cyberattack
Latest
UK arrests man over US Department of Defense hack
No matter how serious you are, you're going to draw a lot of attention if you hack the US military -- and one Brit may be learning this the hard way. The UK's National Crime Agency has arrested an unnamed young man over allegations that he breached the Department of Defense's network last June. He reportedly swiped little more than non-confidential contact and device information (the attack was largely for bragging rights), but that was enough to invoke an international collaboration that led to the bust. There's no conviction, but there's little doubt that the arrest was meant as a deterrent to cyberattackers and pranksters in either country. [Image credit: David B. Gleason, Flickr]
Anthem health insurance hack exposes data of over 80 million
Hackers have accessed millions of customer and employee details from US-based health insurance firm Anthem, including name addresses and social security numbers. The database that was accessed included details for roughly 80 million people, but Anthem, the second biggest insurer in the country, believes that the hack likely affected a fraction in the "tens of millions". Its Chief Information Officer said that they didn't yet know how hackers were able to pull off the attack. In a statement on Anthem's site, CEO Joseph Swedish said that the company was the target of "a very sophisticated external cyberattack" -- although medical and financial details were apparently not breached.
Lizard Squad's paid cyberattack service faces a hack of its own
Lizard Squad is apparently getting a taste of its own medicine. Security guru Brian Krebs has learned that someone hacked Lizard Stresser, the cyberattack-for-hire service that Lizard Squad launched following its takedowns of the PlayStation Network and Xbox Live. The breach exposed the project's customer database, which was ironically stored in plain text -- unless clients change their passwords, they're about as vulnerable as the sites they paid to take down. This attack doesn't make things right (it's just as illegal, after all), but something tells us that law enforcement isn't in a rush to catch the perpetrators. If anything, it's more interested in the less-than-innocent victims. [Image credit: Jean-Jacques Boujot, Flickr]
Pro-Russian cyberattacks bring down German government websites
The digital war over Ukraine isn't about to cool down any time soon. A group of pro-Russian hackers calling itself CyberBerkut is taking credit for cyberattacks that brought down German government websites, including those for Chancellor Angela Merkel, the foreign ministry and the lower parliament. Officials aren't pointing any fingers, but CyberBerkut is claiming that the breach is in retaliation for German support of the "criminal regime in Kiev." The attack came soon before German and Ukrainian leaders were going to meet, so the timing of the incident at least lines up with the group's motivations.
Police reportedly arrest UK hacker behind gaming network attacks
Lizard Squad probably shouldn't have bragged about being impossible to track following its cyberattacks against the PlayStation Network and Xbox Live. According to both The Daily Dot and a Thames Valley Police report, law enforcement arrested alleged group member Vinnie Omari on December 29th -- not for the gaming network attacks themselves, but for stealing from PayPal accounts. Omari says that the cops haven't pressed formal charges (they released him on bail), but they also confiscated all his computing devices and storage to gather evidence.
The hackers who hit Sony Pictures also threatened CNN (update)
The Guardians of Peace didn't just threaten Sony Pictures and theaters that planned to show The Interview; it also shook its fist at the press, too. The Intercept has obtained an FBI alert noting that the group implied threats against a "news media organization" on December 20th. While the bulletin doesn't name the company, The Desk's Matthew Keys has copies of the Pastebin-based messages (since removed) showing that CNN was the target. The GOP sarcastically complimented CNN on its "investigation" of the hacking group and linked a video calling the TV network an idiot, but didn't warn of any specific consequences. Update: Writer David Garrett Jr. has stepped forward as the source of this particular posting. According to Garrett, he has no connection to North Korea or the Guardians of Peace group, and just wanted to point out media inaccuracies.
FBI wants to know if US banks launched revenge hacks against Iran
Your parents might have told you that revenge solves nothing, but it's not clear that American banks have learned the same lesson. Bloomberg sources understand that the FBI is investigating whether or not US financial institutions hired hackers to conduct retaliatory hacks against Iran, crippling the servers that had been used to attack the companies starting in 2012. There isn't any hard evidence banks acted on their anger, although they at least came close. JPMorgan Chase acknowledged that one of its officials proposed an offshore strike that would have knocked the Iranian servers out of commission. The staffer didn't offer a full-fledged plan, however, and nothing appears to have come out of the idea.
