Personal Cybersecurity #38: Daily news

What you need to know for your personal cyber security life…

Number thirty-eight in a series of semi-regular daily current and topical computer threats that may affect your online, or even offline, digital and real life. Why cyber-security on SurvivalRing? Because EVERYTHING you do in your life everyday is a part of the cyber world…even your offline plans. So, be aware, and pay attention. The bad guys WILL eventually get around to YOU…personally…so be prepared for it, by staying in the informational loop.

And, just so you know, I’ve got 31 years of IT experience, and my day job is for the State of Wyoming as an Information Specialist. I believe an informed prepper is a BETTER prepper. Information is the life blood of being prepared. Learn more with every article in this continuing series. Please ask questions if you want to learn more…I’m here to help.

evil inside

# # #

HEADLINES…for this issue…13 articles

  • Comey: FBI ‘Grappling’ With Hiring Policy Concerning Marijuana
  • Data breach costs approach $20 million
  • Public utility compromised after brute-force attack, DHS says
  • How To Talk About InfoSec To Your Board Of Directors
  • Mark Twain Casino among 11 casinos reporting security breach
  • Cyber warfare unregulated, says IDF adviser
  • U.S. Department of Justice Indicts Five Members of the Chinese PLA ‘Unit 61398’ for Cyber Espionage
  • LifeLock snaps shut Wallet mobile app over credit card leak fears
  • Steptoe Cyberlaw Podcast, Episode #19: An Interview with Chris Painter
  • Heartbleed Superbug Found in Utility Monitoring Systems
  • Emory University Windows Network Wiped Out! Blame EMP’s, Cyberwar, Squirrels? Try Accidental Reformat.
  • Worried US retailers battle cyber-attacks through new intelligence-sharing body
  • Global Raids Target ‘Blackshades’ Hacking Ring

# # #

Comey: FBI ‘Grappling’ With Hiring Policy Concerning Marijuana

  • By Charles Levinson
  • The Wall Street Journal
  • May 20, 2014

Monday was a big day for the nation’s cyber police. The Justice Department charged five Chinese military officials with hacking, and brought charges against the creators of powerful hacking software.

But FBI Director James B. Comey said Monday that if the FBI hopes to continue to keep pace with cyber criminals, the organization may have to loosen up its no-tolerance policy for hiring those who like to smoke marijuana.

Congress has authorized the FBI to add 2,000 personnel to its rolls this year, and many of those new recruits will be assigned to tackle cyber crimes, a growing priority for the agency. And that’s a problem, Mr. Comey told the White Collar Crime Institute, an annual conference held at the New York City Bar Association in Manhattan. A lot of the nation’s top computer programmers and hacking gurus are also fond of marijuana.

“I have to hire a great work force to compete with those cyber criminals and some of those kids want to smoke weed on the way to the interview,” Mr. Comey said.

Mr. Comey said that the agency was “grappling with the question right now” of how to amend the agency’s marijuana policies, which excludes from consideration anyone who has smoked marijuana in the previous three years, according to the FBI’s Web site. One conference goer asked Mr. Comey about a friend who had shied away from applying because of the policy. “He should go ahead and apply,” despite the marijuana use, Mr. Comey said.


# # #

Data breach costs approach $20 million

The Maricopa County Community College District governing board has approved an additional $2.3 million in lawyers’ fees to deal with the computer-security breach that occurred last year.

The board also approved spending $300,000 to deal with records management, pushing the total amount authorized for the breach to nearly $20 million.

Last week, the governing board approved the $2.3 million allocation to the law firm of Greenberg Traurig, which has a Phoenix office, to handle two class-action lawsuits that have been filed over the breach.

Last November, the district disclosed that hackers had invaded a computer server in April 2013, exposing Social Security numbers and banking information of 2.4 million current and former students, faculty members and vendors from as far back as 30 years ago.


# # #

Public utility compromised after brute-force attack, DHS says

  • By Jeremy Kirk
  • 21 May 2014

A public utility in the U.S. was compromised after attackers took advantage of a weak password security system, according to a U.S. Department of Homeland Security team that studies cyberattacks against critical infrastructure.

The utility’s control system was accessible via Internet-facing hosts and used a simple password system, wrote the Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) in a report on incidents covering the first quarter of this year.

