Yahoo Saves A Copy Of Your Deleted Emails !

If you think your emails are taken out of your account permanently after being deleted, then you are not entirely correct. Yahoo's 'auto-save' feature saves a copy of emails even after they have been deleted from Trash and Draft.

A US judge has granted a motion forcing Yahoo to explain how exactly it is able to recover emails that have been deleted from a user's inbox. The motion has been granted as part of a convicted UK drug trafficker Russell Knaggs’ appeal to try to get evidence against him thrown out of court by arguing that the information was illegally obtained by Yahoo.

Knaggs, convicted in 2012 and jailed for 20 years, is now trying to get his conviction overturned by taking Yahoo to court in the US, claiming that the email provider was using an NSA-style real-time interception technology to bulk collect data, which contravenes privacy laws in the UK.

Yahoo is ordered to present a witness and provide documents on how the email retention system works, as well as a copy of the software's source code and instruction manuals used by email provider’s staff on how to retrieve the emails.

Yahoo said that it is able to recover the emails via its "auto-save" feature, which creates snapshots of an email account preserving its contents at a certain date, and that it provided law enforcement from the Yahoo account used by Knagg and his accomplice.

Yahoo's Compliance Guide For Law Enforcement states:
Yahoo! retains a user's incoming mail as long as the user chooses to store such messages in their mail folders and the user's email account remains active. Yahoo! retains a user's sent mail only if the user sets their email account options to save sent mail and has not subsequently deleted specific messages. Once the trash folder has been emptied, which usually occurs automatically within 24 hours of when the user has placed messages in the trash folder, Yahoo! will be unable to search for and produce deleted emails. Yahoo! may set an email account to inactive status and delete all account contents after at least four (4) months of inactivity.

Whatsoever the issue turns out to be, if the emails are retrieved by Yahoo ; then there is simply no guarantee of online service from the service. Yahoo has until the end of August to respond.

After 'Erdogan Emails', WikiLeaks Reveals Info Of Turkish Women

(pc-google images)
After publishing the ‘Erdogan Emails’ amidst the failed military coup in Turkey, whistleblowing platform WikiLeaks has now revealed the personal detail of every woman in the country. WikiLeaks has been criticised for tweeting a link to archives holding personal and sensitive data of 'every female voter in 79 out of 81 provinces in Turkey'.

According to Turkish academic and reporter Zeynep Tufekci, the site also linked to the personal details of hundreds of thousands of women on the electoral register via their social media accounts.

( Zeynep Tufecki, pc-google images)
In an article in the Huffington Post, Tufekci asserted: "[WikiLeaks] posted links on social media to its millions of followers via multiple channels to a set of leaked massive databases containing sensitive and private information of millions of ordinary people, including a special database of almost all adult women in Turkey.”

"If these women are members of Erdogan's ruling Justice and Development Party (known as the AKP), the dumped files also contain their Turkish citizenship ID, which increases the risk to them as the ID is used in practising a range of basic rights and accessing services. The Istanbul file alone contains more than a million women's private information, and there are 79 files, with most including information of many hundreds of thousands of women."

Tufekci claims she confirmed the legitimacy of these files by asking "dozens of friends and family members" about the accuracy of the leaked data. Many, she said, said it contained "correct private information."

Giving a warning to WikiLeaks supporters, Tufekci concluded: ‘I hope that people remember this story when they report about a country without checking with anyone who speaks the language; when they support unaccountable, massive, unfiltered leaks without teaming up with responsible parties like journalists and ethical activists; and when they wonder why so many people around the world are wary of “internet freedom” when it can mean indiscriminate victimisation and senseless violations of privacy.’

After publishing the article – which has been widely shared on social media – Tufekci was blocked by the WikiLeaks Twitter account.

TechCrunch hacked for security check

Famous tech site, TechCrunch became the latest victim of hacker group, OurMine.

The group describes itself as ‘an elite hacker group known for many hacks showing vulnerabilities in major systems’. For quite some time they’ve been famous for compromising high profile celebrity Twitter accounts and the DDoS-ing of hot properties like Pokemon Go.

 OurMine Security gained publishing access to Verizon-owned site, which uses the popular content management system Wordpress, and posted its now infamous message. Rather than completely defacing the site, OurMine chose instead to simply post a news story to indicate that the CMS had been breached.

The group said that it hacked the site to check its security. A post on the site under the byline of Seattle-based writer Devin Coldewey said: “Hello Guys, don’t worry we are just testing techcrunch security, we didn’t change any passwords, please contact us.” The story appeared at the top of TechCrunch with a big, highly-noticeable red banner.

 The OurMine posting appeared at around 5:10 pm but was removed within two hours. It was still showing in Google’s index and cache at the time of writing. It did not take TechCrunch long to notice and remove the story.

Multi-factor authentication is the ground level security for any news organization. TechCrunch admits that re-used passwords must have been instrumental to this hack. Sharing passwords between sites and services is the worst.

Clash Of Kings Breach Leaks 1.6 Million Accounts

(pc-google images)
The official forum of the popular ‘clash of kings’ game has been hacked and the hacker has reportedly stolen 1.6 million user accounts.

