Tag Archives: monitoring

[ISN] Flint hospital hit with cyber attack after hacker group Anonymous promises action on water crisis

www.healthcareitnews.com/news/flint-hospital-hit-cyber-attack-after-hacker-group-anonymous-promises-action-water-crisis By Mike Miliard Health Care IT News January 25, 2016 Flint, Michigan-based Hurley Medical Center was targeted with a cyber attack this past week, soon after the hacktivist group Anonymous released a video promising “justice” for the city’s ongoing water crisis. The attack was confirmed by the hospital on Jan. 21. “Hurley Medical Center has IT systems in place, which aid in detecting a virus or cyber attack,” spokeswoman Ilene Cantor said, according to MLive. “As such, all policies and protocols were followed in relation to the most-recent cyber attack on our system. Patient care was not compromised and we are closely monitoring all systems to ensure IT security is consistently maintained.” Anonymous’ posted a video online launching what it dubbed the #OpFlint campaign. […]




Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] Secret DHS Audit Could Prove Governmentwide Hacker Surveillance Isn’t Really Governmentwide

www.nextgov.com/cybersecurity/2015/11/secret-dhs-audit-could-prove-governmentwide-network-surveillance-isnt-really-governmentwide/124018/ By Aliya Sternstein Nextgov.com November 25, 2015 A secret federal audit substantiates a Senate committee’s concerns about underuse of a governmentwide cyberthreat surveillance tool, the panel’s chairman says. The intrusion-prevention system, named EINSTEIN 3 Accelerated, garnered both ridicule and praise following a hack of 21.5 million records on national security employees and their relatives. The scanning tool failed to block the attack, on an Office of Personnel network, because it can only detect malicious activity that people have seen before. At OPM, the attackers, believed to be well-resourced Chinese cyber sleuths, used malware that security researchers and U.S. spies had never witnessed. Still, EINSTEIN came in handy, according to U.S. officials, after the OPM malware was identified through other monitoring tools. The Department of Homeland Security loaded EINSTEIN with the “indicators” of the attack pattern so it could scan for matching footprints on other government networks. […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] Secret DHS Audit Could Prove Governmentwide Hacker Surveillance Isn’t Really Governmentwide

www.nextgov.com/cybersecurity/2015/11/secret-dhs-audit-could-prove-governmentwide-network-surveillance-isnt-really-governmentwide/124018/ By Aliya Sternstein Nextgov.com November 25, 2015 A secret federal audit substantiates a Senate committee’s concerns about underuse of a governmentwide cyberthreat surveillance tool, the panel’s chairman says. The intrusion-prevention system, named EINSTEIN 3 Accelerated, garnered both ridicule and praise following a hack of 21.5 million records on national security employees and their relatives. The scanning tool failed to block the attack, on an Office of Personnel network, because it can only detect malicious activity that people have seen before. At OPM, the attackers, believed to be well-resourced Chinese cyber sleuths, used malware that security researchers and U.S. spies had never witnessed. Still, EINSTEIN came in handy, according to U.S. officials, after the OPM malware was identified through other monitoring tools. The Department of Homeland Security loaded EINSTEIN with the “indicators” of the attack pattern so it could scan for matching footprints on other government networks. […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] Report finds many nuclear power plant systems “insecure by design”

arstechnica.com/security/2015/10/report-finds-many-nuclear-power-plant-systems-insecure-by-design/ By Sean Gallagher Ars Technica Oct 8, 2015 A study of the information security measures at civilian nuclear energy facilities around the world found a wide range of problems at many facilities that could leave them vulnerable to attacks on industrial control systems—potentially causing interruptions in electrical power or even damage to the reactors themselves. The study, undertaken by Caroline Baylon, David Livingstone, and Roger Brunt of the UK international affairs think tank Chatham House, found that many nuclear power plants’ systems were “insecure by design” and vulnerable to attacks that could have wide-ranging impacts in the physical world—including the disruption of the electrical power grid and the release of “significant quantities of ionizing radiation.” It would not require an attack with the sophistication of Stuxnet to do significant damage, the researchers suggested, based on the poor security present at many plants and the track record of incidents already caused by software. The researchers found that many nuclear power plant systems were not “air gapped” from the Internet and that they had virtual private network access that operators were “sometimes unaware of.” And in facilities that did have physical partitioning from the Internet, those measures could be circumvented with a flash drive or other portable media introduced into their onsite network—something that would be entirely too simple given the security posture of many civilian nuclear operators. The use of personal devices on plant networks and other gaps in security could easily introduce malware into nuclear plants’ networks, the researchers warned. The security strategies of many operators examined in the report were “reactive rather than proactive,” the Chatham House researchers noted, meaning that there was little in the way of monitoring of systems for anomalies that might warn of a cyber-attack on a facility. An attack could be well underway before it was detected. And because of poor training around information sec […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] Clinton secrets hacked by spy in bag

http://www.thesun.co.uk/sol/homepage/features/6613428/Secrets-of-MI6-spy-found-dead-in-bag-revealed.html EXCLUSIVE by TOM MORGAN The Sun August 30, 2015 THE MI6 spy found dead in a holdall had illegally hacked into secret data on Bill Clinton, The Sun on Sunday can reveal. Gareth Williams, 31, dug out the guestlist for an event the former American president was going to as a favour for a pal. The codebreaker — who had breached his security clearance — handed the list to the friend, who was also to be a guest. MI6 bosses raged over the data breach amid growing tensions with US security services over Mr Williams’s transatlantic work. Today, just over five years since his body was found inside a padlocked bag, his death remains one of Britain’s most mysterious unsolved cases. The Sun on Sunday can reveal that voicemail messages Mr Williams left for family and pals were deleted in the days after his death. And a rival agent may also have broken into the flat to destroy or remove evidence. The inquest was barred from discussing Mr Williams’s work in public. But sources say he was helping on the joint monitoring network Echelon, which uses sophisticated programs to eavesdrop on terrorists and criminal gangs, particularly those in Russia. […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] High-Profile Patients Prompt Internal Health Data Breaches

