Trying (and failing) to hack the grid …

Share on FacebookShare on Google+Tweet about this on TwitterShare on LinkedInEmail this to someonePrint this page

The Islamic State is trying to hack U.S. electrical power companies, with little success, so far. Terrorists are not currently using the most sophisticated hacking tools to break into computer systems and turn off or blow up machines. “Strong intent. Thankfully, low capability,” said John Riggi, of the FBI’s cyber division. “But the concern is that they’ll buy that capability.” Hacking software is for sale in black markets online. The FBI worries that the Islamic State or its supporters will buy malicious software that can sneak into computers and destroy electronics. Source: CNN

… but Isis proves persistent

sh_Isis_280A Kosovo man has been arrested in Malaysia, accused of hacking into a computer database and providing information on U.S. security officials to the Islamic State group. He has been identified as Ardit Ferizi, thought to head a hacker group called Kosova Hacker’s Security. He will be extradited to the United States. The Justice Department said Ferizi hacked into a U.S. company’s systems to obtain the personal details of 1,351 U.S. military and government staff. Source: BBC

They’re not playing around

Electronic Arts is downplaying reports of a possible data breach circulating online, saying that it has no indication that a list of user account credentials appearing on the site Pastebin were obtained by an intrusion of EA’s servers. However, the company says that, as a precaution, it will secure the accounts where the EA or Origin user ID matches the user names on the list. The company didn’t say how that was being done, but it will likely involve a forced password reset. For now, EA is stating that its databases were not infiltrated. Source: Tech Crunch

Getting in too deep

sh_ocean_280Woods Hole Oceanographic Institution, a private, nonprofit facility that does scientific research on the world’s oceans, says it was the target of an “aggressive” cyber attack it believes to have originated in China. The hackers gained access to Woods Hole data and email, WHOI President and Director Mark Abbott told staff in a letter. Christopher Land, WHOI’s general counsel and leader of its internal investigation, said there’s no indication that the stolen data has been used maliciously. In addition to marine and oceanic research, Woods Hole also does classified work for the Defense Department. Data related to that work is stored on a separate computer system and was not affected by the breach, Land said. Source: NBC News

No encryption? Oops, says health department

North Carolina’s Department of Health and Human Services says a breach of security protocol may have compromised the confidential health information of 1,615 Medicaid patients. Spokeswoman Kendra Gerlach said the agency mailed letters to affected patients, informing them of the possible breach. According to the agency, a DHHS employee “inadvertently sent an email to the Granville County Health Department without first encrypting it.” The email included a spreadsheet containing protected health information for Medicaid recipients, which the agency says “included the individual’s first and last name, Medicaid identification number (MID), provider name and provider ID number, and other information related to Medicaid services.” Source: WRAL, Raleigh, N.C.

Second, more serious hack at Dow Jones

sh_dow jones_280Russian hackers infiltrated the servers of Dow Jones, owner of The Wall Street Journal and several other news publications, and stole information to trade on before it became public, say four people familiar with the matter. The FBI, Secret Service and Securities and Exchange Commission are investigating, in a probe that began at least a year ago. The breach is described as far more serious than the lower-grade intrusion disclosed a week ago by Dow Jones, a unit of Rupert Murdoch’s News Corp. The company said last week that it is working with a cybersecurity firm and law enforcement after learning that hackers had sought contact and payment information of about 3,500 customers. It’s unclear whether the incursions are related. It’s also unclear whether the company’s news-gathering operations were affected in the insider-trading matter. Source: Bloomberg

Make it right the first time

The House Energy and Commerce Subcommittee on Commerce, Manufacturing, and Trade has proposed requiring vehicle manufacturers to state their privacy policies, besides providing for civil penalties of up to $100,000 for the hacking of vehicles. The lawmakers also have proposed that the National Highway Traffic Safety Administration set up an Automotive Cybersecurity Advisory Council to develop cybersecurity best practices for manufacturers of cars sold in the United States. A chapter on vehicle data privacy requires that vehicle manufacturers “develop and implement” a privacy policy outlining their practices regarding the collection, use and sharing of information collected through technologies and services offered by the manufacturer directly or through a third party. Source: Computer World

Fear of IRS is still a potent weapon

sh_IRS_280About 4,550 people have paid more than $23 million in the past two years to scammers claiming to be employees of the Internal Revenue Service, according to J. Russell George, the Treasury Inspector General for Tax Administration. George reports that while progress has been made in the investigation of “the largest of its kind” scam, the case is still underway and taxpayers are urged to remain on “high alert.” A scammer calls and claims to be from the IRS, telling someone they have unpaid taxes and threatens arrest, deportation or loss of a business or driver’s license unless they settle the fees via a debit card or a wire transfer. The scammers might know the last four digits of the individual’s Social Security number. George advises to hang up if you receive a phone call from somebody claiming to be from the IRS demanding immediate payment. An estimated 736,000 people have reported receiving these calls since October 2013. Source: The Fiscal Times

Baby, what did I say?

Google keeps an audio log of the questions you ask its voice search function, and now you can listen to those recordings online. In June, Google launched a portal for all Google account-related activities. It’s where you can manage your privacy settings, see what you’ve searched for, and where Google has logged your location. These archives include a section for voice searches. Google wasn’t available for comment as to why it’s keeping the voice recordings of searches. Source: Quartz

No such thing as a free iPhone6

sh_iPhone_280The Better Business Bureau is reporting that a survey that promises a free iPhone 6 is a phishing scam to get personal information and credit card numbers. The scam seems to target those using the Safari browser, meaning they are probably using an Apple device. The scam asks you to take a survey to qualify to test the as-of-yet unreleased iPhone 7 (which doesn’t exist). Simple yes/no questions are asked, such as, “Do you own an iPhone or iPad?” You are told you qualify for the upcoming testing group, and for your efforts so far, you will received a free iPhone 6 by paying $1 for shipping with your credit card. Source: The (Spokane, Wash.) Spokesman Review