the staff of the Ridgewood blog
Ridgewood NJ, Two Iranian nationals have been charged in connection with a coordinated cyber intrusion campaign – sometimes at the behest of the government of Iran – targeting computers in New Jersey and around the world, U.S. Attorney Craig Carpenito announced today.
the staff of the Ridgewood blog
Ridgewood NJ, so the Village Council joined the digital age and used the ZOOM app to conduct the Village Council meeting . What could possible go wrong with that? They quickly learned that the digital age comes at a price , someone hacked into the ZOOM meeting and started showing porn . Yuup the Village may never recover .
Continue reading Ridgewood Village Council Zoom Teleconference Meeting Hijacked by Porn
the staff of the Ridgewood blog
Ridgewood NJ, CBS is reporting that Over 267 million Facebook users have had their personal information exposed by another massive data breach.
Security researcher Bob Diachenko reportedly made the disturbing find on Dec. 14. Diachenko and U.K. technology research firm Comparitech believe the unprotected database was left open on the dark web for nearly two weeks.
During that time, the names, phone numbers, and Facebook user IDs were exposed in the latest embarrassing mishap for the social media giant.According to CNET, Diachenko believes criminals in Vietnam are responsible for stealing the information. At the moment there are no details on who was impacted.
A Facebook spokesman said in a statement that they are looking into the breach, but claimed the data was probably harvested before Facebook made recent changes to better protect user information.
Defendants Responsible for Rutgers University Hack, Creating Mirai and clickfraud Botnets, Infecting Hundreds of Thousands of Devices with Malicious Software
December 14,2017
the staff of the Ridgewood blog
Trenton NJ, The Justice Department announced today guilty pleas in three cybercrime cases. In the District of New Jersey, one defendant also pleaded guilty to launching a cyber attack on the Rutgers University computer network, and in the District of Alaska, that defendant and two others pleaded guilty to creating and operating two botnets, which targeted “Internet of Things” (IoT) devices.
Acting U.S. Attorney William E. Fitzpatrick of the District of New Jersey; Acting Assistant Attorney General John P. Cronan of the Justice Department’s Criminal Division; Special Agent in Charge Timothy Gallagher of the FBI’s Newark Division; U.S. Attorney Bryan D. Schroder of the District of Alaska; and Special Agent in Charge Marlin L. Ritzman of the FBI’s Anchorage Division and made the announcement.
Paras Jha, 21, of Fanwood, New Jersey, pleaded guilty today before U.S. District Judge Michael Shipp in Trenton federal court in the District of New Jersey to violating the Computer Fraud & Abuse Act. Between November 2014 and September 2016, Jha executed a series of attacks on the networks of Rutgers University. Jha’s attacks effectively shut down Rutgers University’s central authentication server, which maintained, among other things, the gateway portal through which staff, faculty, and students delivered assignments and assessments. At times, Jha succeeded in taking the portal offline for multiple consecutive periods, causing damage to Rutgers University, its faculty, and its students. The count to which Jha pleaded guilty is punishable by a maximum of 10 years in prison and a fine of $250,000, or twice the gross amount of any pecuniary gain or loss derived from the offense, whichever is greater. Sentencing is scheduled for March 13, 2018.
On Dec. 8, 2017, Jha, Josiah White, 20, of Washington, Pennsylvania, and Dalton Norman, 21, of Metairie, Louisiana, pleaded guilty to criminal informations in the District of Alaska charging them each with conspiracy to violate the Computer Fraud & Abuse Act in operating the Mirai Botnet. In the summer and fall of 2016, White, Jha, and Norman created a powerful botnet – a collection of computers infected with malicious software and controlled as a group without the knowledge or permission of the computers’ owners. The Mirai Botnet, targeted IoT devices – non-traditional computing devices that have been connected to the Internet, including wireless cameras, routers, and digital video recorders. The defendants attempted to discover both known and previously undisclosed vulnerabilities that allowed them to surreptitiously attain administrative or high-level access to victim devices for the purpose of forcing the devices to participate in the Mirai Botnet. At its peak, Mirai consisted of hundreds of thousands of compromised devices. The defendants used the botnet to conduct a number of powerful “distributed denial of service” (DDOS) attacks, which occur when multiple computers acting in unison flood the Internet connection of a targeted computer or computers. The defendants’ involvement with the original Mirai variant ended in the fall of 2016, when Jha posted the source code for Mirai on a criminal forum. Since then, other criminal actors have used Mirai variants in a variety of other attacks.
Jha and Norman also pleaded guilty to criminal informations in the District of Alaska charging each with conspiracy to violate the Computer Fraud & Abuse Act. From December 2016 to February 2017, the defendants successfully infected more than 100,000 primarily U.S.-based Internet-connected computing devices, such as home Internet routers, with malicious software. That malware caused the hijacked home Internet routers and other devices to form a powerful botnet. The defendants then used the compromised devices as a network of proxies through which they routed Internet traffic. The victim devices were used primarily in advertising fraud, including “clickfraud,” a type of Internet-based scheme that utilizes “clicks,” or the accessing of URLs and similar web content, for the purpose of artificially generating revenue.
“Paras Jha has admitted his responsibility for multiple hacks of the Rutgers University computer system,” Acting U.S. Attorney Fitzpatrick said. “These computer attacks shut down the server used for all communications among faculty, staff and students, including assignment of course work to students, and students’ submission of their work to professors to be graded. The defendant’s actions effectively paralyzed the system for days at a time and maliciously disrupted the educational process for tens of thousands of Rutgers’ students. Today, the defendant has admitted his role in this criminal offense and will face the legal consequences for it.”
“Today’s guilty plea is a testament to the countless hours of hard work and dedication by law enforcement in the fight against cyber criminals,” FBI Newark Special Agent in Charge Timothy Gallagher said. “Cybercrime knows no boundaries. Dismantling these operations is possible only by working closely with our partners.”
“The Mirai and Clickfraud botnet schemes are powerful reminders that as we continue on a path of a more interconnected world, we must guard against the threats posed by cybercriminals that can quickly weaponize technological developments to cause vast and varied types of harm,” Acting Assistant Attorney General Cronan said. “The Criminal Division will remain constantly vigilant in combating these sophisticated schemes, prosecuting cybercriminals, and protecting the American people.”
For additional information on cybersecurity best practices for IoT devices, please visit: https://www.justice.gov/criminal-ccips/page/file/984001/download .
November 7,2017
the staff of the Ridgewood blog
Bloomfield NJ, in what can only be termed as a very disturbing turn of events, at around 4 AM EST, Monday, 11/6, an unknown group hacked the web sites of a number of companies nationwide, including the one that hosts the District’s and schools’ web sites. For about two hours, our web sites displayed an ISIS-sponsored YouTube video. Around 6 AM, the hacked page was brought down and by about 7 AM full functionality and control were restored.
The FBI and investigative agencies are looking into the matter. The District reports that at no time was confidential student or staff data compromised. The internal computer and data systems within the District were completely unaffected. Everything that happened occurred at the web host’s companies server farms in Atlanta, Georgia and Florida. We are awaiting a formal press release from SchoolDesk, our web host company, and will publish it as soon as it is released.
By Eric Auchard and Dustin Volz | FRANKFURT/WASHINGTON
A computer virus wreaked havoc on firms around the globe on Wednesday as it spread to more than 60 countries, disrupting ports from Mumbai to Los Angeles and halting work at a chocolate factory in Australia.
Risk-modeling firm Cyence said economic losses from this week’s attack and one last month from a virus dubbed WannaCry would likely total $8 billion. That estimate highlights the steep tolls businesses around the globe face from growth in cyber attacks that knock critical computer networks offline.
https://www.reuters.com/article/us-cyber-attack-idUSKBN19I1TD?il=0
Chris Smith @chris_writes
March 22nd, 2017 at 11:35 AM
Apple’s iPhones and Apple IDs are a tough nut to crack for hackers, but it’s not be impossible. At least that’s what a group of hackers seem to suggest, as they’re currently attempting to blackmail Apple for up to $100,000 before they start remotely wiping millions of iPhones. Can they actually do it? Should you be worried? It’s unclear at this point.
The hackers apparently engaged in conversations with the media to force Apple’s hand. The Turkish Crime Family hacker group, which spoke to Motherboard, want either $75,000 in Bitcoin or Ethereum, or $100,000 worth of iTunes gift cards.
“I just want my money and thought this would be an interesting report that a lot of Apple customers would be interested in reading and hearing,” one of the hackers said.
Apparently, the hackers have been in contact with Apple’s security team for quite a while now. They even posted a video on YouTube to prove they have actual access to iCloud accounts, access which can be used to remotely wipe iPhones.
https://bgr.com/2017/03/22/apple-iphone-and-icloud-accounts-hacked/
By Adam Clark and Mark Mueller | NJ Advance Media for NJ.com
on January 20, 2017 at 4:47 PM, updated January 20, 2017 at 9:12 PM
NEW BRUNSWICK — The FBI has interviewed a Rutgers University computer science student who has been identified by a well-known cyber security blogger as the likely author of the malicious code that caused a massive Internet disruption in October. The expert said the student also may be linked to repeated attacks on Rutgers’ computer system starting in late 2014.
While he says he does not know who may have actually launched the massive “denial of service” or DDoS attacks last fall, the security researcher said the coding language used and other anecdotal evidence seemed to point to the 20-year-old-student, Paras Jha, as an author of the malware used to shut down hundreds of computer servers.
