Category Archives: Incident of the Week

Kaseya VSA Cyberattack: What Kaseya and the Feds Are Saying

If you aren’t following the ransomware attack on Kaseya’s VSA product and approximately 800-1500 of its users, you should be.  Like many cyberattacks, this one came on the verge of a holiday weekend.  As the company itself notes, “Kaseya’s VSA product has unfortunately been the victim of a sophisticated cyberattack.   Due to our teams’ fast response, we believe that this has been localized to a very small number of on-premises customers only. … More

Is the May 12 Massive Ransomware Attack a Turning Point?

Those “in the know” in the cybersecurity world have been aware for more than a year of the threat posed by ransomware, a type of malware that locks victims’ access to their files until they pay a ransom.  But discussion of the threat was mostly localized to cybersecurity professionals, blogs like this one, and various guidances released by federal agencies during 2016. But ransomware may just have entered the general public consciousness in a big way.… More

Cybersecurity News and Notes – August 29, 2016

In Case You Missed It: Sometimes data breaches crop-up in the most unlikely of places.  Last week we learned that the vendor that handles fish and hunting licenses for the states of Idaho, Oregon, and Washington was hacked.  The breach potentially exposed the following information for those with fishing or hunting licenses in those northwest states: names, addresses, driver’s license numbers, dates of birth, and the last four digits of Social Security numbers. … More

Health Insurer Hit With A Record HIPAA Penalty: What Does It Mean?

Triple-S Salud Inc., a Puerto Rican health insurer, has been hit with a $6.8 million penalty from the Office of Civil Rights of the Department of Health and Human Services for a massive data breach.  Triple-S (known as ASES in Spanish) has posted a notice on its website regarding the breach. 

The penalty, which also is described in a securities filing, is based a breach involving 13,336 of Triple-S’s Dual Eligible Medicare beneficiaries. … More

TripAdvisor Reports Data Breach

If you are like me, you may have received an email from TripAdvisor, alerting you that "an unauthorized third party had stolen part of TripAdvisor’s member email list."  The text of that email was as follows: 

To our travel community:
This past weekend we discovered that an unauthorized third party had stolen part of TripAdvisor’s member email list. We’ve confirmed the source of the vulnerability and shut it down.… More

Health Net Announces Second Major Breach in Two Years; Creates Potential for Largest Ever Penalty

On March 14, the California-based managed care organization, Health Net, Inc., announced that it cannot account for "several server drives" that contained protected health informationAccording to California regulators, these servers appear to contain the data of 1.9 million people nationwide:

The company announced today that nine of its server drives containing personal information for 1.9 million current and past enrollees nationwide are missing, including records for more than 622,000 enrollees in Health Net products regulated by the DMHC,… More

Incident of the Week: Army Intelligence Analyst In Custody After Claiming that He Leaked Thousands of Classified Documents

22-year old U.S. Army intelligence analyst Bradley Manning is reportedly in custody in Kuwait after claiming that he sent 260,000 classified documents to the WikiLeaks website. According to WIRED, Manning, who served at Forward Operating Base Hammer near Baghdad in Iraq, made the admission after reaching out to former hacker Adrian Lamo in a series of Internet chats beginning on May 21st.  Manning ominously began the conversation with the following:

(1:41:12 PM) Bradley Manning: hi
(1:44:04 PM) Manning: how are you?… More

Incident of the Week: Clickjacking Worm Induces Thousands of Facebook Users to “Like” Infected Websites

This week was an unusually optimistic one for hundreds of thousands of Facebook users who found that their accounts were automatically endorsing numerous oddly entitled websites.  If you have been avoiding Facebook, your closest Facebook user (anyone under the age of 30 is a safe guess) can explain that one way users have to share things with their friends, including websites, musicians, television shows, ideas and other users,… More

Incident of the Week: Blogger Shows Us How to Listen In On Private Facebook Chat

Yesterday, Facebook took down their Chat services to patch a flaw in Facebook’s new privacy settings that allowed users to listen in on private chat conversations.  This apparently came hours after  TechCrunch EU blogger Steve O’Hear  taught the world how to exploit the flaw in his TechCrunch post and video.  O’Hear was “tipped off that there is a major security flaw in the social networking site that,… More

Incident of the Week: “Huge Social Networker” Indicted For Threatening Spam Email Campaign Against New York Life

Yesterday, a federal grand jury in New York issued an indictment (.pdf) against Anthony Digati based on his threats to use spam email and the www.newyorklifeproducts.com domain to drag New York Life Insurance Company “through the muddiest waters imaginable.”  Both the U.S. Attorney’s Office press release (.pdf) and the FBI press release announced the indictment.

