Computer

now browsing by tag

 
 

Ukrainian #hackers blamed for #computer problems that crashed #multimillion #dollar art #sale

Source: National Cyber Security – Produced By Gregory Evans

An auction house is blaming a paid, deliberate attack that originated from Ukraine for a computer meltdown that shelved a multimillion dollar sale of artwork on Tuesday night.

Scores of people had gathered at Chifley Tower in Sydney’s CBD for an art auction hosted by online start-up Fine Art Bourse, created by Tim Goodman, a former chairman of Sotheby’s, and Adrian Newstead, the founder of Cooee Art.

Buyers were competing for more than 80 artworks, including Emily Kame Kngwarreye’s Earth’s Creation I, which was expected to fetch at least $2 million.

But the auction was postponed after what was described as “an unusually high surge of traffic” overloaded the auction site’s server, which is based in Hong Kong.

William Ehmcke, a director of the online auction house, said in a statement on Thursday that the timing and size of the attack suggested it was paid and deliberate.

“There is also evidence that the auction platform database was hacked, just prior to the auction launch, to further disrupt the sale process,” he said. “All client data has now been removed from the FAB (Fine Art Bourse) database.”

Mr Goodman said: “Someone out there does not want us to succeed.”

The post Ukrainian #hackers blamed for #computer problems that crashed #multimillion #dollar art #sale appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Hackers Obtained #Access to #NSA Employee’s Home #Computer, #Kaspersky Lab Reveals

Source: National Cyber Security – Produced By Gregory Evans

Kaspersky Lab has updated its investigation on the hacking of a home computer used by an NSA employee.

MOSCOW (Sputnik) — Kaspersky IT security company has announced that access to information on the home computer of the employee of the US National Security Agency (NSA) could have been obtained by an unknown number of hackers.

According to the Kaspersky Lab probe that is linked to media reports about the company’s software allegedly having been used to search and download classified information from the home computer of a NSA employee, the user’s computer was infected with Mokes backdoor, a malware that allows the hackers to obtain access to a device.

“The malware… was a full blown backdoor which may have allowed third parties access to the user’s machine,” the Kaspersky Lab has stated.

However, it is possible that Mokes was not the only malware that infected the computer in question, the company said, adding that while Kaspersky software on the computer was enabled, it reported 121 alarms on different types of malware.

“The interesting thing about this malware is that it was available for purchase on Russian underground forums in 2011. Also noteworthy is that the command-and-control servers of this malware were registered to a (presumably) Chinese entity going by the name ‘Zhou Lou’ during the period of September to November 2014,” the statement explained.

Allegations Against Kaspersky Lab

The internal investigation by Kaspersky Lab was launched after The Wall Street Journal reported in October that a group of hackers allegedly working for the Russian officials had stolen classified data through the National Security Agency (NSA) contractor, which used antivirus software made by the Russian software producer.

Shortly later, the New York Times reported that Israeli intelligence services have hacked into the network of Kaspersky, and warned their US colleagues that the Russian government was allegedly using Kaspersky software to gain access to computers around the world, including in several US government agencies.

Both reports came a month after the US Department of Homeland Security ordered state agencies and departments to stop using Kaspersky Lab software within the next 90  days, with the company’s CEO Eugene Kaspersky refuting all the allegations spread by the media regarding the Russian cybersecurity company’s involvement in spying on US users through its products and calling such claims groundless and paranoiac.

When commenting on the situation in an interview to Die Zeit newspaper, Eugene Kaspersky has, “There is a feeling that we just had been doing our job better than others, that we had been protecting our clients better than others … Probably, someone in the United States is very unhappy about it.”

Most recently, Wikileaks has revealed that the CIA had written a code to “impersonate” Russia-based Kaspersky Lab, which had been used at least three times.

READ MORE: WikiLeaks: CIA Wrote Code to ‘Impersonate’ Russia-Based Kaspersky Lab

Kaspersky Lab is one of the largest private cybersecurity companies in the world, with its technologies protecting over 400 million users and 270,000 corporate clients.

The post Hackers Obtained #Access to #NSA Employee’s Home #Computer, #Kaspersky Lab Reveals appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Women #allegedly #hack #college #computer system to change #grades

Source: National Cyber Security – Produced By Gregory Evans

The Bucks County District Attorney’s office said Aleisha Morosco tried multiple times to change her microbiology grade.

