Tag Archives: theft

[ISN] Anthem Breach Evidence Points to China, Security Researchers Say

http://www.eweek.com/security/anthem-breach-evidence-points-to-china-security-researchers-say.html By Robert Lemos eWEEK.com 2015-02-28 A new open-source intelligence analysis of the breach of health insurer Anthem has reinforced theories that the data theft leads back to a Chinese espionage program, security firm ThreatConnect stated on Feb. 27. In the report, which is based on public sources or “open-source” intelligence, security researchers at ThreatConnect and other companies found technical evidence that linked the malware reportedly used in the Anthem attack to a Chinese espionage group and a professor at Southeast University, which works with a government contractor, Beijing Topsec Technology Co. A variety of evidence—including email addresses, domains registered for the command-and-control servers and the certificate used to sign the malware—led back to the trio of actors, Rich Barger, chief intelligence officer for ThreatConnect, told eWEEK. “All of this evidence, from the technical aspect, pointed back to China in numerous ways despite the actors’ best efforts to shroud their origins,” Barger said. “They made an effort to hide, but they messed up.” […]




Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] Obama talks cybersecurity, but Federal IT system breaches increasing [Updated]

http://arstechnica.com/tech-policy/2015/01/obama-talks-cybersecurity-but-federal-it-systems-breaches-increase/ By David Kravets Ars Technica Jan 20, 2015 Update: This post was updated Tuesday evening to reflect comments the president made during his State of the Union address: President Barack Obama urged Congress and the American public to embrace cyber security legislation during his State of the Union address Tuesday evening. The Cyber Intelligence Sharing and Protection Act, known as CISPA, was unveiled by Obama a week ago and is controversial because it allows companies to share cyber threat information with the Department of Homeland Security—data that might include their customers’ private information. “No foreign nation, no hacker, should be able to shut down our networks, steal our trade secrets, or invade the privacy of American families, especially our kids. We are making sure our government integrates intelligence to combat cyber threats, just as we have done to combat terrorism. So tonight, I urge this Congress to finally pass the legislation we need to better meet the evolving threat of cyber-attacks, combat identity theft, and protect our children’s information. That should be a bipartsan effort. If we don’t act, we’ll leave our nation and our economy vulnerable. If we do, we can continue to protect the technologies that have unleashed untold opportunities for people around the globe,” the president said without identifying his CISPA proposal and others by name. New research out earlier Tuesday from George Mason University, however, calls into question how effective Obama’s proposal would be. That’s because the federal government’s IT professionals as a whole have “a poor track record in maintaining good cybersecurity and information-sharing practices.” What’s more, the federal bureaucracy “systematically” fails to meet its own federal cybersecurity standards despite billions of dollars in funding. According to a paper by Eli Dourado, a George Mason research fellow, and Andrea Castillo, manager of the university’s Technology Policy Program: […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] Sony hack was good news for INSURERS and INVESTORS

http://www.theregister.co.uk/2015/01/15/sony_hack_was_good_news_for_insurers_and_investors/ By Mark Pesce The Register 15 Jan 2015 Whoever hacked Sony Entertainment at the end of November changed information security forever. Where once hackers had been most concerned to gain access to the honeypots of credit cards and bank accounts, this theft had a different goal, one that became clear with the steady release of Sony’s most intimate secrets throughout December. This wasn’t about money. This was all about humiliation. We now know way too much about the inner workings of one of the ‘Big Four’ film studios. The magic of cinema looks weak and ugly under close examination. Everything that once seemed lofty and businesslike has been exposed as little more than high school politics and juvenile name-calling. In the back of our heads, we wonder if the rich and powerful talk always trash outside the spotlight. Is Sony the exception


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] How sloppy security exposed Apple’s super-secret product plans

http://www.cultofmac.com/308478/confidential-apple-product-plans-quanta/ By Leander Kahney Cult of Mac Jan 9, 2015 Incredibly sloppy security at one of Apple’s key suppliers exposed some of Cupertino’s most closely guarded secrets to anybody who could conduct a simple Google search. For months, one of Quanta Computer‘s internal databases could be accessed using usernames and a default password published in a PowerPoint presentation easily found on the Web. Quanta, based in Taiwan, is the world’s largest notebook manufacturer. In addition to Apple, Quanta assembles laptops and ultrabooks for dozens of companies, including Dell, Hewlett-Packard, Sharp and Sony. The company is also supposedly assembling the upcoming Apple Watch and the long-rumored iPad Pro, though no official announcements have been made. The security lapse comes at a time of rapidly accelerating hacking incidents and cyberattacks, from credit card breaches and celebrity nude selfie leaks to the damaging theft of Sony’s most sensitive corporate data. The fact that the confidential plans of a company as secretive as Apple can be laid bare through a series of security missteps illustrates just how difficult it is to safeguard information in the digital era. […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] FBI wants you to become a cyber agent

