continue reading . . .

https://www.engadget.com/rss.xml Engadget RSS Feed

Engadget is a web magazine with obsessive daily coverage of everything new in gadgets and consumer electronics

https://www.blogsmithmedia.com/www.engadget.com/media/feedlogo.gif?cachebust=true

Three men arrested for stealing over 15 million payment cards

Three men arrested for stealing over 15 million payment cards,

US officials announced today that three alleged leaders of the cybercrime group known alternatively as Fin7, Carbanak and the Navigator Group have been arrested in Germany, Poland and Spain and charged with 26 felony counts. The charges include consp…

,

Continue reading . . .

, ,
https://www.engadget.com/rss.xml, Engadget RSS Feed,

Engadget is a web magazine with obsessive daily coverage of everything new in gadgets and consumer electronics

, https://www.blogsmithmedia.com/www.engadget.com/media/feedlogo.gif?cachebust=true,
,

Tickborne diseases are likely to increase, say NIAID officials

Tickborne diseases are likely to increase, say NIAID officials,

The incidence of tickborne infections in the United States has risen significantly within the past decade. It is imperative, therefore, that public health officials and scientists build a robust understanding of pathogenesis, design improved diagnostics, and develop preventive vaccines, according to experts.

,

Continue reading . . .

, ,
https://www.sciencedaily.com/rss/top/environment.xml, Top Environment News — ScienceDaily,

Top stories featured on ScienceDaily’s Plants & Animals, Earth & Climate, and Fossils & Ruins sections.

, https://www.sciencedaily.com/images/scidaily-logo-rss.png,
,

Olympics officials take baby steps toward recognizing eSports

Olympics officials take baby steps toward recognizing eSports,

Officials from the International Olympic Committee (IOC) and Global Association of International Sports Federations (GAISF) just convened to discuss how, if at all, they can integrate eSports into the world’s most famous sporting stage. The forum, he…

,

Continue reading . . .

, ,
https://www.engadget.com/rss.xml, Engadget RSS Feed,

Engadget is a web magazine with obsessive daily coverage of everything new in gadgets and consumer electronics

, https://www.blogsmithmedia.com/www.engadget.com/media/feedlogo.gif?cachebust=true,
,