U.S. to byte back at Russia over election hacking

Share on FacebookShare on Google+Tweet about this on TwitterShare on LinkedInEmail this to someonePrint this page

Pres­i­dent Oba­ma ordered the expul­sion of 35 Russ­ian sus­pect­ed spies and imposed sanc­tions on two Russ­ian intel­li­gence agen­cies over their involve­ment in hack­ing U.S. polit­i­cal groups in the 2016 pres­i­den­tial elec­tion. The mea­sures mark a new post-Cold War low in U.S.-Russian ties which have dete­ri­o­rat­ed over Ukraine and Syr­ia. Alle­ga­tions by U.S. intel­li­gence agen­cies that Russ­ian Pres­i­dent Putin per­son­al­ly direct­ed efforts to inter­vene in the U.S. elec­tion process by hack­ing most­ly Democ­rats have made rela­tions even worse. “These actions fol­low repeat­ed pri­vate and pub­lic warn­ings that we have issued to the Russ­ian gov­ern­ment, and are a nec­es­sary and appro­pri­ate response to efforts to harm U.S. inter­ests in vio­la­tion of estab­lished inter­na­tion­al norms of behav­ior,” Oba­ma said. The Krem­lin, which denounced the sanc­tions as unlaw­ful and promised “ade­quate” retal­i­a­tion. Moscow denies the hack­ing alle­ga­tions. Source: Reuters

Russian hack code found in U.S. electrical grid

A code asso­ci­at­ed with the Russ­ian hack­ing oper­a­tion dubbed Griz­zly Steppe by the Oba­ma admin­is­tra­tion has been detect­ed with­in the sys­tem of a Ver­mont util­i­ty. While the Rus­sians did not active­ly use the code to dis­rupt oper­a­tions, the dis­cov­ery under­scores the vul­ner­a­bil­i­ties of the nation’s elec­tri­cal grid and rais­es fears that Russ­ian gov­ern­ment hack­ers are active­ly try­ing to pen­e­trate the grid to car­ry out poten­tial attacks. Source: Wash­ing­ton Post

New Hampshire health department data breached

sh_medical-records_280The New Hamp­shire Depart­ment of Health and Human Ser­vices has suf­fered a breach that exposed per­son­al infor­ma­tion such as birth dates, address­es, Social Secu­ri­ty num­bers, Med­ic­aid iden­ti­fi­ca­tion num­bers and med­ical ser­vices records. The breach affects indi­vid­u­als involved with the DHHS pri­or to Novem­ber 2015. There is no evi­dence that cred­it card or bank­ing infor­ma­tion was exposed. Health care-record hack­ing rose 11,000 per­cent last year, affect­ing rough­ly one in three Amer­i­cans. Source: CNBC

Hacker hits Russian Visa Center just because he can

The Russ­ian Visa Cen­ter in the Unit­ed States report­ed­ly was tar­get­ed over the hol­i­day week­end by a mas­sive hack claimed by an indi­vid­ual who said he did it to show how weak the system’s secu­ri­ty was. The indi­vid­ual, who goes by Kapustkiy on Twit­ter, said he was will­ing to leak data to the com­pa­ny to prove his point. The breach report­ed­ly could affect thou­sands of U.S. cit­i­zens who applied for Russ­ian visas and whose per­son­al infor­ma­tion was stored in the data­base. Source: Yahoo

Government alphabet soup: FBI probes FDIC breach

sh_alphabet-soup_280The FBI is look­ing into a hack of the Fed­er­al Deposit Insur­ance Corp. that start­ed in 2010. China’s mil­i­tary is said to be behind the attacks in which hack­ers got access to dozens of com­put­ers, includ­ing that of Sheila Bair, the past FDIC chair­woman. A con­gres­sion­al com­mit­tee also is prob­ing the hack. Source: Pymnts.com

Three Chinese citizens charged in insider trading by hack

Three Chi­nese cit­i­zens have been crim­i­nal­ly charged in the Unit­ed States with trad­ing on con­fi­den­tial cor­po­rate infor­ma­tion obtained by hack­ing into net­works and servers of law firms work­ing on merg­ers. Iat Hong of Macau, Bo Zheng of Chang­sha, Chi­na, and Chin Hung of Macau were charged with con­spir­a­cy, insid­er trad­ing, wire fraud and com­put­er intru­sion. Pros­e­cu­tors said the men made more than $4 mil­lion by plac­ing trades in at least five com­pa­ny stocks based on inside infor­ma­tion from unnamed law firms, includ­ing about deals involv­ing Intel and Pit­ney Bowes. Source: Reuters