Cyberattacks used security software to cover their trail
State-sponsored hacking attempts frequently rely on specially written software, but that's a risky move. Unless it's well-made, custom code can be a giveaway as to who's responsible. Attackers are switching things up, however. Security researchers at CrowdStrike and Cymmetria have discovered that a likely cyberwarfare campaign against military-related targets in Europe and Israel used commercial security software to both cover its tracks and improve its features. Typically, the attacks would try to fool people into installing rogue Excel scripts through bogus email. If anyone fell for the ploy, the script installed malware that also grabbed parts of Core Security's defense assessment tool in its attempt to throw investigators off the scent. That's no mean feat -- Core has copy protection and digital watermarks to prevent the software from winding up in the wrong hands, so the perpetrators clearly went out of their way to use it.
FBI warned of a Sony-style hack in a report last year
The Sony Pictures hack and its resulting fallout may have caught many people by surprise, but not the FBI -- it apparently suspected for months that something like this might happen. The Intercept has obtained a December 2013 agency report warning that it was just a matter of time before a US company faced a "data-destruction attack" like the one that hit Sony, where malware deletes enough data to render systems unusable. The alert was meant for "critical infrastructure" organizations (like energy providers) and never reached Sony, but the scenario was apparently very similar to what the company would face a year later. Intercept's tipsters even believe that Sony could have avoided a lot of the resulting damage if it had been aware of the report and heeded its advice on defending against hacks of this nature.
Sony Pictures cancels 'The Interview' theatrical release (update)
Threats posted by the people behind the unprecedented hacking of Sony Pictures appear to have had the desired effect. The Wall Street Journal and The Hollywood Reporter both state, based on anonymous sources, that the largest movie chains will not debut the movie next week. Carmike Cinemas said that it would not be showing the film, while the sources indicate they will be joined by AMC, Cinemark, Regal and Cineplex. In a statement to THR, Regal cited Sony Pictures' 'wavering support' for the film, as well as the threats, as the reason it decided to delay the film's opening. According to Variety, one possibility is to release the movie straight to video on-demand, but so far Sony Pictures has not commented publicly. Update: According to CNN's Pamela Brown, Sony Pictures has pulled the plug and will not premiere The Interview on December 25th as it originally planned. In a statement (included after the break), the company said "In light of the decision by the majority of our exhibitors not to show the film The Interview, we have decided not to move forward with the planned December 25 theatrical release." Meanwhile, another movie set in North Korea starring Steve Carell that was about to go into production has been cancelled. Update 2: According to media reports, the US government will publicly identify North Korea as the source of the cyberattacks. Update 3: According to the LA Times, Sony Pictures says it currently has no plans to release The Interview in any form, including straight to DVD/Blu-ray, VOD or subscription streaming.
North Korea treats its state-sponsored hackers like royalty
There's still a dispute as to whether or not North Korean hackers broke into Sony Pictures' network, but one thing is clear: the country spoils its cyberwarriors rotten. A defector tells Reuters that Bureau 121, the spy division responsible for at least some state-sponsored internet attacks, gives hackers "very strong" financial incentives. They get giant apartments in posher parts of town, and they're relatively wealthy; one Bureau member could pay to move his entire rural family to the capital if he wanted. Many North Koreans see one of these jobs as an honor.
Sony Pictures is worried that North Korea hacked its computers
If you've been intrigued by the hack that took down Sony Pictures' computers, you've probably wondered who the self-proclaimed culprits, the "Guardians of Peace," might be. Are they disgruntled employees? Social activists? According to Recode sources, Sony is worried that they're actually North Korean cyberwarriors. The company and its security consultants are "actively exploring" theories that an outfit in China breached the network on North Korea's behalf. Investigators haven't confirmed anything, but they also haven't ruled out the Korean link so far.
Sophisticated malware has been spying on computers since 2008 (updated)
Highly sophisticated malware isn't limited to relatively high-profile sabotage code like Stuxnet -- sometimes, it's designed to fly well under the radar. Symantec has discovered Regin, a very complex trojan that has been spying on everyone from governments to individuals since at least 2008. The malware is highly modular, letting its users customize their attacks depending on whether they need to remote control a system, get screenshots or watch network traffic. More importantly, it's uncannily good at covering its tracks. Regin is encrypted in multiple stages, making it hard to know what's happening unless you capture every stage; it even has tools to fight forensics, and it can use alternative encryption in a pinch. Researchers at Symantec suspect that the trojan is a government-created surveillance tool, since it likely took "months, if not years" to create.
