InfoSec links December 17, 2014

Pro-Privacy Senator Wyden on Fighting the NSA From Inside the System - Kim Zetter - WIRED

He was surprised again when, six months later, USA Today published a different story revealing for the first time that the NSA was secretly collecting the phone call records of tens of millions of Americans, records that US telecoms were willingly handing over without a warrant. Two of the three identified telecoms denied the allegations, and the story quickly died. But its ghost lingered on, neither fully confirmed nor denied, haunting Wyden. It took another seven years for a document leaked in 2013 by Edward Snowden to end the speculation and finally confirm that the bulk-collection phone records program existed.

Facebook, Google, and the Rise of Open Source Security Software - Cade Metz - WIRED

Arpaia is a security engineer, but he’s not the kind who spends his days trying to break into computer software, hoping he can beat miscreants to the punch. As Sullivan describes him, he’s a “builder”—someone who creates new tools capable of better protecting our computer software—and that’s unusual. “You go to the security conferences, and it’s all about breaking things,” Sullivan says. “It’s not about building things.”

Dark Hotel: A Sophisticated New Hacking Attack Targets High-Profile Hotel Guests - Kim Zetter - WIRED

Kaspersky researchers named the group DarkHotel, but they’re also known as Tapaoux by other security firms who have been separately tracking their spear-phishing and P2P attacks. The attackers have been active since at least 2007, using a combination of highly sophisticated methods and pedestrian techniques to ensnare victims, but the hotel hacks appear to be a new and daring development in a campaign aimed at high-value targets.