TIME Innovation

These Jeans Block Hackers From Stealing Your Stuff

BetaBrand RFID blocking pants
BetaBrand RFID blocking pants Jason Van Horn—Betabrand

Norton anti-virus technology is now available in stretch denim

A wearable tech firm has joined forces with Norton to develop a new pair of jeans that prevent “digital pickpockets” from scanning your credit cards and passports as you walk by.

The pockets in Betabrand’s “Ready Active Jeans” are lined with a specially designed fabric that blocks RFID (radio-frequency identification) signals, which are used in a growing number of credit cards and passports to enable secure wireless scanning. Betabrand, however, says identity thieves armed with handheld scanners have exploited the technology in upwards of 10 million heists a year.

“That’s why we partnered with with global information-protection authority Norton to create the world’s first RFID-blocking jeans,” Betabrand wrote in an announcement of the new jeans.

The jeans are currently selling for $151, and can be purchased with a matching, RFID-repellant blazer. Machine wash cold.

TIME cybersecurity

This Is the Most Shocking Document in the Entire Sony Hack Leak

Sony Hack
A logo of Japan's Sony Corporation is displayed at its headquarters in Tokyo on May 14, 2014. Kazuhiro Nogi—AFP/Getty Images

It's not sexy, but it shows how bad things really are

The hacking of vast amounts of internal Sony data continues to generate headlines. On Dec. 8, the aliases of nearly a dozen Hollywood celebrities were leaked. That is in addition to unreleased films, employee salaries, scripts, and other sensitive documents spilling out online. The hackers responsible are reportedly making increasingly threatening demands on the company.

The episode is likely to continue given the sheer volume of data obtained. And that may be the most significant aspect of the leak itself. According to security expert Brian Krebs, the scope of the breach is enormous:

According to multiple sources, the intruders also stole more than 25 gigabytes of sensitive data on tens of thousands of Sony employees, including Social Security numbers, medical and salary information. What’s more, it’s beginning to look like the attackers may have destroyed data on an unknown number of internal Sony systems. Several files being traded on torrent networks seen by this author include a global Sony employee list, a Microsoft Excel file that includes the name, location, employee ID, network username, base salary and date of birth for more than 6,800 individuals.

To get a sense of the size, consider this filetree posted by Krebs, included in the leaked data. It’s not juicy like a celebrity’s secret code name or the musing of Sony employees about Adam Sandler’s career. But this mere skeleton of some of the information stolen is shocking in its scope.

Read More: The 7 Most Outrageous Things We Learned From the Sony Hack

Sony Filetree
Brian Krebs
TIME cybersecurity

The 7 Most Outrageous Things We Learned From the Sony Hack

'The Interview' Barcelona Photocall
Seth Rogen (L) and Evan Goldberg pose during a photocall for their latest film 'The Interview' at the Hotel Mandarin on June 18, 2014 Robert Marquardt—Getty Images

From dissatisfaction with Adam Sandler to embarrassing gender statistics

The breach that crippled Sony at the end of November is not over yet. On Dec. 8, the aliases of 11 Hollywood celebrities were leaked, and internal information continues to leak about about the beleaguered company—from unreleased films to employee salaries to actors’ cover identities. And the hackers responsible are reportedly making increasingly threatening demands on Sony. Dubbed the Guardians of Peace, the hackers have allegedly called for monetary compensation, told Sony to stop the release of The Interview, and threatened employees’ families. Here are 7 of the craziest things hackers hitched from Sony.

Seth Rogen made more money than James Franco for The Interview. The hackers wormed into the studio’s movie budgets, and found that The Interview cost $44 million to make. Rogen is making $8.4 million and Franco is raking in $6.5 million. The two actors are co-stars, but Rogen (who is four years younger) also co-directed the film, which may be the reason for the salary differential.