The student’s father, Anand Jha, confirmed that federal investigators have questioned his son, but he adamantly denied he had any knowledge of the attacks or was involved in any way.
By Paul Milo | NJ Advance Media for NJ.com
on November 22, 2016 at 7:28 PM, updated November 22, 2016 at 7:38 PM
NEW YORK — The Madison Square Garden Company said Tuesday that data from credit cards used at its properties over much of the past year may have been compromised.
The breach was discovered late last month when banks notified the company of a suspicious pattern of credit card activity. An investigation revealed that the breach began Nov. 9, 2015, and lasted until Oct. 24. The breach has since been addressed, the company said.
Cards used in person at the company’s venues — Madison Square Garden, Radio City Music Hall, The Theater at Madison Square Garden, The Chicago Theater and Beacon Theater — may have been affected when used for purchases of food, drinks and merchandise. Not all cards used were affected, nor were any cards used at MSG websites, the venues’ box offices or at Ticketmaster.
The data is encoded in the cards’ magnetic strips and includes card numbers, cardholder names, verification codes and expiration dates, the company said.
https://www.nj.com/news/index.ssf/2016/11/credit_card_breach_reported_at_madison_square_gard.html
by KEN DILANIAN, WILLIAM M. ARKIN, ROBERT WINDREM and CYNTHIA MCFADDEN
The U.S. government is gearing up for an unprecedented effort to protect Tuesday’s presidential election from cyber attack, U.S. officials told NBC News.
“There are a lot of eyes on this presidential election — more than there normally would be,” a senior Obama administration official said.
Cyber centers at the Department of Homeland Security, the Justice Department and the FBI — as well as the Pentagon, the CIA and other intelligence agencies — will be on alert, with extra staff hunting for any possible threat, officials say.
https://www.nbcnews.com/news/us-news/all-hands-deck-protect-election-hack-say-officials-n679271
file photo Dana Glazer
September 8,2016
the staff of the Ridgewood
Ridgewood NJ, It’s a provocative question that reads like the cover blurb for a paperback spy novel, but it’s drawing serious attention in these days of cyber crime.
Could hackers disrupt the U.S. presidential election and, if they did, what would be the implications for our democracy?
“Theoretically, there are several things a hacker could do to interfere with the election,” says Gary S. Miliefsky, CEO of SnoopWall (www.snoopwall.com), a company that specializes in cybersecurity.
“They could delete names from a voter list so that when people showed up to vote there’s no record of them being registered. They could change the actual voting machine results, putting the wrong person in office. Or they might just hack in so that they can steal people’s personal information and commit identity theft.”
Already concerns arose after the Democratic National Committee was hacked this summer, reportedly by Russians. More recently there were reports of hacks of the voting registration systems in Arizona and Illinois.
The FBI says Russians also were behind the Arizona hack, which involved malware being found on a county election official’s computer. In Illinois, hackers downloaded information on as many as 200,000 voters.
Miliefsky says the federal government could and should take several steps if it’s truly concerned that the Russian government, criminal Russian cartels or anyone else might try to hijack the election. Those steps include:
• Issue an ultimatum. Government officials should issue a public statement to Russia letting it know it will face cyber-war consequences if either the Russian government or Russian criminals try to interfere with the U.S. voting system.
• Go on high alert. The National Security Agency should monitor, in a state of high alert, the election networks to see if cyber attacks are happening and find out who is perpetrating the crime.
• Enlist cybersecurity help. The U.S. government could request the assistance of cybersecurity experts to help elections officials ensure their networks and voting machines are patched and secure.
•Partner with cybersecurity companies. U.S.-based cybersecurity companies could be offered grants to deploy advanced tools on election networks to shore up their defense.
“It’s time for us to get vigilant and pro-active,” Miliefsky says. “No nation-state hackers or cybercriminals should be able to undermine the basis of our democracy by cyber-election fraud.
“Of course, going back to old-fashioned ‘paper-based voting’ wouldn’t hurt this election cycle, either.”
About Gary S. Miliefsky
Gary S. Miliefsky is founder of SnoopWall Inc. (www.snoopwall.com), a cutting edge counter-intelligence technology company offering free consumer-based software to secure personal data on cell-phones and tablets, while generating revenues helping banks and government agencies secure their networks. He has been active in the INFOSEC arena, as the Executive Producer of Cyber Defense Magazine and a regular contributor to Hakin9 Magazine.
By RICHARD CLARKE
NEWS ANALYSIS — Aug 19, 2016, 10:25 AM ET
After reports of alleged Russian hacking into Democratic Party computer networks, some commentators have suggested that the Russians could hack the results of the U.S. elections. Other analysts have, well before this year’s campaign, suggested that election results in the U.S. could be electronically manipulated, including by our fellow Americans. So could an American election’s outcome be altered by a malicious actor on a computer keyboard?
