Archive for hack

« Older Entries
Newer Entries »

Cyber Criminals Steal The Personal Info Of 100K Americans From The IRS

Posted in Commentary with tags , on May 26, 2015 by itnerd

I’m guessing a lot of heads are going to roll over this latest data breach. It seems that 100,000 Americans have their personal info stolen from the IRS. Here’s what The Associated Press had to say:

The thieves accessed a system called “Get Transcript,” where taxpayers can get tax returns and other filings from previous years. In order to access the information, the thieves cleared a security screen that required knowledge about the taxpayer, including Social Security number, date of birth, tax filing status and street address, the IRS said.

“We’re confident that these are not amateurs,” said IRS Commissioner John Koskinen. “These actually are organized crime syndicates that not only we but everybody in the financial industry are dealing with.”

Koskinen wouldn’t say whether investigators believe the criminals are based overseas — or where they obtained enough personal information about the taxpayers to access their returns. The IRS has launched a criminal investigation. The agency’s inspector general is also investigating.

I don’t need a PHD in cyber crime to figure out what’s going to happen next. It will be identity theft. Not good if you’re one of those who had their personal info stolen. Apparently the system that was breached was accessed hundreds of thousands of times between February and May when the breach was discovered and the system was shut down. That’s why heads are likely to roll. It’s clear that someone was asleep at the switch. Those affected will be notified, but it will be cold comfort as the metaphorical genie is out of the bottle.

One wonders when organizations will take IT security seriously.

Leave a comment »

AdultFriendFinder Hacked… 3.5 Million Accounts Compromised

Posted in Commentary with tags , , on May 24, 2015 by itnerd

If you find your dates or whatever it is you’re into on AdultFriendFinder…. Not that there’s anything wrong with that…. You might have a reason to worry. About 3.5 million personally identifiable records were leaked from systems belonging to the adult oriented website which confirmed the breach after the hack first surfaced in April:

Word of Adult Friend Finder’s problems first surfaced last month. An IT consultant and Darknet researcher, who prefers to be known as Teksquisite, discovered the files on a forum in April. Salted Hash, looking to confirm her findings, discovered the same posts and files in short order.

The hacker claiming responsibility for the breach says they’re from Thailand, and started boasting about being out of reach of U.S. law enforcement because of location alone. As for local law enforcement, they’re confident they can bribe their way out of trouble, so they continued to post Adult Friend Finder records.

Using the handle ROR[RG], the hacker claims to have breached the adult website out of revenge, because a friend of theirs is owed money – $247,938.28. They later posted a $100,000 USD ransom demand to the forum in order to prevent further leaks.

In all, across 15 different CSV files, ROR[RG] posted 3,528,458 records. The files are database dumps with 27 fields in total; the most important being IP address, email, handle, country, state, zip code, language, sex, race, and birth date. Dates confirm that the data is at least 74-days old.

Here’s what AdultFriend Finder had to say:

“FriendFinder Networks Inc. has just been made aware of a potential data security issue and understands and fully appreciates the seriousness of the issue. We have already begun working closely with law enforcement and have launched a comprehensive investigation with the help of leading third-party forensics expert, Mandiant, a FireEye Company, the law firm of Holland & Knight, and a global public relations firm that specializes in cyber security.

“Until the investigation is completed, it will be difficult to determine with certainty the full scope of the incident, but we will continue to work vigilantly to address this potential issue and will provide updates as we learn more from our investigation. We cannot speculate further about this issue, but rest assured, we pledge to take the appropriate steps needed to protect our customers if they are affected.”

Sure you will. Either you were covering things up until you were forced to admit it, or you were asleep at the switch or your IT security sucks. That’s bad any way you slice it and users of the website should be outraged. The only good thing that they did was that they got Mandiant to look into this. Maybe they will whip your website into shape.

So, why am I being so harsh on AdultFriendFinder? Simple, this hack hurts people who really didn’t need the fact that they surf the Internet looking for Mr./Ms. Right or Mr./Ms. Right Now. Let me illustrate how this hurts people:

The problem that came to light was that, buried in the data, people were using their work email address to register for Adult Friend Finder. It was noticed by some folks I spoke with who were familiar with the data, that there were email addresses for folks serving in the US Army, US Airforce, Australian military as well as members of the Colombian, Brazilian and the Canadian Forces. That was just based on a cursory search.

Further to that end, according to the leaked data, government related email addresses showed that staffers from around the world had registered with their work email. Rather amazing that people would do such a thing.

So, why is this a problem? Well, an enterprising sort could track a person back through some simple searches. In one scenario someone would be possibly able to find a military personnel’s home address, current station, and…the names of his wife and children just as an example scenario.

