Everything related to Computer Security - Security Audits, Security Vulnerabilities, Intrusion Detection, Incident Handling, Forensics and Investigation, Information Security Policies, and a whole lot more.
Hacking of Government Computers Exposed 21.5 Million People New York Times (07/10/15) Davis, Julie Hirschfeld
The Office of Personnel Management (OPM) on Thursday revealed that the records of some 21.5 million people were compromised in a breach of the agency’s computer system related to, but separate from, the breach that exposed 4.2 million federal employees’ records earlier this year. The agency said that everyone who underwent a government background check in the last 15 years was likely affected. This includes 19.7 million people who were subjected to a government background check and 1.8 million others, including those people’s family and friends. The stolen records range from Social Security numbers and addresses, to biometric data and travel histories. Both attacks are believed to have originated in China, but Obama administration officials declined to point fingers at a specific perpetrator. The breaches were first discovered in April in the course of OPM’s efforts to modernize its systems, according to Andy Ozment, a top Homeland Security official. The initial 4.2 million records were stolen from an Interior Department network being used by OPM, while the wider breach of background check data resulted from a separate intrusion into OPM’s own network. Ozment says that the attackers gained access to both systems through a compromised contractor credential.
The Stock Market Bell Rings, Computers Fail, Wall Street Cringes New York Times (07/09/15) Popper, Nathaniel
Trading on the New York Stock Exchange (NYSE) was halted for nearly four hours on Wednesday due to a software bug. Issues began early in the day with orders for several small stocks failed to go through. This issue initially appeared to have been fixed, but then reappeared and spread later in the morning. Anonymous sources say that NYSE employees were panicked, saying they had "lost control of the system." Ultimately trading was halted at 11:32 a.m. Thousands of trades had to be canceled manually before the system could be rebooted, which took 45 minutes. Several hours after the exchange came back up around 3:10 p.m., NYSE put out a statement attributing the outage to a "configuration issue." Federal regulators and law enforcement closely monitored the situation throughout the day for any possible sign that the outage was the result of an outside attack, but ultimately saw nothing to suggest that it was anything other than an internal software error. Software bugs caused issues in other areas on Wednesday, grounding United Airlines fleet of jets for several hours and making it difficult to access the Wall Street Journal home page.
Hacking Team, the Surveillance Tech Firm, Gets Hacked Wall Street Journal (07/07/15) Valentino-Devries, Jennifer; Yadron, Danny
Italian company Hacking Team, which sells software that allows governments to hack into computers, became the target of a hack itself. Company documents and files posted late Sunday indicate that Hacking Team sold surveillance technology to dozens of countries that include the United States, Sudan, Egypt, and Russia. The company is one of several that sell surveillance tools to law enforcement that allow investigators to obtain information even if targets encrypt it. The industry has been criticized over allegations that the software is used by repressive regimes to target dissidents and journalists. Hacking Team says on its website, however, that it does not sell to countries if there are “credible concerns” that products will be used in human-rights violations. Among the documents posted online, there appears to be a 2012 invoice to InfoTeCS JSC, a Russian computer-security company. Other documents indicate possible sales to Sudan, which has been accused of torture and is under a United Nations arms embargo. Posted documents also appear to show sales of software licenses and maintenance to U.S. agencies, such as the FBI and Drug Enforcement Administration.
U.S. Agencies Conduct Cyberwar Games Wall Street Journal (07/06/15) Paletta, Damian
Several U.S. agencies that included the Pentagon, Department of Homeland Security, and National Security Agency joined U.K. officials and several private companies to conduct a three-week cyber war game in June. The exercise, held at a military facility in Virginia, tested 14 teams on various simulated attacks on two continents. Dubbed “Cyber Guard,” the training exercise currently is held once a year, but Pentagon officials intend to increase that frequency. For the first time, this year's exercises included private participants, such as banking and energy officials, because the U.S. government was looking to test industries that may have to respond to a major cyberattack. Scenarios included a major earthquake hitting southern California, cyberattacks that led to oil and gas pipeline disruption, interference at a major commercial port, attacks on Pentagon networks, and a freeze on banks. The teams dealt with cyberattacks that could have been staged by unsophisticated hackers and complex attacks by foreign countries.