After several failed attempts, she enlisted a friend’s help, orchestrating a security breach at Bucks County Community College.

Authorities said while working at a medical office affiliated with Penn Medicine, Kelly Marryott accessed a faculty member’s personal information and leaked it to her friend, Aleisha Morosco.

Desperate to change her grade, Morosco then used the stolen data to gain unauthorized access to BCCC’s computer system. Officials said while inside the system, Morosco changed not just her grade, but several other student’s grades in her microbiology class.

“The investigators were able to find out the IP address used to access the professor’s account and change the grades,” said Jovin Jose, ADA Bucks County. “That same IP address was used by one of the charged defendants.”

The electronic footprint led investigators to Morosco and to her 37-year-old friend, Marryott.

“They got his personal information, and shouldn’t have obtained the use for that purpose,” said Jose. “We intend to prove at trial that they accessed his information to change grades, which is a crime.”

Bucks County Community College issued this response to Action News:

“BCCC takes the integrity of its data systems very seriously, and all of it the grades altered in the breach were restored to their correct level.”

Students on campus are stunned a classmate would go to these lengths to change a grade.

“It’s crazy. You deserve the grade you get,” said Emily Bombino. “And if you have an issue talk to your professor. Don’t go around changing, stealing his information.”

Both women face felony counts of unlawful computer use and identity theft. A court date is tentatively set for December.

The post Women #allegedly #hack #college #computer system to change #grades appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Computer System Administrator

Source: National Cyber Security – Produced By Gregory Evans

Job Description

Provide configuring management support, connectivity to networks, performance monitoring, and maintenance on computer systems. Responsible for computer, peripheral, and software purchasing requirements, maintaining computer lists (asset tracking and turn in), troubleshooting and resolving issues, and completing necessary DOD documentation, such as Certificates of Networthiness (CONs) or Risk Management Framework (RMF) and other documentation for multiple instrumentation sections. Operations will include patching and updating of standalone computers, maintain a secure computing environment according to YPG regulations, and work closely with YPG Cyber Security Office to solve problems unique to the YPG test environment. Build and repair CAT5 Ethernet cables. Perform other duties as assigned.
Qualifications
Pay Rate: DOE

Shifts/Hours: Vary by mission requirements.

Minimum Qualifications:

• Must be a US citizen and not hold multiple citizenships.
• Must possess a valid driver’s license, without special restrictions.
• Must possess a high school diploma or equivalent.
• Must possess or be able to obtain a security clearance prior to employment and maintain security clearance for the duration of employment.
• Must be able to work all shifts, weekends, holidays and overtime as needed, sometimes on short notice, to support test missions.
• Must have dependable transportation and a dependable means of communication.
• Must be able speak, write, read, and understand English.
• Must have a well-mannered customer service attitude.
• Must be willing to cross-train in other areas.
• Must use “down-time” effectively to the benefit of test, self, and company.
• Must be punctual, responsible, and dependable.
• Must demonstrate motivation, initiative, and reliability.
• Must be adaptable, flexible, and able to adjust to new or changing instructions.
• Must have a demonstrated ability to follow instructions and company policy.
• Must be able to deliver quality products to the customer and be responsive to their needs.
• Must be safety and security conscious, complying with rules and policies.
• Must be able to work both as part of a team and independently.
• Must have an Associate’s Degree/Military training AND two years of related experience, OR Bachelor’s Degree from an accredited institution AND one year related experience.
• Must possess industry certifications within 6 months to meet DoD Directive 8570.01 training requirements, as required, such as CompTIA Security+ and Microsoft OS certification.
• Experience in computer performance monitoring and troubleshooting
• Individual must demonstrate motivation, timeliness, and initiative.
• Effective interpersonal and organizational skills, along with sound written and verbal communication skills are required. Attention to detail is a must.
• Must be able to work with minimum supervision.
• Must work well with others and demonstrate good customer service attributes.
• Must be proficient in Microsoft Office applications.