Now, I could say that anyone who is dumb enough to use their work e-mail address to register on this site deserves to have their privacy invaded. But that’s wrong. Nobody needs to have their privacy invaded. Ever. Hopefully the low lives who are responsible get caught and jailed as hacks that violate the privacy of people should not be tolerated.

Leave a comment »

SIM Cards Still Secure Despite Hack Says Gemalto

Posted in Commentary with tags , , , on February 23, 2015 by itnerd

Last week I brought you a story on UK and US intelligence types hacking into a company called Gemalto who makes among other things, SIM cards for mobile phone carriers, and gaining the ability to eavesdrop on millions of smartphone users because of the hack. Today, Gemalto came out with a statement that basically says that the SIM cards that they produce are still secure despite this hack:

Gemalto, the world leader in digital security, is devoting the necessary resources to investigate and understand the scope of such sophisticated techniques. Initial conclusions already indicate that Gemalto SIM products (as well as banking cards, passports and other products and platforms) are secure and the Company doesn’t expect to endure a significant financial prejudice.

The company does plan to hold a press conference to provide more details on this in Paris at 10:30 am on the 25th of February. We’ll see at that point how the company explains the fact that their SIM cards are secure despite this hack. Personally, I am dubious. But I’m willing to let them lay out their evidence to back up their case.

Leave a comment »

US & UK Spies Hack Into Maker Of SIM Cards To Spy On Mobile Phone Users

Posted in Commentary with tags , , , on February 20, 2015 by itnerd

This is something that potentially will keep you awake tonight. It has come to light that American and UK spies have hacked into a company called Gemalto in order to gain the ability to spy on smartphone users. Here’s some of the details from the BBC:

The Intercept says that “the great Sim heist” gave US and British surveillance agencies “the potential to secretly monitor a large portion of the world’s cellular communications, including both voice and data”.

It says that among the clients of the Netherlands-based company are AT&T, T-Mobile, Verizon, Sprint and “some 450 wireless network providers around the world”.

One other thing to consider. Gemalto also produces the ID chips used in modern passports. Thus the effects of this could go beyond the smartphone space. One thing to note is that when Gemalto produces SIM cards, they themselves set the encryption codes. Which means that if you get the encryption code or codes, you can cause a whole lot of damage. The chips used in passports are apparently blank when they’re delivered to the end customer. So they are less likely to be exploited because the end customers would set up their own encryption. At least in theory. These days you never know. Neither country has commented on this. Not that you would expect them to.

This came to light because of the gift that keeps on giving known as Edward Snowden. Love him or hate him, he is sure making intelligence agencies tremble in fear because of what he knows.

Leave a comment »

FBI Stands By Accusation That North Korea Is Behind Sony Pictures Hack

Posted in Commentary with tags , on January 8, 2015 by itnerd

Despite evidence to the contrary, FBI Director James Comey is still pointing the finger towards North Korea as the responsible party behind the epic Sony Pictures hack. Via ARS Technica, here’s what he cites as evidence:

While the Sony attackers had largely concealed their identity by using proxy servers, Comey said that on several occasions they “got sloppy” and connected directly, revealing their own IP address. It was those slip-ups, he said, that provided evidence linking North Korea to the attack on Sony’s network. Comey also said that analysts at the FBI found the patterns of writing and other identifying data from the attack matched previous attacks attributed to North Korea. Additionally, there was other evidence, Comey said, that he could not share publicly.

Still missing from the equation is how the attackers penetrated Sony’s network. Comey said that FBI was still investigating how the attackers got in, but noted that the company had been targeted by  “spear phishing” campaigns—including one that occurred in September.

Here’s where some of this starts to fall apart. It’s not that hard to fake or “spoof” an Internet address. So if I were a hacker not affiliated to North Korea and I wanted to sell that it was North Korea that was behind the hack, I’d leave a few clues behind to point towards the North Koreans. For all we know, that’s what these hackers did. Also, patterns of writing can be copied. So that doesn’t prove anything either. Then there’s this fact that I wrote about in this article:

A government who is behind a hack of this sort would not want to do any of that because it draws way too much attention to their covert hacking activities. Thus, that really casts doubt on North Korea being responsible.

So unless there is evidence beyond the circumstantial stuff presented thus far, I am still dubious of North Korea being responsible for this hack.

 

 

Leave a comment »

Hey IT Nerd! Do You Think That North Korea Is Behind The Sony Hack?

Posted in Commentary with tags , , on December 23, 2014 by itnerd

I got this in my inbox last night:

IT Nerd, let me get straight to the point. Do you think North Korea is behind the Sony hack or someone else is responsible? 

Thanks for the question.

