Tag Archives: hackers

Breach Brief – Macy’s, Adidas

Macy’s department stores has reported a data breach of customer data. The breach affects Macy’s online customers and exposed names, addresses, phone numbers, email addresses, birthdays, and credit and debit card numbers with expiration dates. Macy’s pointed out that it does not store credit verification values (CVV) or Social Security numbers in its online customer profiles. Macy’s has reported the data breach and exposed card numbers to payment processors Visa, MasterCard, American Express and Discover. Macy’s has not said how many customers are impacted.

According to Macy’s the breach took place between April 26 and June 12. The company reported that an “unauthorized third party” had obtained usernames and passwords and were able to log into Macy’s and subsidiary’s Bloomingdale’s shopper’s online profiles. It is not known how the hackers got the information. Macy’s reported the breach in a letter to the New Hampshire Attorney General’s Office on July 2nd.

Macy’s has frozen any customer profiles with suspicious activity until the customers change their passwords.

“We have investigated the matter thoroughly, addressed the cause and, as a precaution, have implemented additional security measures,” the company said in a statement. “Macy’s, Inc. will provide consumer protection services at no cost to those customers. We have contacted potentially impacted customers with more information about these services.”

 

Adidas

Adidas, maker of sportswear and equipment, issued a warning to online shoppers in the U.S. that their personal information may have been compromised as a result a suspected data breach.  Adidas first became aware of the incident on June 26 and analysts are saying that potentially millions of customers could be affected.

A preliminary investigation revealed that the hacker may have stolen customer’s contact information, usernames and encrypted passwords. Adidas does not believe any credit card or health and fitness information was compromised.

A statement on Adidas’ website read; “According to the preliminary investigation, the limited data includes contact information, usernames and encrypted passwords. Adidas has no reason to believe that any credit card or fitness information of those consumers was impacted.” The company is in the process of notifying affected customers.

City of Atlanta Hit By Ransomware Attack

The City of Atlanta computer network was hit by a ransomware attack last week. The attack left a portion of the city’s data encrypted. According to city officials the full extent of the attack is still under investigation.  Attackers were successful in shutting down some of the city’s online services, including “various internal and customer-facing applications” used to pay bills or access court-related information. The city’s mayor, Keisha Lance Bottoms, urged city employees and anyone who had conducted transactions with the city to carefully monitor their bank accounts in case their personal information is misused.

Ransomware is a software that takes control of a computer or computer network and shuts it down by encrypting the data until the ransom is paid. The attacker will usually threaten to destroy the data if the money is not paid. In Atlanta’s case the attacker has demanded approximately $51,000 in bitcoin. City officials have not said if they will pay the ransom. Experts believe paying the ransom will only encourage future attacks.

According to a local NBC news affiliate the ransomware used in the attack is part of a family of ransomware known as SamSam that has been deployed against governments and healthcare systems since 2015.

Though Atlanta’s population is just under 500,000 it is the ninth largest metropolitan area in the country and has the nation’s busiest airport. Atlanta’s new Chief Operating Officer, Richard Cox, who came on the job just a week ago,  said that several departments have been affected. But Cox pointed out that agencies responsible for public safety, water and airport services have not been affected. Mayor Bottoms stated that the city is working with the FBI, DHS, Microsoft and Cisco to find out what data may have been compromised.

The city issued a statement on Tuesday instructing employees that they could begin to turn their computers and printers back on. The move is part of an assessment of the overall impact of the attack. However, CNN reports that systems that allow residents to pay their water bills or parking tickets online remains shutdown. Police have been forced to do some paperwork by hand while some court proceedings have been cancelled.

Atlanta Mayor Keisha Lance Bottoms

Members of Mayor Bottom’s team informed Atlanta City Council members last week that there was  “a high likelihood that the incursion came through the City Council side of the building, through some software used by the Atlanta City Council called the Legislative Management System.”