The data breach has revealed the names, email addresses, IP addresses, facebook data and access tokens. In addition, password details are stored in the breached database in a salted and hashed form.

According to the hacker, Clash of Kings forum was using an old version of vBulletin dated back to 2013 and the forum also didn’t have any HTTPS encryption making things easy for the attacker.

For instance, if a hacker now knows that you are a fan of Clash of Kings and a member of the forum it is easy to imagine that they might be tempted into sending out tailored email messages to users, perhaps tricking them into revealing their passwords through phishing attacks or luring them into clicking on links which might lead to malware.

There has been no official statement from the Clash of Kings forum yet. The forum is currently offline and under maintenance.

Russia behind DNC’s cyber attack

Is Vladimir V. Putin trying to meddle in the American presidential election?

US officials said the suspected Russian hack of the Democratic National Committee last month was part of Russian cyber attacks aimed at political organizations and academic think tanks in Washington.

Until Friday, the Russians being behind the hack were only whispered but the release of some 20,000 stolen emails from DNC’s computer servers has intensified discussion of the role of Russian intelligence agencies in disrupting the 2016 campaign.

That hack dominated the news space on the eve of the Democratic convention. The emails disclosed by WikiLeaks show DNC chairwoman, Debbie Wasserman Schultz, plotting to undermine the campaign of Senator Bernie Sanders, confirming the worst suspicions of the left flank of the party. She resigned from her post after the revelation on Sunday.

The FBI is investigating the DNC hack and has sent experts to meet with the Republican National Committee, as well as the major campaigns, to discuss their security measures. The bureau has been working with political organizations and think tanks to put more resources into the security of DNC’s computer networks.

“The software code seen from the hack had all the telltale signs of being Russian, including code re-used from attacks,” said Bob Gourley, a former chief technology officer for the Defense Intelligence Agency and now the co-founder and partner Cognitio, a cyber security consultancy.

When the hack of the DNC was first disclosed in June, the security firm Crowdstrike also pointed to the Russians. Crowdstrike investigated the incident for the Democratic party and concluded it was the same actor that penetrated the State Department, White House and Pentagon unclassified systems in 2015.

Trump told The New York Times in an interview last week that if he's elected the US President, he wouldn't defend NATO allies against Russian aggression if they haven't "fulfilled their obligation to us." Until Trump, no Republican presidential nominee has questioned the U.S. mutual-defense commitment enshrined in NATO.

Over the weekend, the Trump and Clinton campaigns traded accusations on the issue.

Trump's son, Donald Trump Jr., denied that his father's campaign had anything to do with encouraging Russians to hack the DNC. The party officials have also denied any involvement in the case.

The question is of who benefits. While Clinton implemented a reset in relations with Russia when she was secretary of state, she has since soured on Moscow. When Russian irregulars invaded Ukraine in 2014, she compared Putin to Hitler.

Whether the thefts were ordered by Putin or just carried out by apparatchiks, who thought they might please him, is just a guess till now. It may take months, or years, to figure out the motives of those who stole the emails and the commanding force behind the actions but the theft from the national committee would be among the most important state-sponsored hacks yet of an American organization, rivaled only by the attacks on the Office of Personnel Management by state-sponsored Chinese hackers, and the attack on Sony Pictures Entertainment, which President Barack Obama blamed on North Korea.

A man sentenced in celebrity hacking case

A federal judge had sentenced a man to six months in federal prison for hacking into hundreds of Apple and Google accounts and stealing explicit photos from several unidentified celebrities.

According to the U.S. attorney's office in Los Angeles, U.S. District Judge John A. Kronstadt also issued a $3,000 fine to the accused, Andrew Helton, a 29-year-old resident of Portland.

Helton pleaded guilty in March for stealing 161 nude or explicit photos from 13 people. Authorities have said they do not believe any of the images he stole were publicly released.

"For more than two years, defendant Andrew Helton targeted, baited, and hooked unsuspecting victims with his phishing e-mails," Assistant United States Attorney Stephanie S. Christensen wrote in a filing urging Kronstadt to sentence Helton to at least a year in prison. "He targeted strangers, acquaintances, and celebrities alike. He trolled through their private e-mail accounts, accessing the most private of communications. He systematically pilfered nude and intimate images of his victims and stored them for personal use."

His attorney defended him that he should not receive a prison sentence because the phishing technique he used was not technologically sophisticated, and his arrest forced him to confront his mental health issues and change his life.

"For the last ... five years or so, I've been a dead man walking, so to speak," Helton said at the outset of lengthy comments about how his arrest changed his life.

"Mental illness took over my life and surrounded everything," Helton said. Court filings noted he was diagnosed with bipolar disorder after his arrest in 2013 and has been receiving treatment ever since.

He said for the first time in his life, he can envision a future and wants to help people.

Turkey Blocks WikiLeaks After Erdogan Emails Go Online

(pc-google images)
Turkey has blocked its residents from accessing WikiLeaks website after it dumped nearly 300,000 emails from President Recep Tayyip Erdogan's ruling party AKP online.

