Displaying items by tag: hacking

Equifax breach the latest in troubling hacking trend

Written on Wednesday, 20 September 2017 08:55

Large digital security breaches are a common occurrence in the corporate world today. The latest breach, experienced by consumer credit reporting agency Equifax, follows a trend of troubling hacks that have played out across the globe this year. It seems adversaries will stop at nothing to evolve their threats, move with even more speed, and find new ways to widen their operational space.

Equifax chief executive Richard Smith said his company “will make changes” after a massive security breach in July that may have exposed the data of up to 143 million people, he said in an opinion piece in USA Today on September 12. Smith said the company first learned of the breach on July 29, but didn’t go public with the information for six weeks because “we thought the intrusion was limited.”

Smith described the hack as the “most humbling moment” in the company’s 118-year history. Founded in 1899 and based in Atlanta, Georgia, it is the oldest of the three largest American credit agencies along with Experian and TransUnion. “We are devoting extraordinary resources to make sure this kind of incident doesn’t happen again,” Smith wrote, promising to “make changes and continue to strengthen our defenses against cyber crimes.”

The company has been highly scrutinized for its handling of the data breach, which compromised the personal information of as many as 143 million Americans. Residents in the United Kingdom and Canada were also impacted. After detecting the breach, Equifax waited six weeks before it notified the public in early September. Rather than informing people whose data had been compromised, the company set up a website that wasn’t ready for days.

Yahoo experienced similar scrutiny when it dealt with massive data breaches. The company announced in September 2016 that hackers in 2014 had stolen data from more than 500 million of its users’ accounts. Yahoo then announced in December 2016 another breach dating back to 2013 in which over a billion users had their data stolen. The US Securities and Exchange Commission opened an investigation into whether Yahoo should have informed investors sooner about the breaches.

To make up for its failure to protect users’ data, Equifax, which rakes in around US$ 3.1 billion in annual revenue, offered free credit monitoring services to its customers. But the company was criticized for requiring those who enrolled for the offer to waive their right to sue the company. Soon enough, Equifax backtracked on the requirement, allowing customers to sue the company if they sent it in writing within 30 days.

Nevertheless, Equifax has been forthcoming about the wider issue of cybersecurity and the need for change. Smith acknowledged some of the company’s problems in his article, admitting that consumers and media have raised “legitimate concerns” about the services Equifax offered and the operations of its call center and website. “We accept the criticism and we are working to address a range of issues,” he said.

Smith said the company is now committed to doing everything it can to support those affected by the breach. “Our team is focused on this effort and we are engaged around the clock in responding to millions of inquiries from consumers,” he said. Equifax has warned, however, that credit card numbers of around 209,000 people have been exposed, in addition to “personal identifying information” on roughly 182,000 customers involved in credit report disputes.  

Prior to Equifax’s data breach, Time Warner-owned US TV network HBO was the latest major corporation to fall victim to hackers. HBO confirmed on July 31 that a whopping 1.5 terabytes of material had been stolen – a significantly larger amount than the 200 gigabytes stolen from Sony Pictures in 2014. Similar to Equifax’s breach, HBO’s hackers obtained potentially sensitive information, including employee data and even access to internal corporate emails.

The string of corporate hacks this year, including the global “WannaCry” ransomware attack in May and the subsequent “Petya” attack in late June, represent a chilling trend taking place all over the globe, in which cyber hackers are finding more avenues to infiltrate even the most seemingly protected organizations, by findingnew ways to widen their operational space.

An ever-evolving threat

Hackers today have more tools at their disposal than ever before. They also have a keen sense of when to use each one for maximum effect. In Cisco’s Annual Cybersecurity Report 2017, it explains how the explosive growth of mobile endpoints and online traffic work in favor of cyber hackers. Adversaries have more space in which to operate, the report claims, and more choices of targets and approaches.

It may not be possible to stop all attacks, the report says, but you can minimize both the risk and the impact of threats by “constraining your adversaries’ operational space and, thus, their ability to compromise assets.” Cisco suggests that companies should simplify their collection of security tools by integrating them into an automated architecture to streamline the process of detecting and mitigating threats. That leaves companies with more time to address more complex and persistent ones.  

According to Cisco’s 2017 Security Capabilities Benchmark Study, organizations that have not yet suffered a security breach may believe their networks are safe. This confidence is probably misplaced, the report says, considering that 49 percent of the security professionals surveyed said their organizations have had to manage public scrutiny following a security breach.

Take Yahoo for instance: Following the shocking revelation that 1.5 billion of its users accounts were hacked on two separate occasions, the company was forced to slash the price of its core internet business in the sale to US telecom giant Verizon by $350 million. Yahoo is also in the midst of lawsuits related to the way the hacks were handled. In an effort to diffuse the situation and make up for damage to its reputation, Yahoo announced that it would not award CEO Marissa Mayer a cash bonus for 2016.

The Cisco study found that nearly a quarter of the organizations that have suffered an attack lost business opportunities, and four in ten said those losses were substantial. One in five organizations lost customers due to an attack, and nearly 30 percent lost revenue. When breaches occur, operations and finance were the functions most likely to be affected (36 percent and 30 percent, respectively), followed by brand reputation and customer retention (both at 26 percent).

The report once again emphasizes the importance of companies focusing their resources on reducing their adversaries’ operational space if they want to avoid the aforementioned consequences. As a result, attackers will find it difficult to gain access to valuable enterprise resources and to conduct their activities without being detected. Automation, the report says, is essential to achieving this goal.

Automation helps companies to understand what normal activity is in the network environment, so they can focus their resources on more significant threats. Simplifying security operations, the report says, is the most effective way of eliminating adversaries’ unconstrained operational space. Unfortunately, most organizations are using more than five solutions from more than five vendors, according to the study, creating a complex web of technology, which can be a recipe for less, not more, protection.

Published in Featured

Canadian multinational firm BlackBerry has officially announced it has sold its messaging tools which can be used for encrypting phone calls and text messages to the US federal government – following an endorsement from the National Security Agency (NSA). BlackBerry confirmed that it received notification from the NSA’s National Information Assurance Partnership which reviews commercial technology products to see if they meet enhanced security standards for governments use.

There fear that eavesdroppers are listening in to government communications continues to rise, and has done so over the last number of years. In 2014, one of the first high-profile cases of calls being intercepted was an encrypted mobile phone conversation between a senior US State Department officer and the US ambassador to the Ukraine - the call was intercepted and subsequently leaked online.

BlackBerry is providing the NSA with messaging tools based on technology from Secusmart which is the start-up business the Canadian company acquired in 2014. The start-up had garnered international attention after it won the contract to secure German Chancellor Angela Merkel’s mobile phone in the wake of allegations by a former US intelligence contractor that her phone had been hacked by the NSA.

However, the case into the alleged phone bugging was dropped in 2015, when German prosecutors declared it had not found enough substantial evidence to continue the investigation. BlackBerry has confirmed that its encrypted voice and text messaging products are by other government agencies in Europe, Latin America, Asia and Africa, although Germany remains its biggest customer.

US politics is currently rife with allegations of hacking with two separate investigations underway to determine if Russia played a role in the US presidential election, or if any of Trump’s team conspired with Russian authorities in relation to the election. The FBI and CIA both said it believed Russia was responsible for the e-mail hacking of Democratic presidential candidate Hilary Clinton.

Published in Government

US President Donald Trump has admitted that he spoke with Russian President Vladimir Putin about the prospect of forming a cybersecurity unit at the G20 summit which was held last week in Hamburg, Germany. The scrutiny over cybersecurity has intensified following the recent ransomware attack which destabilized hundreds of businesses and institutions like the NHS in the UK.

The attack only served to indicate further that it doesn’t matter what size your organization is, every entity it seems is extremely vulnerable to these cyber-attacks from those in the murky world of hacking. The US presidential race was dogged by allegations that Russia were involved in influencing the election. Hilary Clinton had her e-mail hacked during the campaign and was subsequently investigated by the FBI – and many political analysts believe this interference ultimately cost Clinton the election.

Both the CIA and FBI on the instruction from the Obama administration were asked to investigate the allegations further – in an attempt to establish whether Russia was responsible for the cyber-attack. The CIA later confirmed that it believed Russia was the source of the hack, but incredibly, this was rubbished by the President-elect Trump.

At the G20 Summit in Hamburg, both presidents were meeting for the first time, and Trump tweeted about the future of forming a cybersecurity unit between the two nations to combat fears over election hacking. He said it was time for the US to work constructively with officials in Moscow.

Trump tweeted, “Putin and I discussed forming an impenetrable cybersecurity unit so that election hacking and many other negative things, will be guarded and safe.” In addition to this, Trump disclosed that he had in fact challenged Putin on the allegations that Russia was responsible for the hacking scandal which embroiled the US presidential election, but said Putin rejected the claims.

Trump tweeted, “I strongly pressed President Putin twice about Russian meddling in our election. He vehemently denied it. I've already given my opinion. We negotiated a ceasefire in parts of Syria which will save lives. Now it is time to move forward in working constructively with Russia!”

Published in Government

According to the Pew Research Center, almost two-thirds of Americans have experienced some sort of data theft or fraud, which has left many people mistrustful of organizations in charge of safeguarding their information. The research found that 41 percent of Americans have encountered fraudulent charges on their credit cards, and 35 percent said they had sensitive information compromised.

A smaller percentage of the individuals surveyed for the research said they had their email or social media accounts compromised or that someone had impersonated them in order to file fraudulent tax returns. Overall, the survey found that 64 percent of participants said they had some form of personal data stolen or compromised.

The greatest concerns according to those surveyed were regarding telecom firms, credit card companies and others, but majority of those surveyed were concerned about the government and of social media companies. Following the epidemic of data breaches and hacks recently, “many Americans lack faith in specific public and private institutions to protect their personal information from bad actors,” the study says.

Just 12 percent of the individuals surveyed said they had a high level of confidence in the American government’s ability to protect their data and only nine percent said the same about social media companies. However, the survey also found that most Americans don’t take a proactive role in their own data security with steps such as password management and enhanced authentication.

While half of the individuals surveyed said they have used “two-factor” authentication on their online accounts – requiring a code sent to a mobile phone or separate account – many use similar passwords for multiple accounts or share their passwords with others, the research found. The vast majority of those surveyed (86 percent) said they keep track of passwords by memory, and only 12 percent used password management software which is said to be more secure.

More than one in four respondents said they did not lock their smartphone screen, and some neglect to install important updates for their phones or applications. The report is based on a survey conducted from March 30 to May 3, 2016, among 1,040 adults, with a margin of error for the full group estimated at 3.4 percentage points.

Outgoing US President Barack Obama has called for a broad review to be conducted into the Russian hacking scandal which disrupted the US presidential election campaign last month. US Democrats believe the hacking scandal significantly benefited Donald Trump’s successful bid candidacy.

White House counterterrorism and Homeland Security adviser Lisa Monaco confirmed that President Obama has ordered intelligence officials to file a report into the hacking of Democratic officials’ e-mail accounts and Russia’s involvement in it – which has also further raised concerns over ‘foreign meddling.’

President Obama has requested the report to be submitted before he leaves office next month. However, it has not been confirmed whether or not the findings of the report will be made public. During a hostile campaign between Hilary Clinton and Donald Trump – Trump regularly referenced the e-mail hacking scandal involving Clinton, labelling her ‘crooked Hilary’ and said he believed she should be in jail.

US intelligence officials accused the Russian government of ordering the breaches as part of an effort to interfere with the presidential campaign.

In the months leading up to the election, Hillary Clinton faced intense scrutiny after it emerged she used a private server when she was Secretary of State, rather than official State Department email accounts maintained on federal servers. Those official communications included thousands of emails that would retroactively be marked classified by the state department.

The FBI initiated an investigation but recommended that no charges be filed against her. Many political analysts believe it strengthened the campaign of President elect Donald Trump. However, Trump has downplayed the possibility that Russia was involved in the hacking scandal.

Since Trump's victory, Democratic senators on the intelligence committee have been pushing Obama to declassify more information about Russia's role. Congressman Adam Schiff, the senior Democrat on the House intelligence committee, said he welcomed Obama's call for a review.

"Given President-elect Trump's disturbing refusal to listen to our intelligence community and accept that the hacking was orchestrated by the Kremlin, there is an added urgency to the need for a thorough review before President Obama leaves office next month. If the administration doesn't respond "forcefully" to such actions, "we can expect to see a lot more of this in the near future.”

The news of this investigation come hot on the heels of an announcement made by Kremlin officials last week, in which they disclosed information that Russian leader Vladimir Putin had signed a new cybersecurity doctrine in an effort to bolster Russia against cyberattacks from abroad.

Published in Government

Russian President signs off on new cybersecurity doctrine

Written on Wednesday, 07 December 2016 10:45

Russian leader Vladimir Putin has approved a broad-ranging cybersecurity plan which is specifically aimed at bolstering the county’s defences against cyberattacks from abroad, while it will also be utilized for cracking down on perceived foreign influence. The new doctrine comes in light of the media furore over allegations from the United States that Moscow was behind a series of cyberattacks which were aimed at influencing the outcome of last month’s US Presidential election.

The Kremlin have described it as a new ‘information security doctrine’ and is an update from Russia’s last policy in 2000. The new document outlines a number of fears that range from concern over foreign hacking and negative media coverage abroad. The document also discloses The Kremlin’s fears about the ‘erosion of traditional Russian spiritual and moral values.’

The plan has been described as quite vague and offers few concrete steps but it does set out the general aims of the new policy – which include bolstering the military's propaganda output and ratcheting up controls over the internet in Russia.   

Over the past few years the Kremlin has increasingly pulled up the drawbridge as ties with the West have plunged to their lowest point since the end of the Cold War over the Ukraine crisis. Russia has splashed vast sums on state-funded channels and outlets broadcasting Kremlin propaganda across the globe.

In light of Putin’s approval of this cybersecurity document it seems it will do little to approve relations between Russia and the West, with The Kremlin expressing its fears over foreign influence and outside hacking which seems to be taking aim at the US in response to their allegations last month.

Published in Government

A panel of experts assembled by the George Washington University Center for Cyber and Homeland Security said on October 31 that the U.S. government and private sector should have stronger measures in place to strike back against hackers and to counter cyber-attacks, aimed at stealing sensitive information and disrupting computer networks.

The experts said policies should be put in place that allow “active defense” measures that deter hackers, rather than “hacking back” to disable systems used by hackers and more-or-less stooping to their level. Some of the solutions raised by the experts included measures including taking down “botnets” that disrupt cyberspace, freeing data from “ransomware” hackers and “rescue missions” to recover stolen data, AFP reported.

The report reads, "The time for action on the issue of active defense is long overdue, and the private sector will continue to be exposed to theft, exfiltration of data, and other attacks in the absence of a robust deterrent. When private sector companies have a capability to engage in active defense measures, they are building such a deterrent, which will reduce risks to these companies, protect the privacy and integrity of their data, and decrease the risks of economic and societal harm from large-scale cyber-attacks."

On October 7, the U.S. government formally accused Russia of trying to “interfere” with the American presidential election, and promised to respond at an undisclosed time and place. Adding to the already tense relations between the two nations, a joint statement from the Department of Homeland Security and Office of the Director of National Intelligence was the first formal statement made by Washington, accusing Moscow of cyber attacks to gain political advantage. It represents a tense time for the U.S. and its battle against cybercrime.

Many believe that U.S. policymakers are moving too slowly with a “dynamic” threat from cyberspace, according to former national intelligence director and task force co-chair, Dennis Blair. "We are shooting so far behind the rabbit that we will only hit it if the rabbit makes another lap and comes back to where it was," he told a conference presenting the report.

However, the panel did not recommend hacking back "because we don't want the cure to be worse than the disease," project co-director, Frank Cilluffo said. But "there are certain steps companies can take" to repel and deter cyber-attacks, he added, advocating the establishment of a legal framework for them.

The threat facing the U.S. regarding cybercrime is well-understood, but some of the solutions to counter it have been controversial. Task force co-chair, Nuala O’Connor, president of the Center for Democracy & Technology, said many of the recommendations go too far such as inviting companies to gain unauthorized access to outside computer networks.

"I believe these types of measures should remain unlawful," she wrote, adding that it remains difficult to be sure of cyberattacks' sources. "The risks of collateral damage to innocent internet users, to data security, and to national security that can result from overly aggressive defensive efforts needs to be better accounted for."

Published in Government

Controversy surrounds MTS, Russia’s largest telecom operator, after accusations that the company assisted with hacking into Russian activists’ accounts on messaging app Telegram. According to a recent report by the Financial Times, the activists plan to sue MTS over the allegations.

The controversy began when Oleg Kozlovsky, director of the Vision of Tomorrow Center in Moscow, and Georgy Alburov, a leading member of the Anti-Corruption Foundation, both received warnings that their Telegram app accounts had been accessed from other devices. This led to Alexi Navalny’s Anti-Corruption Foundation to explore a U.S. class-action lawsuit against the Russian telecom operator, to answer for the accusations.

Once again, an encrypted messaging app is in the limelight, mounting growing concerns about privacy vulnerability. Telegram is known to be popular amongst the millennial generation, political activists and even terrorists groups who use the app because of its (mostly) reliable encrypted privacy. However, apps like Telegram have caused governments all over the world to seek ways to breach encrypted messages to access criminal activity. Who could forget the 2015 Apple vs. FBI case?

According to the Financial Times report, the hacked Russian activists published documents which they claim prove that MTS “colluded with the unknown intruders” without following the correct procedures required for the FSB to gain access (FSB is the successor agency to the KGB). Both of the activists’ accounts were compromised on April 29th from the same IP which offers evidence that at least one part was targeting Russian opposition activists in particular.

The activists have both claimed that the Russian government hacked into their Telegram accounts with the help of MTS. Kolovsky shared a Facebook post outlining the specific events which led him to believe that MTS was involved:

  • 2:25am: The technical security department of MTS disables the text message delivery service for my number. 
  • 2:40am: Someone uses a Unix console via the IP-address (this is a Tor anonymizer exit node) to send Telegram a request to authorize a new device to work with my phone number. I was then sent a text message with the code, which was not delivered (since the service was disabled for me). 
  • 3:08am: The hacker enters the new authorization code and gains access to my account. Telegram sends me an automatic notification of this (which I will only see in the morning). 
  • 3:12am: Zhora Alburov's account is hacked in a similar fashion from the same IP-address (and through the same Tor session). 
  • 4:55am: The MTS technical security department reactivates the text-message delivery service for my number. MTS refused to name the cause of disabling and reactivating the service to me, and suggested I send a written request for information. 

How was the SMS message with authorization code intercepted? Zdolnikov Vladislav, a technology expert with the Anti-Corruption Foundation, believes that the message could have been intercepted using a clone of the SIM card, or directly at the MTS SMS gateway which the authorities reportedly have access to using a technical surveillance initiative called SORM (System of Operative-Investigative Measures).

The SORM surveillance initiative was introduced in 1996 originally designed to enable wiretaps of telephone communications. Since then, the system has been developed to access a much wider range of electronic communications, such as direct access to Russian ISPs through installation of black boxes in their networks.

Pavel Durov, the founder of Telegram, has called on all users of the messaging app, especially in “troubled countries” to enable two-step verification so that SMS alone cannot be used to access personal accounts. It is likely that surveillance agencies could have access to national telecommunications networks? After the Edward Snowden revelations about the extent of Western surveillance capabilities, it would seem so.

Published in Telecom Operators