http://healthitsecurity.com/news/high-profile-patients-prompt-internal-health-data-breaches By Sara Heath HealthITSecurity.com August 21, 2015 No matter the many safeguards against hacking and cyberattacks are put into place in hospital records, sometimes hospitals need to protect against their own employees’ nosiness as well. Such was the case for the Carilion Clinic, a not-for-profit clinic located in Roanoke, VA. According to a Roanoke Times report, Carilion has disciplined or fired 14 employees for looking at a high-profile patient file that they had not been given access to. Although Chris Turnbull, a clinic spokesperson, did not identify the employees or the patient whose information was breached, he did explain that patient files tend to be handled by many people in the clinic and that the clinic has compliance officers who monitor the file activity. Whenever an employee accesses the file, the filing system documents the activity and tracks whether the employee had viable cause to access the file. Compliance officers are in charge of tracking privacy concerns by accepting complaints or monitoring high-profile patients. Carilion Clinic is a HIPAA-covered entity and adhered to appropriate disciplinary standards in properly punishing employees or terminating their employment. The Roanoke Times report did not disclose which, or how many, employees were fired. Under HIPAA, these employees may also face criminal prosecution, a $50,000 fine, or a one-year prison sentence. […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] Report: Hack of government employee records discovered by product demo

http://arstechnica.com/security/2015/06/report-hack-of-government-employee-records-discovered-by-product-demo/ By Sean Gallagher Ars Technica June 11, 2015 As officials of the Obama administration announced that millions of sensitive records associated with current and past federal employees and contractors had been exposed by a long-running infiltration of the networks and systems of the Office of Personnel Management on June 4, they claimed the breach had been found during a government effort to correct problems with OPM’s security. An OPM statement on the attack said that the agency discovered the breach as it had “undertaken an aggressive effort to update its cybersecurity posture.” And a DHS spokesperson told Ars that “interagency partners” were helping the OPM improve its network monitoring “through which OPM detected new malicious activity affecting its information technology systems and data in April 2015.” Those statements may not be entirely accurate. According to a Wall Street Journal report, the breach was indeed discovered in April. But according to sources who spoke to the WSJ’s Damian Paletta and Siobhan Hughes, it was in fact discovered during a sales demonstration of a network forensics software package called CyFIR by its developer, CyTech Services. “CyTech, trying to show OPM how its cybersecurity product worked, ran a diagnostics study on OPM’s network and discovered malware was embedded on the network,” Paletta and Hughes reported. And, according to federal investigators, that malware may have been in place for over a year. US intelligence agencies have joined the investigation into the breach. But it’s still not even clear what data was accessed by the attackers. Meanwhile, the breach has triggered outrage from unions representing federal employees. In a letter to OPM Director Katherine Archuleta, American Federation of Government Employees president J. David Cox expressed displeasure at the way OPM had handled the breach, calling the 18 months of credit monitoring and $1 million liability insurance OPM is offering federal employees “entirely inadequate, either as compensation or protection from harm.” […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] Strategic Friendship in Asymmetric Domain)

http://www.pircenter.org/en/blog/view/id/208 By Oleg Demidov PIR Center 09.05.2015 The bilateral intergovernmental Russian-Chinese agreement on cooperation in the field of international information security which was signed on May 8, 2015 during the visit to Moscow of Xi Jinping, General Secretary of the CPC and the President of China, could potentially become an important milestone in Russia’s strategy of pivoting to the East. Though in its current state the agreement rather provides a general cooperation framework, it also provides a broad range of directions for further practical cooperation steps and efforts between the two countries. It primarily focuses on systemic information exchange between special services of the two states, joint monitoring and prevention of escalation of serious incidents and especially conflicts in cyberspace, ensuring and strengthening cybersecurity of critical infrastructures, countering ICT-enabled forms and methods of terrorism, exchange of expertise and academic knowledge on cybersecurity, etc. A strong focus in made on joining efforts in countering the unlawful use of ICTs targeted at “undermining of social order, political and social stability, provoking extremism, hate and social unrest”, and even (and this is something quite new even for Russian doctrines, let alone intergovernmental agreements) “threatening to the spiritual sphere” of the two nations. Noteworthy, the agreement for the first time for a Russian official international document operates with the notion of strategic stability with regard to cyberspace and information security. Previously, a more broad and vague notion of ICT-enabled threats to international peace and security was used. Something distinct from a mere terminological equilibristic, this conceptual update serves as an indicator of the fact that Moscow now truly regards China as a strategic partner in the dialogue on political and military dimension of cybersecurity. The discourse of strategic stability was always linked to the issues of WMD strategic balance and (in Russian view) strategic antimissile defense. Now cybersecurity has a strong presence in this “elite club” of ultimate global security factors in the Russian strategic thinking, and first intergovernmental manifestation of this paradigm is addressed to and agreed with China. Accidentally or not, this aspect reveals interesting intersections with the recently published updated DoD’s Strategy for Cyberspace, which has replaced the previous document from 2011, even having in mind that an intergovernmental agreement and a national strategy are very different documents in terms of their scope and purposes. […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail