That hack could literally kill you some day

Share on FacebookShare on Google+Tweet about this on TwitterShare on LinkedInEmail this to someonePrint this page

A potentially fatal hack of a smart device, a change in tactics for ransomware attacks, and more destructive hacktivist attacks will be in the mix in 2016, according to cybersecurity predictions from Trend Micro. One prediction: the rise and hacking of smart, connected devices could cause someone’s death. The team did not point at a hack as the primary cause of the potential fatality, but suggested that with millions of such devices in the public domain, it’s a matter of time before a cyber attack takes a life. “As more drones encroach on public air space for various missions, more devices are used for health care-related services, and more home and business appliances rely on an Internet connection to operate, the more likely we will see an incident involving a device malfunction, a hack, or a misuse that will trigger conversation on creating regulations on device production and usage,” the report stated. Increased cases of online extortion performed though ransomware also are expected. Trend Micro sees improvements in personalizing such attacks using social engineering tricks, making it more likely that a person or business will pay up and not risk having their personal information released. Source: SC magazine

Infrastructure at cyber risk, president says

sh_power grid_280The United States isn’t spending enough to defend its power grid from cyber attacks, President Obama warned Thursday as he declared November Critical Infrastructure Security and Resilience Month. Lagging investments in power grids and energy systems, especially, have been increasingly singled out as a looming danger. The inattention has left these networks exposed to potentially catastrophic cyber attacks that could cause massive blackouts and leave people without basic services or resources. National Security Agency Director Adm. Michael Rogers told lawmakers last fall that China and “one or two” other countries are capable of such a digital assault. Researchers suspect Iran also is in that camp. Source: The Hill

British Gas hack causes gut cramps

The details of some British Gas customers have appeared online, the third such problem to affect a major U.K. company in a week. The firm says its systems are secure, after sending an email to customers informing them of the incident. It also said it was confident the data leak had not come from within the company. Details will be sent to the Information Commissioner’s Office following the leak, it said. The email addresses and account passwords for around 2,200 customers appeared online. The email from British Gas claimed the information had not come from the company, and said no payment data would have been at risk. Earlier this week, Marks & Spencer and TalkTalk experienced cyber security issues. Source: Metro

White-hat hackers to demo oil and gas attacks

sh_oil pipeline_280Hackers can exploit weaknesses in enterprise resource planning (ERP) systems on oil and gas firms’ corporate networks to sabotage pipeline pressure or hide oil spills, researchers have discovered. At Black Hat Europe next month in Amsterdam, they’ll demonstrate these and other attacks on oil and gas networks by abusing holes in SAP ERP applications used in the industrial sector. Oil and gas industrial networks rely on ERP software to help manage and oversee the production and delivery processes. “We want to show that not only Stuxnet-type attacks using USB are possible,” says Alexander Polyakov, founder of ERPScan. Polyakov, with Mathieu Geli, a researcher with ERPScan, will demonstrate several proof-of-concept attacks at Black Hat. An attacker could hack the systems remotely over the Internet, he says, or from the oil and gas firm’s corporate network. Source: Dark Reading

OPM letters going out, at last

sh_OPM_750The Office of Personnel Management has mailed out 3.7 million notification letters to cyber-breach victims in the month since the agency announced it would begin notifying those affected by the hack. The agency expects to mail an additional 700,000 letters by the end of the month, with a total of 10 million letters mailed by mid-November. The letters include information about free identity theft protection and credit monitoring services. About 162,000 people have enrolled for the services as of Oct. 26. More than 21 million people were affected by the data breach, which jeopardized personal data including birth dates and Social Security numbers. About 25 percent of those victims also had their fingerprint records stolen. Source: Federal News Radio

Put your info where your mouth is

More than 30 privacy and civil liberties organizations are challenging Director of National Intelligence James Clapper to uphold the promise he made to increase transparency in the intelligence community. Specifically, they are asking Clapper to provide more information about how many Americans are “incidentally” spied on in the course of foreign intelligence gathering under Section 702 of the Foreign Intelligence Surveillance Act. “Disclosing this information is necessary, we believe, to enable informed public debate in advance of any legislative reauthorization efforts in 2017,” said the letter from the Brennan Center for Justice, the Electronic Frontier Foundation, the Government Accountability Project, and more than two dozen other organizations. Clapper announced a new 16-page plan to share more information, and said he would be hosting a live Tumblr chat about it in the coming weeks. Section 702, the NSA claims, authorizes two massive communications surveillance programs: PRISM and Upstream. As long as communications are reasonably believed to belong to foreigners and are swept up in the pursuit of foreign intelligence, the NSA says they’re fair game. PRISM sucks up hundreds of millions of Internet communications of foreign intelligence “targets” directly from providers’ databases—Facebook messages, emails, Skype calls. But it also sweeps up communications of people who talk to those targets, and some unrelated communications—“incidental” collection, which includes American citizens. Source: The Intercept

Lesson one: Technology comes at a cost

sh_computers in school_280As schools continue the push to integrate technology into the classroom through the use of iPads and laptops—with some districts also giving students their own personal devices to bring home—legal advocates are raising concerns about how much privacy students have online during and after school hours. A report released by the American Civil Liberties Union of Massachusetts looked into 35 cities and towns and found that while technology has become increasingly intertwined with education, laws regulating student privacy rights have not been able to keep up. Students in some school districts are told they shouldn’t have any expectations of privacy at all, according to the report, an attitude that has been called “authoritarian” by Kade Crockford, director of the ACLU of Massachusetts’ Technology for Liberty Program. “Schools are where young people learn what to expect from society,” Crockford said. “So to teach them that they have no right to privacy is a very dangerous message. You could even say it’s an authoritarian message.” No officials from local school districts could be reached for comment. Source: The Milford (Mass.) Daily News

From the tool box

Many consumers who keep personal information on their phones might be looking for a way to protect it. LEO Privacy Guard is a security app that allows users to lock apps and hide messages and contacts. Users are asked to set a password only they can access and make changes within the app itself. If you forget your password, there is a security question to fill out so you can still gain access. The main feature is App Lock, which allows you to protect whichever apps you want behind the same password you set at the beginning. Putting an app behind a password is fairly simple. You tap on App Lock, select the apps you wish to protect, and you’re done. Source: Android Guys

That’s my DNA you’re talking about

sh_dna_280Sharing genomic information among researchers is critical to the advance of biomedical research. Yet genomic data contains identifiable information and, in the wrong hands, poses a risk to individual privacy. If someone had access to your genome sequence, they could check to see if you appear in a database of people with certain medical conditions, such as heart disease, lung cancer or autism. Work by a pair of researchers at the Stanford University School of Medicine makes that genomic data more secure. Suyash Shringarpure and Carlos Bustamante have demonstrated a technique for hacking a network of global genomic databases and how to prevent it. They are working with investigators from the Global Alliance for Genomics and Health to implement preventive measures. Source: Stanford University

He feels the need for speed

The Pentagon does not yet move fast enough to deal with the speed at which cyber warfare moves, the department’s chief information officer said. “I think the big difference in cyber that we’re having to react to is it moves faster than any other warfare,” Terry Halvorsen said. “That’s a challenge. The things we do today in cyber probably won’t be the same things we do tomorrow. It’s accelerated change, and we’re generally not good at accelerated change.” Halvorsen says his office is trying to fix that, doing everything from teaching employees basic security measures to partnering with the technology industry. Some of the basics include identifying phishing websites, instituting two-step authentication and making sure servers are behind a firewall or other boundary. Halvorsen created a “scorecard” to measure how well people do with these areas so the Pentagon can quantify cyber readiness in the same way it does other areas. Source: The Hill