According to NPR reporter Emily Cureton city officials were warned months ago of weak security in its computer systems. “The audit found a significant level of preventable risk to the city. The auditor writes there were long-standing issues, which city employees got used to and also didn’t have the time or resources to fix. The audit concludes Atlanta had no formal processes to manage risk to its information systems.

Rendition Infosec, a Georgia-based cybersecurity firm, tweeted on Tuesday that it had uncovered data showing a handful of city computers came under attack last year.

Jake Williams, owner of Rendition Infosec said, “We dug into our data and perhaps unsurprisingly, at least 5 of their machines were compromised in April 2017.”

Now the problem facing Atlanta officials is that time is running out to pay the ransom. According to NPR there may be nowhere to send the money. A local television station obtained a copy of the ransome note and tweeted the message out. The result was the payment portal set up by the attackers, with the countdown clock, was disabled. The portal contained a link to a bitcoin wallet.

According to the city’s information webpage there is no resolution in site at this time. According to Mayor Bottoms, “Everything is up for discussion.”

 

 

 

 

Facebook’s Dirty Scandal – Now You Know!

Image courtesy of Arztsamui

The world’s greatest social media network! The greatest collector of personal information in history of mankind! The greatest surveillance machine ever created! All this can be said of Facebook. But when you screw up it quickly becomes equally great. 

Facebook knew its security was weak.

 Facebook’s Chief Information Security Officer, Alex Stamos  argued that the amount of data Facebook was collecting made it a target for hackers, spies and hostile state actors. 

In an audio recording leaked to ZDNet, Stamos was heard telling his security team that he had warned management “that we have the threat profile of a Northrop Grumman or a Raytheon or another defense contractor, but we run our corporate network, for example, like a college campus, almost.” Executives inside Facebook were not happy.

Stamos argued for more openness about how Russian agents used Facebook to influence the 2016 presidential election and beyond. From the inside Stamos fought for organizational changes that would at least minimize the use of misinformation. Again, Facebook executives resisted his efforts. As a result Stamos is planning to depart Facebook by August.

Between 2011 and 2012 former Facebook platform operations manager, Sandy Parakilas, was  responsible for policing data breaches by third-party software developers. According to the Guardian he warned senior executives at the company that poor data security measures were a major vulnerability.

“My concerns were that all of the data that left Facebook servers to developers could not be monitored by Facebook,” said Parakilas, “so we had no idea what developers were doing with the data.”

Parakilas went on to say that Facebook had terms of service and settings that “people didn’t read or understand.” Parakilas went on to accuse Facebook of failing to use any enforcement mechanisms at its disposal, including audits of external developers, to ensure data was not being misused. Basically Facebook was warned by its own employees of the coming danger.

What happened?

Facebook basically lost control of the personal data of over 50 million users. The data was then used to target American voters with misinformation, fake news and other highly manipulated information by Cambridge Analytica.

Professor Aleksandr Kogan a psychology professor at the University of Cambridge, requested user data from Facebook. Kogan created a research app to be used by psychologist entitled “thisisyourdigitallife.”  

Some 270,000 Facebook users downloaded the app. Each user consented to allow Kogan’s app access to their personal information provided by Facebook. The data included their “Likes,” the city they live in, etc. But what users were not consenting to was giving up the same information on their friends.

According to Facebook Kogan assured the company that the data would be cleansed of identifying information and only used for research purposes. This turned out not to be the case. Kogan shared the dataset with Christopher Wylie of Euonia Technologies and possibly others. Wylie is the whistleblower who blew up the whole scam. More on him later. The two men formed a third company, Global Science Research that, once again, assured Facebook that the data would be anonymized. Global Science Research then proceeded to build out SCL and Cambridge Analytica’s (CA) voter profiles using the data.

Kogan has spoken out claiming that he is being scapegoated. Kogan told BBC Radio 4 Today program of an environment of permissive data-gathering and lax privacy policies. “We thought we were acting perfectly appropriately. We thought we were doing something that was really normal,” said Kogan. “My view is that I’m being basically used as a scapegoat by both Facebook and Cambridge Analytica.”