Digati was arrested on March 8,… More

Incident of the Week: NSA Officer Indicted For Emailing Classified Documents to Reporter

On Wednesday, a federal grand jury in Maryland indicted Thomas A. Drake, a former employee of the National Security Agency (NSA), on charges that he emailed classified NSA documents and information to Siobhan Gorman, then a reporter for the Baltimore Sun.  Drake worked for the NSA first as a contractor and then as a high level employee in the NSA’s Signals Intelligence Directorate between 1991 and 2008,… More

Incident(s) of the Week: Disgruntled Hacker Disables 100 Cars Purchased from Texas Auto Center

In late February and early March, around 100 cars in and around Austin, Texas either would not start or would not stop honking.  This was apparently caused by 20 year old hacker, Omar Ramos-Lopez, who remotely triggered the vehicle immobilization system installed by dealership Texas Auto Center.

Apparently the dealership installed the GPS-enabled devices so that cars can be immobilized and repossessed when a customer fails to make scheduled payments.… More

Incident(s) of the Week: February A Tough Month For Hackers

1.  Arrested: Russian Hacker Responsible for Two Minutes of Roadside Porn 

The hacker who managed to compromise computer servers controlling a large commercial advertising screen in Moscow was arrested recently by Russian authorities.  On January 14, 2010, commuters on Moscow’s Garden Ring Road passed a large-scale video screen and instead of the normal commercial advertisements saw two minutes of hard-core pornography.  The video, as well as the resulting traffic problems,… More

Incident of the Week: Patents Help Crack Encryption Used in Cordless Telephones

This week cryptographers Karsten Nohl from University of Virginia and Erik Tews of the Darmstadt University of Technology announced that they had broken the DECT encryption standard.  Who cares, you ask?  The Digital Enhanced Cordless Telecommunications or DECT standard is what prevents someone parked outside your house from being able to listen in on telephone conversations you are having on your 1.9 GHz DECT cordless phone.  (So, that’s what that label on the receiver means.)

Nohl told Dan Goodin from The Register that he cracked the code by putting the DECT chip under the electron microscope and then comparing his findings with information disclosed in the published patent(s). … More

Incident of the Week: Free iPhone Password Breaker Released

Back in October you may remember our post on Elcomsoft, a Russian software company that came out with program to decrypt common wireless network signals.  Well, they’re back this week with a program that will "enable[ ] forensic access" to password-protected backups for Apple iPhone and iPod touch devices.  In other words, if someone obtains access to the computer you use to sync your iPhone they could also get access to "backups containing address books,… More

Incident of the Week: OIG Reports that the FBI Routinely Circumvented Electronic Communications Privacy Act

A report entitled A Review of the Federal Bureau of Investigation’s Use of Exigent Letters and Other Informal Requests for Telephone Records (.pdf) from the Department of Justice Office of the Inspector General (OIG) indicates that between 2003 and 2005, FBI routinely “circumvented the requirements of the Electronic Communications Privacy Act (ECPA)” by using so-called “exigent letters” to obtain telephone call data from telecommunications companies. … More

Incident of the Week: Twitter Used In Sting Operation To Find Out Who Leaked TSA Security Directive

    

Rumors are circulating that Special Agents from the Transportation Security Administration (TSA) have been posing as a Connecticut blogger on Twitter to find out who leaked airport security screening procedures put in place after the recent attack by the “underwear bomber.”  This is a new twist in what some are describing as an overzealous investigation of government documents posted online.… More

Incidents of the Week: Iranian Cyber Army Targets Twitter & $26 Software Application Intercepts U.S. Military Satelite Feeds In Iraq

1.  Iranian Cyber Army Puts Twitter On Hold

Around 10 pm last night, popular social networking site Twitter, was apparently hacked by a group calling themselves the Iranian Cyber Army.  Iran and Twitter have had a rocky relationship since last summer when Iranian citizens spread the protests over Iranian elections to the popular web site.  During that time, links circulated on Twitter that allowed users to participate in DoS (Denial of Service) attacks on Iranian government websites. … More

Incident of the Week: Hack of Researchers’ Email Triggers “Climategate”

Compared to security breaches that involve credit card and bank account information, other breaches in security often get somewhat shortchanged in the media, notwithstanding the occasional hack of a celebrity cell phone. The same cannot be said of the purloined emails one hacker posted online that are alleged to the the back and forth between climate change researchers at the University of East Anglia in the United Kingdom which are at the center of new controversy in public debate over climate change.

