Justice indicts Russian government officials in giant Yahoo hack

Share on FacebookShare on Google+Tweet about this on TwitterShare on LinkedInEmail this to someonePrint this page

The Depart­ment of Jus­tice announced that four people—including two offi­cers of the Russ­ian Fed­er­al Secu­ri­ty Ser­vice (FSB)—have been indict­ed in con­nec­tion with a mas­sive hack of 500 mil­lion Yahoo user accounts in 2014, the first U.S. crim­i­nal cyber charges ever against Russ­ian gov­ern­ment offi­cials. Charges include hack­ing, wire fraud, trade secret theft and eco­nom­ic espi­onage. The indict­ments are part of the largest hack­ing case brought by the Unit­ed States, and reflects the U.S. government’s increas­ing desire to hold for­eign gov­ern­ments account­able for mali­cious acts in cyber­space. The Russ­ian gov­ern­ment used the infor­ma­tion it obtained to focus on for­eign offi­cials, busi­ness exec­u­tives and jour­nal­ists, fed­er­al pros­e­cu­tors said. Tar­gets includ­ed numer­ous finan­cial exec­u­tives, offi­cials at an Amer­i­can cloud com­put­ing com­pa­ny, an air­line exec­u­tive and a casi­no reg­u­la­tor in Neva­da. The hack­ers also used the Yahoo data to send spam and steal cred­it card and gift card infor­ma­tion, and sought to break into at least 50 Google accounts, includ­ing those of Russ­ian offi­cials and employ­ees of a Russ­ian cyber­se­cu­ri­ty firm. Although FBI agents have sus­pect­ed that the Rus­sians have used cyber mer­ce­nar­ies to do their work, this case is among the first in which evi­dence is offered to show that. The Unit­ed States does not have an extra­di­tion treaty with Rus­sia, but offi­cials have said that fil­ing charges and impos­ing sanc­tions can be a deter­rent. Peo­ple some­times trav­el to a coun­try that is will­ing to trans­fer them to the Unit­ed States for pros­e­cu­tion. Sources: The Wash­ing­ton Post; The New York Times; CNN

Wish you were here, parents, to check your kids’ Wishbone app

Wish­bone, a pop­u­lar quiz app for kids, tweens and teens has been hacked, involv­ing 2.2 mil­lion email address­es, as well as 287,000 phone num­bers, many of which are from kids under the age of 18. The app is oper­at­ed by the incu­ba­tor Sci­ence, and is one of the more pop­u­lar social net­work­ing appli­ca­tions in the Unit­ed States, cur­rent­ly rank­ing No. 14 in that cat­e­go­ry on iTunes. Hack­ers appear to have accessed a pri­vate API to pull infor­ma­tion on Wish­bone users, includ­ing user names, per­son­al names, emails and phone num­bers. Source: Tech Crunch

It doesn’t pay to put your life insurance in their hands

Three for­mer Bay Area life insur­ance agents were con­vict­ed of wire fraud and iden­ti­ty theft in a scheme to sub­mit pho­ny appli­ca­tions for poli­cies and split com­mis­sions and bonus­es. While work­ing for the Amer­i­can Income Life Insur­ance, they sub­mit­ted appli­ca­tions for poli­cies on behalf of peo­ple who didn’t know that a pol­i­cy was applied for or issued, or didn’t want a pol­i­cy. Per­son­al infor­ma­tion used to apply for poli­cies was col­lect­ed by pay­ing recruiters to find peo­ple to take med­ical exams and pay­ing peo­ple to par­tic­i­pate in a fic­ti­tious sur­vey of a med­ical exam com­pa­ny. Source: The (San Jose, Calif.) Mer­cury News

Scammers order credit cards in victims’ names, then rob their mailboxes 

Queens, New York,  police bust­ed a mas­sive cred­it card and iden­ti­ty theft ring that duped con­sumers, banks and retail busi­ness­es out of more than $3.5 mil­lion. Scam­mers used forged cards to go on shop­ping sprees to high-end elec­tron­ic and fash­ion stores, pur­chas­ing tens of thou­sands of dol­lars worth of mer­chan­dise. The thieves ordered new cred­it cards for vic­tims and plucked them out of the card­hold­ers’ mail­box­es when they were deliv­ered. Source: The New York Dai­ly News

A spot of good news: IRS says identity theft takes a tumble

The IRS reports that the num­ber of iden­ti­ty theft vic­tims plum­met­ed last year, falling by 46 per­cent, to 376,000. These tax­pay­ers had their iden­ti­ties stolen by crim­i­nals who used their Social Secu­ri­ty num­bers and birth dates to obtain fraud­u­lent tax refunds. The IRS stopped near­ly 1 mil­lion fraud­u­lent refunds from being issued last year. They totaled almost $6.6 bil­lion, the agency said. Source: USA Today 