Physical Requirements:

• Must pass a pre-employment drug screening and physical and periodic retests.
• Must be able to wear appropriate Personal Protective Equipment (PPE) for work tasks assigned.
• Must be capable of working in extreme weather conditions including summer temperatures peaking around 120 degrees Fahrenheit.
• Must meet the physical requirements necessary to perform operations outlined, performed, and stated in the SOPs for the Instrumentation Data section.
• Must be able to climb up and down stairs or elevated platforms without assistance.
• Must be able to work indoors and outdoors in a desert environment.
• Must be able to lift 50 lbs unassisted.

Additional Desirable Qualifications:

• Experience with Windows and Unix/Linux operating systems.
• Experience with DOD’s Risk Management Framework (RMF).
• Experience with Microsoft Client OS Registry.
• Experience with Group Policy Objects.
• Experience with instrumentation.
• DoD Network experience.
• Associate’s or Bachelor’s degree in Computer Science, Computer Information Systems, or technical discipline from an Accreditation Board for Engineering and Technology (ABET) accredited college or university.

Closing Date: Open until filled.
Other Job Information (if applicable)
•TRAX International, Test Services Division, participates in E-Verify.
•TRAX is an Equal Opportunity Employer – Minorities/Females/Veterans/Disability.
•TRAX Test Services promotes a drug/alcohol free work environment through the use of mandatory pre-employment drug testing and on-going random drug testing, as per applicable State Laws.
•Must be able to obtain a security clearance prior to employment and maintain security clearance for the duration of employment.
•TRAX Test Services also encompasses four subcontracts to include: VETS,WESTECH, SPIRAL and MIRATEK. All positions with TRAX can always be transferred to one of the four subcontracts.

The post Computer System Administrator appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Computer Network Defense Engineer

Computer Network Defense EngineerSource: National Cyber Security – Produced By Gregory Evans PSI Pax is currently recruiting for a Computer Network Defense Engineer to support our government customer in Indianapolis, IN.   The Computer Network Defense Engineer must be an IT Security professional with a strong background in engineering, implementing, and supporting security infrastructure to include web proxy/content filter, IPS/IDS, SIEM, firewall and […] View full post on AmIHackerProof.com | Can You Be Hacked?

Basic #Payment #cash raises #computer #hacker #threat

Source: National Cyber Security – Produced By Gregory Evans

Basic #Payment #cash raises #computer #hacker #threat

EASY access to information about Scottish farmers’ Basic Payments has made them prime targets for cyber crime, the Scottish Business Resilience Centre has warned.

At the end of October, payments worth £254million were issued to farmers and crofters across the country, and SBRC advised farmers to be “extra vigilant” regarding their internet safety, including being aware of suspicious emails or phone calls.

Chief ‘ethical hacker’ with the SBRC, Gerry Grant, said: “I know how vital these payments are to the livelihood of farmers and crofters. This makes it even more important that they’re fully aware that it can make them an easy target for criminals to try and scam them.

“Criminals can easily work out an accurate estimation of what a farmer is likely to receive in CAP payments and armed with this information, they can try and steal the money. They can send various emails to try and get passwords for bank accounts or even try and trick unsuspecting farmers into making payments to the wrong account.”

The types of emails and calls farmers may receive will generally consist of them being asked to take urgent action regarding their finances/bank accounts. SBRC said that any unusual emails or phone calls should be investigated fully, and the contact details should be verified before any action is taken.

Things to look out for include:

• Emails from suppliers asking for funds to be transferred to a different bank account;

• Emails claiming that there is a problem with an account;

• Phone calls from banks saying that there appears to be unusual activity on their account.

The post Basic #Payment #cash raises #computer #hacker #threat appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

NSA #hacking #code lifted from a #personal #computer in #U.S

Source: National Cyber Security – Produced By Gregory Evans

NSA #hacking #code lifted from a #personal #computer in #U.S

Moscow-based multinational cybersecurity firm Kaspersky Lab on October 25 said that it obtained suspected National Security Agency (NSA) hacking code from a personal computer in the U.S. During the review of file’s contents, a Kaspersky analyst discovered it contained the source code for a hacking tool later attributed to what it calls the Equation Group.

Kaspersky said it assumed the 2014 source code episode was connected to the NSA’s loss of files. The antivirus software-maker spokeswoman Sarah Kitsos was quoted saying as “we deleted the archive because we don’t need the source code to improve our protection technologies and because of concerns regarding the handling of classified materials”.

