Tag Archives: Motherboard.com

Breach Brief – T-Mobile

Mobile phone service provider T-Mobile has announced a data breach of its customer information.

According to a post on  the carrier’s website  the hack was discovered on August 20 by its cybersecurity team. The team shut down unauthorized access to certain information and T-Mobile quickly reported the incident to authorities. T-Mobile reported that the attackers did not get access to financial information, social security numbers, or passwords. However  the company did admit that some personal information may have been compromised including name, billing zip code, phone number, email address, account number and account type.

In a statement T-Mobile said, “Out of an abundance of caution, we wanted to let you know about an incident that we recently handled that may have impacted some of your personal information. We take the security of your information very seriously and have a number of safeguards in place to protect your personal information from unauthorized access. We truly regret that this incident occurred and are so sorry for any inconvenience this has caused you.”

T-Mobile did not report any exact number of customers affected by the breach.  But a spokesperson for the company told Motherboard that it impacted roughly  “3 percent” of its 77 million customers amounting to around two million people. “Fortunately not many,” the spokesperson said in a text message, adding she could not say the exact number, reported Motherboard.

T-Mobile is the third largest cell service provider in the U.S. with 77 million customers. The company has about half the customers of Verizon and AT&T  with 152 million and 147 million customers respectively.

Breach Brief – Ticketfly, MyHeritage

Concert ticketing service Ticketfly reported last week that it was hit by a major data breach involving the personal information of 26 million customers.

According to Ticketfly “some customer information has been compromised including names, addresses, emails, and phone numbers.” Tech news blog Engadget reported that the hacker behind the attack has uploaded much of the data to a public server and is threatening to release more.

Prior to the breach Ticketfly was warned of a flaw in its systems by the hacker. According to Motherboard.com the hacker notified Ticketfly then requested a ransom of one bitcoin in exchange for a fix. When the ransom was not paid as requested Ticketfly suffered the consequences.

Ticketfly has not said if customer’s credit card information and passwords has been compromised. However, the hacker has threatened to release more information if the ransom is not paid.

At the time this article was written the website is back online. Ticketfly is owned by San Francisco based Eventbrite.

MyHeritage.com

 

 

 

MyHeritage, an Israeli based genealogy and DNA testing service, has suffered a major data breach of its user information. According to a MyHeritage statement over 92 million customer account details were found on a server outside of MyHeritage. The data is that of of people who signed up to use the service right up to the day of the breach, October 26, 2017.

MyHeritage stated that the chief information security officer “received a message from a security researcher that he had found a file named myheritage containing email addresses and hashed password, on a private server.” Hashed passwords are encrypted representations of passwords. This means companies don’t have to store the actual password on their network but, depending on the algorithm used, hackers could still crack them.

MyHeritage claims that no other user data, such as credit cards, were compromised and DNA data are stored separate systems.

Net Neutrality War Rages On!

On April 23rd of 2018 net neutrality will die. The FCC ruling will take affect and the Internet as we know it will change dramatically. There is a lot that could happen between now and then so the war against the ruling rages on.

Image courtesy of Sira Anamwong

Lies were told.

The U.S. Government Accountability Office (GAO) is investigating claims that millions of comments provided to the Federal Communications Commission (FCC) in support of the repeal were fake. The GAO is looking into the claim that the comments were made by bots impersonating real people.

One study estimated that removing the fake comments left 98.5 percent majority against the FCC’s repeal. According to Emprata.com “The lack of user authentication by the Electronic Comments Filing System (ECFS) makes it difficult to determine ‘genuine’ comment submissions.”

Emprata.com also pointed out that, “9.93 million comments were filed from submissions listing the same physical address and email, indicating that many entities filed multiple comments. This was more prevalent in comments against repeal of Title II (accounting for 82% of the total duplicates), with a majority of duplicate comments associated with email domains from FakeMailGenerator.com.”

ARS Technica did an analysis of the comments and found that hundreds of comments were filed with identical time stamps. Other evidence indicated that others were posted at a steady rate, “unlike the way humans would send in comments.” Others were considered suspicious because the were in all caps indicating they may have been generated or submitted from a database.

The fake comments were so blatant and obvious that even Barack Obama of 1600 Pennsylvania Avenue was listed as commenting in favor of repealing net neutrality.

The FCC, under the command of Ajit Pai has steadfastly refused to investigate this evidence or hear from others who have complained of the fake comments.

Another lie that came from the net neutrality war was that the Obama administration put pressure on the FCC to maintain net neutrality. The FCC’s own investigation proved otherwise. Motherboard.com obtained a copy of the investigation’s findings via the Freedom of Information Act. Reaching back to 2015 FCC investigators reviewed at least 600,000 emails from all five commissioners seeking evidence indicating the Obama White House pressured the FCC. The report’s final summary reads as follows;

“In conclusion, we found no evidence of secret deals, promises or threats from anyone outside the Commission, nor any evidence of any other improper use of power to influence the FCC decision-making process. To the contrary, it appears that to the extent entities outside of the Commission sought to influence the process, the positions were made known in the record, in full view of all.”