I have had three jobs that, together, taught me at least one thing: If it’s a computer, it can be hacked. For Presidents Bill Clinton and George W. Bush, I served as the White House senior cybersecurity policy adviser. For President Barack Obama, I served on his five-person post–Edward Snowden investigative group on the National Security Agency, intelligence and technology. And for over a decade I have advised American corporations on cybersecurity.
Those experiences confirm my belief that if sophisticated hackers want to get into any computer or electronic device, even one that is not connected to the internet, they can do so.
https://abcnews.go.com/Politics/hack-election/story?id=41489017
file photo Dana Glazer
Best Practices’ considered for state and local election officials
In an already topsy-turvy presidential campaign, the recent breaches of Democratic Party computer networks have fueled fears about potential foreign meddling and raised questions about how secure the electronic systems that record and tally votes across the country are from sophisticated hackers.
For years, computer security experts have warned that electronic voting is vulnerable to hacking that could alter vote tallies and theoretically swing an election. The intrusions that compromised the Democratic National Committee and the House Democrats’ fundraising campaigns’ systems — both of which cybersecurity experts have blamed on groups linked to Russian intelligence agencies — have only heightened those concerns.
Even a minor breach could wreak havoc by undermining the public’s faith in the integrity of the balloting, particularly in a campaign as contentious as this year’s presidential race.
“We cannot function without the leadership that is elected via the democratic process, and attacks on our election system could undermine all of the confidence that voters have in the legitimacy of our leadership,” said J. Alex Halderman, a computer science professor at the University of Michigan who has studied security in electronic and internet voting.
With the stakes running high, the Obama administration has said it is attuned to the threat and is looking at ways to mitigate it.
– See more at: https://www.rollcall.com/news/politics/recent-breaches-raise-fears-voting-system-hacks#sthash.3VxahQHi.dpuf
Michael Isikoff
Chief Investigative Correspondent
July 28, 2016
The FBI warned the Clinton campaign that it was a target of a cyberattack last March, just weeks before the Democratic National Committee discovered it had been penetrated by hackers it now believes were working for Russian intelligence, two sources who have been briefed on the matter told Yahoo News.
In a meeting with senior officials at the campaign’s Brooklyn headquarters, FBI agents laid out concerns that cyberhackers had used so-called spear-phishing emails as part of an attempt to penetrate the campaign’s computers, the sources said. One of the sources said agents conducting a national security investigation asked the Clinton campaign to turn over internal computer logs as well as the personal email addresses of senior campaign officials. But the campaign, through its lawyers, declined to provide the data, deciding that the FBI’s request for sensitive personal and campaign information data was too broad and intrusive, the source said.
A second source who had been briefed on the matter and who confirmed the Brooklyn meeting said agents provided no specific information to the campaign about the identity of the cyberhackers or whether they were associated with a foreign government. The source said the campaign was already aware of attempts to penetrate its computers and had taken steps to thwart them, emphasizing that there is still no evidence that the campaign’s computers had actually been successfully penetrated.
But the potential that the intruders were associated with a foreign government should have come as no surprise to the Clinton campaign, said several sources knowledgeable about the investigation. Chinese intelligence hackers were widely reported to have penetrated both the campaigns of Barack Obama and John McCain in 2008.
https://www.yahoo.com/news/fbi-hillary-clinton-cyber-attack-000000269.html
By Ben Kamisar – 07/29/16 05:15 PM EDT
Hillary Clinton’s campaign had its computer network hacked as part of the cyberattack on Democratic organizations, Reuters reported Friday.
A federal law enforcement official told the New York Times that the hack appears to have come from Russia.
“An analytics data program maintained by the DNC, and used by our campaign and a number of other entities, was accessed as part of the DNC hack,” Clinton press secretary Nick Merrill said in a statement. “Our campaign computer system has been under review by outside cyber security experts. To date, they have found no evidence that our internal systems have been compromised.”
The news comes hours after the Democratic Congressional Campaign Committee (DCCC)confirmed it was hacked as well.
The DCCC called its intrusion “similar” to the attack on the Democratic National Committee (DNC), which led to Wikileaks publishing tens of thousands of internal emails.
The trove’s release led to the resignation of DNC Chairwoman Debbie Wasserman Schultz earlier this week.
The Department of Justice is investigating the cyberattacks, Reuters reported. Those with knowledge of the investigation told the news service that involvement was a sign the White House believed the attacks were state-sponsored.
Reuters reported Thursday that the FBI had opened an investigation into a digital intrusion at the DCCC.
