Trying (and failing) to hack the grid …

Share on FacebookShare on Google+Tweet about this on TwitterShare on LinkedInEmail this to someonePrint this page

The Islam­ic State is try­ing to hack U.S. elec­tri­cal pow­er com­pa­nies, with lit­tle suc­cess, so far. Ter­ror­ists are not cur­rent­ly using the most sophis­ti­cat­ed hack­ing tools to break into com­put­er sys­tems and turn off or blow up machines. “Strong intent. Thank­ful­ly, low capa­bil­i­ty,” said John Rig­gi, of the FBI’s cyber divi­sion. “But the con­cern is that they’ll buy that capa­bil­i­ty.” Hack­ing soft­ware is for sale in black mar­kets online. The FBI wor­ries that the Islam­ic State or its sup­port­ers will buy mali­cious soft­ware that can sneak into com­put­ers and destroy elec­tron­ics. Source: CNN

… but Isis proves persistent

sh_Isis_280A Koso­vo man has been arrest­ed in Malaysia, accused of hack­ing into a com­put­er data­base and pro­vid­ing infor­ma­tion on U.S. secu­ri­ty offi­cials to the Islam­ic State group. He has been iden­ti­fied as Ardit Fer­izi, thought to head a hack­er group called Koso­va Hacker’s Secu­ri­ty. He will be extra­dit­ed to the Unit­ed States. The Jus­tice Depart­ment said Fer­izi hacked into a U.S. company’s sys­tems to obtain the per­son­al details of 1,351 U.S. mil­i­tary and gov­ern­ment staff. Source: BBC

They’re not playing around

Elec­tron­ic Arts is down­play­ing reports of a pos­si­ble data breach cir­cu­lat­ing online, say­ing that it has no indi­ca­tion that a list of user account cre­den­tials appear­ing on the site Paste­bin were obtained by an intru­sion of EA’s servers. How­ev­er, the com­pa­ny says that, as a pre­cau­tion, it will secure the accounts where the EA or Ori­gin user ID match­es the user names on the list. The com­pa­ny didn’t say how that was being done, but it will like­ly involve a forced pass­word reset. For now, EA is stat­ing that its data­bas­es were not infil­trat­ed. Source: Tech Crunch

Getting in too deep

sh_ocean_280Woods Hole Oceano­graph­ic Insti­tu­tion, a pri­vate, non­prof­it facil­i­ty that does sci­en­tif­ic research on the world’s oceans, says it was the tar­get of an “aggres­sive” cyber attack it believes to have orig­i­nat­ed in Chi­na. The hack­ers gained access to Woods Hole data and email, WHOI Pres­i­dent and Direc­tor Mark Abbott told staff in a let­ter. Christo­pher Land, WHOI’s gen­er­al coun­sel and leader of its inter­nal inves­ti­ga­tion, said there’s no indi­ca­tion that the stolen data has been used mali­cious­ly. In addi­tion to marine and ocean­ic research, Woods Hole also does clas­si­fied work for the Defense Depart­ment. Data relat­ed to that work is stored on a sep­a­rate com­put­er sys­tem and was not affect­ed by the breach, Land said. Source: NBC News

No encryption? Oops, says health department

North Carolina’s Depart­ment of Health and Human Ser­vices says a breach of secu­ri­ty pro­to­col may have com­pro­mised the con­fi­den­tial health infor­ma­tion of 1,615 Med­ic­aid patients. Spokes­woman Kendra Ger­lach said the agency mailed let­ters to affect­ed patients, inform­ing them of the pos­si­ble breach. Accord­ing to the agency, a DHHS employ­ee “inad­ver­tent­ly sent an email to the Granville Coun­ty Health Depart­ment with­out first encrypt­ing it.” The email includ­ed a spread­sheet con­tain­ing pro­tect­ed health infor­ma­tion for Med­ic­aid recip­i­ents, which the agency says “includ­ed the individual’s first and last name, Med­ic­aid iden­ti­fi­ca­tion num­ber (MID), provider name and provider ID num­ber, and oth­er infor­ma­tion relat­ed to Med­ic­aid ser­vices.” Source: WRAL, Raleigh, N.C.

