hackers

now browsing by tag

 
 

#deepweb | Hackers are stealing loyalty rewards. Are your air miles or hotel points at risk?

Source: National Cyber Security – Produced By Gregory Evans

American consumers love loyalty programs. It’s estimated that the 3.3 billion loyalty program members in the U.S. currently store about $48 billion worth of points and miles in their accounts, according to Chargebacks911. These programs have grown so large in recent years that they’ve become an inviting target for hackers.

“It’s a huge problem and getting bigger,” said Brett Johnson, a former cyber-thief who turned his life around and became a digital security consultant after spending six years in prison. “Rewards points are a goldmine for crooks. They’re easy to access, very easy to use or transfer, and victims rarely check their accounts, so criminals flock to this type of crime without fear of consequences.”

While we call them miles or points, loyalty rewards are really a form of digital currency that can be used just like cash. Because they’re so liquid, the hackers don’t have to book flights or hotel stays with them. They can buy gift cards or merchandise to resell online, or they can simply sell the stolen rewards to other criminals.

Electronic gift cards are the favorite way to turn loyalty rewards into cash, said Peter R. Maeder, secretary and cofounder of the Loyalty Security Association.

“The opportunities for criminals in the loyalty area are tremendous,” Maeder told NBC News BETTER from his home-base of Switzerland. “Crooks talk to one another and the word is out that they can make easy money very quickly this way, and there’s not a lot of danger of being caught.”

Scammers always look for soft targets, and loyalty accounts are relatively easy to attack.

“They are incredibly insecure,” said John Breyault at Fraud.org (a public service of the National Consumers League). “Typically, they usually don’t have two-factor authentication; they’re only protected by an e-mail address and password. That’s just like leaving your front door unlocked to cyberthieves, who can get in easily and make money off of your miles or points.”

While travel rewards are a prime target for hackers, any loyalty program where the rewards are accessed digitally is at risk. Loyalty programs at McDonald’s, Domino’s and Buffalo Wild Wings have all been hacked, the New York Times reported.

How much are stolen rewards worth?

There’s a vibrant market for stolen miles and points and loyalty reward program login credentials on the ‘dark web’, the online black market where criminals shop.

“They can just go shopping for what they want,” said Kevin Lee, digital trust and safety architect at Sift, a digital security company. The dark web, Lee says, is “essentially like an Amazon marketplace where you can find rewards for hotel chains and airlines.”

Get the better newsletter.

NBC News BETTER asked Lee to check the dark web so he could give us an idea of what these rewards are selling for right now. Turns out, they’re a steal (pun intended). He found:

  • 900,000 Marriott points (value $1,125) selling for only $270.
  • 44,000 Hilton points (worth $450) selling for just $20.
  • 2,000 Jet Blue miles ($75 to buy from the airline) selling for $2.50.

“They’re cheap and you aggregate lots of these different accounts together and then funnel them into one account and buy a plane ticket or redeem them for other rewards,” Lee said.

Source link
——————————————————————————————————

The post #deepweb | <p> Hackers are stealing loyalty rewards. Are your air miles or hotel points at risk? <p> appeared first on National Cyber Security.

View full post on National Cyber Security

#infosec | Amazon Doorbell Camera Lets Hackers Access Household Network

Source: National Cyber Security – Produced By Gregory Evans A vulnerability detected in Amazon doorbell cameras made it possible for hackers to gain access to the owner’s household computer network. The weakness in the Ring Video Doorbell Pro IoT device was discovered by researchers at Bitdefender in June of this year. Researchers found that the credentials of […] View full post on AmIHackerProof.com

Hackers Can Silently Control Your Google Home, Alexa, Siri With Laser Light

Source: National Cyber Security – Produced By Gregory Evans

hacking voice controllable devices with laser light

A team of cybersecurity researchers has discovered a clever technique to remotely inject inaudible and invisible commands into voice-controlled devices — all just by shining a laser at the targeted device instead of using spoken words.

Dubbed ‘Light Commands,’ the hack relies on a vulnerability in MEMS microphones embedded in widely-used popular voice-controllable systems that unintentionally respond to light as if it were sound.

According to experiments done by a team of researchers from Japanese and Michigan Universities, a remote attacker standing at a distance of several meters away from a device can covertly trigger the attack by simply modulating the amplitude of laser light to produce an acoustic pressure wave.

