Tag Archives: activity

[ISN] Hacked at sea: Researchers find ships’ data recorders vulnerable to attack

arstechnica.com/information-technology/2015/12/hacked-at-sea-researchers-find-ships-data-recorders-vulnerable-to-attack/ By Sean Gallagher Ars Technica Dec 10, 2015 When the freighter El Faro was lost in a hurricane on October 1, one of the goals of the salvage operation was to recover its voyage data recorder (VDR)—the maritime equivalent of the “black box” carried aboard airliners. The VDR, required aboard all large commercial ships (and any passenger ships over 150 gross tons), collects a wealth of data about the ship’s systems as well as audio from the bridge of the ship, radio communications, radar, and navigation data. Writing its data to storage within a protective capsule with an acoustic beacon, the VDR is an essential part of investigating any incident at sea, acting as an automated version of a ship’s logbook. Sometimes, that data can be awfully inconvenient. While the data in the VDR is the property of the ship owner, it can be taken by an investigator in the event of an accident or other incident—and that may not always be in the ship owner’s (or crew’s) interest. The VDRs aboard the cruise ship Costa Concordia were used as evidence in the manslaughter trial of the ship’s captain and other crewmembers. Likewise, that data could be valuable to others—especially if it can be tapped into live. It turns out that some VDRs may not be very good witnesses. As a report recently published by the security firm IOActive points out, VDRs can be hacked, and their data can be stolen or destroyed. The US Coast Guard is developing policies to help defend against “transportation security incidents” caused by cyber-attacks against shipping, including issuing guidance to vessel operators on how to secure their systems and reviewing the design of required marine systems—including VDRs. That’s promising to be a tall order, especially taking the breadth of systems installed on the over 80,000 cargo and passenger vessels in the world. And given the types of criminal activity recently highlighted by the New York Times’ “Outlaw Ocean” reports, there’s plenty of reason for some ship operators to not want VDRs to be secure—including covering up environmental issues, incidents at sea with other vessels, and sometimes even murder. […]




Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] Secret DHS Audit Could Prove Governmentwide Hacker Surveillance Isn’t Really Governmentwide

www.nextgov.com/cybersecurity/2015/11/secret-dhs-audit-could-prove-governmentwide-network-surveillance-isnt-really-governmentwide/124018/ By Aliya Sternstein Nextgov.com November 25, 2015 A secret federal audit substantiates a Senate committee’s concerns about underuse of a governmentwide cyberthreat surveillance tool, the panel’s chairman says. The intrusion-prevention system, named EINSTEIN 3 Accelerated, garnered both ridicule and praise following a hack of 21.5 million records on national security employees and their relatives. The scanning tool failed to block the attack, on an Office of Personnel network, because it can only detect malicious activity that people have seen before. At OPM, the attackers, believed to be well-resourced Chinese cyber sleuths, used malware that security researchers and U.S. spies had never witnessed. Still, EINSTEIN came in handy, according to U.S. officials, after the OPM malware was identified through other monitoring tools. The Department of Homeland Security loaded EINSTEIN with the “indicators” of the attack pattern so it could scan for matching footprints on other government networks. […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] Secret DHS Audit Could Prove Governmentwide Hacker Surveillance Isn’t Really Governmentwide

www.nextgov.com/cybersecurity/2015/11/secret-dhs-audit-could-prove-governmentwide-network-surveillance-isnt-really-governmentwide/124018/ By Aliya Sternstein Nextgov.com November 25, 2015 A secret federal audit substantiates a Senate committee’s concerns about underuse of a governmentwide cyberthreat surveillance tool, the panel’s chairman says. The intrusion-prevention system, named EINSTEIN 3 Accelerated, garnered both ridicule and praise following a hack of 21.5 million records on national security employees and their relatives. The scanning tool failed to block the attack, on an Office of Personnel network, because it can only detect malicious activity that people have seen before. At OPM, the attackers, believed to be well-resourced Chinese cyber sleuths, used malware that security researchers and U.S. spies had never witnessed. Still, EINSTEIN came in handy, according to U.S. officials, after the OPM malware was identified through other monitoring tools. The Department of Homeland Security loaded EINSTEIN with the “indicators” of the attack pattern so it could scan for matching footprints on other government networks. […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] Guilty Plea in Morgan Stanley Insider Breach

http://www.bankinfosecurity.com/guilty-plea-in-morgan-stanley-insider-breach-a-8546 By Tracy Kitten @FraudBlogger Bank Info Security September 22, 2015 A former wealth management adviser at Morgan Stanley pleaded guilty this week to stealing confidential information linked to more than 700,000 client accounts over a period of several years. Some fraud-prevention experts say the investment banking firm could have taken steps to detect the suspicious insider activity sooner. Galen Marsh, who worked for the firm’s Manhattan office until he was fired in January 2015, told the U.S. District Court for the Southern District of New York on Sept. 21 that he illegally accessed account holders’ names, addresses and other personal information, along with investment values and earnings, from computer systems used by Morgan Stanley to manage confidential data, according to court records. Between June 2011 and December 2014, Marsh conducted nearly 6,000 unauthorized searches of confidential client information and then uploaded the information on 730,000 clients to a server at his home in New Jersey, the court documents show. […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] Russian Spy Gang Hijacks Satellite Links to Steal Data