Second, more serious hack at Dow Jones

sh_dow jones_280Russ­ian hack­ers infil­trat­ed the servers of Dow Jones, own­er of The Wall Street Jour­nal and sev­er­al oth­er news pub­li­ca­tions, and stole infor­ma­tion to trade on before it became pub­lic, say four peo­ple famil­iar with the mat­ter. The FBI, Secret Ser­vice and Secu­ri­ties and Exchange Com­mis­sion are inves­ti­gat­ing, in a probe that began at least a year ago. The breach is described as far more seri­ous than the low­er-grade intru­sion dis­closed a week ago by Dow Jones, a unit of Rupert Murdoch’s News Corp. The com­pa­ny said last week that it is work­ing with a cyber­se­cu­ri­ty firm and law enforce­ment after learn­ing that hack­ers had sought con­tact and pay­ment infor­ma­tion of about 3,500 cus­tomers. It’s unclear whether the incur­sions are relat­ed. It’s also unclear whether the company’s news-gath­er­ing oper­a­tions were affect­ed in the insid­er-trad­ing mat­ter. Source: Bloomberg

Make it right the first time

The House Ener­gy and Com­merce Sub­com­mit­tee on Com­merce, Man­u­fac­tur­ing, and Trade has pro­posed requir­ing vehi­cle man­u­fac­tur­ers to state their pri­va­cy poli­cies, besides pro­vid­ing for civ­il penal­ties of up to $100,000 for the hack­ing of vehi­cles. The law­mak­ers also have pro­posed that the Nation­al High­way Traf­fic Safe­ty Admin­is­tra­tion set up an Auto­mo­tive Cyber­se­cu­ri­ty Advi­so­ry Coun­cil to devel­op cyber­se­cu­ri­ty best prac­tices for man­u­fac­tur­ers of cars sold in the Unit­ed States. A chap­ter on vehi­cle data pri­va­cy requires that vehi­cle man­u­fac­tur­ers “devel­op and imple­ment” a pri­va­cy pol­i­cy out­lin­ing their prac­tices regard­ing the col­lec­tion, use and shar­ing of infor­ma­tion col­lect­ed through tech­nolo­gies and ser­vices offered by the man­u­fac­tur­er direct­ly or through a third par­ty. Source: Com­put­er World

Fear of IRS is still a potent weapon

sh_IRS_280About 4,550 peo­ple have paid more than $23 mil­lion in the past two years to scam­mers claim­ing to be employ­ees of the Inter­nal Rev­enue Ser­vice, accord­ing to J. Rus­sell George, the Trea­sury Inspec­tor Gen­er­al for Tax Admin­is­tra­tion. George reports that while progress has been made in the inves­ti­ga­tion of “the largest of its kind” scam, the case is still under­way and tax­pay­ers are urged to remain on “high alert.” A scam­mer calls and claims to be from the IRS, telling some­one they have unpaid tax­es and threat­ens arrest, depor­ta­tion or loss of a busi­ness or driver’s license unless they set­tle the fees via a deb­it card or a wire trans­fer. The scam­mers might know the last four dig­its of the individual’s Social Secu­ri­ty num­ber. George advis­es to hang up if you receive a phone call from some­body claim­ing to be from the IRS demand­ing imme­di­ate pay­ment. An esti­mat­ed 736,000 peo­ple have report­ed receiv­ing these calls since Octo­ber 2013. Source: The Fis­cal Times

Baby, what did I say?

Google keeps an audio log of the ques­tions you ask its voice search func­tion, and now you can lis­ten to those record­ings online. In June, Google launched a por­tal for all Google account-relat­ed activ­i­ties. It’s where you can man­age your pri­va­cy set­tings, see what you’ve searched for, and where Google has logged your loca­tion. These archives include a sec­tion for voice search­es. Google wasn’t avail­able for com­ment as to why it’s keep­ing the voice record­ings of search­es. Source: Quartz

No such thing as a free iPhone6

sh_iPhone_280The Bet­ter Busi­ness Bureau is report­ing that a sur­vey that promis­es a free iPhone 6 is a phish­ing scam to get per­son­al infor­ma­tion and cred­it card num­bers. The scam seems to tar­get those using the Safari brows­er, mean­ing they are prob­a­bly using an Apple device. The scam asks you to take a sur­vey to qual­i­fy to test the as-of-yet unre­leased iPhone 7 (which doesn’t exist). Sim­ple yes/no ques­tions are asked, such as, “Do you own an iPhone or iPad?” You are told you qual­i­fy for the upcom­ing test­ing group, and for your efforts so far, you will received a free iPhone 6 by pay­ing $1 for ship­ping with your cred­it card. Source: The (Spokane, Wash.) Spokesman Review