Archive for Hacked

Health Care Company CarePartners Pwned By Hackers…. And The Hackers Are Speaking Out

Posted in Commentary with tags on July 17, 2018 by itnerd

This is something that you don’t see everyday. CarePartners which is a health care company that provides home medical care services on behalf of the Ontario government have been pwned by hackers. According to the company, the hackers only got access to a small amount of data.

Now I do admit that companies get pwned by hackers all the time sadly. But what’s unusual about this situation is that the hackers are speaking out:

However, a group claiming responsibility for the breach recently contacted CBC News and provided a sample of the data it claims to have accessed, shedding new light on the extent of the breach.

The sample includes thousands of patient medical records with phone numbers and addresses, dates of birth, and health card numbers, as well as detailed medical histories including past conditions, diagnoses, surgical procedures, care plans and medications for patients across the province.

Another document appears to contain more than 140 active patient credit card numbers and expiry dates, many with security codes.

The attackers claimed the sample was a subset of hundreds of thousands of patient records and related materials in their possession dating back to 2010.

“We requested compensation in exchange for telling them how to fix their security issues and for us to not leak data online,” they told CBC News.

CarePartners did not answer questions about the ransom, and it is not clear if or when the data will be posted online.

For the record, CBC was able to verify that the data they got was on the level. Which isn’t good if you’re CarePartners. Then there’s the fact that the company says that they take protecting data seriously. But the hackers say something entirely different.

The attackers told CBC News in an encrypted message that they discovered vulnerable software on CarePartners’ network that had not been updated in two years “by chance,” and were able to exploit those vulnerabilities and weak passwords to remove hundreds of gigabytes “completely unnoticed.”

#Fail. Clearly CarePartners don’t take the security of data seriously based on that.

Now I get why CarePartners might want to minimize the extent of this. But it’s not a workable strategy long term because in Canada there’s strong privacy laws and this sort of thing does get investigated by Canada’s Privacy Commissioner. So the truth will come out eventually and CarePartners will get smacked pretty hard. Thus if I were them, I would just come clean now and work with everyone from the Privacy Commissioner to law enforcement and security firms to address this.


Data From MyHeritage Shows Up On Third Party Server…. Millions Of Accounts Affected

Posted in Commentary with tags on June 5, 2018 by itnerd

MyHeritage, a genealogy and DNA testing service has announced that a researcher uncovered 92 million account details related to the company sitting on a server. In other words, there’s a data breach of epic proportions. Here’s the details via the announcement from MyHeritage:

Today, June 4, 2018 at approximately 1pm EST, MyHeritage’s Chief Information Security Officer received a message from a security researcher that he had found a file named myheritage containing email addresses and hashed passwords, on a private server outside of MyHeritage. Our Information Security Team received the file from the security researcher, reviewed it, and confirmed that its contents originated from MyHeritage and included all the email addresses of users who signed up to MyHeritage up to October 26, 2017, and their hashed passwords.

Immediately upon receipt of the file, MyHeritage’s Information Security Team analyzed the file and began an investigation to determine how its contents were obtained and to identify any potential exploitation of the MyHeritage system. We determined that the file was legitimate and included the email addresses and hashed passwords of 92,283,889 users who had signed up to MyHeritage up to and including Oct 26, 2017 which is the date of the breach. MyHeritage does not store user passwords, but rather a one-way hash of each password, in which the hash key differs for each customer. This means that anyone gaining access to the hashed passwords does not have the actual passwords.

The security researcher reported that no other data related to MyHeritage was found on the private server. There has been no evidence that the data in the file was ever used by the perpetrators. Since Oct 26, 2017 (the date of the breach) and the present we have not seen any activity indicating that any MyHeritage accounts had been compromised.

Well. That is not good to say the least. The usual advice in this sort of situation applies such as changing your password for this service. There doesn’t seem to be any indication of any payment info being swiped at this point. So I think you don’t have to worry about that at this point. I will also note that the company reported this according to GDPR regulations, so that’s positive. Hopefully MyHeritage explains what happened here and what they are going to do to stop it from happening again if they want to regain the trust of their users.

BMO and CIBC-owned Simplii Financial Pwned…. Tens Of Thousands Of Customers At Risk

Posted in Commentary with tags , on May 29, 2018 by itnerd

The CBC is reporting that CIBC-owned Simplii Financial has warned on Monday morning that hackers had accessed the personal and account information of more than 40,000 of the bank’s customers. Then Bank of Montreal revealed that hackers had stolen data on up to 50,000 of the bank’s customers.

That’s not good. but it is actually worse than that.

The hackers have now gone to the media with threats of leaking the data that they stole when the banks apparently did not pay up a $1 million ransom for the data. CBC managed to take some data that the hackers served up to them and confirmed that it is real. So as a result, all these customers are now under threat of being pwned in epic fashion. This is not good to say the least that two banks in Canada have been pwned like this. These banks have a lot of explaining to do. And you have to wonder if other banks can be pwned like this.


