cyberattack
Latest
Patreon donation site's user data published online after hack
Patreon, the crowdfunding platform for artists, has been hacked recently, and almost 15 gigabytes of data stolen from the site is now available online. Security researcher Troy Hunt of have I been pwned? told Ars Technica that he found 2.3 million email addresses (including his own) in the data dump, along with password and donation records, private messages and even the website's source code. Note that some screenshots of the data dump that surfaced online indicate that part of the data stolen was generated as recently as September 24th.
Pentagon is building a system that instantly detects security breaches
The Department of Defense wants to be able to combat cyberattacks before hackers get the chance to steal sensitive files and employees' data, as well as access the country's weapons systems. The only way the Pentagon can do that is to be more proactive in dealing with its computers' and networks' vulnerabilities. That's why it's building an electronic system that can help them prioritize those flaws, according to how much threat they pose. While data entry will initially be done by hand, the military envisions its final form as an automated system that can instantly detect infiltration attempts and notify cyber response teams to stop them before they can wreak havoc.
Department of Energy was hacked over 150 times since 2010
Between 2010 and 2014 the US Department of Energy was hit by hackers over 150 times. Just pause and think about that for a moment. In the span of four years, the federal organization that helps regulate our power grid, energy labs and nuclear weapons was successfully infiltrated 159 times. Almost as terrifying, the department was constantly under attack according to records obtained by USA Today. During that time there were 1,131 attempts made to break into the DOE's systems.
Lizard Squad takes revenge on UK police with DDoS attack
Lizard Squad has claimed responsibility for a temporary takedown of the UK's National Crime Agency (NCA) website, almost certainly in response to a series of arrests targeting customers of the hacker collective's DDoS-for-hire service. Last week, the agency announced that UK police had apprehended six British teenagers for using Lizard Stresser, a tool developed by Lizard Squad which allows anyone to cripple websites with Distributed Denial of Service (DDoS) attacks. All of the suspects were released on bail and the NCA said it would be visiting 50 addresses to issue warnings to registered users.
FDA tells hospitals to ditch IV pumps that can be hacked remotely
The Food and Drug Administration "strongly encourages" hospitals to stop using Hospira's Symbiq Infusion System, because it's vulnerable to cyberattacks that would allow a third party to remotely control dosages delivered via the computerized pumps. Unauthorized users are able to access the Symbiq system through connected hospital networks, according to the FDA and the Department of Homeland Security's Industrial Control Systems Cyber Emergency Response Team. ICS-CERT reported the vulnerability on July 21st and the FDA released its own safety alert on Friday, July 31st. Thankfully, there are no reported incidences of the Symbiq system being hacked.
Cyberattack grounds 10 flights out of Warsaw
It may be, statistically, the safest way to travel, but that doesn't mean that flying isn't immune to technology's most persistent irritation. According to Reuters, a group of hackers managed to ground 10 flights out of Warsaw Airport on Sunday after executing an effective cyberattack against LOT, Poland's national airline. It's believed that the nefarious types went after the computer system that's responsible for producing flight plans, causing numerous delays in addition to the aforementioned cancellations.
Investigators connect massive federal hack to China
More information about the hack that leaked info on millions of US government employees -- including extremely detailed data from background checks -- is coming out now. While a computer security firm called CloudStrike said it came from a Chinese group called "Deep Panda" that also is suspected of pilfering data from health insurer Anthem, others disagree. Representatives of another security company, FireEye, tells Re/code that it's linked to another distinct group of hackers in China that seem focused only on personal information.
Cyberattack takes down Canadian government websites
It's not just the American government that's facing withering internet attacks in recent days. Canadian officials have confirmed that a "cyberattack," likely a denial of service campaign, has taken down government websites on the gc.ca web domain -- which, if you know the country, means that virtually every federal institution is inaccessible online. Many government email accounts are largely out of commission as well. It's not clear whether the assault has compromised any sensitive data, but traffic floods like this are typically focused more on knocking sites out of commission than swiping info.
Hackers used Google Drive to attack Tibetans
Tibetans and pro-democracy activists in China are often the victims of cyberattacks, but a public campaign to educate people against blindly opening email attachments has been a big success. Unfortunately, as Motherboard reports, this has had the knock-on effect of forcing hackers into being a lot smarter with their subterfuge. Since would-be victims are now wary of opening attachments, nefarious types are now using Google Drive as a trojan horse with which to breach targeted systems.
Background info on US spies, military stolen by hackers
Wondering how the recently uncovered hack covering personal information from millions of government employees could be worse? We now have our answer, as sources have told the Associated Press and other outlets that in another breach, hackers accessed data from security clearance checks for military and intelligence personnel. Called Section Form 86, you can see what's covered right here (PDF). Its 127 pages cover personal data like your name and Social Security Number (and the name and SSN of the person you live with), then dive deeper into your family history, where you've lived, who you know, how regularly you drink, any loans you have, if you've ever been treated for mental illness, etc.