Cambridge Analytica

Lets get one thing straight before we go any further, CA could easily take the title of Department of Dirty Tricks. They are not the innocent data analysis firm they would have you believe.

According to the TheGuardian.com CA was caught bragging about using honey traps, fake news campaigns and operations with ex-spies to swing election campaigns around the world. CA executives were recorded on hidden camera by British news reporters talking about the dirty tricks they used to help clients.

CA CEO Alexander Nix was recorded telling reporters: “It sounds a dreadful thing to say, but these are things that don’t necessarily need to be true as long as they’re believed.” In addition Nix was known to refer to black clients as “niggers” in internal emails. Emails that were encrypted and programmed to self-destruct.

Nixon has since been suspended from the company and is under investigation.

Now if you want to know how dirty this whole thing gets a former employee of CA told CNN  former White House chief strategist Steve Bannon presided over a program at CA who’s purpose was collecting Facebook data to create voter profiles. CA was a prime data provider to the campaigns of Ted Cruz and Donald Trump.  Trump political appointee, Kelly Rzendzian, also worked at Cambridge Analytica.

Now remember that the original number is still only 270,000 users. Cambridge Analytica took it to the next level by hiring workers on Amazon Mechanical Turk (AMT). This platform allows gig workers, known as turkers, to complete small online tasks for near minimum wage or less. Turkers have been described as “volunteer slave labor.” CA hired these people to complete an online survey. According to the The Intercept’s investigation last year this system worked for Cambridge Analytica. Basically, Cambridge Analytica tricked turkers into a downloading a tool on Facebook that exposed both the worker, and their friends, in exchange for $1 or $2 to complete an online survey. According to the New York Times this trick was a massive success exposing over 50 million Facebook users to data collection.

Now back to Facebook. Andrew Zuckerberg’s company knew about this activity in 2015.  The Guardian reported in 2015 on Cambridge Analytica’s work on U.S. election campaigns. It revealed that the company drew on research “spanning tens of millions of Facebook users, harvested largely without their permission.” Kogan denied this was happening.

This was not a great concern for Facebook until 2015. That year Facebook updated its third-party API.  An API or application programming interface is just a piece of software that allows two software programs to talk to each other. Facebook moved to block access to the kind of massive data sets that Cambridge Analytica was collecting.  Although it drastically limited the data third party apps could access Facebook said nothing to users about the API misuse. Facebook also clamped down on any third-party app requesting more than the usual amount of data like public profile, list of friends, and email addresses from its users. But it all came too late.

After The Guardian published its article, Facebook demanded Global Science Research delete the data taken from Facebook users. Facebook has the right to delete data gathered by any app deemed to be “negatively impacting the platform.” Facebook believed that Kogan and SCL complied. They had not and no one from Facebook followed up.

Christopher Wylie

Christopher Wylie blew the lid off the Facebook/Cambridge Analytica data scandal. Wylie is being cheered for revealing how CA, according to the New York Times and the The Observer of London, of  improperly using and manipulating the Facebook data to influence elections. Wylie told the Observer “We exploited Facebook to harvest millions of people’s profiles. And built models to exploit what we knew about them and target their inner demons.” According to Wylie himself he was the gay Canadian vegan who somehow ended up creating “Steve Bannon’s psychological warfare mindfuck tool”.

Now you know.

 

Breach Brief – TIO Networks

TIO Networks, owned by PayPal has suffered a data breach that may have compromised the personally identifiable  information or PII of up to 1.6 million customers. TIO suspended operations on November 10th to investigate “security vulnerabilities” in its payment platform.

According to PayPal customer information compromised in the breach include names, addresses, bank-account details, Social Security numbers and account login details.