http://www.wired.com/2015/09/turla-russian-espionage-gang-hijacks-satellite-connections-to-steal-data/ By Kim Zetter Security Wired.com 09.09.15 IF YOU’RE A state-sponsored hacker siphoning data from targeted computers, the last thing you want is for someone to locate your command-and-control server and shut it down, halting your ability to communicate with infected machines and steal data. So the Russian-speaking spy gang known as Turla have found a solution to this—hijacking the satellite IP addresses of legitimate users to use them to steal data from other infected machines in a way that hides their command server. Researchers at Kaspersky Lab have found evidence that the Turla gang has been using the covert technique since at least 2007. Turla is a sophisticated cyber-espionage group, believed to be sponsored by the Russian government, that has for more than a decade targeted government agencies, embassies, and militaries in more than 40 countries, including Kazakhstan, China, Vietnam, and the US, but with a particular emphasis on countries in the former Eastern Bloc. The Turla gang uses a number of techniques to infect systems and steal data, but for some of its most high-profile targets, the group appears to use a satellite-based communication technique to help hide the location of their command servers, according to Kaspersky researchers. Ordinarily, hackers will lease a server or hack one to use as a command station, sometimes routing their activity through multiple proxy machines to hide the location of the command server. But these command-and-control servers can still often be traced to their hosting provider and taken down and seized for forensic evidence. […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] Smart refrigerator hack exposes Gmail login credentials

http://www.networkworld.com/article/2976270/internet-of-things/smart-refrigerator-hack-exposes-gmail-login-credentials.html By Colin Neagle Network World Aug 26, 2015 A team of hackers recently discovered a man-in-the-middle vulnerability in a Samsung smart refrigerator that can be exploited to steal Gmail users’ login credentials, The Register reported this week. Hackers from security company Pen Test Partners discovered the flaw while participating in an Internet of Things (IoT) hacking challenge at the Def Con security conference earlier this month. The smart refrigerator, Samsung model RF28HMELBSR, is designed to integrate the user’s Gmail Calendar with its display. Samsung implemented SSL to secure the Gmail integration, but the hackers found that the device does not validate SSL certificates, opening the opportunity for hackers to access the network and monitor activity for the user name and password used to link the refrigerator to Gmail. “While SSL is in place, the fridge fails to validate the certificate,” Ken Muro, a security researcher at Pen Test Partners, told The Register. “Hence, hackers who manage to access the network that the fridge is on (perhaps through a de-authentication and fake Wi-Fi access point attack) can Man-In-The-Middle the fridge calendar client and steal Google login credentials from their neighbors, for example.” […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] Developing a Proportionate Response to a Cyber Incident

http://www.cfr.org/cybersecurity/developing-proportionate-response-cyber-incident/p36927 By Tobias Feakin Senior Analyst and Director International Cyber Policy Centre Australian Strategic Policy Institute Council on Foreign Relations Press August 2015 As offensive cyber activity becomes more prevalent, policymakers will be challenged to develop proportionate responses to disruptive or destructive attacks. Already, there has been significant pressure to “do something” in light of the allegedly state-sponsored attacks on Sony Pictures Entertainment and the Sands Casino. But finding a timely, proportionate, legal, and discriminatory response is complicated by the difficulty in assessing the damage to national interests and the frequent use of proxies. Perpetrators have plausible deniability, frustrating efforts to assign responsibility. Past experience suggests that most policy responses have been ad hoc. In determining the appropriate response to a state-sponsored cyber incident, policymakers will need to consider three variables: the intelligence community’s confidence in its attribution of responsibility, the impact of the incident, and the levers of national power at a state’s disposal. While these variables will help guide responses to a disruptive or destructive cyberattack, policymakers will also need to take two steps before an incident occurs. First, policymakers will need to work with the private sector to determine the effect of an incident on their operations. Second, governments need to develop a menu of preplanned response options and assess the potential impact of any response on political, economic, intelligence, and military interests. […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] High-Profile Patients Prompt Internal Health Data Breaches

http://healthitsecurity.com/news/high-profile-patients-prompt-internal-health-data-breaches By Sara Heath HealthITSecurity.com August 21, 2015 No matter the many safeguards against hacking and cyberattacks are put into place in hospital records, sometimes hospitals need to protect against their own employees’ nosiness as well. Such was the case for the Carilion Clinic, a not-for-profit clinic located in Roanoke, VA. According to a Roanoke Times report, Carilion has disciplined or fired 14 employees for looking at a high-profile patient file that they had not been given access to. Although Chris Turnbull, a clinic spokesperson, did not identify the employees or the patient whose information was breached, he did explain that patient files tend to be handled by many people in the clinic and that the clinic has compliance officers who monitor the file activity. Whenever an employee accesses the file, the filing system documents the activity and tracks whether the employee had viable cause to access the file. Compliance officers are in charge of tracking privacy concerns by accepting complaints or monitoring high-profile patients. Carilion Clinic is a HIPAA-covered entity and adhered to appropriate disciplinary standards in properly punishing employees or terminating their employment. The Roanoke Times report did not disclose which, or how many, employees were fired. Under HIPAA, these employees may also face criminal prosecution, a $50,000 fine, or a one-year prison sentence. […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail