hackers - Page 4 of 6 - THE RIDGEWOOD BLOG.

Posted on May 7, 2016May 7, 2016 by James — Leave a comment

How Banks, Other Ridgewood Businesses Can Avoid Becoming Cyber-Crime Victims

May 7,2016

the staff of the Ridgewood blog

Ridgewood NJ, Apparently, the heist couldn’t have been any simpler if it had been drawn up in the lunch line at an elementary school cafeteria.

In February, Bangladesh’s central bank saw $81 million disappear out a virtual window. Now it’s been revealed that, although the computer hackers used custom-made malware, they probably didn’t need to work up a cyber sweat while pulling off their long-distance theft. The bank had no firewalls to defend against intruders and its computers were linked to global-financial networks through second-hand routers that cost $10.

“It’s stunning that a major institution would leave itself so defenseless in this day and age when everyone should know that cyber criminals are waiting for you to let your guard down,” says Gary S. Miliefsky, CEO of SnoopWall (www.snoopwall.com), a company that specializes in cyber security.

But he says the episode can serve as a cautionary tale for other banks and any businesses that want to protect themselves against today’s cyber versions of Bonnie and Clyde.

“Most companies have some vulnerability and it doesn’t take a sophisticated attack to cause a security breach,” Miliefsky says. “Often on the hackers’ end of things, it just takes patience.”

For example, he says, a cyber criminal can gain access by sending a company an email with an attachment called a Remote Access Trojan, or RAT, that looks like a normal file. All it takes is for an unsuspecting employee to open that file and, voila, security is compromised.

That’s bad for companies, of course, but it’s also bad for consumers, whose bank account, credit card and other private information is at risk.

Miliefsky says it’s important to go on the offensive. Among his recommendations:

• Employers need to train their staffs. Those employees sitting at their computers each day are a company’s first line of defense. An errant click on the wrong email is like unlocking the front door, so employees should be made aware of the dangers and told what do about suspicious email.
• Companies should routinely update their defenses. Outdated technology and outdated security software make a company’s computers vulnerable to attack. It’s important that businesses periodically review their IT operations to make sure what worked last year still provides the needed security.
• Consumers must take their own safety measures. It would be nice to expect banks and retailers to protect consumer information, but the average person can’t count on that. Miliefsky suggests consumers take personal security measures such as frequently changing passwords and deleting any phone apps they don’t use. Many apps contain malware that can spy on you.

“Most people log onto the internet every day without much thought about how susceptible they are to being hacked,” Miliefsky says. “It takes vigilance to protect yourself against cyber criminals who are working hard to figure their way around security measures.”

About Gary S. Miliefsky

Gary S. Miliefsky is founder of SnoopWall Inc. (www.snoopwall.com), a cutting edge counter-intelligence technology company offering free consumer-based software to secure personal data on cell-phones and tablets, while generating revenues helping banks and government agencies secure their networks. He has been active in the INFOSEC arena, as the Executive Producer of Cyber Defense Magazine and a regular contributor to Hakin9 Magazine.

Posted on February 18, 2016February 18, 2016 by James — Leave a comment

Hollywood hospital pays $17,000 in bitcoins to hackers who took control of computers

Richard WintonContact Reporter

Hollywood Presbyterian Medical Center paid a $17,000 ransom in bitcoins to a hacker who seized control of the hospital’s computer systems and would give back access only when the money was paid, the hospital’s chief executive said Wednesday.

The assault on Hollywood Presbyterian occurred Feb. 5, when hackers using malware infected the institution’s computers, preventing hospital staff from being able to communicate from those devices, said CEO Allen Stefanek.

The hacker demanded 40 bitcoins, the equivalent of about $17,000, he said.

“The malware locks systems by encrypting files and demanding ransom to obtain the decryption key. The quickest and most efficient way to restore our systems and administrative functions was to pay the ransom and obtain the decryption key,” Stefanek said. “In the best interest of restoring normal operations, we did this.”

The hospital said it alerted authorities and was able to restore all its computer systems by Monday with the assistance of technology experts.

https://www.latimes.com/local/lanow/la-me-ln-hollywood-hospital-bitcoin-20160217-story.html

Posted on January 20, 2016January 20, 2016 by James — Leave a comment

Stolen Uber accounts worth more than stolen credit cards

Harriet Taylor | @Harri8t

Cybercriminals don’t care that much about your credit card number anymore.

Uber, PayPal and even Netflix accounts have become much more valuable to criminals, as evidenced by the price these stolen identifiers now fetch on the so-called “deep Web,” according to security company Trend Micro.

Stolen Uber account information on underground marketplaces sells for an average of $3.78 per account, while personally identifiable information (PII) was listed for $1 to $3.30 on average, oddly down from $4 per record in 2014, according to data compiled by Trend Micro for CNBC last week. (PII includes any information that can be used to commit identity fraud, like Social Security numbers or date of birth and varies in price depending on the specific information for sale.)

https://www.cnbc.com/2016/01/19/stolen-uber-accounts-worth-more-than-stolen-credit-cards.html

Posted on December 28, 2015December 28, 2015 by James — Leave a comment

Data Breach : Voter records Exposed

Report: 191M voter records exposed online

By Katie Bo Williams – 12/28/15 09:50 AM EST

Security bloggers and researchers claim to have uncovered a publicly available database exposing the personal information of 191 million voters on the Internet.

The information contains voters’ names, home addresses, voter IDs, phone numbers and date of birth, as well as political affiliations and a detailed voting history since 2000.

While in most states, voter registration lists are a matter of public record, many have regulations restricting access and use.

For example, South Dakota requires those requesting access to voter data to confirm that the information “may not be used or sold for any commercial purpose and may not be placed for unrestricted access on the internet.”

Security researcher Chris Vickery discovered the breach and reported it to DataBreaches.net, which has since reached out to law enforcement, as well as the California attorney general’s office.

“When one of their attorneys asked, ‘Well how much data are we talking about?’ and I read her the list of data fields and told her that we had access to voter records of over 17 million California voters, her response was ‘Wow,’ and she promptly forwarded the matter to the head of their e-crime division,” writes DataBreaches.net’s anonymous admin.

Steve Ragan, a security blogger for the security and risk management website CSO, has alsoinvestigated the breach, noting that none of the political database firms he identified and reached out to in connection with the database claimed ownership of the IP address where the files are posted.

https://thehill.com/policy/cybersecurity/264297-report-191m-voter-records-exposed-publicly-online

Posted on December 16, 2015December 15, 2015 by James — Leave a comment

Hackers trace ISIS Twitter accounts back to internet addresses linked to Department of Work and Pensions

18:39, 14 DEC 2015
UPDATED 14:37, 15 DEC 2015
BY JASPER HAMILL

Teenage computer experts unveil astonishing web of unpublicised interactions linking extremist social media mouthpieces to the British
government

Hackers have claimed that a number of Islamic State supporters’ social media accounts are being run from internet addresses linked to the
Department of Work and Pensions.

A group of four young computer experts who call themselves VandaSec have unearthed evidence indicating that at least three ISIS-supporting
accounts can be traced back to the DWP’s London offices.

Every computer and mobile phone logs onto the internet using an IP address, which is a type of identification number.

Update: British government admits it can’t stop ISIS extremists using
internet addresses

The hacking collective showed Mirror Online details of the IP addresses used by a trio of separate digital jihadis to access Twitter
accounts, which were then used to carry out online recruitment and propaganda campaigns.

At first glance, the IP addresses seem to be based in Saudi Arabia, but upon further inspection using specialist tools they appeared to
link back to the DWP.

https://www.mirror.co.uk/news/technology-science/technology/hackers-trace-isis-twitter-accounts-7010417

Posted on October 18, 2015October 18, 2015 by James — 1 Comment

Ridgewood Resident Hacked by “Fix” Computer Scam

October 18,2015

the staff of the Ridgewood blog

Ridgewood NJ, Ridgewood Police report that on Sunday, October 11, 2015, a Corsa Terrace resident reported that his/her computer had been hacked resulting in his/her identity being stolen. The victim, who had implemented a program to improve his/her computer’s performance and remove viruses, was contacted by a male caller claiming to represent “Celox Support”. The caller persuaded the victim to allow him remote access to his/her computer and credit card account information.

It is suggested that consumers provide credit card account information only after positively verifying that they are dealing with a legitimate service provider. The Ridgewood Police Department is also aware that this is a very popular scam at this time and residents should always be wary of someone contacting them by phone and offering to “fix” computer problems.

Posted on October 6, 2015October 6, 2015 by James — Leave a comment

Crowdfunding Site Robbed of Donor Personal Information

Patreon: Some user names, e-mail and mailing addresses stolen

At least passwords were encrypted with 2048-bit RSA, hashed via bcrypt, and salted.

by Cyrus Farivar – Oct 1, 2015 3:30pm EDT

Patreon, the website that allows people to maintain regular donations to a website, an artist, or project, announced late Wednesday that it had sustained a security breach.

The site said some registered names, e-mail addresses, and mailing addresses were accessed after someone managed to access a “debug version of our website” that at the time was accessible to the public.

Jack Conte, the co-founder and CEO, wrote in a statement:

We do not store full credit card numbers on our servers and no credit card numbers were compromised. Although accessed, all passwords, social security numbers and tax form information remain safely encrypted with a 2048-bit RSA key.

Conte specified that user passwords are hashed with bcrypt and salted as well, but he encouraged patrons to change their password anyway as a precaution.

https://arstechnica.com/security/2015/10/patreon-some-user-names-e-mail-and-mailing-addresses-stolen/

Posted on August 6, 2015June 27, 2021 by James — Leave a comment

Ridgewood Police Report Rash of identity Theft

August 6,2015
the staff of the Ridgewood Blog

Ridgewood NJ, Ridgewood Police report that on Tuesday August 4, 2015 a West side resident reported discovering fraudulent charges had been made on one of his/her credit card accounts. Information concerning prevention/reporting identity theft is available at the Ridgewood Police Department. While reports of similar incidents continue to be on the rise it is prudent to closely monitor your credit history as well as incoming mail at your residence.

Earlier on Monday July 27, 2015 a resident reported that an unidentified actor had opened several credit cards accounts utilizing his/her personal information. The matter is being investigated by the detective bureau. Information concerning prevention/reporting identity theft is available at the Ridgewood Police Department. While reports of similar incidents continue to be on the rise it is prudent to closely monitor your credit history as well as incoming mail at your residence.

Identity Theft Protection Tips

Identity theft is a crime in which an impostor obtains key pieces of personal identifying information (PII) such as Social Security numbers and driver’s license numbers and uses them for their own personal gain. It can start with lost or stolen wallets, stolen mail, a data breach, computer virus, “phishing” scams, or paper documents thrown out by you or a business (dumpster ).

How can I minimize my risk of becoming an identity theft victim?

As consumers, you have little ability to stop or prevent identity theft. However, there are some positive steps to take which will decrease your risk.

Don’t give out your SSN unnecessarily (only for tax reasons, credit or verified employment.) Before providing personal identifiers, know how it will be used and if it will be shared.

Use a cross-cut shredder to dispose of documents with personal information. Also, use a specialized gel pen when writing out checks.

Place outgoing mail in collection boxes or the U.S. Post Office.

Know your billing cycles and contact creditors when bills fail to show up. Review bank and credit card statements carefully.

Password protect your financial accounts. A strong password should be more than eight characters in length, and contain both capital letters and at least one numeric or other non alphabetical character. Use of non-dictionary words is also recommended.

Don’t give out personal information on the phone, through the mail or over the Internet unless you initiated the contact.

Use firewall software to protect computer information. Keep virus and spyware software programs updated.

Reduce the number of preapproved credit card offers you receive: 888-5OPT-OUT

Order your free annual credit reports on-line at: www.annualcreditreport.com or by calling (877) 322-8228

You may also “freeze” your credit report. For more information on this, go to: State Resources

https://www.idtheftcenter.org/Protect-yourself/id-theft-prevention-tips.html

Posted on July 28, 2015July 28, 2015 by James — Leave a comment

950 million Android phones can be hijacked by malicious text messages

file photo by ArtChick

Booby-trapped MMS messages and websites exploit flaw in heart of Android.

Almost all Android mobile devices available today are susceptible to hacks that can execute malicious code when they are sent a malformed text message or the user is lured to a malicious website, a security researcher reported Monday.

The vulnerability affects about 950 million Android phones and tablets, according to Joshua Drake, vice president of platform research and exploitation at security firm Zimperium. It resides in “Stagefright,” an Android code library that processes several widely used media formats. The most serious exploit scenario is the use of a specially modified text message using the multimedia message (MMS) format. All an attacker needs is the phone number of the vulnerable Android phone. From there, the malicious message will surreptitiously execute malicious code on the vulnerable device with no action required by the end user and no indication that anything is amiss.

In a blog post published Monday, Zimperium researchers wrote:

A fully weaponized successful attack could even delete the message before you see it. You will only see the notification. These vulnerabilities are extremely dangerous because they do not require that the victim take any action to be exploited. Unlike spear-phishing, where the victim needs to open a PDF file or a link sent by the attacker, this vulnerability can be triggered while you sleep. Before you wake up, the attacker will remove any signs of the device being compromised and you will continue your day as usual—with a trojaned phone.

The vulnerability can be exploited using other attack techniques, including luring targets to malicious websites. Drake will outline six or so additional techniques at next month’s Black Hat security conference in Las Vegas, where he’s scheduled to deliver a talk titled Stagefright: Scary Code in the Heart of Android.

https://arstechnica.com/security/2015/07/950-million-android-phones-can-be-hijacked-by-malicious-text-messages/

Posted on July 26, 2015July 26, 2015 by James — Leave a comment

Fiat Chrysler will recall vehicles over hacking worries

David Shepardson, Detroit News Washington Bureau3:53 p.m. EDT July 24, 2015

Washington — Under government pressure, Fiat Chrysler Automobiles NV agreed Friday to recall 1.4 million vehicles that can be cyber-hacked remotely — as Congress, automakers and regulators are raising increasing concerns about vehicle communications.

The first-of-its-kind callback came just days after a magazine report showed hackers could wirelessly take control of some functions of a Jeep Cherokee.

The National Highway Traffic Safety Administration said it will open an investigation into the recall to ensure all vehicles that could be affected are covered. “Opening this investigation will allow NHTSA to better assess the effectiveness of the remedy proposed by Fiat Chrysler,” NHTSA Administrator Mark Rosekind said in a statement, acknowledging the agency had urged the move.

Owners will get a USB device that they may use to upgrade vehicle software, which provides additional security features independent of the network-level measures that largely addresses the problem.

https://www.detroitnews.com/story/business/autos/2015/07/24/30613567/

Posted on July 10, 2015July 9, 2015 by James — Leave a comment

The Revenge Of The Lost Boys

Western societies are producing more and more Lost Boys, the fail-to-launch young men who carry dangerous social grudges.

What’s going on with young American men? Another mass shooting has led to another round of social and political recriminations. A young man—a “loner” and “adrift,” as usual—seizes a vile cause and attacks innocent people. Amidst the wreckage, we look for reasons that already fit our preconceptions about violence, and we blame racism, guns, unemployment, drugs, a bad family, or whatever else helps us to make sense of the tragedy.

But the truth of the matter is that Dylann Roof (at least from what we know) isn’t that different from so many other young, mostly white men over the past 30 years or so who have lashed out against their society in different ways. Although mass killers understandably seize our imaginations and dominate the media, and not all dysfunctional young males are violent and not all of them gain the publicity they crave. Some are terrorists, others are murderers, and some are merely vandals. A few are traitors and deserters.

What they all have in common is their gender (male), their race (most are white), and their youth (almost all under 30 at their peak destructiveness). Beyond this, they seem to share little beyond a stubborn immaturity wedded to a towering narcissism. In almost every case, they dress their anger in the clothes of ideology: white supremacy, jihad,hatred of abortion, or anti-government paranoia. Stuck in perpetual adolescence, they see only their own imagined virtue amidst irredeemable corruption. In a typical sentiment, Roof wrote before his rampage that “someone has to have the bravery to take it to the real world, and I guess that has to be me.”

The Lost Boys Arise

This is the battle cry of the narcissist, and we’ve heard it before. Western societies are producing more and more of these Lost Boys, the fail-to-launch young men who carry weighty social grudges. Some of them kill, but others lash out in other, more creative ways: whether it’s Edward Snowden deciding only he could save America from the scourge of surveillance, or Bowe Bergdahl walking away from his post to personally solve the war in Afghanistan, the combination of immaturity and grandiosity among these young males is jaw-dropping in its scale even when it is not expressed through the barrel of a gun.

https://thefederalist.com/2015/07/09/the-revenge-of-the-lost-boys/#.VZ666QrvEu0.facebook

Posted on July 9, 2015July 9, 2015 by James — Leave a comment

The really worrying financial crisis is happening in China, not Greece

By Jeremy Warner

12:25PM BST 08 Jul 2015

China looks like it is heading for its version of the 1929 stock market crash

While all Western eyes remain firmly focused on Greece, a potentially much more significant financial crisis is developing on the other side of world. In some quarters, it’s already being called China’s 1929 – the year of the most infamous stock market crash in history and the start of the economic catastrophe of the Great Depression.

In any normal summer, a 30pc fall in the Chinese stock market – a loss of value roughly equivalent to the UK’s entire economic output last year – after an ascent which had seen share prices more than double within the space of a year would have been front page news across the globe.

The dramatic series of government interventions to stem the panic – hitherto unsuccessful, it should be added – would similarly have been up there at the top of the news agenda. Yet the pantomime of the Greek debt talks, together with the tragi-comedy of will they, won’t they leave the euro, has relegated the story to little more than a footnote – even though 940 companies, more than a third, have now suspended trading on China’s two main indices.

https://www.telegraph.co.uk/finance/china-business/11725236/The-really-worrying-financial-crisis-is-happening-in-China-not-Greece.html

Posted on June 17, 2015June 17, 2015 by James — Leave a comment

New Wave of Federal Workers to be notified that their Data Was Hacked

By Eric Katz
June 16, 2015

The Office of Personnel Management will notify many more individuals their personal information was compromised than the 4.2 million current and former federal employees the agency initially informed, officials said on Tuesday.

The timing of the second round of notifications, as well as the number of employees who will receive them, is still unknown by OPM. The agency’s director, Katherine Archuleta, confirmed to a congressional panel that OPM discovered, in the course of looking into the initial hack it uncovered in April, a second hack that targeted background investigation and security clearance data.

Archuleta said it will notify the those who went through background investigations their data was compromised “as soon as practicable,” with OPM’s Chief Information Officer Donna Seymour adding the agency first had to identify exactly whose information was hacked. The initial notifications began going out June 8 and will continue through June 19.

Representatives from the Homeland Security Department, Office of Management and Budget, Interior Department — where OPM’s hacked servers were housed — and OPM all said they were taking steps to upgrade systems and boost security protocols. The other agencies noted, however, the hack was OPM’s responsibility. Archuleta said, in turn, she inherited “decades old” legacy systems that she was doing her best to modernize them.

https://www.govexec.com/pay-benefits/2015/06/opm-will-soon-notify-new-wave-workers-their-data-was-hacked/115441/?oref=govexec_today_nl

Posted on June 15, 2015June 15, 2015 by James — 3 Comments

Second Hack of Government Data May Have Compromised Security Clearance Information

By Dustin Volz
National Journal
June 12, 2015

A second breach of the Office of Personnel Management by hackers believed to be associated with China exposed sensitive security clearance information of intelligence and military personnel, officials confirmed Friday, potentially creating an intelligence disaster for U.S. spies stationed abroad.

“During the investigation into the cyber intrusion of OPM that compromised personnel records of current and former Federal employees announced last week, OPM along with its interagency partners became aware of the possibility of a separate intrusion affecting a different set of OPM systems and data,” a senior administration official said in a statement.

Officials investigating the OPM hack announced last week discovered the second breach on Monday, the official said.

“On June 8, as the investigation proceeded, the incident response team shared with relevant agencies that there was a high degree of confidence that OPM systems containing information related to the background investigations of current, former, and prospective Federal government employees, and those for whom a federal background investigation was conducted, may have been exfiltrated,” the official said. “Since the investigation is ongoing, we are in the process of assessing the scope of the information that has been compromised, but we expect OPM will conduct additional notifications as necessary.”

https://www.govexec.com/management/2015/06/second-hack-government-data-may-have-compromised-security-clearance-information/115210/?oref=govexec_today_nl

Posted on June 13, 2015June 13, 2015 by James — Leave a comment

Union says all federal workers fell victim to hackers

Jun 12, 5:20 AM (ET)

By KEN DILANIAN

WASHINGTON (AP) — A major federal union says the cyber theft of employee information is more damaging than it first appeared, asserting that hackers stole personnel data and Social Security numbers for every federal employee.

The Obama administration had acknowledged that up to 4 million current and former employees are affected by the December cyber breach of Office of Personnel Management data, but it had been vague about exactly what was taken.

But J. David Cox, president of the American Federation of Government Employees, said in a letter Thursday to OPM director Katherine Archuleta that based on incomplete information OPM provided to the union, “we believe that the Central Personnel Data File was the targeted database, and that the hackers are now in possession of all personnel data for every federal employee, every federal retiree, and up to 1 million former federal employees.”

The OPM data file contains the records of non-military, non-intelligence executive branch employees, which covers most federal civilian employees but not, for example, members of Congress and their staffs.

The union believes the hackers stole military records and veterans’ status information, address, birth date, job and pay history, health insurance, life insurance, and pension information; and age, gender and race data, he said.

Also Thursday, Sen. Harry Reid of Nevada, the Democratic Senate leader, said that the hack was carried out by “the Chinese” without specifying whether he meant the Chinese government or individuals. Reid is one of eight lawmakers briefed on the most secret intelligence information. U.S. officials have declined to publicly blame China, which has denied involvement.

https://apnews.myway.com/article/20150612/us–government_hacked-459f655788.html

Enjoy this blog? Please spread the word :)