TIO Networks is a Canadian company that processes payments from under served or un-banked communities. In 2016 the company processed more than $7 billion in consumer bills. TIO serves 14 million consumer bill pay accounts. Many of these consumers are poor or receive some form of public assistance using state issued EBT Cards. According to the Federal Deposit Insurance Corporation(FDIC) about 7 percent of the U.S. households are considered un-banked

The company has more than 10,000 supported billers.  TIO allows establishments like  convenience stores, supermarkets and even liquor stores to quickly process payments to  telecom, wireless, cable and utility companies. TIO’s offers more than 900 self-service kiosks and approximately 65,000 retail walk-in locations as well as mobile and web solutions.

PayPal purchased TIO Networks in July for $238 million in cash. According to PayPal its payments platform is not impacted in any way. TIO systems are completely separate from PayPal and PayPal’s customers’ data remains secure.

TIO is working with the companies it services to notify potential victims affected by the breach. These consumers will be contacted directly and receive instructions on how to sign up for credit monitoring offered by PayPal.

 

National Cyber Security Awareness Month – Mobile Security and Accounts

Mobile security of your smartphone or tablet, is not rocket science. You can take simple steps to secure your devices and online accounts that protects you from being an easy target. Let’s start with your passwords.

Passwords

You need to change them and do so on a regular basis. Please don’t be lazy about this simple task. Anyone who knows anything about you can probably guess your password. Especially if you d0 something stupid like use you dog’s name, the street you live on, your favorite shoe designer or sports team. People do these things and, to make it worse, they keep the same password for years. Or, dumber still, they use this same password on all their online accounts. So anyone who guesses it can then take over your life. How do hackers know you well enough to guess your passwords? Facebook! Never, ever, use the same password for multiple online accounts!

Change you passwords at least every six months. Use a lot of numbers and special characters and mix them up good. Your password should look something like this “L*gg46&#wEvF?.” Ugly huh?  And hard to remember too. Well try a password manager. They are easy to use and free. CheckThe Best Free Password Managers of 2017from PC Magazine.com.

Device safety

Do you know what your device is doing? It does all kind of things when you are using it, and when you’re not. Practicing good cyber security means understanding what your device is doing and how to spot trouble and stop it. Take the time to learn all about your mobile device.

Make sure you update your phone’s operating system and apps regularly. Companies are always finding flaws and security issues and they issue updates and patches when they do.

Online accounts

Consider this, any account you have online can be monitored to see what recent activity has occurred.  Ok, so who does not have a Facebook or social media account of some kind?To see what’s happening with your Facebook account click here.  Facebook offers all its users a page that will tell them if someone has been accessing their accounts. If you have a Twitter account click here, for Google click here.  These links will take you to the pages you need to monitor your account activity. Do yourself a favor and bookmark them for future use. It doesn’t take long to check these sites for unusual activity. And check them regularly.

You will also find ways to block any unauthorized activity on your accounts. Some apps and services allow you to set up alerts that come to you via a text message or email when something funny is happening to your accounts. They will also alert you when you log in from a new device or from a different location.

Check your apps

Another thing you need to do is check the app permissions on your phone or tablet. Apps communicate with their maker regularly. Most of the time its things like performance reports if the app crashes or updates. But trust me, it is communicating. You need to understand what your phone is doing and what permissions it has to access your data. Apps can do things like monitor your position using GPS, copy your text messages, access your contacts and spy on you using the on-board camera. Most people don’t realize how much data their phone and the associated apps give away.  Don’t just click on the “accept” link when an app asks for permission to access your phone’s features.  Investigate and ask yourself, why?

 Apps from third party vendors are a good source of trouble. Games, shopping apps, email apps, any app can be malicious. Hackers count on you not looking at the app too closely, especially the part about permissions to access things like your email, camera or GPS. Think it can’t happen to you? Think again!

You should also be aware of a new threat that is hitting mobile devices, it is known as ad and click fraud. It is a direct result of clicking on a link in an email or text message. Clicking on mysterious links is a s good way to introduce malware into your device.

