A former CIA officer who worked for the agency for 14 years has been charged with revealing the identity of an undercover officer and providing classified information to unauthorized individuals. According to federal prosecutors, John Kiriakou served as a source for a variety of news organizations whose reporters were writing stories in 2008 and 2009 about CIA operations following the Sept. 11 attacks. Among the stories that Kiriakou is accused of being a source for is a 2008 New York Times piece in which the name of the CIA’s interrogator of Sept. 11 mastermind Khalid Sheik Mohammed was revealed. In addition, Kiriakou is believed to have supplied information to reporters that contributed to a security breach at the Guantanamo Bay detention facility that allowed defense attorneys to obtain pictures of CIA operatives who were thought to have been involved in the interrogations of terrorist suspects. Those interrogations involved the use of controversial techniques that some have described as being torture. The pictures were later found in the cells of some high-value terrorist suspects. Kiriakou has also been charged with lying to the CIA about where other sensitive material that he published in a book came from. He faces as much as 30 years in prison if he is convicted on the charges against him.
Advanced digital videoconferencing equipment has vastly improved meeting opportunities for coworkers and clients across the globe, but the new systems can also be hacked to spy on those meetings, potentially jeopardizing confidential client data or corporate secrets. In a recent demonstration, HD Moore, a chief security officer at Boston-based IT security company Rapid7, showed that he could remotely manipulate videoconferencing equipment to hear or see anything in a board room. “These are literally some of the world’s most important boardrooms — this is where their most critical meetings take place — and there could be silent attendees in all of them,” warned Mike Tuchen, chief executive of Rapid7. According to Tuchen, these vulnerabilities are caused by IT administrators setting up videoconferencing links outside of company firewalls and configuring them in ways that create easy targets for hackers. No company has yet announced that they have been compromised using videoconferencing, but it is also entirely possible that companies have been victimized and may not be aware. Some new systems are outfitted with a feature that does not require users to accept every person that dials into their conference. These features can help a meeting run more smoothly, but could also make uninvited guests much harder to detect. Moore recently wrote a computer program that would allow him to detect any videoconferencing links located outside their company firewalls and configured to automatically answer calls. In less than two hours, he scanned about 3 percent of the Internet, discovering 5,000 open conference links at law firms, pharmaceutical companies, oil refineries, universities and medical centers. In order to prevent hackers from being able to do the same, Rapid7 recommends companies set up a “gatekeeper” that securely connects calls from outside the company firewall.
A newly discovered permutation of the Sykipot Trojan, which has been used for years in attacks stemming from servers in China, can be used to compromise the U.S. Defense Department’s Common Access Cards, according to Alienvault Labs. The variant comes rolled into phishing attacks and uses a keylogger to “effectively hijack DOD and Windows smart cards,” says Alienvault’s Jaime Blasco. The variant has appeared in dozens of attack samples over the past 12 months. The spear-phishing attacks are built to get their targets to open an Adobe PDF attachment, which takes advantage of an Adobe zero-day vulnerability to load Sykipot onto their computers, according to Alienvault’s research. Using a keylogger, the Sykipot variant can then swipe PINs from cardholders signing in, and subsequently pose as the legitimate user to steal information for as long as the card remains in the smart-card reader, Alienvault says. The malware also displays the public-key encryption certificates kept on the system, and Blasco says Alienvault has tested the malware and it is, in fact, working. “It’s likely they got inside protected systems and gained access using this malware,” he notes
