What you need to know for your personal cyber security life…
Tenth in a series of semi-regular daily current and topical computer threats that may affect your online, or even offline, digital and real life. Why cybersecurity on SurvivalRing? Because EVERYTHING you do in your life everyday is a part of the cyber world…even your offline plans. So, be aware, and pay attention. The bad guys WILL eventually get around to YOU…personally.
# # #
Hotel Company Investigat
es Data Breach, Card Fraud
- By Mathew J. Schwartz
White Lodging Services, a hospitality company that manages 168 hotels in 21 states — under franchises from Hilton, Marriott, Sheraton, and Westin — is investigating reports that it suffered a data breach that lasted from March 2013 until the end of the year.
Word of the breaches first surfaced Friday when security journalist Brian Krebs reported that unnamed card processors had tied fraud involving hundreds of credit cards to a number of Marriott properties operated by White Lodging Services, which is based in Merrillville, Ind. The affected hotels were located in Austin, Texas, Chicago, Denver, Los Angeles, Louisville, Ky., and Tampa, Fla., among other cities, reported Krebs.
White Lodging confirmed Saturday that it’s investigating the reported data breach. “An investigation is in progress, and we will provide meaningful information as soon as it becomes available,” White Lodge spokeswoman Kathleen Quilligan told The Times of Northwest Indiana.
White Lodge, described on the company’s website as “a fully integrated hotel ownership, development, and operations company,” is owned by Dean White, 90, whose hotel, real estate, and billboard business empire has given him what Forbes estimated to be a net worth of $1.9 billion. His company now manages 168 hotels under a variety of brand names, including Hilton and its Hampton Inn brand; Marriott and its Courtyard, Fairfield Inn, Residence Inn, and Springhill Suites brands; and Starwood and its Sheraton and Westin brands.
# # #
ion into data security breach at Ministry for Foreign Affairs progresses
- Helsinki Times
- 01 Feb 2014
While investigating the cyber-espionage attack against it, the Ministry for Foreign Affairs has determined, for example, the methods used to infiltrate its data network. The ministry’s information and documentation division is currently finalising a report on the security breach and is to present it to policy-makers and government officials in March.
“The investigation has progressed. We know the channel but don’t know the party behind it. We therefore know where the infection came from and what opened the hole in our data network,” says Ari Uusikartano, the director general of the division.
“We are beginning to have quite a lot of information on how the attack has taken place and what methods were used,” he adds.
Users of the network, Uusikartano reveals, were not prompted to disclose information to aid the infiltrator, a method used commonly in similar attacks. “In this case, the attack came through the web.”
# # #
le Aeronautic al University adds College of Cyber Intelligen ce and Security
- By PATRICK WHITEHURST
- The Daily Courier
- February 02, 2014
PRESCOTT, Arizona — The shield for Embry-Riddle Aeronautical University’s (ERAU) new College of Security and Intelligence (CSI) depicts a metallic torch, a metal key, and a bald eagle atop a split field of blue and gold – the colors of the university.
While the bald eagle represents the ERAU mascot, Associate Professor of Cyber Intelligence and Security Jon Haass said both the key and torch represent intelligence.
“Whether it’s a locked key for cyber or the key that talks about information. It represents locking and unlocking information. The torch is to illuminate the intelligence that’s available, and to make it available for people to understand,” Haass said.
On Jan. 29, ERAU officials in Prescott inducted the fledgling college, the first of its kind in the nation, with speeches and an Air Force and Army ROTC presentation of colors.
CSI courses include computer and forensic sciences, as well as cyber security classes that focus on offensive and defensive operations and analysis, foreign policy and international law, counterterrorism, and more. The new college also houses ERAU’s global security and intelligence degree program, as well as the current cyber intelligence and security degree program. Two new degree programs are expected to be unveiled in the fall of this year – a bachelor’s in forensic biology and a master’s in security and intelligence studies.
# # #
Several cyber security initiative
s lost after Snowden leaks
- By Ken Dilanian
- Tribune Washington Bureau
- February 2, 2014
WASHINGTON — Early last year, as Edward Snowden was secretly purloining classified documents from National Security Agency computers in Hawaii, the NSA director, Gen. Keith Alexander, was gearing up to sell Congress and the public on a proposal for the NSA to defend private U.S. computer networks against cyber attacks.
Alexander wanted to use the NSA’s powerful tools to scan Internet traffic for malicious software code. He insisted the NSA could kill the viruses and other digital threats without reading consumers’ private e-mails, texts and Web searches.
The NSA normally protects military and other national security computer networks. Alexander also wanted authority to prevent hackers from penetrating U.S. banks, defense industries, telecommunications systems and other institutions to crash their networks or to steal intellectual property worth billions of dollars.
But after Snowden began leaking NSA systems for spying in cyberspace last June, Alexander’s proposal was a political non-starter, felled by distrust in his agency’s fearsome surveillance powers in the see-sawing national debate over privacy and national security.