Free Wi-Fi

Set up your phone to ask permission to join open wi-fi networks like you find at Starbucks. These open networks, or free wi-fi, are havens for hackers. When you are traveling make sure you know what the hotel or airport wi-fi name is. A new tactic for hackers is to set up their own wi-fi networks close to or inside the hotel. They give their wi-fi a name similar to that of the hotel’s. If you are not paying attention you might get on a hacker’s wi-fi. Hackers can see everything you do if you are on their phony network and that could be big trouble. Learn to you use a VPN or tether your device to your smartphone for secure Internet access. Better yet, get your own wi-fi hotspot. Many of the major cellphone service providers offer them.

Now you know.

 

National Cyber Security Awareness Month – Smartphones

African-Americans have embraced mobile technology.  According to Pew Research African-Americans are more likely to use mobile technology, smartphones and tablets, to access the Internet than whites. So we should be more aware of how to secure these devices.

I don’t have to tell you that your smartphone is the most valuable and sensitive piece of technology you own. To put it simply; it contains your life. Everyone you know is inside that device. All your passwords are probably saved there along with other sensitive data such as payment information, pictures, banking information and apps, social media apps, email, calendars and schedules and sensitive text messages. Because of all this data your phone is an attractive target to hackers.

Know Where Your Phone is at All Times.

Use the technology available to you to locate you phone or tablet if it should come up missing. Apple users make sure you use theFind My iPhone/Find My iPadfeature of the device. This feature can show you on a map exactly where you device is within a few feet. If you have an Android phone then Google offers  theFind My Deviceservice that can also pinpoint the location of your phone. There are also numerous app that can be used to track your device.

If you realize that your phone is gone for good then you can erase all the data on the device using the “Find My iPhone/Find My iPad” feature and lock the device from anyone using it. The same can be done for Android devices. Lets hope this is never the case but be prepared by knowing how to use these features and backing up your data so it can be easily downloaded to your new device.

The first most important thing you need to do is to keep control of your device at all times. No doubt you have experienced the feeling of losing it if only for a few minutes. Make sure you keep track of it at all times. “Nuff said there.

Be Paranoid!

Did you know that your phone can be hacked? As a matter of fact you probably already have been. First of all, anything that can connect to the Internet can be hacked…period! What makes your phone so vulnerable is that it has the capability to connect to anyone, anywhere in the world, at any time. You need to fear this capability. Be paranoid!

Most phones are hacked by connecting to a wi-fi network. Do you know your phone settings? Is your phone set to connect to any open wi-fi network? If so then you are vulnerable to a hacker. Make sure your phone is set to “Ask” to join an open wi-fi. Think about that when you walk into a Starbucks or Panera Bread or anyplace that offers free wi-fi. Those places are hangouts for hackers. Be paranoid!

Should you have to connect to an open wi-fi avoid doing any sensitive business such as banking. This is what the hacker is waiting for. Any password or credit card information transmitted over an open wi-fi is fair game. Anyone close enough to pick up that open wi-fi signal can be a hacker. Be paranoid!

If your phone is out of date it is vulnerable. Keep your iOS and Android operating system up to date. This means your apps too. Apps and programs that have not updated are a vulnerable. Be paranoid about apps that request unusual permissions. These suspicious apps could ask for access to your camera or your email. Ask yourself why? Keep your phone updated. Do not download apps offered to you via email or text massage. Avoid third party app stores. Don’t respond to unknown text message or click on any links you are not absolutely sure of. This is a form of  social engineering where someone convinces you to do something you shouldn’t.  Be paranoid!

Don’t let strangers use your phone. There is an attack that occurs just by dialing a certain number. Here is the scenario; a stranger approaches you and claims his or her phone is broken or the battery is dead. They have a child or elderly parent waiting to hear from them and they ask to use your phone for a minute. Being the angel you are you allow them. They dial a number and then punch in a code and download malware or app that takes over your phone, monitors your activity and steal your data. Hey, it happens. Don’t be a victim. Be paranoid!

