Author: Sean Gallagher

The Internal Revenue Service has temporarily suspended use of its Identity Protection PIN tool "as part of its ongoing security review," according to a notice issued by the IRS. The IP PIN is supposed to act as an extra layer of security for taxpayers who are at higher risk of becoming the victims of fraud because of personal information leaked in commercial data breaches.

Last year, the IRS shut down an electronic tool for obtaining tax data after a massive fraud operation using stolen Social Security numbers and other data from commercial data breaches managed to extract filing data for hundreds of thousands of taxpayers. This year, the IRS is facing a new wave of fraud, as criminals engage in a phishing campaign to obtain employees' W-2 form data.

On March 1, the IRS issued a warning to human resources departments throughout the US about the wave of phishing attacks—e-mails purportedly from company CEOs directed to payroll or HR employees, usually with text such as:

It's "precrime" meets "thoughtcrime." China is using its substantial surveillance apparatus as the basis for a "unified information environment" that will allow authorities to profile individual citizens based upon their online behaviors, financial transactions, where they go, and who they see. The authorities are watching for deviations from the norm that might indicate someone is involved in suspicious activity. And they're doing it with a hand from technology pioneered in the US.

As Defense One's Patrick Tucker reports, the Chinese government is leveraging "predictive policing" capabilities that have been used by US law enforcement, and it has funded research into machine learning and other artificial intelligence technologies to identify human faces in surveillance video. The Chinese government has also used this technology to create a "Situation-Aware Public Security Evaluation (SAPE) platform" that predicts "security events" based on surveillance data, which includes anything from actual terrorist attacks to large gatherings of people.

The Chinese government has plenty of data to feed into such systems. China invested heavily in building its surveillance capabilities in major cities over the past five years, with spending on "domestic security and stability" surpassing China's defense budget—and turning the country into the biggest market for security technology. And in December, China's government gained a new tool in surveillance: anti-terrorism laws giving the government even more surveillance powers, and requiring any technology companies doing business in China to provide assistance in that surveillance.

Storage device manufacturer Seagate's executives informed employees last week that their income tax data had been shared with an unknown outside party as the result of a targeted phishing attack. On March 1, a Seagate employee sent the data to an outside e-mail address after receiving an e-mail purportedly from Seagate's CEO Stephen Luczo requesting 2015 W-2 data for current and former Seagate employees. The employee, believing the request to be real, forwarded the W-2 reporting data—exposing everyone at Seagate to potential tax fraud and identity theft.

The Seagate breach comes less than a week after Snapchat employees' data was leaked in the same way. Security reporter Brian Krebs reported the breach after learning of it from a Seagate employee who had been given written notification of the breach.

Seagate's spokesperson Eric DeRitis confirmed the incident to Krebs: "On March 1, Seagate Technology learned that the 2015 W-2 tax form information for current and former US-based employees was sent to an unauthorized third party in response to the phishing e-mail scam. The information was sent by an employee who believed the phishing e-mail was a legitimate internal company request.” DeRitis told Krebs "several thousand" employees were affected, and that the company is working with federal law enforcement; employees will receive two years of credit protection from the company.

At the National Defense Industrial Association's Ground Robotics Capabilities conference on Thursday, Department of Defense officials discussed the possibility of the US military fielding autonomous armed robots to fight alongside troops or act on their own, particularly in "highly competitive, highly contested space" behind enemy lines. "We have to think about what autonomous kinetic options really look like," said Melissa L. Flagg, a deputy assistant secretary of defense in the DOD's Acquisition, Technology, and Logistics Directorate.

That thinking is still in its early stages, Flagg said. But military officials are looking hard at the possibility of developing robotic systems that are capable of acting on their own if remote control is cut off and decisions must be made on when to deploy a weapon—whether it's an armed drone dropping a bomb or launching a missile or a ground robot firing weapons. "These are hard questions, and a lot of people outside of us tech guys are thinking about it, talking about it, engaging in what we can and can't do," she said. "That's important. We need to understand and know that it doesn't necessarily need to happen, but we also have to put the options on the table because we are the worst-case scenario guys."

So far, the military has largely steered clear of deploying remotely operated ground weapons of any kind, though it has heavily invested in the development of armed "unmanned ground vehicles." The military did deploy remote-controlled machine gun turrets in Afghanistan as stationary defenses. But Marine Colonel Henry Lutz, the DOD Joint Staff's robotics and autonomous systems team officer in charge, said that soldiers were reluctant to use them because of the safety risks—both to fellow soldiers and civilians. "Understanding that in a counter-insurgency environment you can do more harm than good, there was not a level of trust," Lutz said.

In recent weeks, the number of "hidden services"—usually Web servers and other Internet services accessible by a ".onion" address on the Tor anonymizing network—has risen dramatically. After experiencing an earlier spike in February, the number of hidden services tracked by Tor spiked to 114,000 onion addresses on March 1. They then dropped just as quickly, falling to just below 70,000 hidden services seen by Tor on Thursday—still twice the number that Tor had held steady at for most of 2015.

"We don't know what's causing this," said Kate Krauss, the director of communications and public policy for the Tor Project. "But it's not difficult for even one person—a researcher, for instance—to create a lot of new onion addresses—which is not the same as actual websites or services. In fact, we want the process of creating onion addresses to be as easy as possible to encourage the creation of more onion services. These spikes are typically temporary—and as you see from the chart, this one is already going away."