Another spokeswoman Yuliya Shlychkova told Reuters that removals of such uninfected material happen “extremely rarely.”

Meanwhile, Democratic Senator Jeanne Shaheen sent a letter to the Department of Homeland Security (DHS) acting Secretary Elaine Duke and Director of National Intelligence Dan Coats, urging the U.S. government to declassify information about Kaspersky products.

In October this year, the U.S. NSA contractor came under scanner, whose personal computer was equipped with Kaspersky anti-virus software and confidential details were shared with the Russian company. The unidentified NSA contractor had reportedly downloaded a cache of classified information from his workplace, even though he was aware of the consequences that moving such a classified and confidential data without approval is not only against NSA policy, but it also falls under criminal offence.

Kaspersky Lab repeatedly denied that it has any unethical ties to any government and said it would not help a government with cyber espionage or offensive cyber efforts. It also highlighted that more than 85% of its revenue comes from outside Russia. It maintains that it has no connection with Russian intelligence but it is registered with the Federal Security Service.

To restore people’s and government’s trust again, Kaspersky on October 23 allowed to have his company’s source code audited independently by internationally recognized independent authorities in the first quarter of 2018. As part of comprehensive transparency initiative, the firm plans to open three transparency centers across the U.S., Europe and Asia by 2020.

According to Wall Street Journal, it was reported earlier this month that hackers working for the Russian government appeared to have targeted an NSA worker by using Kaspersky software to identify classified files in 2015.

The New York Times reported on October 10 that Israeli officials reported the operation to the United States after they hacked into Kaspersky’s network.

Following allegations Russian hackers interfered in 2016 U.S. elections, the DHS had banned the Kaspersky Lab software in September 2017, citing concerns the company may be linked to the Kremlin and Russian spy agencies.

The post NSA #hacking #code lifted from a #personal #computer in #U.S appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Student #expelled for #hacking school #computer and changing #grades

Source: National Cyber Security – Produced By Gregory Evans

Student #expelled for #hacking school #computer and changing #grades

Student expelled for changing grades using keylogger

Under normal situations, a student wanting higher grades would mean extra effort and hard work and that’s usually a good thing. In this student’s case however, the school decided that its a bad thing when the hard work leads a student to hack into his school’s computer systems.

Greed did him in

The incident was reported in Kansas University (KU) where the student reportedly logged into the school’s systems and changed his grades from an F to an A. The student got the credentials needed to access the system by using a physical key-logger and installing it in one of the systems in the lecture halls.

The key-logger was a simple one, available for purchase online for as little as $20. Various KU professors while speaking to local news media said that the hack was only noticed because the student got too greedy with his grades. The professors also noted that the hack occurred last spring and was only noticed at the beginning of the new school year that too by chance. The teachers are hopeful that the University files a police complaint regarding this incident as a warning for any other student getting the same idea. This student’s name hasn’t been disclosed but he has been expelled for his actions.

Not a unique case

This isn’t the first reported case of students hacking into their school’s system to change grades. A Louisiana high school suspended 45 students at one stretch for hacking into the school’s computer systems to change their grades. Similar incidents have also been reported across the globe , most popular being one in Haifa, Israel where another student was expelled from The Technion Institute of Technology for hacking into his professor’s emails seeking any information that could be used to boost his grades.

The post Student #expelled for #hacking school #computer and changing #grades appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

How #hackers can #hijack your #computer to make free #money

Source: National Cyber Security – Produced By Gregory Evans

How hackers can hijack your computer to make free money

If you experienced a sudden drop of performance when visiting Politifact on Friday, it was most likely because the popular fact-checking website was fast busy taxing your computer’s resources to make money—and no, you’re not getting a cut.

Hackers allegedly compromised the website and inflicted it with a cryptocurrency-mining script, a program that uses visitors’ CPU power to generate Monero, a digital currency like Bitcoin that professes anonymity.

The same script appeared on Showtime’s website late last month, though it was quickly removed after news broke on Twitter and several tech publications. Showtime never made it clear whether the script was added intentionally or was the result of their website being compromised. Pirate Bay intentionally experimented with the script but later removed it due to negative visitor feedback.