Chili’s Pwned…. Unknown Number Of Debit & Credit Cards Exposed

Posted in Commentary with tags on May 15, 2018 by itnerd

The parent company of the restaurant chain known as Chili’s has announced that the restaurant had been hit by a data breach that left an unknown number of customer debit and credit card numbers exposed to hackers. The firm said that the hack occurred between March and April and involved malware but little else has been revealed. Since the company doesn’t collect any other data, there’s little chance that SSN’s and the like are floating around out there. But this is clearly not good. The company suggests that you monitor your bank cards to ensure that no fraud takes place and the company has said that it will post updates on their website.

Clearly this isn’t a trivial hack and hopefully this sends a message that companies have to do a much better job of protecting themselves from pwnage.

Malware Exploiting Spectre & Meltdown CPU Flaws Appears

Posted in Commentary with tags on February 5, 2018 by itnerd

This is very bad news that has come to light via SecurityWeek:

Researchers have discovered more than 130 malware samples designed to exploit the recently disclosed Spectre and Meltdown CPU vulnerabilities. While a majority of the samples appear to be in the testing phase, we could soon start seeing attacks… On Wednesday, antivirus testing firm AV-TEST told SecurityWeek that it has obtained 139 samples from various sources, including researchers, testers and antivirus companies… Fortinet, which also analyzed many of the samples, confirmed that a majority of them were based on available proof of concept code. Andreas Marx, CEO of AV-TEST, believes different groups are working on the PoC exploits to determine if they can be used for some purpose. “Most likely, malicious purposes at some point,” he said.

Now I am not shocked by this at all as these two CPU flaws got a ton of coverage in the media. Which meant it was only a matter of time before someone tried to exploit them. That makes the screw ups in trying to patch these holes, along with the non-action by some companies in not patching these holes a big issue. Thus pretty much everyone who runs a computer could be in very deep trouble very soon.

Prince Albert Police Website Defaced By Hackers

Posted in Commentary with tags on November 8, 2017 by itnerd

For the benefit of those outside Canada, Prince Albert is third-largest city in the province of Saskatchewan. It’s also where the website for the local police force was defaced by hackers claiming to be doing this on behalf of the terrorist group known as ISIS:

The website early Wednesday displayed the message “I Love Islamic state” and played an audio track with a man speaking in Arabic. The speech is propaganda for fundamentalist and violent actions, addressed to Muslims and glorifying ISIS fighters.  

A group named Team System Dz claims responsibility for the hacking. The group has been behind other such incidents in Canada. 

Now let me be clear. While defacing a website is technically hacking, it’s the digital equivalent of painting the side of a building with graffiti. While some skill is involved, the people behind this aren’t exactly people with 3l173 h4ck3r 5k1llz (elite hacker skills in leet speak). Now if they used this as a gateway to pull off something like take over the Prince Albert Police network, leak data or something along those lines, then I’d be impressed. But as it stands at present, while this is embarrassing to the Prince Albert Police, the pwnage was not epic. Though I will note that Team System Dz seems to be very good at this since they popped onto the radar in 2014 as they’ve been responsible for doing this sort of thing about 300 times globally from my research. Thus I guess they deserve their notoriety for the scale of their activities if nothing else.

Backdoor in CCleaner Infects Windows Users With Malware

Posted in Commentary with tags on September 18, 2017 by itnerd

Avast has advised users of its CCleaner which is an optimization application for Windows to immediately update their software after discovering a backdoor in the tool. Here’s what Forbes had to say:

The affected app, CCleaner, is a maintenance and file clean-up software run by a subsidiary of anti-virus giant Avast. It has 2 billion downloads and claims to be getting 5 million extra a week, making the threat particularly severe, researchers at Cisco Talos warned. Comparing it to the NotPetya ransomware outbreak, which spread after a Ukrainian accounting app was infected, the researchers discovered the threat on September 13 after CCleaner 5.33 caused Talos systems to flag malicious activity.

Further investigation found the CCleaner download server was hosting the backdoored app as far back as September 11. Talos warned in a blog Monday that the affected version was released on August 15, but on September 12 an untainted version 5.34 was released. For weeks then, the malware was spreading inside supposedly-legitimate security software.

The malware would send encrypted information about the infected computer – the name of the computer, installed software and running processes – back to the hackers’ server. The hackers also used what’s known as a domain generation algorithm (DGA); whenever the crooks’ server went down, the DGA could create new domains to receive and send stolen data. Use of DGAs shows some sophistication on the part of the attackers.

Now it’s really embarrassing when an anti-virus company has one of its own products be a vehicle for malware. Clearly someone over at Avast was asleep at the switch. If you’re a Windows user who uses this software, I’d be dumping it right now and following these directions to see if you were infected. Then you should install(if you must) to the latest version which is available for download here.