Some people at Sony are not Adam Sandler fans. Based on a trove of workplace complaints discovered by Gawker, there’s some dissatisfaction with the 48-year-old comedian. “There is a general “blah-ness” to the films we produce. Althought [sic] we manage to produce an innovative film once in awhile, Social Network, Moneyball, The Girl with the Dragon Tattoo, we continue to be saddled with the mundane, formulaic Adam Sandler films,” said one Sony employee. “And will we still be paying for Adam Sandler? Why?”

Only one female Sony employee earns more than $1 million. The $1-million-and-over club at Sony is male and white. Just one woman, co-chair of Sony Pictures Entertainment Amy Pascal, is in the group.

You can watch unreleased Sony movies online. The hackers managed to leak files of major Sony films that are set to be released this year, including Annie, Mr. Turner and Still Alice.

Sylvester Stallone and Judd Apatow’s social security numbers are on the Internet as a result of the hack. So is their compensation, along with the salaries and personal information of a lot of other celebrities.

Tom Hanks, Jessica Alba and Natalie Portman have alter egos …and they sound kind of odd. The stars use aliases to do normal people things. Hanks is “Johnny Madrid,” Tobey Maguire is “Neil Deep,” Jessical Alba is “Cash Money,” Natalie Portman is “Lauren Brown” and Rob Schneider goes by “Nazzo Good.”

A script by the creator of “Breaking Bad” leaked, too. Vince Gilligan, the creator of “Breaking Bad” had an unreleased pilot of in the works, and hackers got a hold of that, too, according to Buzzfeed.

TIME Security

The FBI Is Warning Other Companies After Sony Hack

How Hacker Sleuths Found Zhang Changhe in Trail From Myrtle Beach to China
Joe Stewart, director of malware research at Dell SecureWorks, a unit of Dell Inc., speaks to a colleague in front of a pair of large wall mounted monitors in his office in Myrtle Beach, South Carolina, U.S., Friday, Jan. 18, 2013. S Bloomberg—Bloomberg via Getty Images

The malware overrides data and prevents computers from booting up

A devastating malware attack used against Sony Pictures Entertainment last week could be a threat to other businesses as well.

In a five-age confidential warning first reported by Reuters, the FBI describes malicious software used in an attack that appeared similar to that used against Sony, though it didn’t mention the company by name. The FBI report provided technical advice to other businesses on how to respond to the malware.

The attack against Sony shut down the company’s email and other key systems for a week shortly before the holiday season, when the company will release several big-name movies. Several of Sony’s titles leaked online shortly after the hack before most of them even made it to theaters.

The FBI document warned of malware that overrides data on computer hard drives and prevents computers from being booted up. The agency said it was investigating the attack, while Sony said it hired FireEye’s Mandiant response team to help clean up the company’s systems.

Some reports have tied the attack to North Korea, which has promised retaliation for an upcoming Sony comedy about a plot to kill North Korean leader Kim Jong-un.

[Reuters]

TIME Security

Chinese Hackers Breached National Weather Websites

The breach wasn't acknowledged until after several probes

Officials announced Wednesday that Chinese hackers had gained access to Federal weather data as early as September.

The hack occurred in late September, but was not acknowledged by the the National Oceanic and Atmospheric Administration until Oct. 20, the Washington Post reports. As a result of the hack, some national weather websites were unavailable for as many as two days, including the National Ice Center website. And those sites being offline impacted some long-term forecasts.

NOAA also lagged in its response to the breach. The Post reports the the administration “did not say its systems were compromised” when the problem was first acknowledged on Oct. 20. When NOAA admitted Wednesday that there had been a cyber security breach, they did not say who was responsible either. That information came from Rep. Frank Wolf (R-Va.), who disclosed that the attack had come from China. Wolf blasted the agency saying, “They had an obligation to tell the truth. They covered it up.”

Read more at the Washington Post.