# # #
Cyber warfare: Pakistani hackers claim defacing over 2, 000 Indian websites
- By Farooq Baloch
- The Express Tribune
- February 2, 2014
KARACHI: Pakistani hackers have claimed responsibility for hacking over 2,000 Indian websites on the country’s Republic Day, confirming reports published by the Indian media earlier this week.
“Hackers defaced more than 2,000 Indian websites — 2,118 to be exact — on Republic Day (January 26) in what is being termed as ‘a major cyber attack’,” The Hindu reported on January 29. According to the report, the attackers’ internet protocol (IP) address was traced to Pakistan.
“Most of the defaced websites were attacked by Pakistani hackers using the handles ‘StrikerRude’, ‘KashmirCyberArmy’, ‘PakCyberExpert’, ‘HUnterGujar’ and the operation was named as ‘#OP26jan’,” the newspaper cited the Global Cyber Security Response Team, Bangalore as saying. The websites targeted included that of the Central Bank of India.
Hackers, who claimed they were involved in the cyber attack, said three Pakistan-based hacking groups were responsible and said the act was meant as a ‘protest for the rights of Kashmiris’.
# # #
ck on Bell supplier highlights rising hacker threat
- By RITA TRICHUR
- TELECOM REPORTER
- The Globe and Mail
- Feb. 02 2014
Bell Canada is the latest big-name company to become ensnared in a hacking incident after announcing that a cyberattack on a third-party supplier compromised the confidential account information of more than 22,000 of its small business customers.
The Montreal-based telecommunications company said Sunday that 22,421 user names and passwords and five credit card numbers belonging to small business customers were posted on the Internet over the weekend after hackers targeted the the computer systems of an Ottawa-based supplier.
That unnamed company provided the affected Bell customers with an ordering application for some small-business services. Only some customers in Ontario and Quebec who used the app fell victim to the security breach.
Bell stressed that hackers never gained access to its own network and computer systems, adding that none of its residential, mobility or enterprise business customers were affected by the attack.
# # #
Congress is looking into consumer data security: But will it actually act?
- BY CALE GUTHRIE WEISSMAN
- Pando Daily
- FEBRUARY 3, 2014
Today in Washington, a congressional Banking, Housing, and Urban Affairs subcommittee met to discuss recent consumer financial data breaches, and the role retailers, bankers, and the government must play to prevent them from happening again. Leading the subcommittee was Congressman Mark Warner of Virginia, who detailed the necessity for swift action. He repeatedly called for unity among all players — including bankers, retailers, and credit cards — noting that all must be on the same page and not consider the others antagonists in order to successfully protect millions of consumers’ personal data.
The elephant in the room was undoubtedly the ongoing Target and Neiman Marcus security breach, which allowed hackers access to millions of customers personal financial information. Executives from these companies will be testifying to Congress in the coming weeks. The looming question on the tip of each senator’s tongue was, what can be done to prevent such a data fiasco from happening again?
Senator Mark Warner, the subcommittee’s chair, noted that last year cyber crime caused reportedly $300 billion in damage, and that that statistic has most definitely increased over the last year. He questions the tactics the Secret Service has taken when looking at and trying to block large-scale security breaches. “Why is that that the security service or even security bloggers are the first to know of these attacks,” pointing to private companies and news outlets who made the Target story public. He then queried, “why is it taking us so long to respond?”
The first panelists at the hearing — William Noonan, Deputy Special Agent in Charge of the US Secret Service, and Jessica Rich, the Director of the FTC’s Bureau of Consumer Protection — didn’t provide too much insight into either of these question. They did insist, of course, that their organizations are working to protect such crimes from happening again. Given the constantly evolving state of cybercrime Noonan noted that “malware can be molded and changed per attack.” And he ultimately agreed that the legislative action would help his organization a great deal.
Ms. Rich repeatedly harped on the fact that there is no federal standard for data security practices. “It would be extremely helpful to have a federal law around data security… with civil penalties,” she said. She continued repeating this as the hearing continued.
# # #
The Belarusian Connection – Obamacare network vulnerable to cyber attack
- By Bill Gertz
- Washington Free Beacon
- February 3, 2014
U.S. intelligence agencies last week urged the Obama administration to check its new healthcare network for malicious software after learning that developers linked to the Belarus government helped produce the website, raising fresh concerns that private data posted by millions of Americans will be compromised.
The intelligence agencies notified the Department of Health and Human Services, the agency in charge of the Healthcare.gov network, about their concerns last week. Specifically, officials warned that programmers in Belarus, a former Soviet republic closely allied with Russia, were suspected of inserting malicious code that could be used for cyber attacks, according to U.S. officials familiar with the concerns.
The software links the millions of Americans who signed up for Obamacare to the federal government and more than 300 medical institutions and healthcare providers.
“The U.S. Affordable Care Act software was written in part in Belarus by software developers under state control, and that makes the software a potential target for cyber attacks,” one official said.
Cyber security officials said the potential threat to the U.S. healthcare data is compounded by what they said was an Internet data “hijacking” last year involving Belarusian state-controlled networks. The month-long diversion covertly rerouted massive amounts of U.S. Internet traffic to Belarus — a repressive dictatorship located between Russia, Poland, and Ukraine.