IRS to fight fraud and identity theft with help from tax-prep firms
The IRS has just revealed a collaboration with various tax-preparation firms and software companies such as Intuit that aims to prevent refund fraud. It will introduce new safeguards to authenticate a person's identity, including monitoring and flagging repetitive use of IPs and reviewing a device's identifying info. The IRS website will also take note of how much people spend to complete a tax return to prevent bots from submitting them and will capture metadata that can be used to investigate filings. In addition, everyone involved will regularly share (anonymous) data and fraud leads among themselves in an effort to be more effective in identifying suspicious activities.
Hackers in giant federal breach got 30 years of worker info
Just how bad was the hack that compromised the info of 4 million US government workers? Exceptionally bad, if you ask anonymous officials talking to Reuters. They understand that the Office of Personnel Management breach exposed data going as far back in time as 1985, which could reveal what about 1.9 million staffers did after they left federal employment. It's not certain exactly what was taken, but the hack may have exposed bank info, birthdays and Social Security numbers -- the kind of sensitive content that could lead to breaches elsewhere.
The US will protect Japan against cyberattacks
The US knows that it's not enough to protect its own networks against cyberattacks -- its allies have to be safe, too. Appropriately, it's agreeing to shield Japan from digital assaults against its military and critical systems. The move gives the island nation a big security boost (its online defense unit has a mere 90 people) and hopefully reduces the chances that less-than-sympathetic neighbors China and North Korea will compromise a strategically vital country. While it's doubtful that the pact will deter many hacking attempts, it could make any local cyberwarfare campaigns that much tougher. [Image credit: AP Photo/Eugene Hoshiko]
Penn State says it was the victim of a China-based cyberattack
Cyberattacks are in the news seemingly every day, and today's announcement comes from a university here in the States. Penn State announced that its College of Engineering was targeted in a pair of "sophisticated cyberattacks," and investigators discovered that one of the breaches originated in China. The FBI notified the university of the attack back in November, but security experts investigating the matter determined that the hackers could've first accessed the system as early as 2012 using "advanced malware." The good news is no sensitive personal info (social security numbers, etc.) or research data was taken, as only usernames and passwords were compromised. Penn State took the College of Engineering's systems off the internet while security measures are bolstered, remedying a breach that's said to affect 18,000 people. [Image credit: Moment Editorial/Getty Images]
Thirty Meter Telescope's website was hacked to protest its construction
A lot of people are obviously still unhappy that the Thirty Meter Telescope's (TMT) construction was greenlit, because the project's website was reportedly hacked on Sunday. A group called Operation Green Rights, which is associated with Anonymous, claims to be the brains behind the DDoS attack that took down the the TMT portal for a few hours. A post on its website says: "Nothing will ever justify the destruction of ecosystems; filthy money can never replace them. Stand with the Hawaiian natives against #TMT." The group also claims to be behind another DDoS attack on Hawaii's local website.
Department of Defense creates new cyberunit in Silicon Valley
In order to better combat cyberthreats to national security, the US Department of Defense is setting up shop in Silicon Valley. At a lecture today at Stanford University, Defense Secretary Ash Carter outlined the department's new focus on cyberdefense, including tapping into the ecosystem of Silicon Valley to drive innovation against cyber attacks against "US interests." Carter announced that he's setting up the Defense Innovation Unit X (X stands for Experimental) inside the DOD, staffed by active-duty and military personnel alongside reservists. "They'll strengthen existing relationships and build new ones; help scout for new technologies; and help function as a local interface for the department," Carter explained. "Down the road, they could help startups find new work to do with DOD."
Russians are using undiscovered exploits to hack governments
If you've been wondering how Russian cyberattackers could compromise the White House and other high-profile political targets, the security researchers at FireEye have an answer. They've determined that APT28, a politically-motivated Russian hacking group, used unpatched exploits in Flash Player and Windows in a series of assaults against a "specific foreign government organization" on April 13th. Patches for both flaws are either ready or on the way, but the vulnerabilities reinforce beliefs that APT28 is very skilled -- less experienced groups would use off-the-shelf code.
Verizon says the security threats to your phone are 'overblown'
It may seem like mobile viruses are everywhere, but Verizon would beg to differ. The carrier has issued a report on data breaches which finds that the security threats to your phone are generally "overblown." The total number of security holes that have been used for exploits, regardless of platform, is "negligible" -- whatever device you use, you probably aren't at risk as long as you use common sense.
President's order lets the US sanction foreign cyberattackers
US authorities can't officially punish hackers in many countries, but they now have a way to hit those digital criminals where it hurts the most: their bank accounts. President Obama has signed an executive order that lets the Secretary of the Treasury impose sanctions on both foreign cyberattackers and those that knowingly support their activities, whether they're individuals or groups. If the Attorney General and Secretary of State deem these intruders to be major economic or security threats, the Treasury can freeze their assets and make it tougher to carry out (or profit from) their operations.
Health insurance data breach exposes 11 million people
Unfortunately, the days of massive health care data breaches are far from over. Premera Blue Cross has revealed that hackers breached its insurance customer data starting in May 2014, potentially exposing both the financial and medical records of 11 million people -- the largest such attack to date. There's no evidence yet that the data has been "used inappropriately," the company says, and it notes that both the FBI and security firm FireEye are already on the case.