The utility, which was not identified, was vulnerable to a brute-force attack, where hackers try different combinations of passwords until the right one is found. An investigation showed the utility was attacked before.

“It was determined that the systems were likely exposed to numerous security threats, and previous intrusion activity was also identified,” ICS-CERT wrote in the report.


 # # #

How To Talk About InfoSec To Your Board Of Directors

  • By Steve Durbin
  • Dark Reading
  • 5/19/2014

In our global economy, the rapid evolution of technology has caused a massive shift in the information security landscape.  Businesses are finding that they have more limited resources than ever before which must be prioritized to areas of greatest need or return. The task of determining priorities is difficult in itself; the imperative is delivering more for less, both in terms of new investment and existing resources.

These monumental challenges cannot be met by a compartmentalized IT strategy because every piece of the modern enterprise runs on connectivity and data. Information technology runs through every department; so must information security initiatives. Today’s chief information security officers (CISO) need to be proactive in promoting and supporting new business based on strong information security and sound business-based risk assessment.

As a result of these trends it is essential for CISOs to connect with the Board of Directors and approach technology and security initiatives with a risk vs. reward mindset. Too often new technologies are adopted as a way of differentiating to gain advantage over competitors. But without a robust, cost-benefit-risk analysis, organizations could end up standing out for all the wrong reasons.


 # # #

Mark Twain Casino among 11 casinos reporting security breach

  • By Edward Husar
  • Herald-Whig Staff Writer
  • May 19, 2014

LaGRANGE, Mo. — Affinity Gaming, which owns Mark Twain Casino in LaGrange and 10 other casinos in four states, has confirmed that its credit and debit card system for non-gaming purchases has been hacked.

In a press release, the Las Vegas-based corporation said the security breach “resulted in a compromise of credit card and debit card information used in non-gaming purchases from individuals who visited its casino and casino resort facilities.”

The company said credit or debit card data was exposed at all 11 of its casinos for customers who made food, beverage, hotel or retail purchases with their cards between Dec. 7 and April 28. This includes the company’s two Missouri properties — Mark Twain Casino and St. Jo Frontier Casino in St. Joseph — along with one casino in Iowa, three in Colorado and five in Nevada.

Affinity, formerly known as Herbst Gaming and based in Paradise, Nev., is urging customers who used their credit or debit cards for such purposes “to take steps to protect their identities and financial information.”


 # # #

Cyber warfare unregulated, says IDF adviser

  • By Gili Cohen
  • May 20, 2014
  • Iyyar 20, 5774

Speaking at the CyberNight conference at the Shamoon College of Engineering in Be’er Sheva, Maj. A., the Military Intelligence legal adviser, described the role of legal consulting in the era of cybernetic warfare, saying that “Although the field is not regulated – and because the field is not regulated – the legal adviser plays a central role. This role is developing on the job, step by step, because there is no breakthrough convention or legislation” on the horizon.

The IDF last year appointed a legal adviser for cyber warfare, whose main task is to regulate cyber warfare activities, based on principles of international law. The military has refused to confirm whether one of this adviser’s tasks is to approve targets, as it is for most of its legal advisers in operational positions.

Many field commanders have been critical of these legal advisers’ work, said Maj. A. “Our ‘customers,’ at least some of them, perceive the jurists as interfering, rather than helping,” she said. “It’s no small challenge.”

Maj. A. said that when providing advice “for various operations,” as she put it, she often had no choice but to rely on the Law and Administration Ordinance of 1948, “which has a clause that is still relevant, which says the army is allowed to take any legal step necessary to protect the State of Israel. That’s how we operate today.”


 # # #

U.S. Department of Justice Indicts Five Members of the Chinese PLA ‘Unit 61398’ for Cyber Espionage

  • By William Knowles
  • Senior Editor
  • InfoSec News
  • May 19, 2014

For the first time ever, a U.S. grand jury in the Western District of Pennsylvania has indicted five Chinese military hackers for computer hacking, economic espionage, trade secret theft, aggravated identity theft, and other offenses directed at six American victims such as a labor union, critical infrastructure, metals and solar industries from 2006 to the present.

