Security Roundup: Hackers hold Romney's tax returns ransom, Huawei dubbed a "security threat", Android under fire in new report

Mitt Romney’s tax returns held ransom by hackers

An unnamed hacker group from the States is claiming to have stolen the tax returns of presidential candidate Mitt Romney. The Republican nominee has been repeatedly accused of avoiding taxes and blocking investigations into his records, and the issue is set to resurface again after documents Romney has refused to release were seized.

The group has recorded details of the swoop on hacker favourite pastebin.com, reports Mashable, and if true, the tale is certainly more Hollywood than most cybercrimes. The offenders claim to have gained access to the PricewaterhouseCoopers Tennessee office at the dead of night and copied the 1040 available tax forms of Romney onto a flash drive, complete with scans of his signature. The group says the files will be released to the public on 28 September unless Romney’s camp pay them $1 million in Bitcoin – an online currency protected by cryptography.

Incidentally, the hackers may have chosen its payment demands more carefully in hindsight, given the news that one of the largest Bitcoin exchanges, Bitfloor, stopped trading yesterday having been struck by hackers itself. The Secret Service is now investigating the issue as Romney no doubt begins to sweat.

Huawei dubbed a “security threat”

As we touched upon in Tuesday’s Security Roundup, prominent industry analyst Jeffrey Carr isn’t afraid of throwing around a few accusations. Having outlined a theory that Iran was behind the recent hack on oil giant Saudi Aramco, he is now restating his belief that Chinese firm Huawei carries a number of security risks.

In his blog, Carr says he’s been monitoring Huawei for “several years”, and though the firm has released a white paper reaffirming its commitment to security, Carr says “it addressed none of the issues that underscore the opinion of myself and others that Huawei is a security threat”. He goes on to list the factors he believes should have alarm bells ringing:

  • [Huawei Chairwoman] Madam Sun Yafang's past employment with China's Ministry of State Security and how she helped the young company secure loans from the Chinese government.
  • Claims that Huawei benefited from Nortel's IP in 2004 including duplicating its instruction manuals.
  • Claims that Huawei stole source code from Cisco and its settlement of those claims in 2004.
  • Lack of full disclosure regarding Huawei's obligations to the Chinese government as a national champion firm and a provider of services and products to the State including the Peoples Liberation Army.
  • Lack of full disclosure regarding how many of its executives are members of the powerful Chinese Communist Party (CCP) and therefore bound to comply with directives from the CCP. After all, the CCP plays a dominant role in China's economy.

Do these factors warrant concern about Huawei? Let us know your thought in the comments below.

Mobile security report heaps more pressure on Android

Warnings about mobile security are being delivered with increasing regularity and urgency, and looking further into the issue is security firm Lookout, which specialises in threats from the mobile arena.

The company’s State of Mobile Security Report 2012 has found that mobile malware has now become a profitable industry, with premium text billing the most common tactic used by malware writers. FakeInst, one type of this ‘Toll Fraud’, accounted for 82 per cent of Lookout detections in June this year, successfully stealing millions of dollars from people in Russia, the Middle East, and other parts of Europe.

Elsewhere in Lookout’s findings, Android has again come under fire for being a vulnerable platform. The report estimates that five per cent of Android apps include aggressive ad networks that access personal information without notifying the user. Seeing as apps on the Google OS have been downloaded more than 80 million times already this year, a vast number of Android users will have had their privacy compromised.

“Trust is one of the most important factors influencing whether people will continue to use mobile devices to their full potential,” said Kevin Mahaffey, CTO and co-founder of Lookout. “As smartphones and tablets have come to house our personal data, access financial information, and power practically all of our communications, there are more incentives for attackers to strike.”

Stories aggregated by Team Cymru, which runs a private Security News mailing list called 'Dragon News Bytes', covering the most important and interesting news items of the day.