Now you know, October is National Cyber Security Awareness Month.

Breach Brief – Sonic Drive-In

Sonic fast food chain is the latest victim of a major data breach. Sonic, which has 3,600 locations across the country, confirmed they are investigating unusual payment card activity after being informed by their credit card processor last week. The breach could affect as many as five million card holders.

The breach was first reported by Brian Krebs of KrebsOnSecurity.com.  Krebs stated the breach was revealed by a pattern of of fraudulent transactions on cards used at one of the chain’s restaurants. 

Krebs claims he was tipped off by sources from multiple financial institutions. From his post Krebs related that, “Those cards were then found to be part of a cache of five million credit and debit card accounts that were first put up for sale in mid-September on a dark web site called Joker’s Stash, all indexed by city, state and Zip code. “They’re going at a premium, too: between $25 and $50 per card.” Krebs reported that the cards first showed up for sale on September 18th.

Sonic’s Vice President of public relations Christi Woodworth told Krebs that the investigation hasn’t yet uncovered how many cards or which of its stores may be impacted. Woodworth went on to say that the company “…immediately engaged third-party forensic experts and law enforcement when we heard from our processor. While law enforcement limits the information we can share, we will communicate additional information as we are able.”

Recent patrons of the fast food chain should monitor their credit and debit accounts suspicious activity.

ALERT! Equifax Hit by Major Data Breach ALERT!

Equifax, one of the major credit reporting agencies, is the victim of a major data breach affecting over 140 million Americans.  The data lost includes names, Social Security numbers, addresses, birthdays and driver’s license numbers. In addition, credit card numbers of over 200,000 American consumers, and certain dispute documents with personally identifying information for another 182,000 U.S. consumers were also accessed. Equifax reports it has found no evidence of unauthorized activity on its consumer or commercial credit reporting databases.

The breach is considered so serious that Equifax is not only offering credit monitoring for those affected but potentially every American.

Equifax Chairman and CEO Richard Smith said in a statement that the breach was first discovered in July and had been ongoing since May.  According to Smith hackers “exploited a U.S. website application vulnerability to gain access.”

EquifaxSecurity2017.com website has been provided for information about the breach. A statement on the site said, “Regardless of whether your information may have been impacted, we will provide you the option to enroll in TrustedID Premier.”

Equifax has also set up a dedicated call center for consumers with additional questions at 866-447-7559. The call center is open seven days a week from 7:00 a.m.-1:00 a.m. EST.

TrustedID Premier is a service offering from Equifax which includes monitoring of not only it’s own records but that of Experian and Transunion as well. Equifax, Experian and TransUnion make up the big three credit reporting agencies. The service monitors for identity theft and performs Internet scanning for Social Security numbers. The service is free for one year. Using TrustedID Premier consumers also have the ability to lock and unlock Equifax credit reports and obtain identity theft insurance.  Recently Experian began offering a service that scans the dark web for personal information .

Equifax has stated that in addition to notifying law enforcement, it has teamed with a  “leading, independent cybersecurity firm” to investigate the breach but that company has not been named.  The company said their investigation is “substantially complete,” but will continue for a few more weeks.

In a closely related story it has been reported that Equifax executives sold shares in the company worth $2 million.

According to CNBC three executives of Equifax sold the shares days after the data breach was discovered.  The information was revealed in Securities and Exchange Commission filling.

The executives were named as Chief Financial Officer John Gamble Jr., Workforce Solutions president Rodolfo Ploder and U.S. information solutions president Joseph Loughran. The sale of the shares was done on the 1st and 2nd of August. The data breach was discovered by the company on July 29th.

According to Equifax the three executives, “had no knowledge that an intrusion had occurred at the time they sold their shares.”

The SEC declined to comment on the share sales.