TIME White House

White House Computer Networks Hacked

Early morning sunrise is seen over the White House in Washington, Oct. 28, 2014.
Early morning sunrise is seen over the White House in Washington, Oct. 28, 2014. Pablo Martinez Monsivais—AP

Russian hackers suspected

Hackers believed to be employed by the Russian government breached White House computer networks in recent weeks, temporarily disrupting services.

Citing unnamed sources, the Washington Post reported there was no evidence that hackers had breached classified networks or that any of the systems were damaged. Intranet or VPN access was shut off for a period but the email system was never downed. The breach was discovered two to three weeks ago, after U.S. officials were alerted to it by an unnamed ally.

“On a regular basis, there are bad actors out there who are attempting to achieve intrusions into our system,” a White House official told the Post. “This is a constant battle for the government and our sensitive government computer systems, so it’s always a concern for us that individuals are trying to compromise systems and get access to our networks.”

Cybersecurity firms in recent weeks have identified NATO, the Ukrainian government and U.S. defense contractors as targets of Russian hackers thought to be working for the government.

[The Washington Post]

 

TIME White House

Obama Signs Order to Secure Government Credit Cards From Data Breaches

US-POLITICS-OBAMA-CFPB
President Barack Obama signs an Executive Order to implement enhanced security measures on consumers' financial security following remarks at the Consumer Financial Protection Bureau (CFPB) in Washington, DC, October 17, 2014. SAUL LOEB—AFP/Getty Images

"Identify theft is now America's fastest growing crime," said Obama.

President Obama signed an executive order Friday to improve security measures for government credit and debit cards, equipping them with microchips in place of the standard magnetic strips and PINs. Obama discussed the new order during remarks at the Consumer Financial Protection Bureau Friday.

“Last year . . . more than 100 million Americans had information that was compromised in data breaches in some of our largest companies,” said Obama, referring to high-profile security breaches at Target and Home Depot. “Identify theft is now America’s fastest growing crime. These crimes don’t just cost companies and consumers billions of dollars every year, they also threaten the economic security of middle class Americans who worked really hard for a lifetime to build some sort of security.”

“The idea that somebody halfway around the world could run up thousands of dollars in charges in your name just because they stole your number or because you swiped your card at the wrong place at the wrong time—that’s infuriating,” said Obama. “For victims it’s heartbreaking. And as a country we’ve got to do more to stop it.”

Obama highlighted the efforts of Home Depot and Target to secure their systems after being hit by breaches this year. They will join Walmart and Walgreens in installing chip and PIN technology in all their stores, most by the beginning of next year. Obama also noted that the Federal Trade Commission will develop IdentityTheft.gov for victims to aide the reporting and remediation process with credit bureaus.

“Identity theft has been American consumers’ number one complaint for more than a decade, and it affects people in every community across the nation,” said Federal Trade Commission Chairwoman Edith Ramirez. “I welcome the opportunity for the Federal Trade Commission to participate in this new initiative advancing efforts to address this insidious problem on behalf of consumers.”

The White House also called on Congress to pass data breach and cybersecurity legislation. “The current patchwork of laws governing a company’s obligations in the event of a data breach is unsustainable, and helps no one,” wrote the White House in a statement.

With reporting from Sam Frizell

 

 

 

TIME Security

Here’s How Home Depot Could Have Combated Hacking

Experts say retailers should invest in detection rather than prevention

As Home Depot continues to assess the damage caused by a security breach that gave hackers access to 56 million credit and debit cards, tech experts say large retailers should turn their attention to addressing breaches quickly instead of trying to prevent all of them.

“Are we spending most of our money on trying to keep the bad guys out or trying to detect as soon as possible when the bad guys get in?” asked cyber crime expert Brian Krebs, framing the issue rhetorically. “The best you can do is stop the bleeding as soon as possible when they do get in.”

At Home Depot, where hackers used malware to collect customer data at cash registers, it reportedly took nine months for the breach to be identified and stopped allowing for the damage to affect millions of customers.