Data Security Challenges and Opportunities Computerworld (07/06/15) Walia, Amit
Even as organizations perceive more risks to their data they say they have less confidence in their ability to keep track of their sensitive data's location, value, and the risk of its exposure, according to a new report from Informatica and the Ponemon Institute. The report expects this trend to continue for the foreseeable future for several reasons. The ongoing monetization of data in online black markets gives attackers an incentive to steal data at the same time the rise of the cloud, analytics, and mobile is driving the creation of more data. The report suggests organizations assume that at some point an attack will be successful and to take steps to reduce the impact and magnitude of such an attack. It recommends doing this by assuming a “data-centric security” approach focused on gaining visibility into the organizations data. This first involves data security intelligence, which includes methods that provide organization with a comprehensive view of its data landscape and a real-time idea of the organization's sensitive data risk. This is then a paired with several data protection methods such as encryption, data masking, tokenization, and access controls.
FBI Director: Potential July 4 Terror Plots Disrupted Wall Street Journal (07/09/15) Paletta, Damian
A series of arrests prevented suspects inspired by Islamic State (ISIS) from launching terror attacks around July 4, FBI Director James Comey said Thursday. He said that law-enforcement officials have arrested at least 10 people in recent weeks, and are pursuing leads as ISIS uses social media to gather followers. Comey did not offer details of the suspected plots, and did not say for sure that they had been coordinated or directed by ISIS militants overseas. He did say that ISIS members may engage with Americans on social media, and eventually take their conversation into secure, encrypted networks that evade FBI surveillance. FBI officials, Comey said, have tried to find patterns in the types of Americans willing to support ISIS, but no major similarities have been found. Security officials are debating whether or no to do more to block suspected ISIS supporters from social networks such as Twitter, because it may be more useful to allow them to retain access so that the FBI can more easily track their communications.
At Least 7 Killed in Chicago Shootings Associated Press (07/06/15)
At least seven people were killed by gun violence over the 4th of July weekend in Chicago this year, including a seven-year-old boy who was celebrating the holiday with his family. Police say that Amari Brown was hit during a shooting that targeted his father, who was described as a "ranking gang member." Brown was killed during an eight-hour span late July 4 into early July 5 during which three people were killed and more than two dozen suffered gunshot wounds. Several of the shootings that took place between 9:20 p.m. and 5:15 a.m. involved multiple people. The Chicago Tribune reported that in total seven people were killed and 41 people wounded by gun violence over the three day weekend. Those killed included two men who were killed after dawn on Sunday when their sports utility vehicle crashed after someone fired on it. Despite the high numbers, gun violence was actually down significantly compared to last year's 4th of July weekend, when 82 people were shot, 16 of them fatally, over the course of 84 hours.
Minnesota's Somali-Americans Urge New Treatment for Would-Be Terrorists New York Times (07/09/15) P. A14 Smith, Mitch
The large Somali immigrant community in Minneapolis is a target for recruiters for terror groups such as Al Shabaab and Islamic State (ISIS), leading to at least 30 arrests and questions about how to deradicalize these communities' young people. Some Muslim leaders argue that community engagement with clerics and relatives can help keep them away from the lure of militant Islamic groups. On Wednesday, U.S. District Judge Michael J. Davis in Minneapolis ordered three young men accused of plotting to fight for ISIS to be kept in detention while awaiting trial. Davis, however, was willing to revisit his decision when the defense argued that the men should be entrusted to their families and Somali-American leaders. Keeping vulnerable young people in their communities and insulated from the lure of radicalism could be an effective counterpoint to propaganda that the U.S. justice system is anti-Muslim and merely punitive, many Muslim leaders say. Some lawyers have suggested that would-be terrorists join community groups to help other immigrants, coach sports teams, receive mentoring, or attend local mosques to receive counsel and structure. There is still a limited precedent for considering pretrial release in terrorism cases.
In Sudan, Peacekeepers' Weapons Have Repeatedly Fallen Into Militants' Hands Washington Post (07/08/15) Gibbons-Neff, Thomas
A report by the Geneva-based research group Small Arms Survey found that United Nations and African Union peacekeeping forces in East Africa have repeatedly allowed their weapons to fall into the possession of armed groups responsible for the region's violence. The report found that more than 500 weapons and nearly 1 million rounds of ammunition have been taken from peacekeeping patrols, bases, and supply convoys in Sudan and South Sudan in 2005-2014. Eric Berman, former U.N. peacekeeper and principal author of the report, suggested that actual weapons losses may exceed those documented in the report. An anonymous U.N. official says that the United Nations has made efforts to improve the effectiveness of its peacekeeping units. The report recommends extra training for units on managing weapons stockpiles and more thorough reporting of inventories after missions are complete. Berman noted that improved transparency could allow organizations to track seized weapons outside the zones in which they were taken.