http://www.networkworld.com/article/2863395/security0/fbi-wants-you-to-become-a-cyber-agent.html By Michael Cooney LAYER 8 Network World Jan 5, 2015 With its increased emphasis on Internet crime it might come as small surprise the FBI is now looking to bulk –up its cyber agent workforce. The agency in a job posting that is open until Jan. 20 said it has “many vacancies” for cyber special agents to investigate all manner of cyber crimes from website hacks and data theft to botnets and denial of service attacks. To keep pace with the evolving threat, the Bureau is appealing to experienced and certified cyber experts to consider joining the FBI to apply their well-honed tradecraft as cyber special agents, the agency stated. Key requirements to be a special agent include passing a rigorous background check and fitness test. Agents must be at least 23 and no older than 37. Prospective cyber special agents are expected to meet the same threshold as special agents, but also have a wealth of experience in computers and technology. Preferred backgrounds include computer programming and security, database administration, malware analysis, digital forensics, and even ethical hacking. An extensive list of sought-after backgrounds and certifications can be seen on the job posting, the FBI noted. […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] PHI of 485K swiped in USPS data breach

http://www.healthcareitnews.com/news/phi-485k-swiped-usps-data-breach By Erin McCann Managing Editor Healthcare IT News January 5, 2015 What United States Postal Service officials originally reported as a “cybersecurity intrusion” that compromised the Social Security numbers of some 800,000 USPS employees, turned out to be even bigger than they thought, involving scores of protected health records too. The cyberattack, which targeted USPS information systems, compromised employee Social Security numbers, addresses and dates of birth. However, upon a “continuing” investigation, USPS officials discovered the cyberattack also involved a compromise of current and former employee injury claim data, according to a USPS patient notification letter provided to Healthcare IT News. The file hacked contained injury compensation claims dating as far back as November 1980. “We are unaware of any evidence that any of the compromised employee information has been used to engage in any malicious activity, such as identity theft crimes,” wrote Jeffrey Williamson, USPS chief human resources officer, in the Dec. 10 letter. […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] A Hacker’s Hit List of American Infrastructure

http://www.theatlantic.com/technology/archive/2015/01/a-hackers-hit-list-of-american-infrastructure/384166/ By Patrick Tucker The Atlantic Jan 2, 2015 On Friday, December 19, the FBI officially named North Korea as the party responsible for a cyber attack and email theft against Sony Pictures. The Sony hack saw many studio executives’s sensitive and embarrassing emails leaked online. The hackers threatened to attack theaters on the opening day of the offending film, The Interview, and Sony pulled the plug on the movie, effectively censoring a major Hollywood studio. (Sony partially reversed course, allowing the movie to show in 331 independent theaters on Christmas Day, and to be streamed online.) Technology journalists were quick to point out that, even though the cyber attack could be attributable to a nation state actor, it wasn’t particularly sophisticated. Ars Technica’s Sean Gallagher likened it to a “software pipe bomb.” But according to cyber-security professionals, the Sony hack may be a prelude to a cyber attack on United States infrastructure that could occur in 2015, as a result of a very different, self-inflicted document dump from the Department of Homeland Security in July. Here’s the background: On July 3, DHS, which plays “key role” in responding to cyber-attacks on the nation, replied to a Freedom of Information Act (FOIA) request on a malware attack on Google called “Operation Aurora.” Unfortunately, as Threatpost writer Dennis Fisher reports, DHS officials made a grave error in their response. DHS released more than 800 pages of documents related not to Operation Aurora but rather the Aurora Project, a 2007 research effort led by Idaho National Laboratory demonstrating how easy it was to hack elements in power and water systems. Oops. […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] Roll up, come see the BOOMING HACKER BAZAAR!

http://www.theregister.co.uk/2014/12/15/roll_up_come_see_the_booming_hacker_bazaar/ By John Leyden The Register 15 Dec 2014 Underground hacker markets are booming with counterfeit documents, premiere credit cards, hacker tutorials, and “complete satisfaction guarantees”, according to a new report from Dell SecureWorks. The means to create a false identity are easily purchased through the cracker bazaars. A fake social security card can be obtain for around $200, with supporting documents as additional proof of ID offered for an additional charge. Between December last year and this June, over 1,500 fake driver’s licences were purchased from a criminal network monitored by Dell researchers at a net cost of $232,660. Dell SecureWorks’ Counter Threat Unit (CTU) director of malware research Joe Stewart and SecureWorks network security analyst David Shear completed a similar study of the underground hacker market last year. They revisited the hacker underground to see if prices for stolen credit cards, fullz (a dossier of an individual’s credentials which can be used to commit identity theft and fraud), bank accounts, and hacker services had gone up or down in price. […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail