Posts Tagged ‘hackers’

94% of health organizations have been victims of cyber attacks — Nuclear facilities need more cyber defense, Israeli group says

February 1, 2018
BY YONAH JEREMY BOB
 FEBRUARY 1, 2018 13:59

 

‘The battlefield is now in the civilian arena.’

Dr. Erel Margalit, founder of the JVP Foundation, speaking at the Cybertech conference in Tel Aviv.

Dr. Erel Margalit, founder of the JVP Foundation, speaking at the Cybertech conference in Tel Aviv.. (photo credit: DROR SITAHKOL)

Without taking cyber defense to a new level, the world is already in danger of being hit by a cyber pharmaceutical plague and a series of nuclear facility meltdowns, hi-tech entrepreneur Erel Margalit said Wednesday.

Speaking at the Cybertech Conference in Tel Aviv, the Jerusalem Venture Partners chairman and former MK noted, “Europe has 65 nuclear energy facilities that drills have shown to be vulnerable, and which could be hacked in ways that could cause a major issue.”

Margalit said pharmaceutical companies all over Europe were hacked in a massive cyber attack in June 2017, and that the hackers, presumed to be Russian, “could have changed the makeup of chemicals in the manufacturing of drugs… which could have brought a cyber plague to Europe.”

Instead, the hackers just stole IP addresses, but he said that did not change what they could have done or what other hackers might do in the future if companies do not up their cyber defense game.

Margalit discussed the sophistication of Israel and the West’s cyber adversaries. He said that Iran has “an army of hackers” operating in different countries in 11 independent groups with different code names.

“The Iranian nuclear threat is a future threat, but the Iranian cyber threat is an immediate threat, and Israel’s civil infrastructure is exposed and vulnerable. Eleven Revolutionary Guard strike groups attack Israeli nuclear researchers and civilian infrastructure on a daily basis,” he said.

Echoing Margalit’s warning, retired IDF Brig.-Gen. and current top Rafael cyber official Ariel Karo said, “Some hackers work like a commando unit. They collect intelligence, do advance planning, split into different units and use decoys.”

“The battlefield is now in the civilian arena,” he said, adding that only “a national level project” could “deal with all of the different kinds of threats.”

Karo said part of what made the cyber battlefield so difficult was that the only competent defense was to simultaneously multi-task with groups working on cybersecurity in real time and with others that are analyzing attacker strategies offline.

Noting that his company produced the Iron Dome missile-defense system, he said it also aspires to form a “Cyberdome” by going beyond the common threats that many are focused on and preparing for rarer military-level cyber threats.

He said Rafael had an “advantage” as it “is under attack all of the time,” helping it gain lots of experience in what high-powered cyber adversaries might try.

Other top cyber officials with military backgrounds also gave a grave picture of cyber threats.

Assuta Medical Center CEO and retired IDF Col. Ari Shamiss said that 94% of health organizations have been victims of cyber attacks. He said 88% of ransomware victims (groups locked out of their systems until they pay a ransom) were in the healthcare industry, recently costing the US $2.6 billion.

Shamiss pointed out that the dangers in the medical arena were more than just being locked out or having private information exposed, but were potentially lethal.

He said that implantable devices, such as cardiac pacemakers, could be disabled or have their functions altered to kill people.

.

http://www.jpost.com/Jpost-Tech/Cyber-officials-warn-of-unipharm-plague-nuke-meltdown-future-dangers-540402

TAGS:
Advertisements

Apple to issue fix for iPhones, Macs at risk from ‘Spectre’ chip flaw

January 5, 2018

Reuters

SAN FRANCISCO (Reuters) – Apple Inc will release a patch for the Safari web browser on its iPhones, iPads and Macs within days, it said on Thursday, after major chipmakers disclosed flaws that leave nearly every modern computing device vulnerable to hackers.

Browser makers Google, Microsoft Corp and Mozilla Corp’s Firefox all confirmed to Reuters that the patches they currently have in place do not protect iOS users. With Safari and virtually all other popular browsers not patched, hundreds of millions of iPhone and iPad users may have no secure means of browsing the web until Apple issues its patch.

Apple stressed that there were no known instances of hackers taking advantage of the flaw to date.

 Apple to issue fix for iPhones and Macs at risk from 'Spectre' chip flaw https://t.co/4Mv7SZpvcX

On Wednesday, Alphabet Inc’s Google and other security researchers disclosed two major chip flaws, one called Meltdown affecting only Intel Corp chips and one called Spectre affecting nearly all computer chips made in the last decade. The news sparked a sell-off in Intel’s stock as investors tried to gauge the costs to the chipmaker.

In a statement on its website, Apple said all Mac and iOS devices were affected by both Meltdown and Spectre. But the most recent operating system updates for Mac computers, Apple TVs, iPhones and iPads protect users against the Meltdown attack and do not slow down the devices, it added, and Meltdown does not affect the Apple Watch.

Macs and iOS devices are vulnerable to Spectre attacks through code that can run in web browsers. Apple said it would issue a patch to its Safari web browser for those devices “in the coming days.”

Shortly after the researchers disclosed the chip flaws on Wednesday, Google and Microsoft released statements telling users which of their products were affected. Google said its users of Android phones – more than 80 percent of the global market – were protected if they had the latest security updates.

Apple remained silent for more than a day about the fate of the hundreds of millions of users of its iPhones and iPads. Ben Johnson, co-founder and chief strategist for cyber security firm Carbon Black, said the delay in updating customers about whether Apple’s devices are at risk could affect Apple’s drive to get more business customers to adopt its hardware.

“Something this severe gets the attention of all the employees and executives at a company, and when they go asking the IT and security people about it and security doesn’t have an answer for iPhones and iPads, it just doesn’t give a whole lot of confidence,” Johnson said.

Reporting by Stephen Nellis; Editing by Cynthia Osterman and Susan Fenton

Handcuffed by sanctions, North Korea seeks cash via cyber theft

December 20, 2017

Some of the 7,000 hackers trained by Pyongyang pose as beautiful women on Facebook, strike online conversations and then send malicious ransom ware files

A man is reflected on a screen showing exchange rates of cryptocurrencies at an exchange in Seoul on December 20, 2017.
(AFP PHOTO / JUNG Yeon-Je)

A man is reflected on a screen showing exchange rates of cryptocurrencies at an exchange in Seoul on December 20, 2017. (AFP PHOTO / JUNG Yeon-Je)

SEOUL, South Korea (AFP) — The messages are alluring, the pictures are attractive. But the women seeking to beguile South Korean Bitcoin executives could actually be hackers from Pyongyang in disguise, experts warn.

In the face of sanctions over its banned nuclear and ballistic missile programs, the cash-strapped North is deploying an army of well-trained hackers with an eye on a lucrative new source of hard currency, they sa

Its cyber warfare abilities first came to prominence when it was accused of hacking into Sony Pictures Entertainment to take revenge for “The Interview,” a satirical film that mocked its leader, Kim Jong-Un.

But it has rapidly expanded from political to financial targets, such as the central bank of Bangladesh and Bitcoin exchanges around the world, with Washington this week blaming it for the WannaCry ransomware that wreaked havoc earlier this year.

Screenshot of a ransomware exploit (Courtesy)

And a South Korean crypto currency exchange shut down on Tuesday after losing 17 percent of its assets in a hacking — its second cyber attack this year — with the North accused of being behind the first.

According to multiple South Korean reports citing Seoul’s intelligence agency, North Korean hackers approach workers at digital exchanges by posing as beautiful women on Facebook, striking online conversations and eventually sending files containing malicious code.

They also bombard executives with emails posing as job seekers sending resumes — with the files containing malware to steal personal and exchange data.

Moon Jong-Hyun, director at Seoul cybersecurity firm EST Security, said the North had stepped up online honeytrap tactics targeting Seoul’s government and military officials in recent years.

“They open Facebook accounts and maintain the online friendship for months before backstabbing the targets in the end,” Moon told a cybersecurity forum, adding that many profess to be studying at a US college or working at a research think tank.

A computer screen at the Cboe Global Markets exchange (previously referred to as CBOE Holdings, Inc.) shows Bitcoin futures prices and trades on December 19, 2017 in Chicago, Illinois. (Scott Olson/Getty Images/AFP)

Simon Choi, director of Seoul cybersecurity firm Hauri, has accumulated vast troves of data on Pyongyang’s hacking activities and has been warning about potential ransomware attacks by the North since 2016.

The United States has reportedly stepped up cyberattacks of its own against Pyongyang.

But Choi told AFP, “The North’s hacking operations are upgrading from attacks on ‘enemy states’ to a shady, lucrative moneymaking machine in the face of more sanctions.”

Pyongyang’s hackers have shown interest in Bitcoin since at least 2012, he said, with attacks spiking whenever the crypto currency surges — and it has soared around 20-fold this year.

Illustrative: Staff monitoring the spread of ransomware cyberattacks at the Korea Internet and Security Agency (KISA) in Seoul, May 15, 2017. (AFP/ YONHAP)

US cybersecurity firm FireEye noted that a lack of regulations and “lax anti-money laundering controls” in many countries make digital currencies an “attractive tactic” for the North.

Crypto currencies, it said in a September report, were “becoming a target of interest by a regime that operates in many ways like a criminal enterprise.”

It documented three attempts by the North to hack into Seoul cryptocurrency exchanges between May and July as a way to “fund the state or personal coffers of Pyongyang’s elite.”

In October, Lazarus, a hacking group linked with the North, launched a malicious phishing campaign targeting people in the bitcoin industry with a fake but lucrative job offer, according to US cybersecurity firm Secureworks.

Hacking attacks targeting digital currencies are only the latest in the long list of alleged online financial heists by the North.

The North is blamed for a massive $81 million cyber-heist from the Bangladesh Central Bank (BCB) in 2016, as well as the theft of $60 million from Taiwan’s Far Eastern International Bank in October.

Map locates top 20 countries affected in the first hours of the global ransomware cyberattack in May 2017. (AP)

Although Pyongyang has angrily denied the accusations — which it described as a “slander” against the authorities — analysts say the digital footprints left behind suggest otherwise.

The attack on the BCB was linked to “nation-state actors in the North,” cyber security firm Symantec said, while the Taiwanese bank theft had some of the “hallmarks” of Lazarus, according to the British defense firm BAE Systems.

Proceeds from such actions are laundered through casinos in the Philippines and Macau or money exchanges in China, said Lim Jong-In, a cyber-security professor at Korea University in Seoul, making it “virtually impossible” to trace.

The global WannaCry ransomware attack in May infected some 300,000 computers in 150 nations, encrypting their files and demanding hundreds of dollars from their owners for the keys to get them back.

Experts say that young hacking talents are handpicked at school to be groomed at elite Kim Chaek University of Technology or Kim Il Sung Military University in Pyongyang, and now number more than 7,000.

This file photo taken on August 9, 2017, shows pedestrians walking past a huge screen in Tokyo displaying news footage of North Korean leader Kim Jong-Un. (AFP PHOTO / Kazuhiro NOGI)

They were once believed to be operating mostly at home or in neighboring China, but analysis by cyber security firm Recorded Future noted “significant physical and virtual North Korean presences” in countries as far away as Kenya and Mozambique.

FireEye CEO Kevin Mandia put the North among a quartet of countries — along with Iran, Russia and China — that accounted for more than 90 percent of cybersecurity breaches the firm dealt with.

Its hackers, he said, were “interesting to respond to and hard to predict.”

https://www.timesofisrael.com/handcuffed-by-sanctions-north-korea-seeks-cash-via-cyber-theft/

READ MORE:

Cyber Attacks “More Complex, Dangerous” Threaten Critical Infrastructure — Breached safety systems — Middle East nuclear, electrical, industrial infrastructure

December 17, 2017

REUTERS

 Image may contain: outdoor
The FireEye logo is seen outside the company’s offices in Milpitas, California, in 2014. | REUTERS

Hackers likely working for a nation-state recently breached safety systems at a critical infrastructure facility, in a watershed attack that halted plant operations, according to cyberinvestigators and the firm whose software was targeted.

FireEye Inc. disclosed the incident on Thursday, saying it had targeted Triconex industrial safety technology from Schneider Electric SE.

Schneider confirmed that the incident had occurred, and that it had issued a security alert to users of Triconex — which cyberexperts said is widely used in the energy industry, including at nuclear facilities and oil and gas plants.

FireEye and Schneider declined to identify the victim, industry or location of the attack. Cybersecurity company Dragos said the hackers targeted an organization in the Middle East, while a second firm, CyberX, said it believed the victim was in Saudi Arabia.

It marks the first report of a safety system breach at an industrial plant by hackers, who have in recent years placed increasing focus on breaking into utilities, factories and other critical infrastructure, cyberexperts said.

Compromising a safety system could let hackers shut them down in advance of attacking other parts of an industrial plant, potentially preventing operators from identifying and halting destructive attacks, they said. Safety systems “could be fooled to indicate that everything is okay,” even as hackers damage a plant, said Galina Antova, co-founder of cybersecurity firm Claroty.

“This is a watershed,” said Sergio Caltagirone, head of threat intelligence with Dragos. “Others will eventually catch up and try to copy this kind of attack.”

In the incident, hackers used sophisticated malware to take remote control of a workstation running a Schneider Electric Triconex safety shutdown system, then sought to reprogram controllers used to identify safety issues. Some controllers entered a fail-safe mode, which caused related processes to shut down and caused the plant to identify the attack, FireEye said.

FireEye believes the attackers’ actions inadvertently caused the shutdown while probing the system to learn how it worked, said Dan Scali, who led FireEye’s investigation. The attackers were likely conducting reconnaissance to learn how they could modify safety systems so they would not operate in the event that the hackers launched an attack that disrupted or damaged the plant, he said.

The U.S. government and private cybersecurity firms have issued public warnings over the past few years about attempts by hackers from nations including Iran, North Korea and Russia and others to attack companies that run critical infrastructure plants, in what they say are primarily reconnaissance operations.

CyberX Vice President Phil Neray said his firm found evidence that the malware was deployed in Saudi Arabia, which could suggest that Iran may be behind the attack.

Security researchers widely believe that Iran was responsible for a series of attacks on Saudi Arabian networks in 2012 and 2017 using a virus known as Shamoon.

Schneider provided Reuters with a customer security alert, dated Wednesday, which said it was working with the U.S. Department of Homeland Security to investigate the attack.

Image result for U.S. Department of Homeland Security, signs, signage

“While evidence suggests this was an isolated incident and not due to a vulnerability in the Triconex system or its program code, we continue to investigate whether there are additional attack vectors,” the alert said.

Department of Homeland Security spokesman Scott McConnell said the agency was looking into the matter “to assess the potential impact on critical infrastructure.”

The malware, which FireEye has dubbed Triton, is only the third type of computer virus discovered to date that is capable of disrupting industrial processes.

The first, Stuxnet, was discovered in 2010 and is widely believed by security researchers to have been used by the United States and Israel to attack Iran’s nuclear program.

The second, known as Crash Override or Industroyer, was found last year by researchers who said it was likely used in a December 2016 attack that cut power in Ukraine.

https://www.japantimes.co.jp/news/2017/12/15/world/crime-legal-world/hackers-invade-safety-system-halt-mideast-plant-operations-watershed-cyberattack/#.WjY3tt-nGUk

Singapore: Defence Minister to invite hackers to break into its Internet-connected systems to detect weaknesses

December 12, 2017

ST VIDEO: ALPHONSUS CHERN

SINGAPORE – In a first for the Singapore Government, the Ministry of Defence (Mindef) will be inviting about 300 international and local hackers to hunt for vulnerabilities in its Internet-connected systems next year, in a bid to guard against ever-evolving cyber threats.

From Jan 15 to Feb 4, these selected experts will try to penetrate eight of Mindef’s Internet-facing systems, such as the Mindef website, the NS Portal and LearNet 2 Portal, a learning resource portal for trainees.

These registered hackers can earn cash rewards – or bounties – between $150 and $20,000, based on how critical the flaws discovered are. Called the Mindef Bug Bounty Programme, it will be the Government’s first crowdsourced hacking programme.

This follows an incident earlier this year when Mindef discovered that hackers had stolen the NRIC numbers, telephone numbers and birth dates of 854 personnel through a breach of its I-Net system.

One of the systems being tested, Defence Mail, uses the I-Net system for Mindef and SAF personnel to connect to the Internet.

On Tuesday (Dec 12), defence cyber chief David Koh announced the new programme after a visit to the Cyber Defence Test and Evaluation Centre (CyTEC) – a cyber “live-firing range” where servicemen train against simulated cyber attacks – at Stagmont Camp in Choa Chu Kang.

On the significance of the “Hack Mindef” initiative, he told reporters: “The SAF is a highly networked force. How we conduct our military operations depends on networking across the army, navy, air force and the joint staff.

“Every day, we see new cyber attacks launched by malicious actors who are constantly seeking new ways to breach our systems… Clearly, this is a fast-evolving environment and increasingly, you see that it is one that is of relevance to the defence and security domain.”

The bigger picture is that cyberspace is emerging as the next battlefield, said Mr Koh, who is also deputy secretary for special projects at Mindef.

“Some countries have begun to recognise cyber as a domain similar to air, land and sea. Some have even gone so far as to say that the next major conflict will see cyber activity as the first activity of a major conflict,” he added.

Servicemen at the Cyber Defence Test and Evaluation Centre at Stagmont Camp on Dec 12, 2017. ST PHOTO: ALPHONSUS CHERN

 

While there will be some risks in inviting hackers to test the systems, such as an increase in website traffic and the chance that these “white hat” hackers will turn over discovered vulnerabilities to the dark Web, measures will be put in place.

“(If) we can’t even manage the increase in traffic, that in itself would be a vulnerability that we would need to address,” said Mr Koh.

White-hat hackers are those who break into protected systems to improve security, while black-hat hackers are malicious ones who aim to exploit flaws.

The programme conducted by US-based bug bounty company HackerOne is expected to cost about $100,000, depending on the bugs found. But Mr Koh noted that this would be less than hiring a dedicated vulnerability assessment team, which might cost up to a million dollars.

Mr Teo Chin Hock, deputy chief executive for development at the Cyber Security Agency (CSA), said: “By embarking on a bug bounty programme, companies have the advantage of uncovering security vulnerabilities on their own by harnessing the collective intelligence and capabilities of these experts and addressing these vulnerabilities before the black hats do.”

In a statement, he added that the CSA is currently in discussions with some of Singapore’s 11 designated critical information infrastructure sectors which have expressed interest in exploring a similar programme for their public-facing systems.

Major Yiew Pie Ling (centre) taking Mr David Koh, deputy secretary (Special Projects), Mindef, and chief executive of the newly created Cyber Security Agency (CSA) of Singapore, through a demonstration of a mock cyber attack at the Cyber Defence Test and Evaluation Centre at Stagmont Camp on Dec 12, 2017. ST PHOTO: ALPHONSUS CHERN

Large organisations, such as Facebook and the United States Department of Defence, have embarked on similar initiatives with some success.

For instance, a similar Hack the Pentagon programme, also conducted by HackerOne, was launched by the US defence department in 2016. A total of 138 bugs were found by more than a thousand individuals within three weeks.

The initiative caps a year in which Singapore has been gearing up for the battlefront in cyberspace.

In March, it was announced that the Defence Cyber Organisation will be set up to bolster Singapore’s cyber defence, with a force of cyber defenders trained to help in this fight.

http://www.straitstimes.com/singapore/defence-ministry-to-invite-300-hackers-to-hack-its-internet-connected-systems

Hackers could get even nastier in 2018: researchers

November 29, 2017

AFP

© AFP/File | Report by the security firm McAfee said hackers will develop new strategies in 2018 and target connected devices which offer less security than computers and smartphones

WASHINGTON (AFP) – After a year marked by devastating cyber attacks and breaches, online attackers are expected to become even more destructive in 2018, security researchers said Wednesday.A report by the security firm McAfee said the ransomware outbreaks of 2017 offer just a taste of what’s to come as hackers develop new strategies and “business models.”

McAfee researchers said that as ransomware profitability fades in the face of new defenses, hackers will turn to new kinds of attacks that could involve damage or disruption of computers and networks.

Attackers will also look to target wealthy individuals and aim at connected devices which offer less security than computers and smartphones.

“The evolution of ransomware in 2017 should remind us of how aggressively a threat can reinvent itself as attackers dramatically innovate and adjust to the successful efforts of defenders,” said Steve Grobman, McAfee’s chief technology officer.

McAfee also predicted wider use of cyber attacks “as a service,” allowing more hackers for hire to have an impact.

Raj Samani, chief scientist at McAfee, said the events of 2017 showed how easy it is to commercialize hacking services.

“Such attacks could be sold to parties seeking to paralyze national, political and business rivals,” Samani said.

McAfee’s 2018 Threats Predictions Report also said privacy is likely to be eroded further as consumer data — including data involving children — is gathered and marketed by device makers.

“Connected home device manufacturers and service providers will seek to overcome thin profit margins by gathering more of our personal data — with or without our agreement — turning the home into a corporate store front,” the McAfee report said.

The report said parents “will become aware of notable corporate abuses of digital content generated by children,” as part of this effort to boost profitability.

McAfee said it expects some impact for the May 2018 implementation of the European Union’s General Data Protection Regulation, which limits how data is used and sold and which would affect companies with operations in the EU.

The GDPR regulation “makes 2018 a critical year for establishing how responsible businesses can pre-empt these issues, respecting users’ privacy, responsibly using consumer data and content to enhance services, and setting limits on how long they can hold the data,” said McAfee vice president Vincent Weafer.

Kenyan opposition cries foul ahead of new presidential vote

October 25, 2017

AFP

 

© Patrick Meinhardt, AFP | Jubilee ruling party supporters in Nairobi celebrate the Supreme Court’s decision to proceed with the re-run of the presidential elections on October 25.

Text by FRANCE 24 

Latest update : 2017-10-25

In a shock decision last month, Kenya’s supreme court nullified President Uhuru Kenyatta’s re-election, citing irregularities. But ahead of a new presidential vote on Thursday, supporters of opposition leader Raila Odinga are already crying foul.

Opposition leader Odinga challenged Kenyatta‘s August 8 victory, claiming hackers had infiltrated election servers and manipulated the vote.

After reviewing the evidence, the country’s highest court agreed. Citing irregularities and possible illegalities – as well as the electoral commission’s unwillingness to let court-appointed technicians scrutinise its servers – it took the unusual step of nullifying the vote and ordering a new presidential election to be held within 60 days.

The Kenyan opposition maintains that not enough reforms have been implemented to ensure that a new election would be more free or fair than the last. Odinga has said he will not participate in another round of voting until the necessary changes have been made and a petition was filed with the Supreme Court to delay the October 26 vote until its credibility could be guaranteed.

The court was to hear a petition filed by three Kenyans, including a human rights activist, on the eve of Thursday’s vote. But as the Supreme Court convened to review the complaint a series of dramatic events prevented it from achieving a quorum, meaning the election would go ahead as planned by default.

“It means elections are on tomorrow. There is no order stopping the election,” election commission lawyer Paul Muite told Citizen TV on Wednesday.

Supreme Court Chief Justice David Maraga appeared alone in the courtroom and said only he and one other judge had shown up for the hearing. Six judges are needed to render a decision.

>> Read more: Kenyan election board member flees to US, alleging death threats

One deputy chief justice was unable to attend the hearing after being targeted in a shooting last night in which her bodyguard was killed. Those in favour of delaying the vote were quick to suspect that the attack was linked to the vote.

“The opposition is already saying that was an attempt at intimidation,” said FRANCE 24’s Julia Speers, reporting from Nairobi.

JULIA STEERS REPORTS FROM NAIROBI
Subscribe to our videos for free!

Outside the court, hundreds of women in white scarves gathered to call for peace amid fears of violence. Kenyatta supporters celebrated the news that the election would proceed while those backing Odinga gathered in Nairobi’s Uhuru Park.

The governor of Kenya’s Kisumu county, an opposition stronghold, said the people would be justified in launching a revolt if the presidential election goes ahead, given the lingering concerns over the credibility of another vote.

“If the government subverts the sovereign will of the people … then people are entitled to rebel against this government,” Anyang Nyong’o told reporters on Wednesday.

>> Read more: Kenya election chief casts doubt on ‘free, fair’ poll

An opposition lawyer said any new presidential election would have no legitimacy because of a previous court ruling that deemed the appointment of certain electoral officers illegal.

“It would be illegal and unconstitutional for them to move ahead with the election,” lawyer James Orengo told media outside the Supreme Court.

The election’s August 8 first round plunged Kenya into its worst political crisis since a disputed 2007 vote erupted in violence that left more than 1,100 people dead.

(FRANCE 24 with AFP, AP and REUTERS)

Hackers Target Nation’s Schools — Your Child’s Personal Data Could Be For Sale

October 23, 2017

Criminals make student data public in escalating demands for ransom; some districts pay up

No automatic alt text available.

Hackers looking to exploit sensitive information for profit are increasingly targeting the nation’s schools, where they are finding a relatively weak system to protect a valuable asset: student data.

Cyberthieves have struck more than three dozen school systems from Georgia to

https://www.wsj.com/articles/hackers-target-nations-schools-1508751002

*********************************************

Hackers are targeting schools, U.S. Department of Education warns

CNN Money
 When Superintendent Steve Bradshaw first received a threatening text message in mid-September, he didn’t know it was coming from a hacker trying to exploit his Montana school district.

But soon, students and other schools around Flathead County were receiving threatening messages, too. More than 30 schools in the district shutdown for three days.

“The messages weren’t pleasant messages,” Bradshaw said. “They were ‘splatter kids’ blood in the hallways,’ and things like that.”

The U.S. Department of Education is now warning teachers, parents, and K-12 education staff of a cyberthreat targeting school districts across the country.

So far, at least three states have been targeted by the extortion attempt from hackers asking schools to give them money or the group will release stolen private records, according to the department.

“In some cases, this has included threats of violence, shaming, or bullying the children unless payment is received,” the department wrote in an advisory this week.

No automatic alt text available.

Bradshaw, the superintendent of schools in Columbia Falls, Montana said a hacking group broke into multiple school servers and stole personal information on students and possibly staff. He said after the threatening messages came, hackers asked for ransom.

In a ransom note sent to a number of Columbia Falls school district members and released by the county’s sheriff’s department, the hacking group called the Dark Overlord threatened the district and demanded up to $150,000 in bitcoin to destroy the stolen private data.

Image result for Dark Overlord, photos

The threatening letter talked about use of force, mentioned the name “Sandy Hook,” the elementary school in Connecticut where 20 small children and six adults were shot dead, and said victims would suffer financial and reputational damage.

Law enforcement said they did not believe the threats and determined the attackers were located outside of the U.S.

“We feel this is important to allow our community to understand that the threats were not real, and were simply a tactic used by the cyber extortionists to facilitate their demand for money,” the Flathead County Sheriff’s Office said in a Facebook post last month.

Bradshaw said the district is not paying the ransom, and he is still receiving threatening messages.

Related: The U.S. Army is teaching kids how to hack at DEF CON

The same hackers also targeted the Johnson Community School District in Iowa earlier this month, and the district canceled all classes on October 3. According to local media reports, the hackers also sent threatening text messages to children and their parents.

The hacking group previously attempted to extort Netflix (NFLXTech30) after hacking its production studio, Larson Studios. The group released episodes of Orange is the New Black online last spring.

It’s unclear why the Dark Overlord began targeting schools but someone from the hacking group told the Daily Beast they are “escalating the intensity of our strategy in response to the FBI’s persistence in persuading clients away from us.”

The Department of Education says the hackers are probably targeting districts “with weak data security, or well-known vulnerabilities that enable the attackers to gain access to sensitive data.” It advises districts to conduct security audits and patch vulnerable systems, train staff on data security best practices, and review sensitive data to make sure no outside actors can access it.

According to Mary Kavaney, the chief operating officer of the Global Cyber Alliance, school environments often don’t have a lot of technology resources dedicated to security, but have some of the richest personal information on people, including social security numbers, birth dates, and, potentially, medical and financial information.

“If bad actors can access student [personal data], that information can be exploited for the purpose of fraud and committing crimes for years before it is detected,” Kavaney says. “It’s often only upon application for a job, or application for financial aid to attend college that students find out that their social security number has been used fraudulently — they may have poor credit due to false applications against their history, or worse, find that crime has been committed in their name.”

Bradshaw says the ordeal has been stressful and troubling. Because the district hasn’t paid the hackers, they’re still threatening to release the data online. But, he said, the response from law enforcement and the Flathead County community has been positive.

“We still got people in this country that believe in one another, and it’s been easier to get through than you would have thought,” Bradshaw said. “People care about people in this state.”

 http://money.cnn.com/2017/10/18/technology/business/hackers-schools-montana/index.html

Prague hackers’ congress to address ‘financial freedom’

October 6, 2017

AFP

.

© GETTY IMAGES NORTH AMERICA/AFP | Freeing up finance, one crypto currency at a timePRAGUE (AFP) – 

A hackers’ congress launched in Prague on Friday will discuss new cryptocurrencies and other tools to combat the erosion of financial freedom around the world, organisers said.

“Technology will allow users to shake off economic dependence on the state and achieve financial and personal freedom,” co-organiser Martin Sip said in a statement at the start of the three-day event.

Organisers cited the anonymous cryptocurrencies Monero and Zcash, crypto-markets and decentralised exchange offices as examples of tools that could boost financial freedom.

Amir Taaki, a British-Iranian hacker and expert on the bitcoin cryptocurrency, told reporters in Prague that the western world was going through a social crisis rooted in its economic system.

“Today, most of the work that people do in their lives has absolutely no meaning and no purpose whatsoever,” said Taaki, who founded Britcoin, Britain’s bitcoin exchange.

“What is guiding this mechanistic system that uses human beings as objects is… a system of financial enslavement,” he said, adding that the system wielded “a really sinister form of social control”.

“Our task is to… challenge this system of hierarchy and the state to restore back people’s sense of autonomy and free life.”

“We have to find new forms of economic organisation… (and) bitcoin is the biggest tool that we have to challenge the power of the central banks today.”

Wearing a cap, sunglasses and a mask at Prague’s Institute of Cryptoanarchy, which is hosting the congress, a hacker nicknamed Smuggler said freedom suffers in a financial system dominated by central banks.

“We’re living in a world where we don’t really have money in the sense that we can just transact, but we always have money with permission,” he said.

Earlier this week, reports said the US-based investment bank Goldman Sachs was looking into ways to trade bitcoin to meet client demand.

This would mean a breakthrough as large banks have so far avoided trading in bitcoin due to its reputation as a conduit for illicit activity.

But financial companies have been active in the development of “blockchain,” the underlying technology of bitcoin, which is seen as a potentially major breakthrough.

Bitcoin reached the psychologically important milestone of trading at $5,000 on September 1. It has been retreating since then, trading at $4,375 on October 2.

SEC Discloses Edgar Corporate Filing System Was Hacked in 2016

September 21, 2017

The SEC disclosed that hackers penetrated its electronic system for storing public-company filings and may have traded illegally on the information.

Breach may have allowed trading that profited from nonpublic information, regulator says

.

WASHINGTON—The top U.S. markets regulator disclosed Wednesday that hackers penetrated its electronic system for storing public-company filings last year and may have traded on the information.

The Securities and Exchange Commission’s chairman, Jay Clayton, revealed the breach in an unusual and lengthy statement issued Wednesday evening that didn’t provide many details about the intrusion, including the extent of any illegal trading.

The SEC said it was investigating the source of the hack, which exploited a software vulnerability in a part of the agency’s Edgar system, a comprehensive database of filings made by thousands of public companies and other financial firms regulated by the SEC.

The commission said the hack was detected in 2016, but that regulators didn’t learn about the possibility of related illicit trading until August, when they started an investigation and began cooperating with what the SEC called “appropriate authorities.”

A spokesman for the Federal Bureau of Investigation declined to comment on the SEC disclosure.

The commission’s disclosure follows a major breach of Equifax Inc. that affected 143 million Americans and warnings from executives of the New York Stock Exchange and Bats Global Markets Inc. that a planned data repository of all U.S. equity and options orders could become a juicy target for hackers.

“Cybersecurity is critical to the operations of our markets and the risks are significant and, in many cases, systemic,” Mr. Clayton said in a written statement. “We also must recognize—in both the public and private sectors, including the SEC—that there will be intrusions, and that a key component of cyber risk management is resilience and recovery.”

The intrusion shows how confidential information that can yield easy trading profits has increasingly become a target of hackers.

The SEC in December sued three Chinese traders who allegedly earned more than $4 million in illegal gains after they stole information from the computer systems of Cravath, Swaine & Moore LLP and Weil, Gotshal & Manges LLP, which represent Wall Street banks and Fortune 500 companies.

The SEC’s Electronic Data Gathering, Analysis and Retrieval system, or Edgar, is used by investors who access the online system to view companies’ earnings statements and other disclosures on material developments at companies. Some companies purchase and resell electronic feeds of the filings that cater to electronic and algorithmic traders.

Mr. Clayton’s statement didn’t identify the precise date of the intrusion or what sort of nonpublic data was obtained. The agency said the hackers exploited a vulnerability in part of the Edgar system that allows companies to test the accuracy of data transmitted in new forms. Many corporate filings are made public as soon as they are received through Edgar, although other forms may have to be reviewed first by SEC staff.

The SEC’s statement also didn’t explain why the SEC waited to reveal the breach until Wednesday.

SEC officials have sometimes indicated they could take enforcement action against a public company that misled investors about a significant hack that affected share prices.

Mr. Clayton, who is due to testify before the Senate Banking Committee next week, is sure to face questions about his own agency’s cyber vulnerabilities.

“We face the risks of cyber threat actors attempting to compromise the credentials of authorized users, gain unauthorized access to filings data, place fraudulent filings on the system, and prevent the public from accessing our system through denial of service attacks,” Mr Clayton said. “We also face the risks of actors attempting to access nonpublic data relating to our oversight, or enforcement against, market participants, which could then be used to obtain illicit trading profits,” he added.

The Edgar system, which was launched to equalize access to information among retail and sophisticated investors, has occasionally caused headaches for the commission. Academic researchers found in 2014, for instance, that hedge funds and other rapid-fire investors got earlier access to market-moving documents from Edgar than other users of the standard, web-based system, giving them a potential edge on other traders. The SEC later said it fixed the problem.

The system has also been exploited by traders who submitted fake corporate filings. In 2015, a 37-year-old man in Bulgaria filed a fake takeover offer for Avon Products Inc., which succeeded in sending the beauty-product company’s shares soaring but netted the mastermind just $5,000, regulators alleged.

Mr. Clayton’s statement acknowledged that the planned data repository, known as the Consolidated Audit Trail, could be targeted by cyber thieves looking to steal personal information of stockbrokers’ customers. The audit trail has been in the works for nearly seven years and the SEC approved its final design last year. However, exchange executives have recently cited the Equifax hack as evidence that the audit trail should be pared back, even if that takes away information that could help regulators spot manipulative traders more quickly.

Stock and options exchanges, as well as the Financial Industry Regulatory Authority, which oversees brokers, are due to begin reporting data to the repository in November.

Robert Cook, chief executive of Finra, also has questioned whether the audit trail should be scaled back in light of the Equifax data breach. Speaking Wednesday at a banking luncheon in Washington, Mr. Cook questioned whether the database designed to help regulators sort through flash crashes and spot market manipulation should include personal information about stockbrokers’ customers.

“Especially post-Equifax when we are trying to win back investor confidence in the markets, it seems to be a useful question to ask whether we’ve got the right approach here or we need to revisit it,” he said.

Write to Dave Michaels at dave.michaels@wsj.com

https://www.wsj.com/articles/sec-discloses-edgar-corporate-filing-system-was-hacked-in-2016-1505956552