“By modulating an electrical signal in the intensity of a light beam, attackers can trick microphones into producing electrical signals as if they are receiving genuine audio,” the researchers said in their paper [PDF].

Doesn’t this sound creepy? Now read this part carefully…

Smart voice assistants in your phones, tablets, and other smart devices, such as Google Home and Nest Cam IQ, Amazon Alexa and Echo, Facebook Portal, Apple Siri devices, are all vulnerable to this new light-based signal injection attack.

“As such, any system that uses MEMS microphones and acts on this data without additional user confirmation might be vulnerable,” the researchers said.

Since the technique ultimately allows attackers to inject commands as a legitimate user, the impact of such an attack can be evaluated based on the level of access your voice assistants have over other connected devices or services.

Therefore, with the light commands attack, the attackers can also hijack any digital smart systems attached to the targeted voice-controlled assistants, for example:

  • Control smart home switches,
  • Open smart garage doors,
  • Make online purchases,
  • Remotely unlock and start certain vehicles,
  • Open smart locks by stealthily brute-forcing the user’s PIN number.

As shown in the video demonstration listed below: In one of their experiments, researchers simply injected “OK Google, open the garage door” command to a Google Home by shooting a laser beam at Google Home that was connected to it and successfully opened a garage door.

In a second experiment, the researchers successfully issued the same command, but this time from a separate building, about 230 feet away from the targeted Google Home device through a glass window.

Besides longer-range devices, researchers were also able to test their attacks against a variety of smartphone devices that use voice assistants, including iPhone XR, Samsung Galaxy S9, and Google Pixel 2, but they work only at short distances.

According to the researchers, these attacks can be mounted “easily and cheaply,” using a simple laser pointer (under $20), a laser driver ($339), and a sound amplifier ($28). For their set up, they also used a telephoto lens ($199.95) to focus the laser for long-range attacks.

How can you protect yourself against the light vulnerability in real-life? The best and common solution is to keep your voice assistant of the line of sight from outside and avoid giving it access to things that you don’t want someone else to access.

voice activated smart assistant hacking

The team of researchers—Takeshi Sugawara from the Japan’s University of Electro-Communications and Mr. Fu, Daniel Genkin, Sara Rampazzi, and Benjamin Cyr from the University of Michigan—also released their findings in a paper [PDF] on Monday.

Genkin was also one of the researchers who discovered two major microprocessor vulnerabilities, known as Meltdown and Spectre, last year.

The Original Source Of This Story: Source link

The post Hackers Can Silently Control Your Google Home, Alexa, Siri With Laser Light appeared first on National Cyber Security.

View full post on National Cyber Security

#hacking | Florida Officials Pledge to Combat 2020 Election Hackers

Source: National Cyber Security – Produced By Gregory Evans (TNS) — “Foreign adversaries” and “malign foreign actors” are trying to influence and attack Florida’s election systems, FBI officials say, and they need your help to combat them. “You are the first line of defense against foreign influence operations and cybercriminals worldwide,” Rachel Rojas, special agent […] View full post on AmIHackerProof.com

#deepweb | N.J. towns are easy targets for dark web hackers. They won’t always admit being scammed.

Source: National Cyber Security – Produced By Gregory Evans

The ransom demand was electronic.

In 2017, Newark’s computer system was hijacked by a group of hackers from halfway across the world, shutting down municipal services. Officials were given just seven days to come up with $30,000 in Bitcoin or they could kiss the city’s encrypted computer files goodbye.

They paid the ransom.

Cybercrime continues to explode nationwide, according to the Federal Bureau of Investigation’s most recent internet crime report. Last year, federal authorities received more than 350,000 complaints involving internet-based fraud, an increase of 16.7 percent over the previous year. Victim losses across the country in 2018 related to cybercrime totaled $2.71 billion.

In New Jersey, more than 8,400 victims across the state — including businesses, individuals, and government agencies — reported overall cybercrime losses last year of $79.7 million, making the state ninth in the nation for such high-tech theft, the FBI reported.

While much of that involved scams against individuals, businesses and Fortune 500 companies, the masters of the dark web have also been targeting your local tax collector’s office. Dozens of municipal government agencies in New Jersey have been victimized by hackers over the past two years, but have been reluctant to make those attacks public, officials say.

John Cohen, a senior expert on global threats for the Argonne National Laboratory and a professor at the Georgetown University Security Studies Program, said local governments remain easy targets for cyber criminals.

“Their systems remain vulnerable due insufficient security and local governments continue to pay the criminals,” Cohen said. “Until localities change their practices in the regard, they will continue to be targeted.”

In New Jersey, the state’s Office of Homeland Security and Preparedness said it has been tracking the threat of ransomware since 2015 and officials said municipal governments have long been in the mix.

“Many cyber-threat actors are just looking for low-risk targets and something they can monetize,” said Jared Maples, who heads the state agency. “The availability of hacking tools and the increasing number of unsecured internet-connected devices reduces the need for extensive technical skills to carry out successful cyberattacks.”

Officials at the Municipal Excess Liability Joint Insurance Fund, which helps insure public entities across the state, said they have seen a 540% increase in cyber attacks on local government agencies since 2013. About 80 events have been reported over that time, but officials with the fund said they were aware of 50 others that were never formally reported.

“Nobody wants to acknowledge they’ve been victimized,” said Marc Pfeiffer, assistant director of the Bloustein Local Government Research Center at Rutgers University, of the radio silence. Nobody is going to call a press conference to announce someone made off with taxpayer funds, he said.

Maples, meanwhile, believes that what is happening is only going to get worse.

“Cyberspace is a complex, diverse, and fluid security environment with real, persistent, and evolving threats,” he said. “The impacts of cyberattacks will increase as we enter into an era of autonomous systems, artificial intelligence, smart cities, hyper-connectivity, and the convergence of cyber-physical systems and devices.”

MORPHING SCHEMES

While many of the high profile cybercrime cases that have come to light in recent years have involved ransomware, where malicious software delivered by a link that should never have been clicked is used to corrupt and encrypt computer files, that is only one of many weapons commonly employed. According to the FBI, the attack tactic most gaining favor these days is known as Business Email Compromise, or BEC, which targets those who use wire transfers.

The BEC scam works by compromising the email of corporate executives — and sometimes of municipal officials involved in finance — and seeks to redirect wire transfers meant for suppliers or financial institutions to fraudulent accounts both here and abroad.

Earlier this year, Lawrence Espaillat, 41, of Clifton pleaded guilty in connection with a BEC scheme to steal more than $1 million from corporate victims and individuals. Authorities said Espaillat and others incorporated sham businesses and created email addresses, which mimicked but differed slightly from legitimate email addresses of supervisory employees at various companies. Emails from those sham accounts were then used to send what appeared to be requests for payment of legitimate invoices or debts owed by the victims.

Last year in New Jersey, according to state municipal finance officials, at least one unnamed municipality was sent wiring instructions by such a compromised email to change its bond anticipation note payments from what appeared to be one reputable banking institution to another. They sent $40,000 to the other account, which was fraudulent.

In August 2018, the FBI said received a complaint filed on behalf of another New Jersey town that fell victim of another BEC scam, transferring more than $1 million into the fraudulent account. Michael Doyle, an FBI supervisory special agent in New Jersey, would not identify the town, but said the money was recovered through a “financial fraud kill chain” that moves to quickly freeze funds and recall a wire transfer if they are alerted without delay.

Noting the explosion in BEC complaints nationally, Doyle said the nature of cybercrime is changing. More than $1.2 billion in losses were attributed last year to just on compromised business email scams.

“It dwarfs everything else,” the FBI agent said — far more than the $362 million lost to victims in confidence or romance fraud.

Yet while ransomware complaints do not top the list of cybercrime complaints, Doyle suspects what happened in Newark may be happening more than is being reported to authorities. How the money is taken has also morphed, he added, with the use of “money mules” in the United States who act — sometimes unwittingly — as a go-between, so that suspicions are not raised by having money directly wired overseas.

“It used to be jumping out of the country immediately,” Doyle said. Now, potential victims might think it suspicious to be told to send money to an account in Hong Kong. These days, money may be wired through a series of destination points before in lands in somebody’s pocket.

Last November, two Iranian men were indicted in connection with an international wave of ransomware attacks that shut down Newark’s computer systems, and led to the city’s payment of $30,000 to regain control of the city’s electronic files. Faramarz Shahi Savandi and Mohammad Mehdi Shah Mansouri where charged with running what officials called “an extreme form of 21st century digital blackmail.”

Both men remain at large.

Doyle said cybercrime is still far more likely to target big companies than town hall. Usually municipalities don’t have that kind of money. There’s no revenue stream.

Still, the problem for local government is growing, officials here say.

David N. Grubb, executive director of the Municipal Excess Liability Joint Insurance Fund in Parsippany, said the impact is not insignificant.

“When a municipality gets hit by one of these things, can’t quantify the disruption that occurs. There are things that can’t happen when you are trying to get the system up and running. There is a reputational cost,” he said. It can get residents quite upset.“

A spokeswoman for Newark said the city has made numerous changes and improvements to defend against similar attacks, including improvements to infrastructure, training as well as following professional recommendations that identified security gaps.

“While no amount of preparation protects any organization 100%, the city is in a much better position to thwart similar events,” said the spokeswoman, Crystal Rosa.

At the same time, she said the city is constantly being being targeted.

“Measures put in place, actions following the prior ransomware event, have identified attempts and been successful to date from any in-depth intrusion,” she said.

With three dozen or more New Jersey municipalities the victims of successful hacker attacks in just the last two years, Pfeiffer said local officials are paying more attention, and like Newark, said that the electronic systems of every municipality in the state are under attack daily. Most municipalities now have cyber insurance, he added.

But technology requires management, and that requires time and money.

“There are two things you cannot be without in managing technology,” he said. “You have to have somebody you trust advising you on technology. And you have to have a sound backup plan.”

Ted Sherman may be reached at tsherman@njadvancemedia.com. Follow him on Twitter @TedShermanSL. Facebook: @TedSherman.reporter. Find NJ.com on Facebook.

Have a tip? Tell us. nj.com/tips

Get the latest updates right in your inbox. Subscribe to NJ.com’s newsletters.

Source link
——————————————————————————————————

The post #deepweb | <p> N.J. towns are easy targets for dark web hackers. They won’t always admit being scammed. <p> appeared first on National Cyber Security.

View full post on National Cyber Security

#hacking | Hacking the hackers: Russian group hijacked Iranian spying operation, officials say

Source: National Cyber Security – Produced By Gregory Evans

LONDON (Reuters) – Russian hackers piggy-backed on an Iranian cyber-espionage operation to attack government and industry organizations in dozens of countries while masquerading as attackers from the Islamic Republic, British and U.S. officials said on Monday.

FILE PHOTO: A man types on a computer keyboard in Warsaw in this February 28, 2013 illustration file picture. Kacper Pempel//File Photo

The Russian group, known as “Turla” and accused by Estonian and Czech authorities of operating on behalf of Russia’s FSB security service, has used Iranian tools and computer infrastructure to successfully hack in to organizations in at least 20 different countries over the last 18 months, British security officials said.

The hacking campaign, the extent of which has not been previously revealed, was most active in the Middle East but also targeted organizations in Britain, they said.

Paul Chichester, a senior official at Britain’s GCHQ intelligence agency, said the operation shows state-backed hackers are working in a “very crowded space” and developing new attacks and methods to better cover their tracks.

In a statement accompanying a joint advisory with the U.S. National Security Agency (NSA), GCHQ’s National Cyber Security Centre said it wanted to raise industry awareness about the activity and make attacks more difficult for its adversaries.

“We want to send a clear message that even when cyber actors seek to mask their identity, our capabilities will ultimately identify them,” said Chichester, who serves as the NCSC’s director of operations.

Officials in Russia and Iran did not immediately respond to requests for comment sent on Sunday. Moscow and Tehran have both repeatedly denied Western allegations over hacking.

GLOBAL HACKING CAMPAIGNS

Western officials rank Russia and Iran as two of the most dangerous threats in cyberspace, alongside China and North Korea, with both governments accused of conducting hacking operations against countries around the world.

Intelligence officials said there was no evidence of collusion between Turla and its Iranian victim, a hacking group known as “APT34” which cybersecurity researchers at firms including FireEye FEYE.O say works for the Iranian government.

Rather, the Russian hackers infiltrated the Iranian group’s infrastructure in order to “masquerade as an adversary which victims would expect to target them,” said GCHQ’s Chichester.

Turla’s actions show the dangers of wrongly attributing cyberattacks, British officials said, but added that they were not aware of any public incidents that had been incorrectly blamed on Iran as a result of the Russian operation.

The United States and its Western allies have also used foreign cyberattacks to facilitate their own spying operations, a practice referred to as “fourth party collection,” according to documents released by former U.S. intelligence contractor Edward Snowden and reporting by German magazine Der Spiegel.

GCHQ declined to comment on Western operations.

By gaining access to the Iranian infrastructure, Turla was able to use APT34’s “command and control” systems to deploy its own malicious code, GCHQ and the NSA said in a public advisory.

The Russian group was also able to access the networks of existing APT34 victims and even access the code needed to build its own “Iranian” hacking tools.

Additional reporting by Vladimir Soldatkin in Moscow and Babak Dehghanpisheh in Geneva; Editing by Frances Kerry

Our Standards:The Thomson Reuters Trust Principles.

Source link

The post #hacking | Hacking the hackers: Russian group hijacked Iranian spying operation, officials say appeared first on National Cyber Security.

View full post on National Cyber Security

#hacking | Bharat Bhise HNA – Understanding Why Hackers Commit Cyberattacks.

Source: National Cyber Security – Produced By Gregory Evans

Like

Like
Love
Haha
Wow
Sad
Angry

1

(ThyBlackMan.com) The world of cybersecurity is truly fascinating and scary in equal measure, and it is something which more of us need to be aware of, especially if you run a business. Bharat Bhise HNA gave a talk at a conference recently about the aims and desires of hackers and cybercriminals, which was a essentially a cautionary tale which everyone must pay attention to. Bharat has seen it all in the world of cybercrime and he still witnesses things which shock and surprise him. To understand the importance of this we must first understand why people hack in the first place, and what they are looking for when they do so, let’s take a look.

Ethical Hacking

Technically speaking the term ‘ethical hacking’ is used to refer to hackers who are recruited by a company to test out their cybersecurity for them. In this case however we are discussing hackers who are not hired by anyone, but who hack for their own ethical reasons. For example let’s say that a company decides to do business with a dubious company, some hacking groups may attack this company’s system to show their disdain and to cause them as many problems and public embarrassment as they can.

For Hire

A huge number of hackers actually do this and get paid by one oftener clients for the work that they have done. Few hackers get into the game because of the criminality, but once they have amassed those skills which allow them to hack, criminal organizations and nefarious individuals realize what they are able to do and then try to sub-contract them for various types of hacks. It is actually rather difficult to steal money from a hack, which is why many do it as a paid-for service.

Bragging Rights

Surprisingly a huge number of the hacks which we see really have nothing to do with crime per se, but are in fact done by hackers who are trying to show off how good they are. There is a real sense of brinksmanship in the hacking community and each level of cybersecurity is seen as a challenge more than a deterrent. Whilst this may be harmless in terms of criminality, a hack such as this can still cause a big headache to many companies who will then have to review their systems and its security.

Crime

There is of course individuals who will hack with criminal intent, they may look to cause damage to a business or government system, or they may be looking to steal whatever they find once they have breached the system. This could be personal information, trade secrets or straight up cash, there is a huge amount that they will be able to obtain once they have successfully hacked into a system. These are the minority but they do present a very real danger to many companies and individuals.

This is something that is on the rise and it is something which you need to educate yourself about sooner rather than later.

Staff Writer; Rick Carter

Source link

The post #hacking | Bharat Bhise HNA – Understanding Why Hackers Commit Cyberattacks. appeared first on National Cyber Security.

View full post on National Cyber Security

#computersecurity | ANU cyber attack: How hackers got inside Australia’s top uni

Source: National Cyber Security – Produced By Gregory Evans

news, latest-news, anu hack, anu data breach, anu hack 2019, china hacks ANU, who hacked ANU, Australian National University, anu cyber attack, anu student staff data stolen

It’s been compared to Ocean’s Eleven – a cyber attack on Australia’s top university, methodically planned and then adapted on the fly by an “A team” of hackers who cracked into the personal records of 200,000 students and staff and walked away leaving virtually no trace. The operation was so slick investigators claim they still don’t know if the breach was the work of a foreign state, even as its “shocking” sophistication throws suspicion on China. But the hack didn’t go entirely to plan. Now, after months of forensic analysis, the Australian National University has revealed it’s likely the hackers “didn’t get what they wanted” from its records after all. They were foiled in the act – and it was entirely by accident. On Wednesday, the university released a post-mortem of the hack and how staff responded – the first public report of its kind into an Australian cyber attack. It describes a highly professional operation, likely of up to 15 people “working round the clock” to harvest data and build custom malware within the network itself. Hackers evolved, covered their tracks and returned for fresh attacks when a scheduled fire wall unexpected booted them out, in a campaign the university says was remarkably more sophisticated and “distinct” from an earlier breach involving national defence research in 2018. If the university hadn’t been cleaning up after that hack, where nothing was stolen but suspicion also fell heavily on China, it’s unlikely staff would have discovered this second breach when they did. “Frustratingly” the ANU says it doesn’t have enough evidence to point the finger at anyone this time around, not even organised crime – security teams now scouring the dark web for the stolen data have turned up nothing so far. Director of defence, strategy and national security at the Australian Strategic Policy Institute Michael Shoebridge has read the report closely (“It’s bit like CSI Miami”) and thinks China remains the most likely suspect – both for its well-known cyber capability and its interest in harvesting human intelligence on Australian government officials and researchers known to orbit the ANU. So how did the hackers get in and what clues did they leave behind? According to the report, which was developed in collaboration with Australia’s security agencies, the intrusion was first discovered in April, during a routine security sweep. A small army of cyber experts descended on the campus and the hunt began in earnest, with staff realising on May 17 someone hadn’t just been in the house, they’d been robbed. More than two weeks later, vice-chancellor Brian Schmidt went public with the news: the university had been hacked for the second time in less than a year. Nineteen years’ worth of HR data had been compromised. The final report now revises down that figure considerably – while hackers got into that database, analysts believe they stolen only a fraction of that, or roughly the same amount you can store on a CD. But to date investigators are still not sure exactly how much data was taken – or why. Professor Schmidt handed down the report on Wednesday with an apology to students and staff and a call to break the silence surrounding attacks of this kind. He said he hoped its detail would encourage disclosure about hacks more broadly, rather than providing an “instruction manual”. In the interest of transparency, only a small number of very specific details were omitted to prevent copycats. The hack was so sophisticated it “has shocked even the most experienced Australian security experts”, Professor Schmidt said, though he acknowledged the university “could have done more”. “This wasn’t a smash and grab, it was a diamond heist,” he said. “It’s likely they spent months planning this. They were organised and everyone knew their role.” It began, as many attacks do, with a seemingly innocuous email sent to a senior staff member in November 2018. The staffer wasn’t on campus at the time so it was read by a colleague. And they didn’t open the attachment. But this was something a little more sophisticated than the usual nefarious traffic the university deflects from its inboxes (ANU blocks 5000 intrusions attempts a day). Just previewing this email’s attachment was enough to deliver the malware and steal senior login credentials. And the hackers had their first door in. “The fact they got in without anyone actually clicking on an email, that wasn’t widely known around the traps,” Professor Schmidt says. “We were sort of ground zero for that.” From there, investigators think hackers must have gotten got lucky – an inside job has now been ruled out. The thieves managed to find an old legacy server due to be decommissioned within the year and it was there that they built their base of operations, installing “shadow infrastructure” to cloak their movements on the network as they hunted for a way into its more secure databases. Investigators say they are confident they know what the hackers were after – the HR files – because they made a beeline for that part of the network to the exclusion of other areas like research, much of which they had also gained access to. While the hackers ran extensive software to clean up their trail, university analysts believe they would have found traces elsewhere, as they did with the HR database, if they had been busy in more than one place. Instead, even when inside the network, they used password cracking software and kept running email “spear-phishing” campaigns like the one that first worked in November – trying to sniff out the right credentials to access the closed HR system, and eventually taking a final, desperate run at the IT department itself. Once they broke into the HR database through a previously unknown vulnerability, hackers used their own custom-made software to scrape its data so detail of exactly what was taken wouldn’t appear on ANU logs. But university investigators are confident the amount taken was much smaller than they originally thought – megabytes out of the many terabytes of information stored in the data-set. Spanning a period of 19 years, the affected HR records include payslips, bank account details, tax file and passport numbers, emergency contacts, and some academic records, on an estimated 200,000 current and former staff and students. Sensitive personal information such as medical and counselling records, academic misconduct and financial hardship is not stored in the same part of the network. Whether the data was taken based off a targeted search of the records, a random sample or some other extraction method is still unclear. But the intruders didn’t stop there. After extracting the HR files via another compromised computer, more phishing emails were sent out to harvest further credentials. Whatever hackers planned to do next, they were interrupted. A new scheduled firewall went up, booting them out of their base of operations in the middle of one of their clean-up cycles. They spent a frantic fortnight in the lead up to Christmas trying to break back in. Eventually, they found another foothold in a legacy computer not behind a firewall. But what about those email traps sent to IT staff? As hackers continued their operation, one or two red-faced IT staffers did click on their malicious emails, handing over more credentials. But others in the department recognised the emails for what they were and shut down the new attack station. Unfortunately, at the time, they didn’t see them as part of a much bigger attack. Unknown to the university, hackers were now waging another a two-month-long battle to get back inside its systems. For the ANU’s chief information security officer Suthagar Seevartnam, all this suggests the information they stole wasn’t the endgame after all. Part of the data harvested was made up of field names, often displayed in confusing jargon unique to the university. It would have been difficult for hackers to search and, indeed, decipher. And the ANU says what was taken doesn’t appear to have been misused. “Our current sense is the actor didn’t get what they wanted because they were stopped twice during their campaign,” Seevartnam says. “And what they did get was not immediately usable or they didn’t understand the data’s business context.” Once disrupted by ANU security upgrades, the hackers didn’t give up, trying new tactics almost up until the point of discovery, including attempts to disable the university’s email spam filter. They also returned to harvest another handful of HR files missed during the first extraction. Even after discovering the breach, the ANU says it was still under attack, working to shore up its defences and secure the network. Within an hour of going public with the news, the university came under fire again, this time in the form of a botnet campaign. And the following night, there was another attempt on the spam filter – leading investigators to suspect the same hackers still hadn’t given up. The university now believes its systems are secure. Whoever they were, they were well-resourced and highly skilled. As Professor Schmidt puts it: “This was a state-of-the-art hack, carried out by an actor at the very top of their game, at the very cutting edge.” Sophisticated is often code for “state sponsored” but at this stage the ANU insists it can’t rule anyone out. While it notes the type of data targeted – HR and financial records – would be of high value to criminals dealing in identity theft online, the information stolen hasn’t been detected online And both the university and police say the small number of suspected identity fraud cases involving ANU staff or students since the breach have all been deemed unrelated. So did hackers keep going because what they extracted wasn’t valuable enough to sell – or were they after something else? Shoebridge thinks it unlikely the type of data taken would have been of much interest to criminals in the first place. “They have better sources for that kind of stuff,” he says. “But universities are great datasets for foreign espionage outfits. This would fit nicely into information China has already gotten elsewhere. “ANU conducts a whole lot of interesting research, it’s student and teaching population over time flow on to become government officials.You need information on people to pressure them into doing what you want. “The level of sophistication and aggression here calls to mind a state actor. It’s pretty impressive ANU found them. I think they would have been happy to stay in the network, undetected.” Attribution is a notoriously difficult on the modern cyber battlefield. As countries throughout the world devote more resources to online spying and sabotage, diplomacy is struggling to keep the peace. The Australian Cyber Security Centre, which is run by the nation’s top spy agencies, did not respond to requests for comment before deadline but has been working closely with the ANU on the investigation. Last year, the centre’s head Alastair MacGibbon said he was aware of foreign countries that “actively try to steal IP from tertiary institutions and research centres” and last year the Australian government took the rare step of publicly rebuking China for stealing commercial secrets from local businesses. But this hack has not been attributed to the communist government so far. Shoebridge thinks attribution is important. “This should serve a lesson for all institutions, especially universities,” he says. “But it shouldn’t be on them to take on foreign governments. Australia needs to attribute attacks like these. If you catch a burglar in your house, pretending it didn’t happen just encourages them to come back the next night.” Having identified technical weak-points in ANU systems as well as “people and process issues”, the university will now look to rebuild its network entirely over the next four years and roll out extra training to staff. The university did not answer questions on funding for the new initiative or IT resources during the hack, but at the time it was discovered staff were in the middle of a significant security upgrade following the previous 2018 attack. “Unfortunately, there was not sufficient time to universally implement all measures across the ANU network between the two attacks in 2018,” the report says. “The sophistication and speed of the second attack underscore the threat environment in which we now operate.” ANU handed down the report as Australia’s top spy agency launched an investigation into another attack on regional Victorian hospitals this week. Seevaratnam says commentary around hacks should focus less on what organisations did wrong – which he calls “victim-blaming” – and more on the lessons that can be learnt to protect the community. “We need to encourage and support other victims coming forward and sharing their stories.”

