Shadow Brokers say U.S. agency spied on Middle East banks

Share on FacebookShare on Google+Tweet about this on TwitterShare on LinkedInEmail this to someonePrint this page

Hack­er group Shad­ow Bro­kers released data that appears to show that the NSA pen­e­trat­ed deep into the finance infra­struc­ture of the Mid­dle East. The pub­lished doc­u­ments, if legit­i­mate, show how U.S. intel­li­gence com­pro­mised ele­ments of the glob­al bank­ing sys­tem by hack­ing into Dubai’s East­Nets, which over­sees pay­ments in the glob­al SWIFT trans­ac­tion sys­tem for dozens of client banks in the Mid­dle East. The leak includes detailed lists of hacked or poten­tial­ly tar­get­ed com­put­ers, includ­ing those belong­ing to firms in Qatar, Dubai, Abu Dhabi, Syr­ia, Yemen and the Pales­tin­ian ter­ri­to­ries. Also includ­ed in the data dump are fresh hack­ing tools, this time tar­get­ing a slew of Win­dows ver­sions. SWIFT has been increas­ing­ly tar­get­ed by hack­ers seek­ing to redi­rect mil­lions of dol­lars from banks around the world, with recent efforts in India, Ecuador and Bangladesh. Secu­ri­ty researchers point­ed to clues that an $81 mil­lion Bangladesh bank theft via SWIFT may have been the work of the North Kore­an gov­ern­ment. But the Shad­ow Bro­kers’ lat­est leak offers new evi­dence that the NSA also has com­pro­mised SWIFT, most like­ly for silent espi­onage. Source: Wired

U.S. health care site wasn’t secure at launch, report says, used to enter sen­si­tive med­ical and per­son­al infor­ma­tion while sign­ing up for Oba­macare, was severe­ly unse­cure upon launch in Octo­ber 2013. Doc­u­ments obtained by Judi­cial Watch through a Free­dom of Infor­ma­tion Act law­suit show Health and Human Ser­vices offi­cials repeat­ed­ly were warned by secu­ri­ty con­trac­tor Mitre that the site was not prop­er­ly pro­tect­ed. Source:

Hundreds of YouTube channels breached

Hack­er group Our­Mine pulled off what they claim is the “largest hack in YouTube his­to­ry” breach­ing secu­ri­ty on hun­dreds of chan­nels, includ­ing vlog­gers Lil­ly Singh, RomanAt­wood­Vlogs and JustKid­dingNews. The group changed the titles and descrip­tions of their videos to: “Hey, it’s Our­Mine, don’t wor­ry we are just test­ing your secu­ri­ty, please con­tact us for more infor­ma­tion.” The accounts affect­ed were all asso­ci­at­ed with Ger­man media net­work Studio71, which hosts more than 1,200 chan­nels. Source: The Sun

Machines might learn to keep private data safe

U.K.-based Dark­trace uses machine-learn­ing capabilities—advanced algo­rithms that can adapt and learn—and prob­a­bilis­tic math­e­mat­ics to learn the nor­mal “pat­tern of life” for every user and device in a net­work to detect anom­alies. Their tech­nol­o­gy is mod­eled after how a human immune sys­tem iden­ti­fies and responds to for­eign threats with­out com­pro­mis­ing the human body’s key func­tions. Source: CNBC

Job security comes with cybersecurity degree

Col­leges and uni­ver­si­ties are scram­bling to add cours­es to pre­pare stu­dents to fill the huge num­ber of cyber­se­cu­ri­ty jobs that have arisen due to expo­nen­tial growth in hack­ing world­wide. Ana­lysts say the num­ber of job vacan­cies ranges from 100,000 to 350,000. Ash­ton Mozano, a cyber­se­cu­ri­ty pro­fes­sor at the Uni­ver­si­ty of San Diego, says there are thou­sands of $80,000 entry-lev­el jobs avail­able to appli­cants with at least an under­grad­u­ate degree in com­put­er sci­ence or com­put­er engi­neer­ing. Source: San Diego Tribune

