Hillary Clinton’s campaign had its computer network hacked as part of the cyberattack on Democratic organizations, Reuters reported Friday.
A federal law enforcement official told the New York Times that the hack appears to have come from Russia.
“An analytics data program maintained by the DNC, and used by our campaign and a number of other entities, was accessed as part of the DNC hack,” Clinton press secretary Nick Merrill said in a statement. “Our campaign computer system has been under review by outside cyber security experts. To date, they have found no evidence that our internal systems have been compromised.”
The news comes hours after the Democratic Congressional Campaign Committee (DCCC)confirmed it was hacked as well.
The DCCC called its intrusion “similar” to the attack on the Democratic National Committee (DNC), which led to Wikileaks publishing tens of thousands of internal emails.
The trove’s release led to the resignation of DNC Chairwoman Debbie Wasserman Schultz earlier this week.
The Department of Justice is investigating the cyberattacks, Reuters reported. Those with knowledge of the investigation told the news service that involvement was a sign the White House believed the attacks were state-sponsored.
Reuters reported Thursday that the FBI had opened an investigation into a digital intrusion at the DCCC.
Ridgewood NJ, Apparently, the heist couldn’t have been any simpler if it had been drawn up in the lunch line at an elementary school cafeteria.
In February, Bangladesh’s central bank saw $81 million disappear out a virtual window. Now it’s been revealed that, although the computer hackers used custom-made malware, they probably didn’t need to work up a cyber sweat while pulling off their long-distance theft. The bank had no firewalls to defend against intruders and its computers were linked to global-financial networks through second-hand routers that cost $10.
“It’s stunning that a major institution would leave itself so defenseless in this day and age when everyone should know that cyber criminals are waiting for you to let your guard down,” says Gary S. Miliefsky, CEO of SnoopWall (www.snoopwall.com), a company that specializes in cyber security.
But he says the episode can serve as a cautionary tale for other banks and any businesses that want to protect themselves against today’s cyber versions of Bonnie and Clyde.
“Most companies have some vulnerability and it doesn’t take a sophisticated attack to cause a security breach,” Miliefsky says. “Often on the hackers’ end of things, it just takes patience.”
For example, he says, a cyber criminal can gain access by sending a company an email with an attachment called a Remote Access Trojan, or RAT, that looks like a normal file. All it takes is for an unsuspecting employee to open that file and, voila, security is compromised.
That’s bad for companies, of course, but it’s also bad for consumers, whose bank account, credit card and other private information is at risk.
Miliefsky says it’s important to go on the offensive. Among his recommendations:
• Employers need to train their staffs. Those employees sitting at their computers each day are a company’s first line of defense. An errant click on the wrong email is like unlocking the front door, so employees should be made aware of the dangers and told what do about suspicious email. • Companies should routinely update their defenses. Outdated technology and outdated security software make a company’s computers vulnerable to attack. It’s important that businesses periodically review their IT operations to make sure what worked last year still provides the needed security. • Consumers must take their own safety measures. It would be nice to expect banks and retailers to protect consumer information, but the average person can’t count on that. Miliefsky suggests consumers take personal security measures such as frequently changing passwords and deleting any phone apps they don’t use. Many apps contain malware that can spy on you.
“Most people log onto the internet every day without much thought about how susceptible they are to being hacked,” Miliefsky says. “It takes vigilance to protect yourself against cyber criminals who are working hard to figure their way around security measures.”
About Gary S. Miliefsky
Gary S. Miliefsky is founder of SnoopWall Inc. (www.snoopwall.com), a cutting edge counter-intelligence technology company offering free consumer-based software to secure personal data on cell-phones and tablets, while generating revenues helping banks and government agencies secure their networks. He has been active in the INFOSEC arena, as the Executive Producer of Cyber Defense Magazine and a regular contributor to Hakin9 Magazine.
Hollywood Presbyterian Medical Center paid a $17,000 ransom in bitcoins to a hacker who seized control of the hospital’s computer systems and would give back access only when the money was paid, the hospital’s chief executive said Wednesday.
The assault on Hollywood Presbyterian occurred Feb. 5, when hackers using malware infected the institution’s computers, preventing hospital staff from being able to communicate from those devices, said CEO Allen Stefanek.
The hacker demanded 40 bitcoins, the equivalent of about $17,000, he said.
“The malware locks systems by encrypting files and demanding ransom to obtain the decryption key. The quickest and most efficient way to restore our systems and administrative functions was to pay the ransom and obtain the decryption key,” Stefanek said. “In the best interest of restoring normal operations, we did this.”
The hospital said it alerted authorities and was able to restore all its computer systems by Monday with the assistance of technology experts.
Cybercriminals don’t care that much about your credit card number anymore.
Uber, PayPal and even Netflix accounts have become much more valuable to criminals, as evidenced by the price these stolen identifiers now fetch on the so-called “deep Web,” according to security company Trend Micro.
Stolen Uber account information on underground marketplaces sells for an average of $3.78 per account, while personally identifiable information (PII) was listed for $1 to $3.30 on average, oddly down from $4 per record in 2014, according to data compiled by Trend Micro for CNBC last week. (PII includes any information that can be used to commit identity fraud, like Social Security numbers or date of birth and varies in price depending on the specific information for sale.)
Security bloggers and researchers claim to have uncovered a publicly available database exposing the personal information of 191 million voters on the Internet.
The information contains voters’ names, home addresses, voter IDs, phone numbers and date of birth, as well as political affiliations and a detailed voting history since 2000.
While in most states, voter registration lists are a matter of public record, many have regulations restricting access and use.
For example, South Dakota requires those requesting access to voter data to confirm that the information “may not be used or sold for any commercial purpose and may not be placed for unrestricted access on the internet.”
Security researcher Chris Vickery discovered the breach and reported it to DataBreaches.net, which has since reached out to law enforcement, as well as the California attorney general’s office.
“When one of their attorneys asked, ‘Well how much data are we talking about?’ and I read her the list of data fields and told her that we had access to voter records of over 17 million California voters, her response was ‘Wow,’ and she promptly forwarded the matter to the head of their e-crime division,” writes DataBreaches.net’s anonymous admin.
Steve Ragan, a security blogger for the security and risk management website CSO, has alsoinvestigated the breach, noting that none of the political database firms he identified and reached out to in connection with the database claimed ownership of the IP address where the files are posted.
18:39, 14 DEC 2015
UPDATED 14:37, 15 DEC 2015
BY JASPER HAMILL
Teenage computer experts unveil astonishing web of unpublicised interactions linking extremist social media mouthpieces to the British
government
Hackers have claimed that a number of Islamic State supporters’ social media accounts are being run from internet addresses linked to the
Department of Work and Pensions.
A group of four young computer experts who call themselves VandaSec have unearthed evidence indicating that at least three ISIS-supporting
accounts can be traced back to the DWP’s London offices.
Every computer and mobile phone logs onto the internet using an IP address, which is a type of identification number.
Update: British government admits it can’t stop ISIS extremists using
internet addresses
The hacking collective showed Mirror Online details of the IP addresses used by a trio of separate digital jihadis to access Twitter
accounts, which were then used to carry out online recruitment and propaganda campaigns.
At first glance, the IP addresses seem to be based in Saudi Arabia, but upon further inspection using specialist tools they appeared to
link back to the DWP.
Ridgewood NJ, Ridgewood Police report that on Sunday, October 11, 2015, a Corsa Terrace resident reported that his/her computer had been hacked resulting in his/her identity being stolen. The victim, who had implemented a program to improve his/her computer’s performance and remove viruses, was contacted by a male caller claiming to represent “Celox Support”. The caller persuaded the victim to allow him remote access to his/her computer and credit card account information.
It is suggested that consumers provide credit card account information only after positively verifying that they are dealing with a legitimate service provider. The Ridgewood Police Department is also aware that this is a very popular scam at this time and residents should always be wary of someone contacting them by phone and offering to “fix” computer problems.
Patreon: Some user names, e-mail and mailing addresses stolen
At least passwords were encrypted with 2048-bit RSA, hashed via bcrypt, and salted.
by Cyrus Farivar – Oct 1, 2015 3:30pm EDT
Patreon, the website that allows people to maintain regular donations to a website, an artist, or project, announced late Wednesday that it had sustained a security breach.
The site said some registered names, e-mail addresses, and mailing addresses were accessed after someone managed to access a “debug version of our website” that at the time was accessible to the public.
Jack Conte, the co-founder and CEO, wrote in a statement:
We do not store full credit card numbers on our servers and no credit card numbers were compromised. Although accessed, all passwords, social security numbers and tax form information remain safely encrypted with a 2048-bit RSA key.
Conte specified that user passwords are hashed with bcrypt and salted as well, but he encouraged patrons to change their password anyway as a precaution.
Ridgewood NJ, Ridgewood Police report that on Tuesday August 4, 2015 a West side resident reported discovering fraudulent charges had been made on one of his/her credit card accounts. Information concerning prevention/reporting identity theft is available at the Ridgewood Police Department. While reports of similar incidents continue to be on the rise it is prudent to closely monitor your credit history as well as incoming mail at your residence.
Earlier on Monday July 27, 2015 a resident reported that an unidentified actor had opened several credit cards accounts utilizing his/her personal information. The matter is being investigated by the detective bureau. Information concerning prevention/reporting identity theft is available at the Ridgewood Police Department. While reports of similar incidents continue to be on the rise it is prudent to closely monitor your credit history as well as incoming mail at your residence.
Identity Theft Protection Tips
Identity theft is a crime in which an impostor obtains key pieces of personal identifying information (PII) such as Social Security numbers and driver’s license numbers and uses them for their own personal gain. It can start with lost or stolen wallets, stolen mail, a data breach, computer virus, “phishing” scams, or paper documents thrown out by you or a business (dumpster ).
How can I minimize my risk of becoming an identity theft victim?
As consumers, you have little ability to stop or prevent identity theft. However, there are some positive steps to take which will decrease your risk.
Don’t give out your SSN unnecessarily (only for tax reasons, credit or verified employment.) Before providing personal identifiers, know how it will be used and if it will be shared.
Use a cross-cut shredder to dispose of documents with personal information. Also, use a specialized gel pen when writing out checks.
Place outgoing mail in collection boxes or the U.S. Post Office.
Know your billing cycles and contact creditors when bills fail to show up. Review bank and credit card statements carefully.
Password protect your financial accounts. A strong password should be more than eight characters in length, and contain both capital letters and at least one numeric or other non alphabetical character. Use of non-dictionary words is also recommended.
Don’t give out personal information on the phone, through the mail or over the Internet unless you initiated the contact.
Use firewall software to protect computer information. Keep virus and spyware software programs updated.
Reduce the number of preapproved credit card offers you receive: 888-5OPT-OUT
Order your free annual credit reports on-line at: www.annualcreditreport.com or by calling (877) 322-8228
You may also “freeze” your credit report. For more information on this, go to: State Resources
Booby-trapped MMS messages and websites exploit flaw in heart of Android.
Almost all Android mobile devices available today are susceptible to hacks that can execute malicious code when they are sent a malformed text message or the user is lured to a malicious website, a security researcher reported Monday.
The vulnerability affects about 950 million Android phones and tablets, according to Joshua Drake, vice president of platform research and exploitation at security firm Zimperium. It resides in “Stagefright,” an Android code library that processes several widely used media formats. The most serious exploit scenario is the use of a specially modified text message using the multimedia message (MMS) format. All an attacker needs is the phone number of the vulnerable Android phone. From there, the malicious message will surreptitiously execute malicious code on the vulnerable device with no action required by the end user and no indication that anything is amiss.
In a blog post published Monday, Zimperium researchers wrote:
A fully weaponized successful attack could even delete the message before you see it. You will only see the notification. These vulnerabilities are extremely dangerous because they do not require that the victim take any action to be exploited. Unlike spear-phishing, where the victim needs to open a PDF file or a link sent by the attacker, this vulnerability can be triggered while you sleep. Before you wake up, the attacker will remove any signs of the device being compromised and you will continue your day as usual—with a trojaned phone.
The vulnerability can be exploited using other attack techniques, including luring targets to malicious websites. Drake will outline six or so additional techniques at next month’s Black Hat security conference in Las Vegas, where he’s scheduled to deliver a talk titled Stagefright: Scary Code in the Heart of Android.
David Shepardson, Detroit News Washington Bureau3:53 p.m. EDT July 24, 2015
Washington — Under government pressure, Fiat Chrysler Automobiles NV agreed Friday to recall 1.4 million vehicles that can be cyber-hacked remotely — as Congress, automakers and regulators are raising increasing concerns about vehicle communications.
The first-of-its-kind callback came just days after a magazine report showed hackers could wirelessly take control of some functions of a Jeep Cherokee.
The National Highway Traffic Safety Administration said it will open an investigation into the recall to ensure all vehicles that could be affected are covered. “Opening this investigation will allow NHTSA to better assess the effectiveness of the remedy proposed by Fiat Chrysler,” NHTSA Administrator Mark Rosekind said in a statement, acknowledging the agency had urged the move.
Owners will get a USB device that they may use to upgrade vehicle software, which provides additional security features independent of the network-level measures that largely addresses the problem.
Western societies are producing more and more Lost Boys, the fail-to-launch young men who carry dangerous social grudges.
What’s going on with young American men? Another mass shooting has led to another round of social and political recriminations. A young man—a “loner” and “adrift,” as usual—seizes a vile cause and attacks innocent people. Amidst the wreckage, we look for reasons that already fit our preconceptions about violence, and we blame racism, guns, unemployment, drugs, a bad family, or whatever else helps us to make sense of the tragedy.
But the truth of the matter is that Dylann Roof (at least from what we know) isn’t that different from so many other young, mostly white men over the past 30 years or so who have lashed out against their society in different ways. Although mass killers understandably seize our imaginations and dominate the media, and not all dysfunctional young males are violent and not all of them gain the publicity they crave. Some are terrorists, others are murderers, and some are merely vandals. A few are traitors and deserters.
What they all have in common is their gender (male), their race (most are white), and their youth (almost all under 30 at their peak destructiveness). Beyond this, they seem to share little beyond a stubborn immaturity wedded to a towering narcissism. In almost every case, they dress their anger in the clothes of ideology: white supremacy, jihad,hatred of abortion, or anti-government paranoia. Stuck in perpetual adolescence, they see only their own imagined virtue amidst irredeemable corruption. In a typical sentiment, Roof wrote before his rampage that “someone has to have the bravery to take it to the real world, and I guess that has to be me.”
The Lost Boys Arise
This is the battle cry of the narcissist, and we’ve heard it before. Western societies are producing more and more of these Lost Boys, the fail-to-launch young men who carry weighty social grudges. Some of them kill, but others lash out in other, more creative ways: whether it’s Edward Snowden deciding only he could save America from the scourge of surveillance, or Bowe Bergdahl walking away from his post to personally solve the war in Afghanistan, the combination of immaturity and grandiosity among these young males is jaw-dropping in its scale even when it is not expressed through the barrel of a gun.
China looks like it is heading for its version of the 1929 stock market crash
While all Western eyes remain firmly focused on Greece, a potentially much more significant financial crisis is developing on the other side of world. In some quarters, it’s already being called China’s 1929 – the year of the most infamous stock market crash in history and the start of the economic catastrophe of the Great Depression.
In any normal summer, a 30pc fall in the Chinese stock market – a loss of value roughly equivalent to the UK’s entire economic output last year – after an ascent which had seen share prices more than double within the space of a year would have been front page news across the globe.
The dramatic series of government interventions to stem the panic – hitherto unsuccessful, it should be added – would similarly have been up there at the top of the news agenda. Yet the pantomime of the Greek debt talks, together with the tragi-comedy of will they, won’t they leave the euro, has relegated the story to little more than a footnote – even though 940 companies, more than a third, have now suspended trading on China’s two main indices.
The Office of Personnel Management will notify many more individuals their personal information was compromised than the 4.2 million current and former federal employees the agency initially informed, officials said on Tuesday.
The timing of the second round of notifications, as well as the number of employees who will receive them, is still unknown by OPM. The agency’s director, Katherine Archuleta, confirmed to a congressional panel that OPM discovered, in the course of looking into the initial hack it uncovered in April, a second hack that targeted background investigation and security clearance data.
Archuleta said it will notify the those who went through background investigations their data was compromised “as soon as practicable,” with OPM’s Chief Information Officer Donna Seymour adding the agency first had to identify exactly whose information was hacked. The initial notifications began going out June 8 and will continue through June 19.
Representatives from the Homeland Security Department, Office of Management and Budget, Interior Department — where OPM’s hacked servers were housed — and OPM all said they were taking steps to upgrade systems and boost security protocols. The other agencies noted, however, the hack was OPM’s responsibility. Archuleta said, in turn, she inherited “decades old” legacy systems that she was doing her best to modernize them.
A second breach of the Office of Personnel Management by hackers believed to be associated with China exposed sensitive security clearance information of intelligence and military personnel, officials confirmed Friday, potentially creating an intelligence disaster for U.S. spies stationed abroad.
“During the investigation into the cyber intrusion of OPM that compromised personnel records of current and former Federal employees announced last week, OPM along with its interagency partners became aware of the possibility of a separate intrusion affecting a different set of OPM systems and data,” a senior administration official said in a statement.
Officials investigating the OPM hack announced last week discovered the second breach on Monday, the official said.
“On June 8, as the investigation proceeded, the incident response team shared with relevant agencies that there was a high degree of confidence that OPM systems containing information related to the background investigations of current, former, and prospective Federal government employees, and those for whom a federal background investigation was conducted, may have been exfiltrated,” the official said. “Since the investigation is ongoing, we are in the process of assessing the scope of the information that has been compromised, but we expect OPM will conduct additional notifications as necessary.”