The 56 page indictment alleges that the defendants, Wang Dong, Sun Kailiang, Wen Xinyu, Huang Zhenyu, and Gu Chunhui, who were officers in Unit 61398 of the Third Department of the Chinese People’s Liberation Army (PLA) hacked into American entities, to maintain unauthorized access to their computers and to steal information from those entities that would be useful to their competitors in China.

This including state-owned enterprises (SOEs). In some cases, it alleges, the conspirators stole trade secrets that would have been particularly beneficial to Chinese companies at the time they were stolen. In other cases, it alleges, the conspirators also stole sensitive, internal communications that would provide a competitor, or an adversary in litigation, with insight into the strategy and vulnerabilities of the American entity.

“For too long, the Chinese government has blatantly sought to use cyber espionage to obtain economic advantage for its state-owned industries,” said FBI Director James B. Comey. “The indictment announced today is an important step. But there are many more victims, and there is much more to be done. With our unique criminal and national security authorities, we will continue to use all legal tools at our disposal to counter cyber espionage from all sources.”


 # # #

LifeLock snaps shut Wallet mobile app over credit card leak fears

  • By John Leyden
  • The Register
  • 19 May 2014

LifeLock has withdrawn its Wallet App and deleted user data over concerns the technology falls short of user data protection rules under the payment card industry’s Data Security Standard (PCI DSS).

In a statement Todd Davis, chairman and chief exec of LifeLock, said it was suspending the app as a precaution – not in response to a security breach.

Yanking the mobile app will not affect the LifeLock ID theft protection service, which is designed to detect fraudulent abuse of credit card and non-credit related services, the firm assured customers.

Nonetheless, taking the drastic step of pulling its mobile technology is bound to raise concerns – especially since LifeLocker has yet to explain why its mobile apps were not up to snuff.


 # # #

Steptoe Cyberlaw Podcast, Episode #19: An Interview with Chris Painter

  • By Stewart Baker
  • May 14, 2014

This episode of the Steptoe Cyberlaw Podcast features an interview with Chris Painter, the State Department’s Coordinator for Cyber Issues. Chris had a long and distinguished career at the Justice Department and the White House before joining State. Our interview ranges widely.  Are there really norms in cyberconflict, and should the US really encourage the application of the international law to cyberwar?  Who’s joining the Budapest Convention and what are the alternatives?  Are US diplomatic efforts finally getting out from under the Edward Snowden’s leak?  Was Brazil’s recent Net Mundial conference a victory for US policy goals? What are the prospects for MLAT reform – and what is its secret connection to the rise of encryption and other nations’ demands for “localization” of data storage?  And much, much more.

We also summarize the week’s news. For the first time ever, a news outlet not associated with Glenn Greenwald wins “Dumbest NSA Story of the Month” honors, as al-Jazeera tries to draw blood from the stoniest FOIA responses on record. The USA Freedom bill is consolidated in the House, but whether the bill is actually ready for prime time remains in doubt. And I ask the question: “Is Snowden a Spy?”

Oracle wins a Federal Circuit victory over Google, establishing that API’s can be copyrighted.  The Federal Circuit cites “Tale of Two Cities” but others may find Jarndyce v. Jarndyce more in point.

New York State issues a short report on bank cybersecurity practices and promises to start asking banks about these practices in inspections.

In other litigation, LabMD claims a victory over the FTC, so we decide to call LabMD’s CEO to get his story; it ain’t pretty.  Meanwhile, Snapchat finds itself exposed at the FTC—for twenty years.  Zynga and Facebook dodge an oncoming privacy truck and get hit by a bicycle—or perhaps a butterfly.  And the ACLU argues that criminal defendants who are acquitted should have no more privacy rights than those who are convicted.


 # # #

Heartbleed Superbug Found in Utility Monitoring Systems

  • By Aliya Sternstein
  • May 16, 2014

Software that monitors utility plants and other operations at several military installations has been found to be affected by the recently discovered superbug Heartbleed, when configured a certain way, according to the Homeland Security Department and the software’s manufacturer.

“The latest release of Schneider Electric Wonderware Intelligence Version 1.5 SP1 is not susceptible to the OpenSSL vulnerability. However, users have been known to reinstall Tableau Server, the vulnerable third-party component that is affected. Therefore, Schneider Electric Wonderware has issued a patch and a security bulletin addressing this vulnerability in all versions,” states a bulletin from the DHS Cyber Emergency Response Team.

