U.S. cyber warriors battled Russian hackers attacking State Department

Share on FacebookShare on Google+Tweet about this on TwitterShare on LinkedInEmail this to someonePrint this page

Over a 24-hour peri­od, top U.S. cyber defend­ers engaged in a pitched bat­tle with Russ­ian hack­ers who had breached the unclas­si­fied State Depart­ment com­put­er sys­tem and dis­played an unprece­dent­ed lev­el of aggres­sion that experts warn is like­ly to be turned against the pri­vate sec­tor. When­ev­er Nation­al Secu­ri­ty Agency hack­ers cut the attack­ers’ link between their com­mand and con­trol serv­er and the mal­ware in the U.S. sys­tem, the Rus­sians set up a new one. Details about the Novem­ber 2014 inci­dent emerged recent­ly in the wake of a senior NSA official’s warn­ing that the height­ened aggres­sion has secu­ri­ty impli­ca­tions for firms and orga­ni­za­tions unable to fight back. “It was hand-to-hand com­bat,” said NSA Deputy Direc­tor Richard Led­gett, who described the inci­dent at a recent cyber forum, but did not name the nation behind it. The cul­prit was iden­ti­fied by oth­er cur­rent and for­mer offi­cials. Led­gett said the attack­ers’ thrust-and-par­ry moves inside the net­work while defend­ers were try­ing to kick them out amount­ed to “a new lev­el of inter­ac­tion between a cyber attack­er and a defend­er.” Source: The Wash­ing­ton Post

Postal service preview might help in identity theft defense

A U.S. Postal Ser­vice pro­gram seeks to reduce iden­ti­ty theft by giv­ing cus­tomers a pre­view of their mail, so they can alert author­i­ties if it doesn’t arrive. Informed Deliv­ery sends a dig­i­tal copy of the front of the envelopes and pack­ages to recip­i­ents the day they’re sched­uled to be deliv­ered. Once cus­tomers know what to expect, they can report miss­ing or stolen mail before any­one has an oppor­tu­ni­ty to use their per­son­al infor­ma­tion for iden­ti­ty theft. Cus­tomers can reg­is­ter for the ser­vice at the USPS.com web­site. Source: CBS News

GAO questions effectiveness of identity theft services

A report from the Gov­ern­ment Account­abil­i­ty Office acknowl­edged that iden­ti­ty theft ser­vices offer some ben­e­fits but cau­tioned about lim­i­ta­tions. Cred­it-mon­i­tor­ing ser­vices, for exam­ple, can help detect when an unau­tho­rized account has been opened in someone’s name by alert­ing users, but such ser­vices don’t pre­vent fraud on an exist­ing account, includ­ing mis­use of a stolen cred­it card num­ber. The GAO could not find any stud­ies or data assess­ing the effec­tive­ness of iden­ti­ty mon­i­tor­ing. Source: Account­ing Today

Another week, another release by WikiLeaks

Wik­iLeaks has released 676 source code files from the CIA’s Mar­ble Frame­work, which is used to ham­per foren­sic inves­ti­ga­tors and anti-virus com­pa­nies from attribut­ing virus­es, tro­jans and hack­ing attacks to the CIA, Wik­iLeaks said. The tools could have been used to run false flag hack­ing oper­a­tions, the group said. The CIA would not authen­ti­cate the data. Source: FCW

Cloud Hopper attack targets organizations in U.S., Asia, Europe

Author­i­ties have uncov­ered a large-scale cyber attack from a group tar­get­ing orga­ni­za­tions in Japan, the Unit­ed States, Swe­den and oth­er Euro­pean coun­tries through IT ser­vice providers. The cyber attack, uncov­ered through a col­lab­o­ra­tion by Britain’s Nation­al Cyber Secu­ri­ty Cen­tre, PwC and cyber­se­cu­ri­ty firm BAE Sys­tems, tar­get­ed man­aged ser­vice providers to gain access to cus­tomers’ inter­nal net­works since at least May 2016 and poten­tial­ly as ear­ly as 2014. The scale of the attack, named Cloud Hop­per from an orga­ni­za­tion called APT10, is not known but is believed to involve huge amounts of data. Source: Insur­ance Journal

Hackers backing ISIS send out list of targets, seek attacks

A group of hack­ers sup­port­ing the Islam­ic State mil­i­tant group (ISIS) have released a list of thou­sands of indi­vid­u­als in the Unit­ed States and their address­es, call­ing for lone wolf attacks on the tar­gets. The list, which includes 8,786 names, was released by the pro-ISIS hack­ing group the Unit­ed Cyber Caliphate and ver­i­fied by the ter­ror mon­i­tor SITE. The video, which includes a threat against Pres­i­dent Don­ald Trump, instruct­ed would-be attack­ers to: “Kill them wher­ev­er you find them.” Source: Newsweek