New York confirms delay in cybersecurity regulations

sh_new-york_280New York state’s finan­cial reg­u­la­tor revised a pro­pos­al for the nation’s first cyber­se­cu­ri­ty rules for banks and insur­ers, loos­en­ing some secu­ri­ty require­ments and delay­ing imple­men­ta­tion by two months to March 1. The rules from the New York State Depart­ment of Finan­cial Ser­vices are being close­ly watched because they lay out unprece­dent­ed require­ments on steps that finan­cial firms must take to pro­tect their net­works and cus­tomer data from hack­ers and dis­close cyber events to state reg­u­la­tors. Source: Reuters

Ukraine watchers say computer network compromised

The orga­ni­za­tion charged with mon­i­tor­ing the Rus­sia-foment­ed con­flict in east­ern Ukraine con­firmed that it suf­fered a data breach “com­pro­mis­ing the con­fi­den­tial­i­ty” of its com­put­er net­work. The Orga­ni­za­tion for Secu­ri­ty Coop­er­a­tion in Europe said that the breach was dis­cov­ered in ear­ly Novem­ber. French news­pa­per Le Monde cites a “west­ern intel­li­gence ser­vice” in report­ing that Rus­sia-linked hack­ing group Fan­cy Bear as the pos­si­ble per­pe­tra­tors. Source: ABC News

China sets up security strategy against hacks, for internal controls

sh_china-hack_280China’s Inter­net reg­u­la­tor issued the country’s first cyber strat­e­gy, empha­siz­ing the neces­si­ty of secur­ing crit­i­cal infra­struc­ture and the government’s right to con­trol cyber­space in Chi­nese ter­ri­to­ry. The strate­gic frame­work released by the Cyber­space Admin­is­tra­tion of Chi­na sum­ma­rizes goals enu­mer­at­ed in a cyber­se­cu­ri­ty law and oth­er reg­u­la­tions adopt­ed over the past year. A guid­ing con­cept is “inter­net sovereignty”—which the doc­u­ment defines as China’s right to police the inter­net with­in its bor­ders and par­tic­i­pate in man­ag­ing inter­na­tion­al cyber­space. Source: Wall Street Journal

Holiday Inn, Kimpton Hotel chain reports hack of credit card data

Inter­Con­ti­nen­tal Hotel Group, which oper­ates more than 5,000 hotels world­wide, is inves­ti­gat­ing claims of a pos­si­ble secu­ri­ty breach—including cred­it card theft—at sev­er­al U.S. hotels. The British hotel chain hired a com­put­er secu­ri­ty firm to inves­ti­gate pat­terns of pos­si­ble cred­it and deb­it card fraud. Inter­Con­ti­nen­tal brands include Hol­i­day Inn, Hol­i­day Inn Express, Kimp­ton Hotels and Crowne Plaza. Oth­er chains affect­ed by card breach­es with­in the past year include Trump Hotels, Hilton Man­darin Ori­en­tal and White Lodge. Source: New York Dai­ly News

Airline boarding passes vulnerable to hackers

sh_boarding-pass_280Major trav­el book­ing sys­tems lack a prop­er way to authen­ti­cate air trav­el­ers, mak­ing it easy to hack the code used on board­ing pass­es, secu­ri­ty researchers warned. Pas­sen­ger name records are used to store reser­va­tions with links to a traveler’s name, trav­el dates, itin­er­ary, tick­et details, phone and email con­tacts, trav­el agent, cred­it card num­bers, seat num­ber and bag­gage infor­ma­tion. The six-dig­it codes act as PIN codes for locat­ing trav­el records, albeit with dif­fer­ences that make them high­ly inse­cure, Secu­ri­ty Research Labs said. Source: Reuters

Cisco to invest more in cybersecurity services

Indus­try ana­lysts expect Cis­co to release lots of new soft­ware for secu­ri­ty and the inter­net of things. “Those two are going to dri­ve a lot of what you see Cis­co do from a prod­uct intro­duc­tion in 2017,” said John Frue­he, an ana­lyst at Moor Insights & Strat­e­gy. Cis­co is in a good posi­tion to increase rev­enue in secu­ri­ty and IoT, ana­lysts said, because the com­pa­ny can lever­age its net­work­ing exper­tise to pro­vide fea­tures com­peti­tors might not match. Source: Search Net­work­ing