I have nothing but a gut feeling on this…. Well, a bit more than a gut feeling… But I would say that I don’t believe that North Korea is behind the Sony hack. I will admit that North Korea does have the ability to do this sort of thing, plus they have people at arms length that are capable of doing this sort of thing as well (they’re arms length so that it gives North Korea plausible deniability). I don’t see either being responsible as this doesn’t quite fit the usual modus operandi from either of these groups. From what I do understand about North Korea and the hackers that do their bidding, they’re more of the hit and run sort. In other words, they get in, get what they are looking for and get out. They’re also in it for economic gain or to disrupt some project or goal the target has. Regardless of the end goal, they don’t broadcast what they’ve done, nor do they have fancy names for themselves. If we look at this hack, we have the “Guardians Of Peace” which is a group nobody has ever heard of. Not computer security experts, not intelligence agencies (at least not that they admit to), nobody. They’ve not only hacked Sony, they’ve released data that has embarrassed Sony and made threats of “9/11 style attacks” that their ability to pull off is dubious at best. A government who is behind a hack of this sort would not want to do any of that because it draws way too much attention to their covert hacking activities. Thus, that really casts doubt on North Korea being responsible.

So, who could be responsible? It could be hackers who are using “The Interview” and the North Korean connection as cover. After all, Sony is a company that hackers have targeted for years. So quite literally, anybody could be responsible for this. Alternately it could be a disgruntled ex-employee, though they would need the skills to pull this off. A deskside support guy isn’t going to have those skills. But maybe a network admin who has some friends with the required skill could pull this off as long as they know enough about the Sony Pictures infrastructure to make this a viable attack. What makes the latter plausible is the fact that there were significant layoffs at Sony Pictures recently. It isn’t too much of a stretch to think that someone who got separated from their job was looking for a bit of revenge. You could come up with all sorts of plausible theories on this front that would make sense. Thus it further casts doubt on the whole North Korea angle.

Now the FBI did lay out their reasoning in their press release on the subject. Here’s the key points:

  • Technical analysis of the data deletion malware used in this attack revealed links to other malware that the FBI knows North Korean actors previously developed. For example, there were similarities in specific lines of code, encryption algorithms, data deletion methods, and compromised networks.
  • The FBI also observed significant overlap between the infrastructure used in this attack and other malicious cyber activity the U.S. government has previously linked directly to North Korea. For example, the FBI discovered that several Internet protocol (IP) addresses associated with known North Korean infrastructure communicated with IP addresses that were hardcoded into the data deletion malware used in this attack.
  • Separately, the tools used in the SPE attack have similarities to a cyber attack in March of last year against South Korean banks and media outlets, which was carried out by North Korea.

Here’s where the reasoning that’s printed above falls apart. Reusing malware code and the tools to make this attack on Sony happen is a great way for hackers to cover their tracks and they do this all the time. Just because malware “x” was used in one particular attack doesn’t mean that the same people are using it in another attack. Plus, another way for hackers to cover their tracks is to make it look like the attack is coming from someplace else. This is called spoofing and it’s not just hackers who do this. People in Canada who get access to the shows on the US version of Netflix or those who get access to BBC iPlayer from Canada make use spoofing to make themselves appear to be in the US or the UK respectively and it doesn’t take a whole lot of skill to pull that off. Thus none of this is a smoking gun that points definitively at North Korea.

While it is possible that North Korea is behind this hack, I don’t think that there’s enough evidence here to say so definitively. I think when cooler heads prevail, it will be discovered that someone else not even remotely associated with North Korea was behind this. It will be interesting to see what happens if and when that day comes.

 

 

Leave a comment »

Canadians Can Now Freak Out About Home Depot Hack

Posted in Commentary with tags , on September 9, 2014 by itnerd

Earlier today, I posted a story about the confirmation of the hack of Home Depot and the theft of 60 million credit card numbers. I also mentioned that Canadians MAY not have anything to worry about but they should check their credit card statements closely.

I’m here to say they now can officially start worrying. Here’s what the Toronto Star has to say:

Security researcher Brian Krebs, who first reported the attack last week, said on Tuesday that the stolen data, which can be used to make fake cards, is available for sale online. Cards issued by all of the big five Canadian banks — RBC, TD, CIBC, BMO and Scotiabank — are listed on at least one website selling hacked credit card information.

Well, that’s just craptastic. Clearly this isn’t going to end well for anyone involved. Here’s what’s worse:

An RBC spokesperson on Tuesday would not confirm whether any of its customers were affected. “We are aware of the breach and have taken the necessary precautions to identify and minimize any potential impacts on our clients,” RBC spokesperson Andrew Block said.

Customers will not have to pay for any potential fraudulent transactions, he said. The bank is recommending that customers monitor their accounts closely for signs of unauthorized use.