The rebellion inside the FCC.

As you probably already know the Democratic members of the FCC have been vociferous about their opposition to the repeal of net neutrality. But they are not alone among those inside the FCC who oppose the ruling.

The FCC’s own Chief Technology Officer, Eric Burger, who was appointed by Chairman Pai in October, pointed out that the repeal could allow internet service providers (ISP) to block or throttle specific websites. In an email Burger said “Unfortunately, I realize we do not address that at all. Burger went on to say, “If the ISP is transparent about blocking legal content, there is nothing the Federal Trade Commission can do about it unless the FTC determines it was done for anti-competitive reasons. Allowing such blocking is not in the public interest.”

States Rebel

Regardless of the FCC effort to rollback net neutrality it appears that states have declared an open rebellion to the new rule. According to the Supremacy Clause in the U.S. Constitution federal law wins if state laws conflict with federal laws. But several states have take it upon themselves to fight for net neutrality Supremacy Clause be damned!

Currently more that half of the states are setting their own net neutrality protections. California, New York, Montana, Hawaii, and Vermont have all passed legislation that is intended to protect net neutrality. According to the FCC states aren’t allowed to pass their own net neutrality laws.  But that hasn’t stopped them. At least 21 states have sued the FCC to restore its original rules.

Most recently Nebraska, a state glowing Republican red, has also struck back at the the ruling. State Sen. Adam Morfeld (D) introduced legislation to establish net neutrality regulations in law on the state level.  Morfeld’s bill prevents broadband providers from slowing down or blocking internet content and from cutting deals with content companies to give them faster connection speeds. It should be noted that this is just a bill and not yet law.

In Montana the governor, Steve Bullock, a Democrat, issued an executive order in January making ISPs who do not observe net neutrality ineligible for state contracts. This move is intended to preserve net neutrality in the state without passing any law that violates the Supremacy Clause. New York Governor Andrew Cuomo signed a similar order.

Currently there are 21 states and various interest groups that have launched legal challenges to the FCC ruling. In Congress there are currently 50 votes to block the net neutrality rule, one short of the number needed to stop it. The war rages on.

Breaking It Down.

If anyone thinks that the end of net neutrality is near think again. This issue will be fought all the way into the mid-term elections and even the next presidential election. There are just too many questions around the legitimacy of the decision. For such an unpopular decision to take affect is mind boggling. Even if the decision stands, which I doubt very seriously, the states are basically going to undermine it. They have already begun to institute rules forcing the ISP to disregard the new FCC ruling. It it won’t stop there. The big telecoms are playing a game of chicken with the market. Let me explain. The big ISPs and cell service providers were living fat and happy with the cellphone market firmly in their grasp. The had consumers locked up with long term contracts and high rates. Then along came the little guys with a better deal. They were forced to bow to market pressure and now the rates are pretty cheap and the contracts are gone. Same for cable television. They got too expensive and now everybody is cutting the cord. The Internet is the only game left in the telecommunications sector. The big ISPs can start throttling data or blocking websites if they want to. But how long before some small company starts screaming, “NO THROTTLING AND NO BLOCKED WEBSITES!  in their advertising. And before long the game is back where it started. What I am saying is that big ISPs are going to fold. There will be a lot more and a lot smaller ISPs taking over the market soon. The big companies need to move on to something else.

 

 

 

Breach Brief – FBI, DHS

Seal_of_the_United_States_Department_of_Justice.svgThe personal information of nearly 30,000 federal employees, including FBI employees may have been compromised. 

According to Motherboard.com an anonymous hacker used a compromised Department of Justice email account to gain access to the department’s intranet. Using this access the hacker allegedly downloaded the personal information of more than 20,000 FBI employees and roughly 9,000 Department of Homeland Security employees. The hacker is threatening to release the information.

The compromised information includes names, job titles, e-mail addresses, and phone numbers. The attack targeted not only DHS employees, but also individuals listed as agency contractors. Other DHS staffers, such as analysts, special agents, and technicians, were also targeted.

The hacker obtained specific information to access the system by using social engineering methods while pretending to be a new employee needing assistance. The hacker claimed to be a Palestinian sympathizer who wants the U.S. to sever ties with Isreal.

A spokesman for the  Justice Department said the information doesn’t appear to include any sensitive personal details. The agency is investigating potential unauthorized access of one of its systems. A Homeland security spokesman said it’s also looking into the alleged disclosure of employee contact information. There is no statement from the FBI.