Hacker who developed malware that targeted DNC working with FBI
News Roundup
By Byron Acohido, ThirdCertainty
A Ukrainian hacker called “Profexer” who built one of the tools used to penetrate the Democratic National Committee servers last year has turned himself in to authorities. The man, who first contacted Ukrainian police earlier this year, claims he wrote a piece of software called the PAS Web shell, which the Department of Homeland Security has identified as malware used in the hack. The hacker maintains that he wasn’t behind the attack, which resulted in the release of thousands of emails sent by DNC staffers during the presidential campaign. Because there is no evidence that he used the tool to carry out the attack, he wasn’t arrested. Profexer is in touch with the FBI and is able to identify users involved in the DNC hack by their online handles. Also emerging from Ukraine is a sharper picture of what the U.S. government believes is a Russian government hacking group known as Fancy Bear. American intelligence believes it is operated by Russian military intelligence. Sources: Technology Review, The New York Times
Neo-Nazi site claims it was hacked; Anonymous says maybe not
Members of the Anonymous hacktivist collective claim that neo-Nazi website the Daily Stormer may have faked a claim that it had been taken over by hackers. Web-hosting service GoDaddy removed the Daily Stormer after it published an article viciously insulting the activist killed after a car hit her at a white nationalist rally in Charlottesville, Virginia. Later, a message posted on the site claimed to be from Anonymous hacktivists who had taken over the site. Source: Newsweek
Tech companies ask high court to protect customers’ privacy
More than a dozen technology and wireless companies called on the Supreme Court to make it harder for government officials to access individuals’ sensitive cellphone data. The case involves a high-profile dispute over whether police should have to get a warrant before obtaining data that could reveal a cell phone user’s whereabouts. The brief, signed by Apple, Facebook, Twitter, Snap and Google, said that as individuals’ data is increasingly collected through digital devices, greater privacy protections are needed under the law. Source: Reuters
Los Angeles launches Cyber Lab to help small, medium-size businesses
To help strengthen cybersecurity for local businesses, Los Angeles is launching Cyber Lab, a public-private partnership that will disseminate threat intelligence generated by its Integrated Security Operations Center. Based on an analysis of 1 billion security-related events per day and data aggregated from the federal government and key private sector sources, CyberLabLA will alert small and medium-size businesses to attacks as they occur. Larger businesses can receive automated updates to their own cyber defense systems. There is no cost for businesses to become a partner of the lab. Source: GCN.com
Uber reaches deal on privacy, security with FTC
Uber agreed to improve its privacy and security practices and to allow outsiders to monitor its progress for 20 years. The deal with the Federal Trade Commission would resolve complaints stemming from a 2014 incident in which a hacker gained access to the names and driver’s license numbers of more than 100,000 Uber drivers. Source: Wired
As electrical grids get smarter, they also become more vulnerable
Electricity distribution systems are being transposed to smart grids, which make use of two-way communication and computer processing. This is making them increasingly vulnerable to cyber attacks. “Sophisticated cyber attacks on advanced metering infrastructures are a clear and present danger,” according to a report in the International Journal of Critical Infrastructure Protection. Such attacks affect customers and distribution companies, and can include stealing data, stealing power, disrupting the grid, and denying customers power. Source: Science Daily
Hackers go after Scottish Parliament with ‘brute force’ attack
The Scottish Parliament has been targeted by a “brute force” cyber attack. Chief executive Sir Paul Grice said the attack, from “external sources,” was similar to that which affected Westminster in June. A “brute force” attack involves hackers repeatedly trying to access systems using a range of different passwords, in the hope of effectively guessing the correct password through trial and error. Source: BBC
State Department increases cybersecurity efforts with new office
The State Department established a new office earlier this year within its Diplomatic Security Service to safeguard against and respond to cybersecurity threats. The Cyber and Technology Security directorate “facilitates the conduct of global diplomacy by protecting life, property, and information with advanced cybersecurity programs and risk-managed technology innovation.” Source: The Hill
NIST looks for public comment on privacy and security controls
The National Institute of Standards and Technology is seeking public comments on a draft version of its updated special publication on privacy and security controls for government and industry data systems. NIST will accept public feedback through Sept. 12 with a plan to release the final draft of the document before the end of 2017. Source: ExecutiveGov.com
Bank of America used as bait in phishing scam
Phishing emails that appear to be from Bank of America contain fraudulent “account security validation” messages that ask recipients to update personal data. Some emails look authentic, but Bank of America warns consumers to remain skeptical of messages that claim to be from its customer service department. Source: KCRA, Charlotte, N.C.