200 Detonators, Explosives Stolen From French Military Site Associated Press (07/06/15)
Roughly 200 detonators plus grenades and plastic explosives have been stolen from a military site in southeastern France, officials said. French authorities are investigating the thefts at the Miramas site, which appeared to have occurred overnight from Sunday to Monday. An official with the gendarmerie police force, which generally runs law enforcement in more rural areas of France, said the thief or thieves appeared to have cut through a fence to enter the high-security site. The break-in comes as France has strengthened its security measures after two deadly attacks by extremists this year.
Cyber Attack on U.S. Power Grid Could Cost Economy $1 Trillion: Report New York Times (07/08/15) Cohn, Carolyn
If a cyberattack shuts down parts of the U.S. power grid, it could cost the nation's economy as much as $1 trillion, according to a report from the University of Cambridge Centre for Risk Studies and the Lloyd's of London insurance market. The losses are estimated over a five-year time period. The report describes a hypothetical electricity blackout, in which 93 million people in New York City and Washington, D.C., lose power. Such an attack could increase mortality rates due to the failure of health and safety systems, cause a drop in trade as ports shut down, and disrupt infrastructure. This scenario is technologically possible, and insurers should be prepared, the report said. Although many company executives have become more concerned about security breaches, recent surveys suggest they remain unconvinced about the value of cyberinsurance. "The evidence of major attacks during 2014 suggests that attackers were often able to exploit vulnerabilities faster than defenders could remedy them," wrote Tom Bolt, director of performance management at Lloyd's.
Survey: Many Consumers Worry About Safety of Financial Info Associated Press (07/09/15)
A new phone survey commissioned by MasterCard found that 77 percent of the 1,000 people polled say they are worried about their financial information being compromised. The same percentage of people say they are worried about their Social Security number being stolen. Still, 46 percent of those surveyed say they rarely or never change their password for their financial accounts and 44 percent say they use the same password for multiple accounts. Thirty-nine percent say they use public networks to access their financial information and experts say habits like this make people a target for hackers.
China Mulls Privacy Protection, Further Curbs on Internet Associated Press (07/08/15)
Chinese authorities have proposed a vaguely worded Internet security law that would allow authorities to restrict Internet access to maintain public order. China has some of the most restrictive Internet controls and the government espouses the concept of Internet sovereignty, treating its portion of cyberspace as its territory. The draft adds that access to the Internet can be restricted when there is a threat to public security. It has been routine for China's Internet operators to remove posts regarding public protests. The proposed law also states Internet operators are obligated to protect users' personal data and not disseminate harmful information, which can include criticism of the ruling Communist Party and the government.
FBI Chief Punches Back on Encryption Wall Street Journal (07/07/15) Paletta, Damian
FBI Director James Comey warned that terrorist groups such as Islamic State (ISIS) could use message encryption to recruit “troubled Americans.” Because of this, Comey said, the nation needs to have a “robust debate” about the method's use by technology firms. A large coalition that includes tech firms such as Apple Inc. and Google Inc. wrote to President Barack Obama on June 8 to express concern about new policies that could allow the government to weaken the encryption of text messages or emails. Comey said that the costs of “going dark,” in which communications are made completely inaccessible to law enforcement, could include the inability of law enforcement to track messages sent by terrorist recruiters. Recent years have seen technology companies making significant advances in transmitting encrypted information. Google reported that 80 percent of messages from its Gmail program to non-Gmail addresses were encrypted in the past month, up from around 75% last year, and Apple has said that it uses “end-to-end” encryption on iMessage and FaceTime that even the company cannot break. Many technology firms have opposed Comey's warnings about the use of encryption, saying that their service protects civil liberties.
WikiLeaks: NSA Spied on Brazil's President The Hill (07/04/15) Hensch, Mark
On July 4, WikiLeaks disclosed documents stating that the National Security Agency (NSA) spied on Brazilian President Dilma Rousseff, her secretary, her chief of staff, and other top Brazilian government officials. WikiLeaks said the NSA eavesdropped on 29 critical Brazilian phone numbers. It also wiretapped phone numbers of Brazil's foreign minister, ambassadors, and military chiefs. The initiative targeted the head of Brazil's Central Bank. The leak follows reports that the NSA also allegedly spied on Germany's media.