United Kingdom companies need to get their firewalls up

A fifth of British busi­ness­es have been hacked by cyber crim­i­nals in the past 12 months. A sur­vey by the British Cham­bers of Com­merce found 42 per­cent of big busi­ness­es had fall­en vic­tim to cyber crime, com­pared with 18 per­cent of small com­pa­nies. Only a quar­ter of those ques­tioned said their busi­ness had secu­ri­ty mea­sures in place to guard against hack­ing. While firms of all sizes fall prey to attacks, large com­pa­nies are more like­ly to expe­ri­ence them. Source: Sky News

Hackers check in to IHG hotels yet again

Inter­Con­ti­nen­tal Hotels Group said that pay­ment card sys­tems at more than 1,000 of its hotels had been breached. It’s the sec­ond breach that IHG, a multi­na­tion­al hotel con­glom­er­ate that counts Hol­i­day Inn and Crowne Plaza among its chains, has dis­closed this year. The com­pa­ny said a sec­ond breach occurred at select hotels from Sept. 29 through Dec. 29 last year. IHG said the vari­ant on their sys­tem siphoned track data—customers’ card num­ber, expi­ra­tion date and inter­nal ver­i­fi­ca­tion code—from the mag­net­ic strip of cards as they were rout­ed through affect­ed hotel servers. Source: Threat­Post

Shoney’s serves up report of restaurant breaches

Shoney’s has been hit with a cred­it card breach involv­ing 37 restau­rants since Decem­ber, the com­pa­ny acknowl­edged. Best Amer­i­can Hos­pi­tal­i­ty said the breach start­ed in Decem­ber and was con­tained in March. The 37 affect­ed loca­tions are across the South, many in Ten­nessee, with a few in South Car­oli­na, Louisiana, Geor­gia, Alaba­ma, Mis­sis­sip­pi, Vir­ginia, Mis­souri, Flori­da and Arkansas. Source: Nation’s Restau­rant News

We’re bored; let’s poke around in patient records

Vir­ginia Mason Memo­r­i­al Hos­pi­tal in Yaki­ma, Wash., sent let­ters to 419 emer­gency-room patients, alert­ing them of a pri­va­cy vio­la­tion. Employ­ees at the hos­pi­tal improp­er­ly accessed patients’ records. The hos­pi­tal believes this to be a case of snoop­ing by bored employ­ees. There was no evi­dence that any par­tic­u­lar patient’s records were tar­get­ed. Source: The Seat­tle Times

Your LinkedIn account might get connected in a different way

LinkedIn’s new ver­sion of its Terms of Ser­vice go into effect on June 7, with a new pri­va­cy pol­i­cy that cov­ers upcom­ing LinkedIn fea­tures that aim to give pro­files more vis­i­bil­i­ty, and to make it eas­i­er to achieve the social “links” implied in the pro­fes­sion­al network’s name. The pol­i­cy will open pro­file vis­i­bil­i­ty to “cer­tain third-par­ty ser­vices.” LinkedIn does make it easy to opt out. Source: Tech Crunch

If feds won’t protect privacy, the states will

More than a dozen states are mov­ing to fill the void left by the fed­er­al government’s depar­ture from broad­band pri­va­cy reg­u­la­tion through a spate of pro­posed laws that would require con­sumer con­sent to share online data with third par­ties. The leg­isla­tive pro­pos­als are a reac­tion to Pres­i­dent Trump’s repeal of a Fed­er­al Com­mu­ni­ca­tions Com­mis­sion reg­u­la­tion that would have expand­ed online pri­va­cy rules to broad­band providers, such as AT&T and Ver­i­zon. The reg­u­la­tion would have required telecom­mu­ni­ca­tions com­pa­nies to noti­fy cus­tomers if they intend­ed to sell their infor­ma­tion to a third par­ty. Source: Bloomberg BNA

Retailer says breach was a bit bigger than first thought

Neiman Mar­cus dis­closed to the Cal­i­for­nia attor­ney gen­er­al that a Decem­ber 2015 breach com­pro­mised more sen­si­tive infor­ma­tion than first thought. It also dis­closed new attacks from ear­li­er this year that exposed names, con­tact infor­ma­tion, email address­es and pur­chase his­to­ries. Neiman Mar­cus Group says full pay­ment card num­bers and expi­ra­tion dates were exposed in the 2015 inci­dent. Source: Bank Info Security