The IRS recently suffered a data breach that left thousands of Americans at risk, and more attention is now focused on government mismanaged. Utilizing a $10.9 billion budget, either the agency is greatly mismanaged and/or the IRS just isn't ready to try to protect taxpayer information.
There seems to be a lot of problems with the IRS, and that has certainly trickled down to its cybersecurity protocols. The agency still uses Microsoft Windows XP - and while the IRS originally paid Microsoft for support - that support has ended. To make matters worse, some fraud identification software is almost 20 years old.
The IRS previously had 410 cybersecurity team personnel, but that has been slashed down to 363 workers. The idea that IRS personnel are unable to keep up with identity theft is a huge problem, especially as cybercriminals get cleverer.
It didn't take long for Apple to provide a temporary fix for a bug that allows users to crash an iPhone, iPad or Apple Watch via text message. The company was reportedly working on a fix anyway, but had to speed things up when users started sharing details about the problem on YouTube and social media outlets.
The problem stemmed from the way Arabic text is rendered by an iOS device, and the device's RAM ends up full, forcing a restart.
iOS users can have Siri read unread messages, and have Siri respond to the malicious message. Once that is done, users can open Messages again. Once in messages, users must swipe left to delete the entire conversation thread - or tap, hold, and delete the malicious message.
The United States reportedly attempted to launch a Stuxnet-like cyberattack aimed at the nuclear weapons program in North Korea, but the cyberespionage attempt failed. Launched at the same time when Stuxnet hit Iran in 2009 and 2010, the US wanted to also set North Korea's nuclear efforts back, according to a recent Reuters report.
US cybersecurity specialists couldn't directly access systems responsible for controlling nuclear ambitions in Pyongyang - and the reclusive country's extreme secrecy and isolation helped make the attack more difficult. Similar to Iran, North Korea likely uses Microsoft Windows to power the PCs, which use control software from Siemens AG.
Cyberespionage among nations is nothing new, with nations specifically concerned regarding the nuclear ambitions of Iran, North Korea, and other nations. However, North Korea - which extremely limits access to the Internet - reportedly has an increasingly sophisticated cyberespionage program that can be used to target South Korea, the US, and other political rivals.
Encryption is vital to free speech and government efforts to install backdoors prove to be a violation of human rights against Internet users. The UN report says encryption and Internet anonymity allow for a privacy buffer so they can share their views without the fear of being censored.
There is an effort by the United States, UK and other governments to create backdoors - which could also allow cybercriminals to access information - in an effort to aid law enforcement. If an agency needs to view and monitor encrypted messages, it should only be done on a "case-by-case" basis, and shouldn't be required for the majority of users.
The report will be presented in front of the UN Human Rights Council sometime next month.
Organized hackers in North Korea have the ability to launch cyberattacks against critical infrastructure and could even potentially lead to casualties, according to a high-profile defector. Professor Kim Heung-Kwang, a former computer science professor at the Hamheung Computer Technology University, helped teach some students that eventually joined the Bureau 121 hacker group.
North Korea has around 6,000 well-trained hackers - suspected of operating inside of China - with an estimated 10 to 20 percent of the nation's military spending directed towards online cyber operations.
"The reason North Korea has been harassing other countries is to demonstrate that North Korea has cyber war capacity," Prof. Kim told BBC Click. "Their cyberattacks could have similar impacts as military attacks, killing people and destroying cities."
NCSoft, best known to Western gamers for the Lineage MMORPG, is a major South Korean gaming company with big aspirations for the rest of the world. The studio racked up $756 million in revenue during 2014, and wants to create appealing PC and mobile gamers for consumers across the world.
The game studio restructured, and plans to release its paid online game Wildstar as a free-to-play game for the United States. NCSoft also plans to expand with a mobile gaming studio located in Silicon Valley, which could host more than 100 employees.
"This is happening after a long period of anticipation, and it's a significant announcement," said John Burns, SVP of publishing at NCSoft West, in a statement to GamesBeat. "We are doubling down on our PC game portfolio and expanding into mobile. The goal for NCSoft West is to become a leader in the game industry."
Cybercriminals want to victimize people in any way possible, including even collecting unemployment checks directly from the government. As much as $5.6 billion is taken in federal benefits fraud, stemming from identity theft and data breaches.
Individual states and the federal government provide unemployment benefits directly to citizens, but if a person's personal information is purchased on the black market - and the fraudsters are able to file paperwork to collect the benefits. Each state must create their own system to identify - and stop - fraudulent claims, with thousands of suspected false forms submitted.
"The fact that this is so easy to commit is something that has been a real challenge to law enforcement because the fraudsters keep evolving, and they always find a new way to steal our identities," said Wifredo Ferrer, US Attorney for the Southern District of Florida, in a statement to CNN. "And all you need sometimes is a name, a date of birth and a Social Security number. And sometimes, you don't even need that to commit this crime."
Sally Beauty has informed customers that it has suffered yet another data breach, investigating a reported security incident that took place in April. The company received reports that customers suffered suspicious activity on debit and credit cards that were used in the store.
The company, which doesn't collect PIN data, found malware on some point-of-sale (PoS) systems in its retail stores.
"We regret any inconvenience this incident may have caused our customers, and we want to reassure them that protecting our customers is our priority," said Chris Brickman, president and CEO of Sally Beauty. "Because we cannot pinpoint exactly which cards might have been affected during our reported date range, we are offering credit monitoring services to any customer who used their payment card at a U.S. Sally Beauty store between March 6 and April 17 of 2015."
The Internal Revenue Service (IRS) has confirmed more than 100,000 American taxpayer records were compromised in a recent data theft. The breaches took place thousands of times from February to mid-May, and the "Get Transcript" service was the one reportedly vulnerable.
Information taken included tax returns and other data stored on the IRS website, with more than 200,000 reported attempts made to access the agency.
"We're confident these are not amateurs, these are actually organized crime syndicates that not only we but everyone in the financial industry are dealing with," said John Koskinen, IRS Commissioner, during a recent conference call.
A 17-year-old high school student in Idaho is in big trouble after paying a third party to launch a distributed denial of service (DDoS) attack at his school. The student has been suspended, will likely be expelled, and faces criminal charges for allegedly hiring someone to DDoS the school.
The student could face a felony computer crime, which has a maximum sentence of up to 180 days in a detention facility. It's likely his parents will have to pay monetary restitution, and the teenager could face federal charges.
The DDoS attack negatively impacted the Eagle High School's network for almost two weeks - with students accessing the Idaho Standard Achievement tests losing their work - and some students had to take the standardized test numerous times. The school administration were unable to reliably access records, including payroll, while e-books and online classes were inaccessible.