Watching the baby

Share on FacebookShare on Google+Tweet about this on TwitterShare on LinkedInEmail this to someonePrint this page

An Indianapolis family was frightened by a disturbing message sent though a child’s baby monitor. “Someone was playing Every Breath You Take by The Police,” Jared Denman said. At first they thought it was a joke, but soon realized someone had hacked into the camera. “Our privacy was just invaded,” Denman said. “He started doing sexual noises on the camera.” After an Internet search, Denman found a hacker had posted similar videos with the same song playing from other families’ baby monitors. He even created a Twitter account to brag about the breaches. Experts advise people to create a strong wireless network password. The Denmans forgot to change the factory preset user name and password that came on the camera, allowing the hacker access. Source: WXIN, Indianapolis

Shot to the heart

sh_purple heart_280A man who stole his father’s identity to apply for a loan to buy a $490,000 house was found guilty of bank fraud and aggravated identity theft. Prosecutors said Matthew Williams filled out a loan application using his father’s name, Social Security number and other identifying information. Williams, who was in bankruptcy proceedings at the time, claimed to be an Army veteran and recipient of a Purple Heart award for valor in Vietnam. Williams’s father, Earl, fought in both Vietnam and Desert Storm and earned a Purple Heart, as well as other commendations. Matthew Williams faces up to 30 years in prison and a fine up to $1 million. Source: KAKE, Wichita, Kan.

Thou shalt not steal

Основные RGBA Catholic agency in Lansing, Mich., that handles payroll processing and employee benefits across the state has been hit by a major cyber attack. The Michigan Catholic Conference sent letters to more than 10,000 employees, warning them that their personal information has been compromised, officials said. Employees are being offered a free year’s worth of membership in an identity-protection service, which includes $1 million insurance policies covering lost wages, fraudulent electronic transfers from bank accounts, and fees to private investigators that someone victimized by fraud might need to hire. Work sites affected included Catholic churches, schools, hospitals, orphanages and diocesan offices in Detroit, Gaylord, Grand Rapids, Kalamazoo, Lansing, Marquette and Saginaw, officials said. Source: The Detroit Free Press

Boys and their toys

sh_teen hackers_280A group of British teenagers was arrested on suspicion of launching cyber attacks targeting a national newspaper, a school, gaming companies and a number of online retailers. The suspects are accused of using a tool called Lizard Stresser, which launches distributed denial of service (DDoS) attacks. Web servers or websites are flooded with massive amounts of data, leaving them inaccessible to visitors. The National Crime Agency would not confirm whether the attempted DDoS attacks were successful. Source: The (U.K.) Daily Mail

Striking back, through strategic means

As cyber attacks increase, policymakers will be challenged to develop responses to disruptive or destructive attacks. But finding a timely, proportionate, legal, and discriminatory response is complicated by the difficulty in assessing the damage to national interests and the frequent use of proxies. Perpetrators have plausible deniability, frustrating efforts to assign responsibility. In determining the appropriate response to a state-sponsored cyber incident, policymakers will need to consider three factors: the intelligence community’s confidence in its attribution of responsibility; the impact of the incident; and the levers of national power at a state’s disposal. Source: Defense One

The business of American business losses

sh_business email_280Hackers have funneled $1.2 billion out of companies’ accounts since October 2013, the FBI reports. Using an increasingly common scam called “business email compromise,” hackers pose as CEOs and ask employees to hand over confidential financial information. Hackers send a phishing email to the CEO or a top-ranking executive to gain access to his or her account. Then, the hacker will send emails from the executive’s account. Alternatively, hackers sometimes create a dummy email address to fool finance departments into thinking it’s coming from the CEO, or pose as company lawyers who tell employees they need certain financial information. After securing information about company accounts, hackers will wire money out. In the first eight months of this year, there has been a 270 percent increase in identified victims and exposed losses due to business email compromise schemes. Source: WNEP, Moosic, Pa.

When hacking pays off

sh_Uber_280Uber Technologies hired two top vehicle security researchers, high-profile additions that come as the ride-hailing service ramps up its work on technology for self-driving cars. Charlie Miller, who had been working at Twitter, and Chris Valasek, who worked at security firm IOActive, won wide attention after demonstrating that they could hack into a moving Jeep. Uber said that Miller and Valasek will join the company’s Advanced Technologies Center, a research laboratory staffed with dozens of autonomous vehicle experts. Source: Reuters

Google offers work-around on Apple ATS

Apple’s iOS 9 operating system will have a feature called App Transport Security, or ATS, which is supposed to require iPhone app developers to use an advanced security protocol. But Google says that not every app developer and mobile publisher will be able to work with the new standards, so when those app publishers who aren’t running the protocol meet Apple’s new encryption, their mobile ads won’t run. Google has published five lines of code to disable Apple’s encryption, offering a “short-term fix” before developers get up to speed with security rules that both Apple and Google are pushing. Some people in the security world saw it as an attempt by Google to prioritize ads over privacy. Google said, “We wrote this because developers asked us about resources available to them for the upcoming iOS 9 release, and we wanted to outline some options. To be clear, developers should only consider disabling ATS if other approaches to comply with ATS standards are unsuccessful.” Source: Re/Code