These are just a few of the increasing number of cases where the resources of computers like yours or mine have been hijacked to generate digital money without their owners’ consent. With the prices of cryptocurrencies steadily rising, plenty of people—including malicious hackers—are on the lookout to pad their wallets.

What is cryptocurrency mining?

While you can always buy cryptocurrencies on online exchanges, an alternative way to obtain them is to “mine” them, which will cost nothing if others are doing it for you.

Cryptocurrencies run on blockchain technology, a distributed ledger that exists on thousands of computers at the same time and obviates the need for middlemen and brokers such as banks and financial institutions. Records are stored on the ledger in blocks and are linked together through cryptographic equations, hence the name.

Before a new block is added to the blockchain, it has to be validated and verified through solving complicated mathematical problems. The process, called mining, requires a lot of computing power and ensures that no one can compromise the integrity of the system.

Anyone can become a miner by installing mining software and joining the network. The first miner to solve the equation gets to append the new block to the blockchain and be rewarded in cryptocurrencies and transaction fees.

Mining bitcoins requires huge amounts of computing power and requires specialized hardware available in large data centers. On the other hand, Monero, which was launched in 2014, can be mined with ordinary CPUs. Hackers can easily get involved by assembling a mining botnet, a network of computers infected with malware that enables cybercriminals to control them from afar.

How hackers are mining cryptocurrencies

Coinhive, the script used on the Showtime and Pirate Bay sites, was developed by a namesake company earlier this year and was introduced as “a viable alternative to intrusive and annoying ads that litter so many websites today.” It was also meant to address the rise of ad-blockers, which are hurting the bottom line of websites that rely on ads. The hosting website takes 70 percent of the proceeds and the rest goes to Coinhive. (The user naturally gets nothing.)

Given the inconspicuous way the script works, it has become a favorite money-making tool for hackers. In the past weeks, the script has popped up in numerous Google Chrome extensions and hacked WordPress and Magento websites.

Coinhive has expressed disappointment in the shady use of its tools and has promised to alter the script to obtain visitors’ consent before using their CPU for mining in the future. Meanwhile, several ad-blockers have added support to block Coinhive’s script.

However, Coinhive is not the only tool hackers are using to mine cryptocurrencies. Cryptocurrency mining malware and schemes have been around for several years. But the past months have seen a spike in mining activity, largely due to the rising price of cryptocurrencies.

Slovakian cybersecurity vendor ESET recently discovered a malware that exploits unpatched vulnerabilities in Windows Server 2003 machines to mine tens of thousands of dollars’ worth of Monero every month.

Kaspersky Labs reported that cryptocurrency-mining malware has targeted more than 1.65 million computers in the first eight months of 2017, an uptick compared to previous years. IBM’s X-Force security team has found a sixfold increase in cryptocurrency-mining attacks aimed at enterprise networks.

How to protect yourself against cryptocurrency miners

While cryptocurrency miners won’t steal your data or encrypt your files like other malware, they are annoying nonetheless and can negatively impact the performance of your computer. Here are several ways you can prevent hackers from lining their pockets with your CPU:

Install an antivirus and keep it up to date: Most antivirus solutions detect and removing cryptocurrency mining tools as harmful software.

Install an ad-blocker: If you’re using AdBlock Plus or AdGuard, both block Coinhive’s JS library.
Install a cryptomining blocker extension on your browser: Developers have created Chrome extensions that scan your browser and terminate scripts that “look” like Coinhive. AntiMiner, No Coin, and minerBlock are three plugins that will help protect you against cryptocurrency miner scripts.

Source:

The post How #hackers can #hijack your #computer to make free #money appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Murdoch’s UK paper arm admits computer hacking, fuelling criticism of Sky takeover

Source: National Cyber Security – Produced By Gregory Evans

Rupert Murdoch’s British newspaper group said on Friday one of its titles had hacked the computer of a former intelligence officer, an admission which critics said showed why his takeover of European broadcaster Sky should be blocked. In a hearing at London’s High Court, Murdoch’s News Group Newspapers admitted “vicarious…

The post Murdoch’s UK paper arm admits computer hacking, fuelling criticism of Sky takeover appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures