Info Security

Subscribe to Info Security  feed
Updated: 2 hours 37 min ago

Despite Fear of Fraud, Taxpayers Are Not Victims

Wed, 04/03/2019 - 15:25
Despite Fear of Fraud, Taxpayers Are Not Victims

Despite cyber-criminals crafting sophisticated phishing campaigns specifically to fool end users during tax season, the vast majority of taxpayers have never been victim of tax fraud or tax identity theft, according to a new report from Shred-it.

In fact, the report found that 91% of respondents have never been a victim of tax fraud, and only one in four reported that they personally know someone who has been. Still, 38% fear that they could be a victim of tax season fraud or identity theft.

The Tax Season and Fraud Prevention Report surveyed 1,200 people in the US and found that nearly half (48%) of taxpayers will file their own taxes online via tax preparation software, while only 37% plan to file with a certified tax preparer.

A reported one in 10 respondents said they believe that filing their returns with a certified preparer would put them at greater risk of tax and identity fraud. Additionally, 35% chose "filing taxes online with a tax preparation software" as the activity that puts them at greatest risk of becoming a victim of tax fraud or tax identity theft. Still, more than a quarter (26%) of respondents said they don’t know which behavior is most risky.

When asked about storing and disposing of their tax records, 45% of respondents said they hold on to their tax returns and associated paperwork, storing them in an unsecured location at home or work.

The findings suggested that nearly half of the participants remain uninformed about the storage and disposal practices of their tax preparers, with 44% admitting they have never been informed about how their tax preparers secure, store and dispose of sensitive tax-related documents.

“The Tax Season and Fraud Prevention Report reveals how common these risky tax-filing habits are and how they put taxpayers in jeopardy for fraud or identity theft,” said Monu Kalsi, vice president of marketing for Stericycle, the provider of Shred-it information security services, in a press release.

“As we near the April 15 tax-filing deadline, we encourage everyone to reassess how they are handling their own tax documents that contain sensitive information and also question how those preparing taxes for us are doing the same.”

Categories: Cyber Risk News

Georgia Tech Suffers Breach of 1.3m Staff and Student Records

Wed, 04/03/2019 - 09:35
Georgia Tech Suffers Breach of 1.3m Staff and Student Records

A US university renowned for its computer science programs has revealed that over one million current and former students and staff have had sensitive data accessed by an unauthorized third party.

Georgia Tech issued a brief note on Tuesday claiming that “unauthorized access to a web application” had allowed the individual to potentially steal data on 1.3m faculty, students, staff and student applications.

“The information illegally accessed by an unknown outside entity was located on a central database,” it added. “Georgia Tech’s cybersecurity team is conducting a thorough forensic investigation to determine precisely what information was extracted from the system, which may include names, addresses, social security numbers, and birth dates.”

The web app vulnerability in question has now been addressed after the university’s IT team discovered the incident at the end of last month, although it’s unclear how long the third party had access to the sensitive staff and student data.

The relevant educational authorities have been notified and more information is expected soon.

“We continue to investigate the extent of the data exposure and will share more information as it becomes available,” said Georgia Tech.

“We apologize for the potential impact on the individuals affected and our larger community. We are reviewing our security practices and protocols and will make every effort to ensure that this does not happen again.”

The incident could mean Georgia Tech is in breach of FERPA, the US privacy law covering student records, according to Mike Mason, general manager of cloud security at FairWarning.

“Learning institutions are incredibly rich in sensitive data for hackers,” he added. "This breach underscores the importance of monitoring cloud applications, and visibility at the application layer into who is uploading and downloading documents and other sensitive business information."

Categories: Cyber Risk News

Former Mozilla CTO Files Civil Rights Case Against CBP

Wed, 04/03/2019 - 09:11
Former Mozilla CTO Files Civil Rights Case Against CBP

The former CTO of Mozilla has filed a civil rights complaint against the US Customs and Border Protection (CBP) agency after allegedly being threatened and interrogated for several hours by officers who denied him a lawyer.

The November 2018 incident occurred at San Francisco International Airport and began when US citizen Andreas Gal was sent to a secondary inspection facility where he was surrounded by three armed agents.

“They started to question me aggressively regarding my trip, my current employment, and my past work for Mozilla, a non-profit organization dedicated to open technology and online privacy,” he explained.

“The agents proceeded to search my belongings and demanded that I unlock my smartphone and laptop. This was rather concerning for me. My phone and laptop are property of my employer and contain unreleased software and proprietary information. I’ve signed a non-disclosure agreement promising not to give anyone access.”

When he asked to speak to a lawyer before unlocking the devices, Gal was told that he had no right to do so and that failing to comply would be a violation of federal criminal code 18 USC 111.

After staying silent and refusing to comply, he was eventually allowed to leave with his devices, although officers kept his Global Entry card. Ironically, Global Entry is a CBP program specifically designed to allow “pre-approved, low-risk travelers” with expedited clearance on entry to the US.

Gal argued that such border searches are far from random, and that he is not alone in being intimidated and unlawfully detained, with the CBP reportedly having drawn up lists of US reporters, lawyers and activists to question at the border.

“My past work on encryption and online privacy is well documented, and so is my disapproval of the Trump administration and my history of significant campaign contributions to Democratic candidates. I wonder whether these CBP programs led to me being targeted,” he said.

Gal’s complaint, filed with the help of the ACLU, alleges unlawful detention and violation of his constitutional rights.

Categories: Cyber Risk News

Chinese Woman Cuffed at Mar-a-Lago With Malware on USB

Wed, 04/03/2019 - 08:50
Chinese Woman Cuffed at Mar-a-Lago With Malware on USB

A Chinese woman is in police custody after being arrested by Secret Service agents in the Mar-a-Lago resort carrying a thumb drive containing malware.

A criminal complaint alleges 32-year-old Yujing Zhang tricked security staff into letting her enter the resort, where President Trump was staying at the time, by pretending not to understand English.

She subsequently entered a restricted area where she was stopped again at the main reception when it turned out the event she was there to attend — hosted by the United Nations Chinese American Association — didn’t exist.

After being arrested by Secret Service agents the woman told them she had been instructed by a friend known as "Charles" whom she met on WeChat to travel from Shanghai to Palm Beach to attend the UN event and speak to a member of the president's family about Chinese-American economic relations.

It emerged on searching her that the woman carried two Chinese passports and four mobile phones, a laptop, an external hard drive and a thumb drive containing unspecified malware.

According to reports, it also turned out during her interrogation that the woman spoke English fluently, and became “verbally aggressive” with her interviewers as the probe continued.

Matt Walmsley, EMEA Director at Vectra, argued the case shows why many organizations are aligning physical with cybersecurity.

“With the advent of BYOD, everyone learned that dangerous threats can be ‘walked in’ past cybersecurity controls, whether the threats are on a laptop or a USB thumb drive. As a result, it has become important to detect BYOD threats and accelerate the related incident response,” he said.

“Organizations that have aligned physical security teams who have human intelligence with cybersecurity teams who have digital intelligence, have empowered their security operations teams to respond quickly, regardless of the source of the initial threat warning.”

Categories: Cyber Risk News

Google Has a Board-Level AI Ethical Dilemma

Tue, 04/02/2019 - 19:05
Google Has a Board-Level AI Ethical Dilemma

Employees at Google are less than thrilled with a newly announced member of its Advanced Technology External Advisory Council (ATEAC), according to MIT Technology Review.  

At the EmTech Digital event in San Francisco, Google reportedly announced the names of its eight-member advisory council tasked with providing feedback and support for artificial intelligence (AI) projects. One of the members, Kay Cole Jones, president of the Heritage Foundation, is causing quite a stir among employees.

The eight members hold the moral responsibility of guiding ethics in Google’s AI projects. "This group will consider some of Google's most complex challenges that arise under our AI Principles, like facial recognition and fairness in machine learning, providing diverse perspectives to inform our work," Google said when it announced the board. However, concerns over the potential of algorithm bias have employees worried that an outspoken critic of the LGBTQ community poses serious ethical questions. 

More than 1,500 Google employees have signed a letter asking for the removal of Jones, “who is vocally anti-trans, anti-LGBTQ and anti-immigrant. Her record speaks for itself – over, and over, and over again,” according to the letter from Google employees.

In another blog post, Os Keyes, PhD student in the Data Ecologies Laboratory at the University of Washington’s Department of Human Centered Design & Engineering, wrote, “Whatever the reason, the Heritage Foundation’s presence – and the attitudes expressed by the self-proclaimed 'ethicists' appointed from out of academia – are damning to both Google and the academics appointed. If you are on this panel, you are communicating that you consider transphobia, homophobia and racism acceptable attitudes in a colleague if the status bump is good enough.”

Keyes’ voice potentially speaks for many. In response to the outrage, another ATEAC appointee, Alessandro Acquisiti, professor of information technology and public policy at the Heinz College, Carnegie Mellon University, thanked Google for its consideration but tweeted, “I've declined the invitation to the ATEAC council. While I'm devoted to research grappling with key ethical issues of fairness, rights & inclusion in AI, I don't believe this is the right forum for me to engage in this important work.”

Categories: Cyber Risk News

Wheels Up: Air Service Is a Go after Aerodata Outage

Tue, 04/02/2019 - 17:36
Wheels Up: Air Service Is a Go after Aerodata Outage

Major airlines, including Southwest, JetBlue, Delta and United Airlines, are back on their regular schedules after 780 flights were delayed on the morning of April 1 due to a system-wide technical failure at Aerodata. The vendor, which provides critical weight, balance and performance data, suffered an unspecified fault that took its servers offline.

Aerodata has not responded to attempts for comment, but “operations have recovered following an Aerodata issue which impacted multiple airlines’ ability to release flights. We thank our customers for their patience and apologize for the inconvenience,” a JetBlue spokesperson wrote in an email.

For American Airlines, flights resumed the morning of April 1. A spokesperson for Southwest Airlines wrote, “On early Monday morning, we had a ground stop that lasted for about 40 minutes during a brief interruption in service with a vendor that provides multiple carriers with data used in flight planning. While I don’t have the number of delays, I can share that our flights resumed operating shortly after 6:00 a.m. CDT. I don’t have the cause of the interruption to share, so we kindly ask that you contact Aerodata.”

The Federal Aviation Administration (FAA) issued a tweet alerting consumers that there may be delays on major airlines the morning of April 1 and later updated the tweet to say that the issue had been solved.

Aerodata is a third-party vendor of critical flight data for major airlines, and Data Center Dynamics (DCD) recognized the complexities of flight management in an effort to be fair to Aerodata. “It is far from the only example of a system outage bringing flights to a halt. A highly complex mix of interconnecting systems with very little room for error, flight management is beset by difficulties.”

Additionally, a 2017 case study by VMware found that while Aerodata shifted to a "software-defined data center approach secured by VMware NSX and vSAN for storage,” it remains unknown whether the company has updated its facilities since then, according to DCD.

Categories: Cyber Risk News

Wheels Up: Air Service Is a Go after Aerodata Outage

Tue, 04/02/2019 - 17:36
Wheels Up: Air Service Is a Go after Aerodata Outage

Major airlines, including Southwest, JetBlue, Delta and United Airlines, are back on their regular schedules after 780 flights were delayed on the morning of April 1 due to a system-wide technical failure at Aerodata. The vendor, which provides critical weight, balance and performance data, suffered an unspecified fault that took its servers offline.

Aerodata has not responded to attempts for comment, but “operations have recovered following an Aerodata issue which impacted multiple airlines’ ability to release flights. We thank our customers for their patience and apologize for the inconvenience,” a JetBlue spokesperson wrote in an email.

For American Airlines, flights resumed the morning of April 1. A spokesperson for Southwest Airlines wrote, “On early Monday morning, we had a ground stop that lasted for about 40 minutes during a brief interruption in service with a vendor that provides multiple carriers with data used in flight planning. While I don’t have the number of delays, I can share that our flights resumed operating shortly after 6:00 a.m. CDT. I don’t have the cause of the interruption to share, so we kindly ask that you contact Aerodata.”

The Federal Aviation Administration (FAA) issued a tweet alerting consumers that there may be delays on major airlines the morning of April 1 and later updated the tweet to say that the issue had been solved.

Aerodata is a third-party vendor of critical flight data for major airlines, and Data Center Dynamics (DCD) recognized the complexities of flight management in an effort to be fair to Aerodata. “It is far from the only example of a system outage bringing flights to a halt. A highly complex mix of interconnecting systems with very little room for error, flight management is beset by difficulties.”

Additionally, a 2017 case study by VMware found that while Aerodata shifted to a "software-defined data center approach secured by VMware NSX and vSAN for storage,” it remains unknown whether the company has updated its facilities since then, according to DCD.

Categories: Cyber Risk News

Albany Works Through Impact of Ransomware

Tue, 04/02/2019 - 17:02
Albany Works Through Impact of Ransomware

City officials in Albany, New York, have been working for several days in an effort to restore the city’s systems after it became the latest municipality to be hit with a ransomware attack.

Mayor Kathy Sheehan announced the ransomware attack via social media on March 30, and today the mayor’s office released an availability update alerting citizens that marriage licenses and marriage certificates are available at the city clerk’s office.

All other city services continue to be available to the public, except for those seeking copies of birth or death certificates, who were advised to visit New York State's vital records customer service lobby.

During a press hearing at City Hall on Monday, April 1, Mayor Sheehan said, "Throughout this entire incident we were always able to provide public safety services. At no point in time was our ability to dispatch police or fire to emergencies impacted by this, and we were able to work throughout the weekend to ensure that today we are able to transact business with our residents, whether they are looking to come in and make payments, apply for building permits or apply for parking permits, so all of those functions are opened.

“The only thing that is currently not available in this building are those who are seeking copies of birth certificates, death certificates or marriage certificates. They will be accommodated at the New York State Vital Records in Menands, and so that address is up and available on the city website. We also are not at this point in time taking marriage license applications."

Additional details about the attack and the cause of the incident are not being disclosed at this time.

Ransomware attacks have previously taken down systems in other major cities, including Atlanta, Georgia, and Alexandria, Virginia.

“A recent analyst study determined that, like the City of Albany, 50 percent of surveyed organizations have suffered an unrecoverable data event in the last three years, and while preventing these attacks is not always possible, diminishing the threat is,” said Caroline Seymour, director of product marketing at Zerto.

Because ransomware attacks can have a much larger impact than temporarily denying access to systems in exchange for payment, Justin des Lauriers, technical project manager at Exabeam, said, “The demanded ransom amounts often pale in comparison to the collateral damage and downtime costs they cause.

“The ideal case would be to detect and stop ransomware before an infection occurs. Unfortunately, this insidious software is almost always detected after the damage has already occurred – it having reached the ‘payday’ stage of the ransomware kill chain (where the hacker demands ransom).”

Categories: Cyber Risk News

Albany Works Through Impact of Ransomware

Tue, 04/02/2019 - 17:02
Albany Works Through Impact of Ransomware

City officials in Albany, New York, have been working for several days in an effort to restore the city’s systems after it became the latest municipality to be hit with a ransomware attack.

Mayor Kathy Sheehan announced the ransomware attack via social media on March 30, and today the mayor’s office released an availability update alerting citizens that marriage licenses and marriage certificates are available at the city clerk’s office.

All other city services continue to be available to the public, except for those seeking copies of birth or death certificates, who were advised to visit New York State's vital records customer service lobby.

During a press hearing at City Hall on Monday, April 1, Mayor Sheehan said, "Throughout this entire incident we were always able to provide public safety services. At no point in time was our ability to dispatch police or fire to emergencies impacted by this, and we were able to work throughout the weekend to ensure that today we are able to transact business with our residents, whether they are looking to come in and make payments, apply for building permits or apply for parking permits, so all of those functions are opened.

“The only thing that is currently not available in this building are those who are seeking copies of birth certificates, death certificates or marriage certificates. They will be accommodated at the New York State Vital Records in Menands, and so that address is up and available on the city website. We also are not at this point in time taking marriage license applications."

Additional details about the attack and the cause of the incident are not being disclosed at this time.

Ransomware attacks have previously taken down systems in other major cities, including Atlanta, Georgia, and Alexandria, Virginia.

“A recent analyst study determined that, like the City of Albany, 50 percent of surveyed organizations have suffered an unrecoverable data event in the last three years, and while preventing these attacks is not always possible, diminishing the threat is,” said Caroline Seymour, director of product marketing at Zerto.

Because ransomware attacks can have a much larger impact than temporarily denying access to systems in exchange for payment, Justin des Lauriers, technical project manager at Exabeam, said, “The demanded ransom amounts often pale in comparison to the collateral damage and downtime costs they cause.

“The ideal case would be to detect and stop ransomware before an infection occurs. Unfortunately, this insidious software is almost always detected after the damage has already occurred – it having reached the ‘payday’ stage of the ransomware kill chain (where the hacker demands ransom).”

Categories: Cyber Risk News

Thales Completes €4.8 billion Gemalto Acquisition

Tue, 04/02/2019 - 11:19
Thales Completes €4.8 billion Gemalto Acquisition

Thales has completed the acquisition of Gemalto for a deal worth €4.8 billion.

The addition of Gemalto will see Thales develop secure solutions to address the major challenges such as unmanned air traffic management, data and network cybersecurity, airport security and financial transaction security as part of a €1 billion self-funded R&D function.

The combination, which was first announced in December 2017, will create a provider with a portfolio of digital identity and security solutions based on technologies such as biometry, data protection and cybersecurity. Gemalto will form one of Thales’s seven global divisions, to be named “Digital Identity and Security” and interact with all of the Group’s civil and defense customers.

Patrice Caine, Chairman and CEO, Thales, said: “With Gemalto, a global leader in digital identification and data protection, Thales has acquired a set of highly complementary technologies and competencies with applications in all of our five vertical markets. Together, we are creating a giant in digital identity and security with the capabilities to compete in the big leagues worldwide.” 

As part of the deal, nCipher’s identity-based and PKI security solutions become part of Entrust after nCipher was initially acquired in 2008 by Thales. The sale of nCipher was necessary after Thales announced its intention to acquire Gemalto, and as part of the regulatory process and in order to obtain regulatory clearances among other agencies and from the European Commission, Thales committed to divest its Thales eSecurity’s nShield business in full to a suitable purchaser.

Categories: Cyber Risk News

Half of Cyber-Attacks Involve the Supply Chain

Tue, 04/02/2019 - 11:13
Half of Cyber-Attacks Involve the Supply Chain

Half of cyber-attacks today use so-called “island hopping” techniques to infect a supply chain partner en route to a higher value target, according to a new report from Carbon Black.

The security vendor’s Quarterly Incident Response Threat Report features qualitative and quantitative input from 40 Carbon Black incident response partners.

It revealed the financial sector (47%) as most likely to encounter island hopping, followed by manufacturing (42%) and retail (32%).

The largest number of respondents (44%) cited a lack of visibility as their key barrier to combating such attacks, up from just 10% in the previous quarter.

This kind of supply chain attack can happen in several different ways. Most common is a network-based attack which sometimes occurs via a compromised managed security services provider (MSSP). However, watering hole attacks on partner sites are also popular.

A relatively new tactic highlighted by Carbon Black is the “reverse BEC” in which attackers compromise the mail server of an organization and use this to spread fileless malware attacks to trusted partners.

Alarmingly, a significant minority of firms (31%) are reporting destructive attacks. Many of these are linked to attempts at counter-incident response, which over half (56%) reported. In fact, the number reporting counter-incident response rose 5% over the past three quarters.

In addition, the report revealed that most attacks (70%) now involve some form of lateral movement, with Powershell (98%) and WMI (83%) the most popular tools for doing so.

"Attackers are fighting back,” warned Carbon Black chief cybersecurity officer, Tom Kellermann.

“They appear to have no desire to leave the environment. And they don’t just want to rob you and those along your supply chain. In the parlance of the dark web, attackers these days appear to want to ‘own’ your entire system.”

Categories: Cyber Risk News

Taiwan to Block Chinese Streaming Sites Ahead of Election

Tue, 04/02/2019 - 10:16
Taiwan to Block Chinese Streaming Sites Ahead of Election

The Taiwanese government is set to block Chinese streaming services in the country ahead of its 2020 presidential election amidst fears of a propaganda push from Beijing, according to reports.

Although mainland streaming services aren’t allowed in the island state, which China still calls its own, Baidu operates there via a third-party known as OTT Entertainment after it was blocked in 2016.

The Taiwanese version of its iQiyi streaming site is said to be one of the most popular on the island, with millions of daily users.

However, Taipei is apparently looking to close this loophole for national security reasons, before the key January 2020 election date.

Chiu Chui-Cheng, deputy minister of Taiwan's Mainland Affairs Council, told the Nikkei Asian Review that the government will most likely ban iQiyi and also block plans by mainland tech giant Tencent to bring its Tencent Video service to the island later this year.

"We are concerned that streaming media services that have close ties with Beijing could have cultural and political influences in Taiwan ... and even affect Taiwan's elections," Chiu reportedly said.

"If Tencent's streaming video service is trying to enter the Taiwanese market, it's very likely that it's a part of Beijing's propaganda campaign. What if the company inserts some content that Beijing hopes to advertise? What if it implements messages linked to the Communist Party or its army? We should treat this seriously and carefully at a national security level."

Taiwanese officials accused the People’s Republic last year of peddling fake news via social media bots to influence voters ahead of mid-term elections.

Beijing is trying to diminish the prospects of the pro-independence leaning Democratic Progressive Party (DPP) and in so doing strengthen the arm of the more China-friendly Kuomintang Party (KMT), the government claimed.

Xi Jinping would like to see current Taiwanese president and former DPP chairwoman, Tsai Ing-Wen, replaced by a KMT alternative in January.

Categories: Cyber Risk News

Indian MongoDB Snafu Exposes Info on 12.5m Mothers

Tue, 04/02/2019 - 09:38
Indian MongoDB Snafu Exposes Info on 12.5m Mothers

A trove of personal data linked to over 12.5 million women was leaked online by the Indian government, after yet another MongoDB misconfiguration, according to researchers.

Bob Diachenko of Security Discovery, claimed to have made the find on March 7 during an audit of the BinaryEdge search engine stream.

The Indian IP he discovered contained a publicly exposed database featuring information collected by the government on young mothers.

It was done so under the 1994 Indian Pre-Conception and Pre-Natal Diagnostic Techniques (PCPNDT) Act: a law apparently created in part to try and prevent sex-selective abortions.

In India, the sex of a child is kept from the parents unless there is a legitimate medical reason to reveal it in tests.

The leaked database contained some of this highly sensitive information including mother’s name, age and address, genetic diseases, doctor’s details, and child sex and age. It also featured court information including complaints made about doctors and centers that have enabled illegal sex selective abortions.

“I immediately sent a notification to (CERT) The Indian Computer Emergency Response Team that is an office within the Ministry of Electronics and Information Technology,” said Diachenko.

“It is the agency to deal with cybersecurity threats and they have helped me in the past with proper disclosure of sensitive Indian data leaks. I also requested to pull down the database, however, it took them almost a month to remove the private content off the database.

The data, which goes back several years, remained accessible for almost a month after this initial discovery, despite Diachenko’s best efforts, he claimed.

Categories: Cyber Risk News

Reports: US Hackers Aid UAE to Spy on the Media

Mon, 04/01/2019 - 17:34
Reports: US Hackers Aid UAE to Spy on the Media

With the aid of American hackers, the United Arab Emirates (UAE) was able to spy on prominent figures in the Arab media and a BBC host, according to an exclusive Reuters report.

The revelations come only months after US contractors in the UAE were reportedly helping to spy on US citizens, according to a January report from Chris Bing, cybersecurity reporter at Reuters.

“In the Spring of 2017, as America's closest gulf allies launched into conflict, blockading Qatar, Project Raven sprang into action. In this operation, a team of former American spies – turned mercenaries – directly undermined U.S. national security interests in the Middle East,” Bing tweeted today.

The goal in targeting Arab media figures, including Al Jazeera's Faisal al-Qassem and Beruit-based BBC talk show host Giselle Khoury, was to determine whether Qatar was using the Qatar-funded Al Jazeera network to foment civil and political unrest in the Middle East.

A former Project Raven operative told Bing that their objective “was to find material showing that Qatar’s royal family had influenced the coverage of Al Jazeera and other media outlets, and uncover any ties between the influential TV network and the Muslim Brotherhood. Reuters couldn’t determine what data Raven obtained.”

The news prompted concern from the Committee to Protect Journalists (CPJ), which reported that when CPJ attempted to contact the UAE Embassy in Washington, it was told that questions should be submitted via email.

"What we've learned about Project Raven raises significant concerns over the lengths to which the UAE will go in targeting journalists, and the involvement of former US intelligence officials is also disturbing," said CPJ Middle East and North Africa program coordinator Sherif Mansour in Washington, D.C.

"Emirati officials must stop targeting the press at home and abroad, and the US must make it clear to their allies that hacking journalists' phones is not a legitimate counter-terror strategy."

Categories: Cyber Risk News

US Hackers Aid UAE Spy on Media, Reuters Reports

Mon, 04/01/2019 - 17:34
US Hackers Aid UAE Spy on Media, Reuters Reports

With the aid of American hackers, the United Arab Emirates (UAE) was able to spy on prominent figures in the Arab media and a BBC host, according to an exclusive Reuters report.

The revelations come only months after US contractors in the UAE were reportedly helping to spy on US citizens, according to a January report from Chris Bing, cybersecurity reporter at Reuters.

“In the Spring of 2017, as America's closest gulf allies launched into conflict, blockading Qatar, Project Raven sprang into action. In this operation, a team of former American spies – turned mercenaries – directly undermined U.S. national security interests in the Middle East,” Bing tweeted today.

The goal in targeting Arab media figures, including Al Jazeera's Faisal al-Qassem and Beruit-based BBC talk show host Giselle Khoury, was to determine whether Qatar was using the Qatar-funded Al Jazeera network to foment civil and political unrest in the Middle East.

A former Project Raven operative told Bing that their objective “was to find material showing that Qatar’s royal family had influenced the coverage of Al Jazeera and other media outlets, and uncover any ties between the influential TV network and the Muslim Brotherhood. Reuters couldn’t determine what data Raven obtained.”

The news prompted concern from the Committee to Protect Journalists (CPJ), which reported that when CPJ attempted to contact the UAE Embassy in Washington, it was told that questions should be submitted via email.

"What we've learned about Project Raven raises significant concerns over the lengths to which the UAE will go in targeting journalists, and the involvement of former US intelligence officials is also disturbing," said CPJ Middle East and North Africa program coordinator Sherif Mansour in Washington, D.C.

"Emirati officials must stop targeting the press at home and abroad, and the US must make it clear to their allies that hacking journalists' phones is not a legitimate counter-terror strategy."

Categories: Cyber Risk News

Congress Stops NSAs Collecting Phone Records

Mon, 04/01/2019 - 16:18
Congress Stops NSAs Collecting Phone Records

The US Congress has proposed an act that would repeal the National Security Agency’s (NSA's) authority to access basic business records and the phone records of American citizens.

The bill, Ending Mass Collection of Americans’ Phone Records Act, is intended to “repeal the authority to access on an ongoing basis business records for foreign intelligence and international terrorism investigations, and for other purposes.”  

Introduced Thursday, the act establishes several amendments to the Foreign Intelligence Surveillance Act of 1978 and has bipartisan support, according to The Hill. The changes not only permanently end the phone record collection policies but negate the federal government’s ability to restart its currently shuttered call-detail records program.

The government would no longer have the authority “to apply for an order requiring the production of metadata on an ongoing basis of any tangible things or of any tangible things other than those identified by the specific selections terms included in the application.”

The 2015 USA Freedom Act allowed the government to collect phone call metadata for the purposes of foreign intelligence and international terrorism investigations and for criminal or other purposes.

In the case of an application for call detail records, the new act requires the government “to adopt minimization procedures that require the prompt destruction of all call detail records produced under the order that the government determines are not foreign intelligence information.”

Sen. Rand Paul, who has long been a critic of the program, told the Washington Times, “The federal government’s appalling violations of our Fourth Amendment rights must end.

“This bill permanently stops one of the sprawling surveillance state’s most intrusive overreaches and is the first step in a movement to reclaim the constitutional liberties sacrificed by the overreaching provisions of the PATRIOT Act.”

Categories: Cyber Risk News

Facebook Pulls Spam and Fraud from India, Pakistan

Mon, 04/01/2019 - 15:26
Facebook Pulls Spam and Fraud from India, Pakistan

In accordance with its "coordinated inauthentic behavior" or spam policy, Facebook announced that it removed 687 pages and accounts in India that were linked to actors associated with an IT cell of the Indian National Congress (INC).

Removing the accounts comes only weeks before the beginning of staggered elections in India, which begin on April 11. A majority of the accounts had previously been suspended by Facebook’s automated system, according to a news report from Nathaniel Gleicher, head of cybersecurity policy.

Also removed for engaging in coordinated inauthentic behavior were 15 pages, groups and accounts in India that were reportedly associated with Silver Touch, an Indian IT firm.

“They posted about local news and political events, including topics like the Indian government, the upcoming elections, the BJP and alleged misconduct of political opponents including the INC. Although the people behind this activity attempted to conceal their identities, our investigation found that this activity was linked to individuals associated with an Indian IT firm, Silver Touch,” the statement said.

An additional 321 accounts were removed for violating rules against spam. “This included using fake accounts or multiple accounts with the same names; impersonating someone else; posting links to malware; and posting massive amounts of content across a network of Groups and Pages in order to drive traffic to websites they are affiliated with in order to make money. Unlike the takedowns for coordinated inauthentic behavior, this activity was not part of one coordinated operation.”

In addition to those accounts from India, Gleicher also noted, “We removed 103 pages, groups and accounts on both Facebook and Instagram for engaging in coordinated inauthentic behavior as part of a network that originated in Pakistan,” Gleicher said.

Though there are no links identified between the two groups, “they used similar tactics by creating networks of accounts to mislead others about who they were and what they were doing.”

In total, the 24 pages, 57 Facebook accounts, seven groups and 15 Instagram accounts linked to Pakistan had nearly 2.8 million followers. The accounts spent approximately $1,100 for ads on Facebook, paid for in US dollars and Pakistani rupees between May 2015 and December 2018.

Categories: Cyber Risk News

Facebook Boss Calls for Greater Internet Regulation

Mon, 04/01/2019 - 10:05
Facebook Boss Calls for Greater Internet Regulation

Mark Zuckerberg has called on governments and regulators to come up with new rules for the internet in four key areas of policy.

The Facebook founder and supremo said in a Washington Post op-ed over the weekend that he wants to see more intervention in: harmful content; election integrity; privacy; and data portability.

He agreed that the social network should not be the one making important decisions on issues such as what counts as terrorist propaganda, arguing for a more “standardized approach” in which third-party bodies set standards around the distribution of harmful content.

Regulators should then set baselines for what’s prohibited based on full transparency from internet companies on the scale of harmful content online.

Zuckerberg also called for legislation to protect elections, including common standards for verifying political actors and more attention paid to the use of data to target voters.

In a big win for EU legislators, he promoted the idea of GDPR-style laws in the US and elsewhere to promote transparency and accountability among organizations and enhance the rights of data subjects. This should include sanctions against firms like Facebook when the come up short, he added.

Regulation should also guarantee data portability, providing consumers with greater choice and stimulating more innovation in the market, he concluded. This is also a key feature of the GDPR, although Zuckerberg went further, calling for a common data transfer standard based on the open source Data Transfer Project.

The social network is very much in the firing line for US regulators, with an ongoing FTC investigation into its privacy practices following the Cambridge Analytica scandal anticipated to result in a fine of over $1bn.

The firm was also slammed earlier this year in a UK parliamentary report into fake news, accused of being a “digital gangster” and of misleading a committee of lawmakers.

Categories: Cyber Risk News

ICO Invites Applicants to GDPR Sandbox

Mon, 04/01/2019 - 09:30
ICO Invites Applicants to GDPR Sandbox

The Information Commissioner’s Office (ICO) has launched in beta a new service designed to help organizations test innovative new services without fear of running foul of the GDPR.

The ICO’s Sandbox service is now open for applications from organizations with projects that have a "demonstrable public benefit."

Around 10 organizations will be chosen for this beta phase, with start-ups, SMEs and large organizations, across private, public and voluntary sectors able to apply.

The ICO defines “public benefit” both in terms of the number of people impacted by a service and the extent to which they could benefit.

Given the cutting edge nature of the new products being developed here and the compliance challenges they may present, the Sandbox will also help the ICO predict where changes may need to be made in terms of the guidance it offers businesses on data protection.

"Thousands of organizations are working on projects using personal data to transform the way we live and work. We want to support this innovation whilst helping ensure that the products and services under development are compliant and deliver benefits to the public,” said Simon McDougall, executive director for technology and innovation at the ICO.

"Our Sandbox will provide the environment that organizations need to test new concepts and technologies. The lessons we learn together may identify more fundamental questions with broader implications for data protection, and could ultimately inform the development of new guidance or codes of conduct in particular sectors to pave the way for further innovation."

Successful applicants will get an on-site visit from the ICO, during which they will jointly develop a customized Sandbox plan. Applications may be submitted up to May 24, 2019 and the beta phase runs until September 2020.

Some 59,000 businesses are said to have filed GDPR breach reports with their regulators across the EU up to February this year, including nearly 11,000 in the UK. Over 90 fines have been issued.

Categories: Cyber Risk News

Planet Hollywood Owner Suffers Major POS Data Breach

Mon, 04/01/2019 - 09:08
Planet Hollywood Owner Suffers Major POS Data Breach

Earl Enterprises, the parent company of Planet Hollywood and other US restaurant chains, has admitted suffering a 10-month breach of customer payment card data.

The firm said in a notice on Friday that hackers installed POS malware at a number of restaurants including those operating under the brand names Buca di Beppo, Earl of Sandwich, Planet Hollywood, Chicken Guy!, Mixology and Tequila Taqueria.

“The malicious software was designed to capture payment card data, which could have included credit and debit card numbers, expiration dates and, in some cases, cardholder name,” it explained.

“Although the dates of potentially affected transactions vary by location, guests that used their payment cards at potentially affected locations between May 23, 2018 and March 18, 2019 may have been affected by this incident. Online orders paid for online through third-party applications or platforms were not affected by this incident.”

There was no indication from the hospitality firm how many customers had been affected, but reports suggest it could be over two million.

Security researcher Brian Krebs has claimed that the breach is linked to the appearance of 2.15 million stolen cards on the dark web back in February.

Known as the “Davinci Breach,” the data appeared on card forum Joker’s Stash.

This is just the latest in a rash of POS malware attacks that prove full EMV card migration is still some way off in the US.

Already so far this year we have seen a major breach at Huddle House restaurants across the country, a supply chain attack against POS solutions provider North County Business Products and the discovery of DMSniff, POS malware that uses DGA to maintain persistence.

Categories: Cyber Risk News

Pages