The leaked documents, which are being called the 'Erdogan Emails’, were obtained a week before Turkey saw an attempted coup to overthrow Erdogan that resulted in almost 300 deaths. As a result WikiLeaks moved forward its publication schedule in response to the government's post-coup purges. WikiLeaks added that that the source of the emails was not connected to the coup plotters or to a rival political party or state.

(pc-google images)
The emails date from 2010 to 6 July this year. The nature and content of the "emails associated with the domain are mostly used for dealing with the world, as opposed to the most sensitive internal matters" says the official WikiLeaks website.

Although these won't contain President Erdogan's top-secret personal emails, there are masses of correspondence between party members to highlight the dynamic of the AKP and their political agendas.

Wikileaks said on Twitter that Turks who are blocked from accessing its website can "use a proxy or any of our IPs" to get access to the documents on Turkey's ruling party.

The Turkish government has previously banned access to websites deemed to be carrying material critical of Turkey, including YouTube and Twitter.

Snowden Designs Device To Get A Safer iPhone

(pc-google images)
Well, you heard it right! It is Edward Snowden who wants to help you keep a check on your mobiles which might be spying on you. The NSA whistleblower along with his co-author and fellow hacker Andrew Huang presented their research on phone "hardware introspection" at the MIT Lab which aims to give users the ability to see whether their phone is sending out secret signals to an intelligence agency.

"This work aims to give journalists the tools to know when their smart phones are tracking or disclosing their location when the devices are supposed to be in airplane mode," the pair wrote in their technical paper.

In their paper, Snowden and Huang make it clear that what you see on your phone's screen is not always true.

If you turn off Bluetooth or cellular service, the phone's radios and other electronics can still be made to send signals, especially if they are compromised by a sophisticated intelligence agency or hackers. Even airplane mode isn't a defense, since the current version of Apple's iOS still keeps the GPS active while in that state.

"Trusting a phone that has been hacked to go into airplane mode is like trusting a drunk person to judge if they are sober enough to drive," they write.

(pc-google images)
The pair, hence, suggest a device (a phone case) that plugs into the hardware and constantly scans to see whether is transmitting. Both Snowden and Huang plan to create a prototype of the device this year.

"As the project is run largely through volunteer efforts on a shoestring budget, it will proceed at a pace reflecting the practical limitations of donated time," they wrote. "If the prototype proves successful, The Freedom of the Press Foundation may move to seek the necessary funding to develop and maintain a supply chain. This would enable the FPF to deploy modified iPhone 6 devices for field service among journalists in high-risk situations."

Kickass Torrents owner arrested

The U.S. Government has arrested the owner of the most popular torrent-sharing website in the world, Kickass Torrents, often called KAT. United States government has seized seven of its domains, following the arrest of its alleged owner, Atrem Vaulin, in Poland.

The 30-year-old Ukrainian was charged with criminal copyright infringement and money laundering. Exact details of Vaulin’s arrest were not available.

In a criminal complaint filed in U.S. District Court in Chicago on July 8, he is charged with conspiracy to commit criminal copyright infringement, conspiracy to commit money laundering, and two counts of criminal copyright infringement.

According to the U.S. Department of Justice website, "Vaulin is being charged “with one count of conspiracy to commit criminal copyright infringement, one count of conspiracy to commit money laundering and two counts of criminal copyright infringement.”

The statement also accuses Vaulin of stealing “more than $1 billion in profits from the U.S. entertainment industry.” The complaint said,website on the internet.”
“KAT receives more than 50 million unique visitors per month and is estimated to be the 69th most frequently visited

 Commenting on the announcement, Assistant Attorney General Leslie R. Caldwell said that“In an effort to evade law enforcement, Vaulin allegedly relied on servers located in countries around the world and moved his domains due to repeated seizures and civil lawsuits.  His arrest in Poland, however, demonstrates again that cybercriminals can run, but they cannot hide from justice.”

There is no illegal content found on the site itself, but it provides download links for the unauthorized copies of content from other users’ computers.

Former Air India employee held for hacking

A 23-year-old former Air India employee was arrested for allegedly hacking Air India's Frequent Flyer member accounts and using them to book tickets, and sold them to several travel agents.

Anitesh Giri Goswami, a BCA graduate from Pune was arrested from Jaipur. He has also worked with the Kingfisher Airlines.

Additional Commissioner of Police (Economic Offences Wing) Arun Kampani said that he was running the racket from Jodhpur.

"The accused was well versed with online ticket booking system and functioning of intranet and internet-based systems of Air India. He first understood the functioning of the ticketing system as well as the points/miles system of the airlines and then hacked into the Loyalty Plus programme website of Air India," he said.

Cyber Crime Cell of the Delhi Police's Economic Offences Wing (EOW)  received a complaint that alleged some persons were selling Air India tickets by redeeming of miles of genuine Flying Returns Members after hacking the Frequent Flyer members account.

After hacking into the system, he verified and upgraded hundreds of dormant accounts of Frequent Flyer members by allegedly uploading forged documents.

"Thereafter, the accused used these membership accounts and the Frequent Flyer miles/points accumulated in these accounts for booking airline tickets. These tickets were then sold to various travel/ticketing agents based in cities like Pune, Delhi, Jaipur and Mumbai," he said.