Companies face myriad and evolving ways their data can be breached, making protecting data akin to a game of whac-a-mole. Once one potential threat is identified, hackers have already begun trying to get through another way. Instead of devoting all their resources to chasing the threats, companies should focus on minimizing the time it takes to identity those breaches, said Brian Foster, chief technology officer at cyber security firm Damballa.

“There are two types of companies: those that have been breached and those that don’t know they’ve been breached yet,” he said. “The attackers only have to find one door in whereas Home Depot has to secure all their doors and before they do that they need to know where all the doors are at.”

But even if retailers like Home Depot switch focus to detection from protection, experts say they need to do a better job securing data. And, for retailers, the first place to look is the “point of sale system” where the transaction occurred (the cash register for traditional retailers).

“Some enhancement of that logical access in the point of sale would have been able to harden the system significantly,” said Guy Levy, senior vice president at technology security firm Usher. “This is part of what any big retailer that employs pos systems should be doing now. They should all be scrutinizing their systems very, very hard.”

Despite the recommendations of security experts, many companies remain reluctant to devote the funding to change. But dealing with massive security breaches almost always costs more in the long-term than instituting preventive measures would have cost. Home Depot said the breach at the company will cost at least $62 million.

“It takes awhile to update your technology, to understand the threat,” said Anup Ghosh, founder and CEO of technology security firm Invincea. “But the most expensive dollar spent in security is spent after a breach.”

TIME cybersecurity

Chinese Hackers Infiltrated U.S. Defense Contractors, Senate Report Says

Army Lt. Col. Cecil Durbin (left) and Air Force Lt. Col Tom
Army Lt. Col. Cecil Durbin (left) and Air Force Lt. Col Tom Borowiec, a reservist, man the NorthCom Operations Desk inside the Deployment and Distribution Operations Center on Thursday May 1, 2008 at USTRANSCOM, located at Scott AFB in Illinois. Belleville News-Democrat—MCT/Getty Images

Hackers staged at least 20 attacks on private firms involved in the movement of U.S. troops and equipment

Chinese hackers infiltrated U.S. defense contractors on 20 separate occasions and were only twice noticed by authorities, according to the findings of a year-long Senate investigation released on Wednesday.

The Senate probe revealed that hackers targeted private airlines, technology companies and firms that have been contracted by the U.S. Defense Department to transport troops and defense equipment.

“These peacetime intrusions into the networks of key defense contractors are more evidence of China’s aggressive actions in cyberspace,” said Sen. Carl Levin in a public statement accompanying the report. “Our findings are a warning that we must do much more to protect strategically significant systems from attack and to share information about intrusions when they do occur.”

Read the Senate panel’s full report here.

 

TIME cybersecurity

Nearly 5 Million Google Passwords Leaked on Russian Site

Google Reports Quarterly Earnings
A sign is posted outside of Google headquarters on Jan. 30, 2014, in Mountain View, Calif. Justin Sullivan—Getty Images

The usernames and passwords of 4.93 million users were posted in a Russian Bitcoin security forum

Almost 5 million usernames and passwords purportedly for Google accounts were uploaded to a Russian online forum by hackers late Tuesday.

The International Business Times reports that data for 4.93 million Google accounts of English-, Spanish- and Russian-speaking users was leaked and published on a Russian-language Bitcoin security online forum. The posters said about 60% of the accounts were active.

In a statement sent to TIME, Google said it had “no evidence that our systems have been compromised.”

“The security of our users’ information is a top priority for us,” the statement reads. The company said that whenever it is alerted that accounts may have been compromised, “we take steps to help those users secure their accounts.” Email users are encouraged to utilize two-step verification when logging into accounts, as well as to create strong passwords.

According to Russian news service RIA Novosti, this leak followed another large hack of Russian email accounts. Several million accounts of Russia-based email services were also posted in a Bitcoin security forum.

Your browser, Internet Explorer 8 or below, is out of date. It has known security flaws and may not display all features of this and other websites.

Learn how to update your browser