Still, there has never been this sort of wild gyration in the number of addresses in recent times—or at least as far back as the Tor Project has kept metric data. So what caused the sudden near-tripling of the size of Tor's hidden Web and its rapid contraction? Based on a deeper look at Tor's metrics and discussions with both Tor developers and security experts, the huge spike in the "size" of the hidden Web within Tor was likely caused by a perfect storm of coincidences: major Internet censorship events in at least two countries, the relatively rapid adoption of a new messaging tool, a malware explosion, and ongoing attempts to undermine the privacy of the network.

When the terms "pirate" and "hacker" are used in the same sentence, usually it's a reference to someone breaking digital rights management on software. But that wasn't the case in an incident detailed in the recently released Verizon 2015 Data Breach Investigation Report. Verizon's RISK security response team was called in by a global shipping company that had been the victim of high-seas piracy aided by a network intrusion.

The shipping company experienced a series of hit-and-run attacks by pirates who, instead of seeking a ransom for the crew and cargo, went after specific shipping containers and made off with high-value cargo.

"It became apparent to the shipping company that the pirates had specific knowledge of the contents of each of the shipping crates being moved," the RISK team recounted in the report. "They’d board a vessel, locate by bar code specific sought-after crates containing valuables, steal the contents of that crate—and that crate only—and then depart the vessel without further incident."

After nearly a year of protests from the information security industry, security researchers, and others, US officials have announced that they plan to re-negotiate regulations on the trade of tools related to "intrusion software." While it's potentially good news for information security, just how good the news is will depend largely on how much the Obama administration is willing to push back on the other 41 countries that are part of the agreement—especially after the US was key in getting regulations on intrusion software onto the table in the first place.

The rules were negotiated through the Wassenaar Arrangement on Export Controls for Conventional Arms and Dual-Use Goods and Technologies, an agreement governing the trade of weapons and technology that could be used for military purposes. Originally intended to prevent proliferation and build-up of weapons, the US and other western nations pushed for operating system, software, and network exploits to be included in the Wassenaar protocol to prevent the use of commercial malware and hacking tools by repressive regimes against their own people for surveillance.

These concerns appear to have been borne out by documents revealed last year in the breach of Italy-based Hacking Team, which showed the company was selling exploits to Sudan and other regimes with a record of human rights abuses. And security systems from Blue Coat were resold to a number of repressive states, including Syria's Assad regime—which may have used the software to identify and target opposition activists.

In a briefing Monday afternoon, Defense Department leaders announced that the US was participating in a coalition operation with Iraqi and Kurd forces to recapture the city of Mosul from the Islamic State (also known as ISIS, ISIL, and Daesh). The leading edge of that effort, Defense Secretary Ashton Carter said, is an ongoing cyberwarfare operation against the communications infrastructure of the city.

This may be the first time that the US has openly announced that it is using network-based electronic attacks as an integrated part of a military operation. Electronic warfare efforts such as radio jamming have long been part of military operations, and the US allegedly used electronic sabotage against Iraq in the 1991 Gulf War. But while cyberattacks in the past have been attributed to the US (such as the Stuxnet attack on Iran's nuclear program), and the US has used electronically gathered intelligence to target individuals in the past, the US has rarely acknowledged offensive computer and network attacks. And the DOD has never announced these sorts of attacks as part of an ongoing broader military operation.

Carter said the attacks were intended to "interrupt and… disrupt ISIL's command and control, to cause them to lose confidence in their networks, to overload their networks so they can't function, and to do all of these things that will interrupt their ability to command and control forces there, control the population and the economy."

A group of engineers and space enthusiasts from Moscow University of Mechanical Engineering have hit the goal for a crowdfunding project that may change the night sky for a while. The team's "Mayak" (Beacon) satellite project has raised enough money to launch what amounts to an orbital night-light into orbit—a solar-synchronized satellite that will deploy a 16-square-meter tetrahedron-shaped reflector. The reflector will bounce back the sun's rays at the Earth as it orbits, making it brighter than any star in the night sky.

The team behind Mayak (which translates as "Beacon") has raised 1.72 million rubles ($23,000) on the Russian crowdfunding site Boomstarter (which looks suspiciously like Kickstarter). According to the group's page, the Russian space launch company Roscosmos has "Confirmed the possibility of (Mayak) being added to a launch on a Soyuz-2 rocket in the middle of 2016." The scheduled launch is also carrying the Canopus-B-IR satellite, an earth observation satellite for monitoring forest fires.

Like most crowdfunding efforts, this one comes with a mobile app, which will give users the location of the satellite at any time. And it has stretch goals as well—the next goal is to fund construction of a model of Mayak for Moscow's Museum of Cosmonautics. After that, the team hopes to construct an experimental atmospheric braking system that would help Mayak (and potentially other future satellites) re-enter the atmosphere and be recovered without the use of retro-rockets.

In a blog post on Sunday, Snapchat executives revealed that the payroll data of some current and former employees was exposed as the result of a scam e-mail sent to a human resources employee at the company.

"The good news is that our servers were not breached, and our users’ data was totally unaffected by this," a company spokesperson said in the post. "The bad news is that a number of our employees have now had their identity compromised. And for that, we’re just impossibly sorry."

On February 26, an employee in Snapchat's payroll department received a "spear phishing" e-mail that appeared to be from Snapchat CEO Evan Spiegel—but that came from an external e-mail address. The message requested employee payroll information. The individual targeted didn't recognize the message as a scam, and they forwarded the requested information.