Incident of the Week: U.S. Law Firms and Public Relations Firms Hit By E-mail Attack

Law firms holding sensitive data for their clients are the targets of a new round of organized cyberattacks, federal authorities cautioned this week.  On Tuesday, the FBI warned that U.S. law firms and public relations firms were being targeted by hackers using “spear phishing” attacks — personalized emails drafted to look like they come from a trusted or reputable source and designed to induce the reader to click an attachment or link that will infect his or her computer with malicious software. … More

Incident of the Week: ChoicePoint Settles FTC Charges That It Failed To Turn On “Key Monitoring Tool”

This week, ChoicePoint, Inc. finalized its settlement with the Federal Trade Commission (FTC) to resolve charges stemming from a 2008 breach that compromised the personal information of 13,750 consumers. This case is notable, even though the size of the breach and the monetary payment involved are relatively modest, because the underlying breach allegedly resulted from the ineffective implementation of security tools.

Incident of the Week: Russian Company Proves That WiFi/Wireless Networks No Longer Secure

ElcomSoft Co. Ltd., a Moscow-based software company, has announced that its software can unlock wireless networks using a PC fitted with a high-end consumer graphics cards. This software would appear to allow anyone to intercept internet traffic over wireless networks encrypted using common encryption algorithms. The easy availability of this software may mean that companies using WiFi/wireless networks may need to take additional security steps to comply with information security rules in the U.S. and Europe.

Incident of the Week: Ever-Growing Breach Involving Passwords for Hotmail, Gmail, Yahoo, AOL, Earthlink and Comcast

What started out as an incident involving the leak of 10,000 user names and passwords for Windows Live Hotmail accounts continues to grow, both in terms of users and companies affected. According to reports from the beginning of the week, more than 10,000 user names and passwords from Hotmail were posted by an anonymous user on the site pastebin.com. The list was limited to accounts starting in A and B, leaving the fear that numerous more accounts had been affected. The original reports speculated that the breach was the result of a hack of Hotmail or a phishing attack. But more information is surfacing that indicates that the breach is much larger than first thought.

Incident(s) of the Week: Double Feature

Incident of the Week: in our first double feature, we report on the recent breach announced at the University of North Carolina and the plea agreement reached with one Massachusetts inmate who hacked the prison computer system while still behind bars.

Incident of the Week: Declassified Documents Show FBI Expanding Data Mining Efforts Over 1.5 Billion Personal Records (And Counting)

Declassified documents obtained (but not published) by WIRED Magazine indicate that the FBI has been hard at work expanding a database of Americans’ personal and financial information.  According to WIRED, the FBI’s National Security Branch Analysis Center (NSAC) has compiled a database of  “more than 1.5 billion government and private-sector records” and has been mining this database for use in criminal investigations. The data, which apparently has been obtained from a number of private companies,… More

Incident of the Week: Security Officer Indicted On Obstruction of Justice Charges For Shredding Evidence

Thomas Raffanello, global director of security for Stanford Financial Group (SFG), now faces charges of obstruction of justice based on claims that he directed employees at SFG’s Fort Lauderdale office to shred evidence of fraud. 

In February, the Securities and Exchange Commission (SEC) filed a complaint against SFG (.pdf) in Texas alleging that the double-digit returns it promised potential customers was part of a fraudulent scheme. … More

Incident of the Week: Indictments Issue Against The Individuals Behind RNS, Pirate Site for “Pre-Release” Music

Yesterday, a federal indictment issued charging four individuals for their role in the "Rabid Neurosis" or RNS, an alleged "Internet music piracy group" that distributed copies of music prior to their commercial release.  According to the seven-page indictment (.pdf) filed in the federal court for the Eastern District of Virginia, between 1999 and 2007, RNS obtained and distributed a number of notable albums before they were released,… More

Incident of the Week: NCUA Issues Fraud Alert Based On Fake NCUA Fraud Alert (Which Turns Out To Be Part of Security Consultant’s Penetration Testing)

