TweakTown NewsRefine News by Category:
A union representing federal employees claims that cybercriminals were able to successfully steal Social Security numbers and other personal data of every federal employee. Following news that the Office of Personnel Management (OPM) was hacked, suspected by "the Chinese," it's turned out to be a bigger issue than the Obama Administration publicly stated.
Hackers were able to compromise the Central Personnel Data File, which holds records for current federal employees, retired personnel, and as many as one million former federal employee records. The data files reportedly have up to 780 data points about a federal worker - an alarming amount of personal information that wasn't properly secured.
"We believe that Social Security numbers were not encrypted, a cybersecurity failure that is absolutely indefensible and outrageous," said J. David Cox, president of the American Federal of Government Employees, in an open letter to the OPM. The group has described the OPM breach as "an abysmal failure on the part of the agency to guard data that has been entrusted to it by the federal workforce."
Unsealed federal court documents revealed almost 600 storage accounts may have been compromised as part of the infamous 'Celebgate' hacking scandal. Stolen images from Jennifer Lawrence, Kate Upton, Hope Solo and other actresses and models were posted on 4chan, and then spread elsewhere on the Internet.
Apple iCloud accounts belonging to 572 unique accounts were accessed, some of the accounts visited six times.
In other news, the FBI has traced the hacker to the South Side of Chicago, in the Brighton Park neighborhood. FBI agents seized computers and other documents from the house, but no one has been arrested. Two email addresses allegedly belonging to 30-year-old Emilio Herrera are tied to the investigation, but he hasn't been named as a suspect.
President Barack Obama has received a letter from the Information Industry Association and Information Technology Industry Council not to mess with encryption. The US government wants backdoors created so law enforcement can access information when needed, but Silicon Valley companies warned that would also create opportunities for cybercriminals.
"We are opposed to any policy actions or measures that would undermine encryption as an available and effective tool," said the letter. The Information Industry Association represents companies such as Microsoft, Facebook, Google and Apple - with executives from each company previously speaking out against various government interference in security.
The FBI and other agencies support the Obama administration's efforts to help bypass encryption, but in a manner that wouldn't allow hackers and cybercriminals to exploit the encryption backdoor.
The Office of Personnel Management knew that its computer security system could be exploited by outside act, but the issue still wasn't spotted in time. The OPM is expected to roll out two-step authentication to better protect its networks.
It was still too late - tens of thousands of files were already stolen before the inspector general's report last November. After a breach was detected last summer, cybercriminals were able to launch a broader attack that likely began in December. So far, more than 4 million people have been exposed by the breach, and it's likely that number will rise.
Cybercriminals tend to be very patient while browsing compromised networks, especially organized cyber hackers. It's possible the OPM hack was carried out by those responsible for breaching Anthem, as personal information is lucrative.
Cybersecurity issues are getting worse, President Barack Obama admitted recently, as the United States remains a lucrative target of foreign cybercriminals. Obama wants Congress to pass new cybersecurity legislation to help address mounting digital threats.
"We have known for a long time that there are significant vulnerabilities, and that these vulnerabilities are going to accelerate as time goes by, both in systems within government and within the private sector," Pres. Obama said during a Group of Seven summit.
It's a stark realization that the US government has been aware of cybersecurity issues, but favored the need on bulk surveillance activities. If nothing else, it looks like some private sector security firms and defense contractors will make a fortune helping the government upgrade.
The US government has confirmed that records of current and former federal employees are at risk, following news that the Office of Personnel Management (OPM) suffered a series of cyberattacks. Despite reportedly beginning in late 2014, it took until April before the intrusions were detected.
Here is some expert cybersecurity input regarding the breach:
There is a changing cybercriminal landscape that the United States has been relatively slow to adapt to:
"Cyber espionage by state-sponsored actors is in fact cybercrime," said Jason Polancich, founder and chief architect at SurfWatch Labs. "China and Russia signed a no-hack agreement last month likely, in part, because one is the produce (China) and the other is the marketer (Russia) of today's cybercrime, now a world-sized cottage industry."
Authorities believe that a breach in US government data was thanks to a "foreign entity" and the Federal Bureau of Investigation has launched a full inquiry into who exactly stole the data on approximately four million workers.
This hacking spree took place through the US's Office for Personnel Management (OPM) and began in April 2015, with The Department of Homeland Security concluding that this attack had finished by the beginning of May - announcing the data as compromised.
Despite the implementation of EINSTEIN, private information on four million employees was stolen directly from the human resource systems, affecting OPM IT systems as a whole.
Computex 2015 - Adding something a little different to the Computex 2015 trade show is the ASUS series of SmartHome devices, designed to keep yourself and your technology safe at home.
Also winning a BC award as per the ASUS ROG GR6 mini gaming PC, these products are coupled with the tagline "Smart, Simple, Secure" and are aimed at everyone from the general consumer to the complete computer mastermind.
Pictured is the black circle-like object named the ASUS Smart Home Gateway, this sets out to let you control your home through one simple app installed on a smartphone or tablet and can work with third-party products - meaning you aren't locked into ASUS branded components only.
The NSA and GCHQ continue to face significant backlash of their widespread surveillance activities, largely due to Edward Snowden's spying disclosures. However, the UK intelligence agency is defending itself by saying it couldn't spy on all its citizens in an unlawful manner, even if it actually wanted to.
"One of the things that has almost flippantly been said in our defense is that even if we wanted to do such things we don't have enough people to engage in such unlawful mass intrusion," said Ciaran Martin, director general of cybersecurity for the GCHQ, while speaking at the InfoSecurity conference.
The GCHQ has conducted mass collection of user data inside the UK, which was disclosed by Snowden a couple of years ago. Not surprisingly, there has been increased debate - both in the US and UK - regarding the effectiveness of these programs.
Independent researcher George Tankersley and CloudFlare security team member Filippo Valsorda again showed how Tor users are not as secure as they wish.
Speaking during the Hack in the Box conference in Amsterdam, the researchers said motivated users can subvert anonymous access to the service. Hackers can identify the original location of users by operating rogue HSDir (hidden service directory) nodes that are required - with two sets of three needed to connect to the hidden service - with four days of operation to be marked as a "trusted" HSDir node.
A malicious HSDir instead of an exit node can be used in the process, making it easy to attack hidden service users.