Exploits made by hackers “that target this vulnerability are known to be publicly available” on the Web, DHS said. Heartbleed is a defect in common Web encryption software that researchers discovered in early April.

Wonderware servers, made by Schneider Electric, collect and analyze plant performance data through the Web. The company’s cyber team identified the bug in the third-party component.


 # # #

Emory University Windows Network Wiped Out! Blame EMP’s, Cyberwar, Squirrels? Try Accidental Reformat.

  • By William Knowles
  • Senior Editor
  • InfoSec News
  • May 18, 2014

On Monday May 12th 2014, sometime during the 169th Commencement Exercises of Emory University, what best could be called a career limiting move, a Windows 7 deployment image was accidentally sent to all Windows machines, (approximately 2000+ machines) including laptops, desktops, and even servers. This image started with a repartition / reformat set of tasks.

As soon as the accident was discovered, the SCCM server was powered off – however, by that time, the SCCM server itself had been repartitioned and reformatted.

Restoration of servers began immediately, but the process took far longer than expected, The Emory Information Technology team started using consultants to help validate the health of the SCCM servers and that work only completed only recently.

To put this in perspective, Emory’s IT staff were unable to use the preferred methods for redeploying images to desktops/laptops and relied on older methods – USB + Ghost, LANDesk (Emory still had their old LANDesk server) + PXE. These methods required a lot of manual work plus their success was uneven with them.


 # # #

Worried US retailers battle cyber-attacks through new intelligence-sharing body

  • By John E Dunn
  • Techworld
  • 16 May 2014

Stung into action by a wave of devastating data breaches, US retailers have taken the historic decision to share data on cyber-threats for the first time through a new initiative, the Retail Cyber Intelligence Sharing Center (R-CISC).

Developed after input from 50 retailers and the Retail Industry Leaders Association (RILA), R-CISC will operate as an independent body collecting anonymised data on the attacks detected by firms, hopefully allowing them to spot common patterns.  This will include malware strains, software vulnerabilities, forum activity and real-time information on attacks.

Other elements of its brief will be to educate members on defence using training and develop research capabilities by forging lnks within the security world.

Prominent launch names include J. C. Penney, the Gap American Eagle Outfitters, Nike, Lowe’s Companies, Safeway, VF Corporation, Walgreen Company and the most famous victim of retail attacks to data, Target Corporation. Other firms are said to be joining in the coming weeks and months.


 # # #

Global Raids Target ‘Blackshades’ Hacking Ring

  • By Danny Yadron and Christopher M. Matthews
  • The Wall Street Journal
  • May 16, 2014

The Federal Bureau of Investigation and foreign police agencies have launched a series of raids around the world at the homes of people linked to a type of hacking software called Blackshades, according to posts on hacker forums and people familiar with the investigation.

The software is what experts call a “rat”—remote access tool—that allows people to control computers from a distance. The targets of the raids are suspected of buying and selling Blackshades and were subjected to searches and seizures in recent days, according to people familiar with the case.

The searches are part of a coordinated crackdown on an international ring of suspected criminal hackers, according to the people familiar with the probe. Federal prosecutors in New York plan to announce the results of the raids as soon as Monday, said those familiar with the situation.

The people familiar with the case said hackers sold the Blackshades software from a website——that was part of an underground hacking marketplace in which people write programs for others to buy. The website, which has been taken offline, and the maker of the Blackshares software couldn’t be immediately reached for comment.


 # # #

Updated: May 21, 2014 — 8:06 pm

The Author

Rich Fleetwood

Rich is the founder of SurvivalRing, now in it's 24th year, author of multimedia CDs and DVDs, loves the outdoors, his family, his geeky skill-set, and lives in rural southern Wyoming, just below the continental divide (long story, that...). Always ready to help others, he shares what he learns on multiple blogs, many social sites, and more. With a background in preparedness and survival skills, training with county, state, and national organizations, and skills in all areas of media and on air experience in live radio and television, Rich is always thinking about the "big picture", when it comes to helping individuals and families prepare for life's little surprises.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.