The National Credit Union Administration (NCUA) issued an official NCUA Fraud Alert on August 25, 2009 reporting that someone was sending around a fake NCUA Fraud Alert (.pdf) with CDs purporting to contain security software updates, but instead contained malware.  The NCUA warned “Should you receive this package or a similar package DO NOT run the CDs.”  The NCUA, which regulates federally insured credit unions,… More

Incident of the Week: Social Networking Sites Used as Command and Control Structure for BotNets

Are you having trouble making sense of social networking sites like Twitter?  It may be because you are trying to read an encoded command to a malware-infected computer.  Security consultant Jose Nazario at Arbor Networks has discovered that popular social networking sites like Twitter and Jaiku are being used to control botnets, armies of computers that have infected with malware enabling the individual controlling the botnet to steal user information and direct the computers to attack others. … More

Incident of the Week (Year?): Hacker Responsible for Largest Data Breach in U.S. History Indicted

According to a press release from the United States Attorney’s Office for the District of New Jersey, yesterday an "indictment was returned against three individuals who are charged with being responsible for five corporate data breaches, including the single largest reported data breach in U.S. history."  According to the press release, the indictment describes a scheme whereby Albert "Segvec" Gonzalez and two unnamed Russian defendants (identified as "Hacker 1"… More

Incident of the Week: Seattle Man Sentenced To Three Years In Prison For Using Peer-To-Peer Software To Steal Financial Records, Commit Identity Theft

Yesterday, Frederick Eugene Wood of Seattle was sentenced to 39 months in prison for using LimeWire peer-to-peer (P2P) software to obtain Social Security numbers, bank and financial records and tax returns, which he then used to commit identity theft.  The complaint (.pdf) filed in federal court for the Western District of Washington in March alleged that Wood took advantage of the fact that users sometime install LimeWire or other peer-to-peer software on computers without limiting the directories and files made available to the peer-to-peer network. … More

Incident of the Week: Lativan Internet Service Provider Shut Down After Being Linked to Cybercrime Ring

Earlier this week, Latvian internet service provider Real Host was shut down by its upstream providers Junik and TeliaSonera after security experts linked Real Host to a number of criminal activities.  Among the many activies allegedly conducted through Real Host were the use of malware to steal banking credentials, SPAM email campaigns and the service provider was running command and control servers for the Zeus botnet (i.e.,… More

Incident of the Week: Hackers to Demonstrate How To Take Control Over Every Apple iPhone In The World With A Single Text Message Today

Speaking at the Black Hat computer security conference in Las Vegas only a few hours from now, hackers (or "security experts") Charlie Miller and Collin R. Mulliner are scheduled to expose an alleged security flaw in the Apple iPhone that may allow someone sending a single SMS message to take control of any iPhone.  According to a number of reports (note Forbes and AppleInsider),… More

Incident of the Week: UAE Carrier Updates Blackberry Software With Spyware, Captures Outgoing User Emails

On Tuesday, Research In Motion, Ltd. (RIM), the maker of Blackberry, posted a note on its website confirming that a software update offered to customers of its carrier Etisalat in the United Arab Emirates contained spyware.  According to the note, certain customers received an SMS message from Etisalat informing them of a software update (named “Registration”) designed to improve performance.  However, RIM acknowledged, “[i]ndependent sources have concluded that Etisalat’s Registration software application is not actually designed to improve performance of a Blackberry Handheld,… More

Incident of the Week: French Hacker Compromises Twitter Employee Passwords, Steals Company Documents

This week, Twitter co-founder Evan Williams confirmed that the company has been the victim of an attack that compromised a number of employee personal accounts at Amazon, PayPal and AT&T, employee personal email and Twitter’s internal company documents.  The hacker, who goes by the handle “Hacker Croll,” has apparently emailed a collection of 310 internal Twitter documents to TechCrunch, including a presentation for a proposed reality television show called “Final Tweet”… More

Incident of the Week: FBI Arrests Hacker Posing as Security Guard Who Infiltrated Texas Hospital Days Before “Devil’s Day” Attack

This week, the U.S. Attorney’s Office for the Northern District of Texas announced that the FBI has arrested Jesse William McGraw, a 25 year old contract security guard at the W. B. Carrell Memorial Clinic, a hospital in Dallas, Texas, for hacking the hospital’s computers and air conditioning system. For many businesses, an attack on ventilation systems might be an inconvenience, but the threat could be much more serious for critical care patients in healthcare institutions like the Carrell Clinic. McGraw is charged with violations of the Computer Fraud and Abuse Act (CFAA), 18 U.S.C. sec. 1030.