Sound it out: Audio tones can spy on devices

Researchers at the Uni­ver­si­ty of Michi­gan released a paper explain­ing how audio tones can send false read­ings to devices through the devices’ accelerom­e­ters, the sen­sors in phones, fit­ness track­ers, and tons of oth­er tech toys that tell our devices where they are in space. Any device with an accelerom­e­ter could poten­tial­ly be vul­ner­a­ble to this kind of hack­ing attack. Uni­ver­si­ty of Michi­gan researcher Tim­o­thy Trip­pel said our devices rely on their sen­sors just like we rely on our ears, eyes and noses. Send­ing con­fus­ing infor­ma­tion to those sen­sors can wreak hav­oc. Source: CNet

Financial firms bump up their investment in cybersecurity

Banks and oth­er finan­cial insti­tu­tions spend three times the amount non­fi­nan­cial orga­ni­za­tions are spend­ing on cyber­se­cu­ri­ty. Accord­ing to the Finan­cial Insti­tu­tions Secu­ri­ty Risks research from Kasper­sky Lab and B2B Inter­na­tion­al, cyber­se­cu­ri­ty is a high pri­or­i­ty for finan­cial insti­tu­tions, as they’re com­ing under increased pres­sure from the gov­ern­ment, top man­age­ment and cus­tomers. Banks are most­ly get­ting ready for more mobile users. More than four in 10 banks pre­dict the over­whelm­ing major­i­ty of their cus­tomers will be using mobile bank­ing in three years. Source: Beta News

Diplomatic tension leads to spurt of anti-Nazi tweets

A diplo­mat­ic spat between Turkey, the Nether­lands and Ger­many spread online when a large num­ber of Twit­ter accounts were hijacked and replaced with anti-Nazi mes­sages in Turk­ish. The attacks, using the hash­tags #Nazial­manya (NaziGer­many) or #Naz­i­hol­lan­da (Naz­i­Hol­land), took over accounts of high-pro­file CEOs, pub­lish­ers, gov­ern­ment agen­cies, politi­cians and also some ordi­nary Twit­ter users. Turk­ish Pres­i­dent Tayyip Erdo­gan has accused the Ger­man and Dutch gov­ern­ments of Nazi-style tac­tics, draw­ing protests from both coun­tries, after Turk­ish gov­ern­ment min­is­ters were barred from address­ing polit­i­cal ral­lies there to boost his sup­port among expa­tri­ate Turks. Source: Reuters

British seek more insurance coverage for cyber attacks

Britain’s 6 bil­lion pounds ($7.3 bil­lion) ter­ror­ism rein­sur­ance fund hopes to extend its cov­er to include cyber attacks on prop­er­ty, said Julian Enoizi, Pool Re chief exec­u­tive. The rein­sur­ance com­pa­ny, set up in 1993, acts as a back­stop to insur­ers pay­ing out claims on prop­er­ty dam­age and busi­ness inter­rup­tion. There have been sev­er­al cyber attacks on prop­er­ty in recent years. In 2014, a Ger­man steel mill suf­fered dam­age to the plant’s net­work from a cyber attack. Enoizi said this and oth­er inci­dents had been ruled out as ter­ror attacks, but Pool Re need­ed to be pre­pared. “Insur­ance is there for the unimaginable—we’re here to insure the unfore­seen,” he said. Source: Insur­ance Journal

Nintendo Switch hacked nine days after its launch

Well-known iOS and PS4 hack­er qwer­ty­oruiop report­ed­ly became the first per­son to hack a Nin­ten­do Switch, nine days after it launched. The hack­er tweaked an old iOS WebKit exploit, removed the iOS-spe­cif­ic code and took advan­tage of a vul­ner­a­bil­i­ty con­tained with­in the hid­den Switch brows­er to show how easy it will be to hack the con­sole. Source: BGR.com

Hacked? Bill would let you hack back

Rep. Tom Graves, R-Geor­gia, is propos­ing a bill that would allow a vic­tim of a cyber attack to access the attacker’s com­put­er to gath­er infor­ma­tion about the attack to share with law enforce­ment or to stop the hack­er from con­tin­u­ing to access their net­work. The Active Cyber Defense Cer­tain­ty Act would not allow cyber attack vic­tims to destroy any infor­ma­tion on their attacker’s net­work or to oth­er­wise cause a threat to pub­lic safe­ty. Source: Think Advi­sor

Emma Watson is latest to have photos hacked

Emma Wat­son is tak­ing legal action after pri­vate pho­tos of the star alleged­ly were stolen and leaked online. “Pho­tos from a clothes fit­ting Emma had with a styl­ist a cou­ple of years ago have been stolen,” her pub­li­cist said. Reports sug­gest that the pic­tures have been shared on the so-called Dark Web—an encrypt­ed net­work not eas­i­ly acces­si­ble by the aver­age user. Source: The Guardian