TD said on Tuesday that they would not comment on the attack or whether any client cards were affected.

CIBC, Scotiabank and BMO did not respond to requests for comment on Tuesday.

None of that inspires any confidence. I would have hoped that the five banks involved would have said something more substantial. Hopefully, they will have the backs of Canadians on this.

 

Leave a comment »

Home Depot Hit By Same Malware That Hit Target

Posted in Commentary with tags , on September 8, 2014 by itnerd

This isn’t good.

The Home Depot hack of credit card info is pretty bad given the scale. But what’s making it worse is that according to Brian Krebs, the same person who discovered the hack, it looks like the malware has been used previously:

A source close to the investigation told this author that an analysis revealed at least some of Home Depot’s store registers had been infected with a new variant of “BlackPOS” (a.k.a. “Kaptoxa”), a malware strain designed to siphon data from cards when they are swiped at infected point-of-sale systems running Microsoft Windows.

The information on the malware adds another indicator that those responsible for the as-yet unconfirmed breach at Home Depot also were involved in the December 2013 attack on Target that exposed 40 million customer debit and credit card accounts. BlackPOS also was found on point-of-sale systems at Target last year. What’s more, cards apparently stolen from Home Depot shoppers first turned up for sale on Rescator[dot]cc, the same underground cybercrime shop that sold millions of cards stolen in the Target attack.

Great. The bad news doesn’t end there:. There seems to be proof that the hacker or hackers behind this have an anti-American bent to them. That’s really troubling and this should make those at the highest levels of the US government worry.

I wonder how much worse this can get?

 

 

Leave a comment »

Security Company Who Discovered Russian Hack Trying To Profit From It

Posted in Commentary with tags , , on August 7, 2014 by itnerd

Yesterday I posted a story on the discovery of a cybergang who allegedly stole 1.2 billion passwords from a variety of websites. Today it has come to light that the group who discovered the hack, Hold Security is only going to notify website operators if they were affected if they sign up for its breach notification service, which starts at $120 per year. Here’s what IT World had to say:

Some security researchers on Wednesday said it’s still unclear just how serious the discovery is, and they faulted the company that uncovered the database, Hold Security, for not providing more details about what it discovered.

“The only way we can know if this is a big deal is if we know what the information is and where it came from,” said Chester Wisniewski, a senior security advisor at Sophos. “But I can’t answer that because the people who disclosed this decided they want to make money off of this. There’s no way for others to verify.”

Wisniewski was referring to an offer by Hold Security to notify website operators if they were affected, but only if they sign up for its breach notification service, which starts at US$120 per year. Individual consumers can find out through its identity protection service, which Hold Security says will be free for the first 30 days.

I’m a big believer that if you discover a flaw like this, you have a responsibility to disclose everything that you know as quickly as possible. If the party who is at the center of this doesn’t take the disclosure seriously, then you need to go public. To try and profit off of this is wrong. If there is a threat here, it is incumbent on Hold Security to get it out there as quickly as possible as the implications are huge if they don’t. I am of course assuming that this is real. The fact that no facts have been put on the table casts a shadow on their claim. That’s another reason why Hold Security should say what they know now.

 

Leave a comment »

Russian Cybergang Stole 1.2 BILLION Passwords

Posted in Commentary with tags , , on August 6, 2014 by itnerd

You read that title right. A group of researchers are claiming that a Russian cybergang has stolen a staggering 1.2 billion passwords from a variety of websites:

The US firm Hold Security said the gang which it dubbed “CyberVor” collected confidential user names and passwords were stolen from some 420,000 websites, ranging from household names to small Internet sites.

“As long as your data is somewhere on the World Wide Web, you may be affected by this breach,” Hold said in a statement on its website.

“Your data has not necessarily been stolen from you directly. It could have been stolen from the service or goods providers to whom you entrust your personal information, from your employers, even from your friends and family.”

The security firm, which specializes in research on large data breaches, said the cybergang acquired databases of stolen credentials from fellow hackers on the black market, and then installed malware that allowed them to gain access to many websites and social media accounts.

“To the best of our knowledge, they mostly focused on stealing credentials, eventually ending up with the largest cache of stolen personal information, totaling over 1.2 billion unique sets of e-mails and passwords,” the researchers said.

Now, if this is true, this is truly frightening. A credit card can be easily canceled. But personal credentials like an email address, Social Security number or password can be used for identity theft. Because people tend to use the same passwords for different sites, criminals test stolen credentials on websites where valuable information can be gleaned. Thus this can quickly become very very bad for anyone affected.

My advice? If you’re paranoid, change your passwords now. This article can help you with that. I personally am waiting to see who was affected and what those sites are doing to inform affected users.

Leave a comment »

« Older Entries
Newer Entries »