When you’re getting personal, others might be watching

The Svakom Siime Eye inter­net-con­nect­ed, cam­era-equipped vibra­tor is vul­ner­a­ble to hack­ing, accord­ing to secu­ri­ty ser­vices firm Pen Test Part­ners. The device works with an app that lets users watch video and shoot pic­tures and videos and save them to devices such as phones or lap­tops. Any­one who’s with­in Wi-Fi range and can guess your pass­word can gain access to your videostream. Source: CNet

Presidential hire was on list of hacked Ashley Madison accounts 

The Trump admin­is­tra­tion has hired the for­mer exec­u­tive direc­tor of the Louisiana Repub­li­can Par­ty whose name turned up on a list of accounts released in the 2015 hack of the cheat­ing web­site Ash­ley Madi­son. Jason Doré is assis­tant chief coun­sel for exter­nal affairs for the Small Busi­ness Administration’s Office of Advo­ca­cy. His office advo­cates on behalf of small busi­ness­es to the fed­er­al gov­ern­ment and helps address con­cerns about reg­u­la­tions that may impact small busi­ness­es. Source: Politi­co

Compromised newspaper system sends Nazi alerts on Trump

An April Fools’ Day hack tar­get­ed the New York Post with a flur­ry of bizarre news alerts hail­ing Pres­i­dent Trump as a Ger­man führer. “Heil Pres­i­dent Don­ald Trump,” stat­ed one alert around 10:45 p.m. Sat­ur­day, before chim­ing in with at least eight more push noti­fi­ca­tions for those with the Rupert Mur­doch-owned mobile app. The Post acknowl­edged in anoth­er alert that its “push noti­fi­ca­tion sys­tem was com­pro­mised this evening,” with­out elab­o­rat­ing how it was hacked. Source: The New York Dai­ly News

Your TV could be targeted by transmitted malware 

An attack that uses ter­res­tri­al radio sig­nals to hack a wide range of Smart TVs rais­es the prospect of hack­ers tak­ing con­trol of a large num­ber of sets at once with­out hav­ing phys­i­cal access. The proof-of-con­cept exploit uses a low-cost trans­mit­ter to embed mali­cious com­mands into a rogue TV sig­nal, which is then broad­cast to near­by devices. It worked against two ful­ly updat­ed TV mod­els made by Sam­sung. By exploit­ing two known secu­ri­ty flaws in the Web browsers run­ning in the back­ground, the attack was able to gain priv­i­leged root access to the TVs. By revis­ing the attack to tar­get sim­i­lar brows­er bugs found in oth­er sets, the tech­nique would like­ly work on a much wider range of TVs. Source: Ars Tech­ni­ca

Scottrade subsidiary database was exposed

Scot­trade Bank, a sub­sidiary of Scot­trade Finan­cial Ser­vices, recent­ly secured a MSSQL data­base con­tain­ing sen­si­tive infor­ma­tion on at least 20,000 cus­tomers that was inad­ver­tent­ly left exposed to the pub­lic. The data­base was dis­cov­ered by Mac­K­eep­er researcher Chris Vick­ery on March 31, when he was search­ing for ran­dom phras­es on the domain s3.amazonaws.com. Once the data­base was dis­cov­ered, Vick­ery says he con­tact­ed the com­pa­ny and was con­nect­ed to a secu­ri­ty team who helped secure the data. Two days lat­er, Vick­ery said, he con­firmed that the prob­lem was resolved. Source: CSO Online

Large, teaching hospitals at risk for data breaches, report finds 

Larg­er hos­pi­tals and those with major teach­ing sta­tus are the most at-risk for a data breach, accord­ing to a report by the Jour­nal of the Amer­i­can Med­ical Asso­ci­a­tion. There were 216 hos­pi­tals includ­ed in the 1,798 breach­es that occurred from Oct. 21, 2009, to Dec. 31, 2016; more than a third were teach­ing hos­pi­tals. Addi­tion­al­ly, 33 hos­pi­tals, or 15 per­cent, report­ed more than one breach. Of 141 affect­ed acute care hos­pi­tals, 52 were major aca­d­e­m­ic med­ical cen­ters. About 20,000 patients were affect­ed in 24 of the 216 breached hos­pi­tals, and six hos­pi­tals had more than 60,000 breached patient records. Source: Health Care IT News