Hacker who developed malware that targeted DNC working with FBI

A Ukrain­ian hack­er called “Pro­fex­er” who built one of the tools used to pen­e­trate the Demo­c­ra­t­ic Nation­al Com­mit­tee servers last year has turned him­self in to author­i­ties. The man, who first con­tact­ed Ukrain­ian police ear­li­er this year, claims he wrote a piece of soft­ware called the PAS Web shell, which the Depart­ment of Home­land Secu­ri­ty has iden­ti­fied as mal­ware used in the hack. The hack­er main­tains that he wasn’t behind the attack, which result­ed in the release of thou­sands of emails sent by DNC staffers dur­ing the pres­i­den­tial cam­paign. Because there is no evi­dence that he used the tool to car­ry out the attack, he wasn’t arrest­ed. Pro­fex­er is in touch with the FBI and is able to iden­ti­fy users involved in the DNC hack by their online han­dles. Also emerg­ing from Ukraine is a sharp­er pic­ture of what the U.S. gov­ern­ment believes is a Russ­ian gov­ern­ment hack­ing group known as Fan­cy Bear. Amer­i­can intel­li­gence believes it is oper­at­ed by Russ­ian mil­i­tary intel­li­gence. Sources: Tech­nol­o­gy Review, The New York Times

Neo-Nazi site claims it was hacked; Anonymous says maybe not

Mem­bers of the Anony­mous hack­tivist col­lec­tive claim that neo-Nazi web­site the Dai­ly Stormer may have faked a claim that it had been tak­en over by hack­ers. Web-host­ing ser­vice GoDad­dy removed the Dai­ly Stormer after it pub­lished an arti­cle vicious­ly insult­ing the activist killed after a car hit her at a white nation­al­ist ral­ly in Char­lottesville, Vir­ginia.  Lat­er, a mes­sage post­ed on the site claimed to be from Anony­mous hack­tivists who had tak­en over the site. Source: Newsweek

Tech companies ask high court to protect customers’ privacy

More than a dozen tech­nol­o­gy and wire­less com­pa­nies called on the Supreme Court to make it hard­er for gov­ern­ment offi­cials to access indi­vid­u­als’ sen­si­tive cell­phone data. The case involves a high-pro­file dis­pute over whether police should have to get a war­rant before obtain­ing data that could reveal a cell phone user’s where­abouts. The brief, signed by Apple, Face­book, Twit­ter, Snap and Google, said that as indi­vid­u­als’ data is increas­ing­ly col­lect­ed through dig­i­tal devices, greater pri­va­cy pro­tec­tions are need­ed under the law. Source: Reuters

Los Angeles launches Cyber Lab to help small, medium-size businesses

To help strength­en cyber­se­cu­ri­ty for local busi­ness­es, Los Ange­les is launch­ing Cyber Lab, a pub­lic-pri­vate part­ner­ship that will dis­sem­i­nate threat intel­li­gence gen­er­at­ed by its Inte­grat­ed Secu­ri­ty Oper­a­tions Cen­ter. Based on an analy­sis of 1 bil­lion secu­ri­ty-relat­ed events per day and data aggre­gat­ed from the fed­er­al gov­ern­ment and key pri­vate sec­tor sources, Cyber­LabLA will alert small and medi­um-size busi­ness­es to attacks as they occur. Larg­er busi­ness­es can receive auto­mat­ed updates to their own cyber defense sys­tems. There is no cost for busi­ness­es to become a part­ner of the lab. Source: GCN.com

Uber reaches deal on privacy, security with FTC

Uber agreed to improve its pri­va­cy and secu­ri­ty prac­tices and to allow out­siders to mon­i­tor its progress for 20 years. The deal with the Fed­er­al Trade Com­mis­sion would resolve com­plaints stem­ming from a 2014 inci­dent in which a hack­er gained access to the names and driver’s license num­bers of more than 100,000 Uber dri­vers. Source: Wired

As electrical grids get smarter, they also become more vulnerable

Elec­tric­i­ty dis­tri­b­u­tion sys­tems are being trans­posed to smart grids, which make use of two-way com­mu­ni­ca­tion and com­put­er pro­cess­ing. This is mak­ing them increas­ing­ly vul­ner­a­ble to cyber attacks. “Sophis­ti­cat­ed cyber attacks on advanced meter­ing infra­struc­tures are a clear and present dan­ger,” accord­ing to a report in the Inter­na­tion­al Jour­nal of Crit­i­cal Infra­struc­ture Pro­tec­tion. Such attacks affect cus­tomers and dis­tri­b­u­tion com­pa­nies, and can include steal­ing data, steal­ing pow­er, dis­rupt­ing the grid, and deny­ing cus­tomers pow­er. Source: Sci­ence Daily

Hackers go after Scottish Parliament with ‘brute force’ attack

The Scot­tish Par­lia­ment has been tar­get­ed by a “brute force” cyber attack. Chief exec­u­tive Sir Paul Grice said the attack, from “exter­nal sources,” was sim­i­lar to that which affect­ed West­min­ster in June. A “brute force” attack involves hack­ers repeat­ed­ly try­ing to access sys­tems using a range of dif­fer­ent pass­words, in the hope of effec­tive­ly guess­ing the cor­rect pass­word through tri­al and error. Source: BBC

State Department increases cybersecurity efforts with new office

The State Depart­ment estab­lished a new office ear­li­er this year with­in its Diplo­mat­ic Secu­ri­ty Ser­vice to safe­guard against and respond to cyber­se­cu­ri­ty threats. The Cyber and Tech­nol­o­gy Secu­ri­ty direc­torate “facil­i­tates the con­duct of glob­al diplo­ma­cy by pro­tect­ing life, prop­er­ty, and infor­ma­tion with advanced cyber­se­cu­ri­ty pro­grams and risk-man­aged tech­nol­o­gy inno­va­tion.” Source: The Hill

NIST looks for public comment on privacy and security controls

The Nation­al Insti­tute of Stan­dards and Tech­nol­o­gy is seek­ing pub­lic com­ments on a draft ver­sion of its updat­ed spe­cial pub­li­ca­tion on pri­va­cy and secu­ri­ty con­trols for gov­ern­ment and indus­try data sys­tems. NIST will accept pub­lic feed­back through Sept. 12 with a plan to release the final draft of the doc­u­ment before the end of 2017. Source: ExecutiveGov.com

Bank of America used as bait in phishing scam

Phish­ing emails that appear to be from Bank of Amer­i­ca con­tain fraud­u­lent “account secu­ri­ty val­i­da­tion” mes­sages that ask recip­i­ents to update per­son­al data. Some emails look authen­tic, but Bank of Amer­i­ca warns con­sumers to remain skep­ti­cal of mes­sages that claim to be from its cus­tomer ser­vice depart­ment. Source: KCRA, Char­lotte, N.C.