Hackers tried to hold a Detroit city database hostage
Online criminals aren't just trying to extract ransoms from unsuspecting individuals; they're targeting whole cities, too. Detroit Mayor Mike Duggan has revealed that hackers tried to hold a city database hostage in April, demanding 2,000 Bitcoins (currently worth about $803,500) before they handed it back. Thankfully, the emphasis is on "tried." As Duggan explains, Detroit wasn't even using that database any more -- it simply ignored the ransom request.
State Department shuts down unclassified email to cope with hack
The US government is no stranger to dealing with cyberattacks, but it just took a rare and relatively extreme step to keep itself safe. The State Department shut down its entire unclassified email system this weekend to bolster its defenses after spotting "activity of concern" (read: potential data breaches) that happened at the same time as an earlier hack that targeted the White House. Officials aren't naming culprits at this stage -- they've pinned some previous attacks on China and Russia, but it's not clear that there was digital warfare involved this time around. More details are expected to come once the security upgrades are in place, so you may get a better sense of what happened in the near future. [Image credit: AP Photo/J. Scott Applewhite]
Stuxnet worm entered Iran's nuclear facilities through hacked suppliers
You may have heard the common story of how Stuxnet spread: the United States and Israel reportedly developed the worm in the mid-2000s to mess with Iran's nuclear program by damaging equipment, and first unleashed it on Iran's Natanz nuclear facility through infected USB drives. It got out of control, however, and escaped into the wild (that is, the internet) sometime later. Relatively straightforward, right? Well, you'll have to toss that version of events aside -- a new book, Countdown to Zero Day, explains that this digital assault played out very differently.
FBI director sees progress in the US' ability to fight cyberattacks
FBI director James Comey has held office for more than a year, but he hasn't really had an opportunity to explain his views on camera. What does he think about the US' ability to cope with cyberattacks, for example? If you've been curious to understand his approach, you'll be glad to know that CBS News has posted the first part of an interview with Comey touching on these subjects. He reveals that he's happy with the progress the government has made on dealing with online intruders, even if it's clear that there's still a long way to go. As he explains, the US' digital defense is a lot like a high school soccer team. It's competent on the field, but no where near the World Cup skill it needs to stop many threats.
JPMorgan: cyberattack stole contact info for 76 million households
Is it just that time of year, or are data breaches just becoming more and more common? No matter: following the report that JPMorgan Chase and a handful of other banks had been hit by hackers comes confirmation from the main financial institution itself. The banking juggernaut says that as many as 76 million households and 7 million small businesses had names, phone numbers, street addresses and email addresses stolen in a cyberattack, according to a regulatory filing spotted by Bloomberg. The nation's largest bank noted that despite these intrusions, however, sensitive information like Social Security and account numbers, login credentials and dates-of-birth were not pilfered. If you have accounts at Chase, now might be time to reset your passwords and contact your local branch, regardless. [Image credit: Getty Images]
JPMorgan and other US banks reportedly hit by cyberattack
A Bloomberg report claims that JPMorgan Chase and "at least" four more banks in the US have been victims of a virtual attack from hackers. The data gathered from the breach could reportedly "be used to drain accounts," according to two Bloomberg sources who have been briefed on the situation by the US government. At the moment, it is unknown which other banks were affected by this, but the FBI has already opened an investigation and is currently working to find out more details. "[We are] working with the United States Secret Service to determine the scope of recently reported cyberattacks against several American financial institutions," said the FBI in a statement. Meanwhile, a different report from CNN Money notes that seven of the "top" 15 banks were on the wrong end of these attacks, per people familiar with the matter -- though such information has not been corroborated by US officials.
Over 1,000 US businesses hit with the same cyberattack as Target
Target's massive data breach grabbed headlines right in the middle of holiday shopping that year, and the fallout continues. According to a Department of Homeland Security advisory this afternoon, the attacks that hit the red-hued retailer, along with Supervalu and UPS, are much more widespread than first reported. The so-called "Backoff" malware in various versions has actually hit more than 1,000 businesses in the States, allowing hackers to snag info from millions of credit card payments. Remote network access for contractors provides the avenue for entry, and the announcement suggests that companies have vendors take a close look at their systems for possible criminal activity. It's also calling for businesses to put cash registers on a separate network and employ two-factor authentication to help combat would-be intruders. [Photo credit: Joe Raedle/Getty Images]