https://nnimgt-a.akamaihd.net/transform/v1/crop/frm/fdcx/doc6tkwzit59x1tpgir3z3.jpg/r0_206_3916_2419_w1200_h678_fmax.jpg

Source link

The post #computersecurity | ANU cyber attack: How hackers got inside Australia’s top uni appeared first on National Cyber Security.

View full post on National Cyber Security

Hackers #access patient #data at #Oklahoma State #facility

Source: National Cyber Security – Produced By Gregory Evans

Hackers attacked Oklahoma State University Center for Health Sciences, and some 279,865 individuals have been notified that their protected health information may have been compromised.

The organization learned on Nov. 7, 2017, that an unauthorized party had gained access to data on the computer network that contained Medicaid billing information. The university removed the data from the network and the unauthorized access was terminated; and forensic specialists were called in to help determine the extent of compromise.

The investigation could not determine with certainty whether patient information was accessed, the university told affected patients in a notification letter.

Compromised data included patient names, Medicaid numbers, healthcare provider names, dates of service and limited treatment information, along with one Social Security number. To date, there is no indication of inappropriate use of patient information, according to the university.

“At OSU Center for Health Sciences, we care deeply about our patients,” the notification letter states. “Patient confidentiality is a critical part of our commitment to care, and we work diligently to protect patient information. We apologize for any concern or inconvenience this incident may cause our patients.”

A dedicated call center has been established for patients to get more information, and patients are urged to be on alert for any healthcare services they incur that they did not actually receive from their providers, and immediately contact their providers and Medicaid.

The university is not offering credit monitoring services to affected individuals, since no financial information was exposed; the one individual whose Social Security number may have been compromised was given credit protection services.

The post Hackers #access patient #data at #Oklahoma State #facility appeared first on National Cyber Security .

View full post on National Cyber Security

When Spies Get Hacked… Hackers Steal Customer Data from Android Spyware Company

When hackers get hacked” should become the tagline of 2018. After several other similar incidents, it is now the turn of an Android spyware maker that advertises its spyware to be used against children and employees. A target of a vigilante hacker, the company known as SpyHuman offers surveillance software for Android devices that enables its users to intercept phone calls, text messages, track GPS locations, read messages on WhatsApp and Facebook, and use the target device’s microphone.

It now appears that a hacker has stolen customer text messages and call metadata from the spyware company. Call metadata includes phone numbers the target devices dialled or received calls from along with their duration and dates. Hackers managed to access over 440,000,000 call details through exploiting a basic security flaw in the website.

advertisement:

nso-pegasusRELATEDControversial Israeli Spyware Firm Robbed by Its Own Employee Who Tried Selling Code for $50 Million!

“These spy apps should be out of market, most people spy on girls and [their] data image […] always sensitive,” the hacker wrote in a message that was obtained by Motherboard. “No one have rights to do that and same these apps and provider making money by doing this.”

While SpyHuman sells its spyware as a tool to monitor children and employees, it’s mostly used to illegally spy on partners and spouses without their consent. “Several review websites and social media posts do push the app for such purposes, and archives of particular SpyHuman pages include phrases such as ‘know if your partner is cheating on you,’ and suggests monitoring your husband’s texts in case he is having an affair,” the publication reports.

The company gave the following (non)explanation when asked about how it makes sure its software isn’t being used for illegal surveillance:

staff-surveillance-2RELATEDMicrosoft Exposes FinFisher Gov Spyware – Says Windows Defender ATP Can Now Detect the Notorious Spyware

“As a precaution, at an initial stage of our app installation, we always ask users that for what purposes they are installing this app in the target device. If they select child or employee monitoring then our app stays hidden and operate in stealth mode. Otherwise, it will create visible Icon so that one can know that such app is installed on his/her devices.”

As is apparent, since its users can always select a child or an employee – which in itself raises several questions – they don’t necessarily have to reveal if they are using the product for spying on people, mostly partners, without their consent.

– If you are a victim of spyware or technology-facilitated abuse, this is a very comprehensive resource list offering guidelines and help.

The post When Spies Get Hacked… Hackers Steal Customer Data from Android Spyware Company appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures