Watching the baby

Share on FacebookShare on Google+Tweet about this on TwitterShare on LinkedInEmail this to someonePrint this page

An Indi­anapo­lis fam­i­ly was fright­ened by a dis­turb­ing mes­sage sent though a child’s baby mon­i­tor. “Some­one was play­ing Every Breath You Take by The Police,” Jared Den­man said. At first they thought it was a joke, but soon real­ized some­one had hacked into the cam­era. “Our pri­va­cy was just invad­ed,” Den­man said. “He start­ed doing sex­u­al nois­es on the cam­era.” After an Inter­net search, Den­man found a hack­er had post­ed sim­i­lar videos with the same song play­ing from oth­er fam­i­lies’ baby mon­i­tors. He even cre­at­ed a Twit­ter account to brag about the breach­es. Experts advise peo­ple to cre­ate a strong wire­less net­work pass­word. The Den­mans for­got to change the fac­to­ry pre­set user name and pass­word that came on the cam­era, allow­ing the hack­er access. Source: WXIN, Indi­anapo­lis

Shot to the heart

sh_purple heart_280A man who stole his father’s iden­ti­ty to apply for a loan to buy a $490,000 house was found guilty of bank fraud and aggra­vat­ed iden­ti­ty theft. Pros­e­cu­tors said Matthew Williams filled out a loan appli­ca­tion using his father’s name, Social Secu­ri­ty num­ber and oth­er iden­ti­fy­ing infor­ma­tion. Williams, who was in bank­rupt­cy pro­ceed­ings at the time, claimed to be an Army vet­er­an and recip­i­ent of a Pur­ple Heart award for val­or in Viet­nam. Williams’s father, Earl, fought in both Viet­nam and Desert Storm and earned a Pur­ple Heart, as well as oth­er com­men­da­tions. Matthew Williams faces up to 30 years in prison and a fine up to $1 mil­lion. Source: KAKE, Wichi­ta, Kan.

Thou shalt not steal

Основные RGBA Catholic agency in Lans­ing, Mich., that han­dles pay­roll pro­cess­ing and employ­ee ben­e­fits across the state has been hit by a major cyber attack. The Michi­gan Catholic Con­fer­ence sent let­ters to more than 10,000 employ­ees, warn­ing them that their per­son­al infor­ma­tion has been com­pro­mised, offi­cials said. Employ­ees are being offered a free year’s worth of mem­ber­ship in an iden­ti­ty-pro­tec­tion ser­vice, which includes $1 mil­lion insur­ance poli­cies cov­er­ing lost wages, fraud­u­lent elec­tron­ic trans­fers from bank accounts, and fees to pri­vate inves­ti­ga­tors that some­one vic­tim­ized by fraud might need to hire. Work sites affect­ed includ­ed Catholic church­es, schools, hos­pi­tals, orphan­ages and dioce­san offices in Detroit, Gay­lord, Grand Rapids, Kala­ma­zoo, Lans­ing, Mar­quette and Sag­i­naw, offi­cials said. Source: The Detroit Free Press

Boys and their toys

sh_teen hackers_280A group of British teenagers was arrest­ed on sus­pi­cion of launch­ing cyber attacks tar­get­ing a nation­al news­pa­per, a school, gam­ing com­pa­nies and a num­ber of online retail­ers. The sus­pects are accused of using a tool called Lizard Stress­er, which launch­es dis­trib­uted denial of ser­vice (DDoS) attacks. Web servers or web­sites are flood­ed with mas­sive amounts of data, leav­ing them inac­ces­si­ble to vis­i­tors. The Nation­al Crime Agency would not con­firm whether the attempt­ed DDoS attacks were suc­cess­ful. Source: The (U.K.) Dai­ly Mail

Striking back, through strategic means

As cyber attacks increase, pol­i­cy­mak­ers will be chal­lenged to devel­op respons­es to dis­rup­tive or destruc­tive attacks. But find­ing a time­ly, pro­por­tion­ate, legal, and dis­crim­i­na­to­ry response is com­pli­cat­ed by the dif­fi­cul­ty in assess­ing the dam­age to nation­al inter­ests and the fre­quent use of prox­ies. Per­pe­tra­tors have plau­si­ble deni­a­bil­i­ty, frus­trat­ing efforts to assign respon­si­bil­i­ty. In deter­min­ing the appro­pri­ate response to a state-spon­sored cyber inci­dent, pol­i­cy­mak­ers will need to con­sid­er three fac­tors: the intel­li­gence community’s con­fi­dence in its attri­bu­tion of respon­si­bil­i­ty; the impact of the inci­dent; and the levers of nation­al pow­er at a state’s dis­pos­al. Source: Defense One

The business of American business losses

sh_business email_280Hack­ers have fun­neled $1.2 bil­lion out of com­pa­nies’ accounts since Octo­ber 2013, the FBI reports. Using an increas­ing­ly com­mon scam called “busi­ness email com­pro­mise,” hack­ers pose as CEOs and ask employ­ees to hand over con­fi­den­tial finan­cial infor­ma­tion. Hack­ers send a phish­ing email to the CEO or a top-rank­ing exec­u­tive to gain access to his or her account. Then, the hack­er will send emails from the executive’s account. Alter­na­tive­ly, hack­ers some­times cre­ate a dum­my email address to fool finance depart­ments into think­ing it’s com­ing from the CEO, or pose as com­pa­ny lawyers who tell employ­ees they need cer­tain finan­cial infor­ma­tion. After secur­ing infor­ma­tion about com­pa­ny accounts, hack­ers will wire mon­ey out. In the first eight months of this year, there has been a 270 per­cent increase in iden­ti­fied vic­tims and exposed loss­es due to busi­ness email com­pro­mise schemes. Source: WNEP, Moosic, Pa.

When hacking pays off

sh_Uber_280Uber Tech­nolo­gies hired two top vehi­cle secu­ri­ty researchers, high-pro­file addi­tions that come as the ride-hail­ing ser­vice ramps up its work on tech­nol­o­gy for self-dri­ving cars. Char­lie Miller, who had been work­ing at Twit­ter, and Chris Valasek, who worked at secu­ri­ty firm IOAc­tive, won wide atten­tion after demon­strat­ing that they could hack into a mov­ing Jeep. Uber said that Miller and Valasek will join the company’s Advanced Tech­nolo­gies Cen­ter, a research lab­o­ra­to­ry staffed with dozens of autonomous vehi­cle experts. Source: Reuters

Google offers work-around on Apple ATS

Apple’s iOS 9 oper­at­ing sys­tem will have a fea­ture called App Trans­port Secu­ri­ty, or ATS, which is sup­posed to require iPhone app devel­op­ers to use an advanced secu­ri­ty pro­to­col. But Google says that not every app devel­op­er and mobile pub­lish­er will be able to work with the new stan­dards, so when those app pub­lish­ers who aren’t run­ning the pro­to­col meet Apple’s new encryp­tion, their mobile ads won’t run. Google has pub­lished five lines of code to dis­able Apple’s encryp­tion, offer­ing a “short-term fix” before devel­op­ers get up to speed with secu­ri­ty rules that both Apple and Google are push­ing. Some peo­ple in the secu­ri­ty world saw it as an attempt by Google to pri­or­i­tize ads over pri­va­cy. Google said, “We wrote this because devel­op­ers asked us about resources avail­able to them for the upcom­ing iOS 9 release, and we want­ed to out­line some options. To be clear, devel­op­ers should only con­sid­er dis­abling ATS if oth­er approach­es to com­ply with ATS stan­dards are unsuc­cess­ful.” Source: Re/Code