Tuesday, November 29, 2016

The best laid hacks o' mice an' men / Gang aft a-gley.”  Robert Burns
Deutsche Telekom outage seen as part of broader internet attack
An attempt to hijack consumer router devices for a wider internet attack caused network outages that hit hundreds of thousands of Deutsche Telekom customers in Germany, a company executive said.
   The outages appeared to be tied to a botched attempt to commandeer customers' routers to disrupt internet traffic, according to Deutsche Telekom's head of IT security and the German Office for Information Security (BSI).
The BSI said the attack had also targeted the German government's network but had failed because defensive measures had proved effective.
   The attack involved Mirai, malicious software designed to turn network devices into remotely controlled "bots" that can be used to mount large-scale network attacks.

Apparently they monitor their systems well enough to know how this happened and what was accessed.  Impressive!  
Steve Ragan reports:
The person claiming responsibility for the attack on San Francisco’s MUNI says the SFMTA has lax security, and warns that if the ransom isn’t paid, they’ll release 30GB of compromised data.
The demands follow a weekend of headaches for SFMTA, after MUNI was targeted shortly before the Thanksgiving holiday, resulting in systems that were encrypted and held for a $73,000 ransom.
On Sunday, Salted Hash revealed that 2,112 MUNI systems were infected with hard drive encrypting malware.
Read more on Salted Hash.
Note that Threatpost was able to subsequently obtain a statement from SF MUNI.  Tom Spring reports:
Paul Rose, a San Francisco Municipal Transportation Agency spokesperson told Threatpost in a statement that the attackers’ allegations are false and that no customer privacy or transaction information was compromised.  “We have never considered paying ransom and don’t intend to.  The attack did not penetrate our firewalls and we are able to restore systems through the work of internal staff,” Rose said.
Read more on Threatpost.

San Francisco Rail System Hacker Hacked
   On Monday, KrebsOnSecurity was contacted by a security researcher who said he hacked this very same cryptom27@yandex.com inbox after reading a news article about the SFMTA incident.  The researcher, who has asked to remain anonymous, said he compromised the extortionist’s inbox by guessing the answer to his secret question, which then allowed him to reset the attacker’s email password.  A screen shot of the user profile page for cryptom27@yandex.com shows that it was tied to a backup email address, cryptom2016@yandex.com, which also was protected by the same secret question and answer.
   The server used to launch the Oracle vulnerability scans offers tantalizing clues about the geographic location of the attacker.  That server kept detailed logs about the date, time and Internet address of each login.  A review of the more than 300 Internet addresses used to administer the server revealed that it has been controlled almost exclusively from Internet addresses in Iran.  Another hosting account tied to this attacker says his contact number is +78234512271, which maps back to a mobile phone provider based in Russia.
But other details from the attack server indicate that the Russian phone number may be a red herring.

David A. Zetoony, Joshua A. James, Jena M. Valdetero, and Christopher M. Achatz of Bryan Cave provide an overview of significant differences between U.S. breach notification laws and the EU’s General Data Protection Regulation (“GDPR”). Here’s a snippet from their analysis:
That said, there are several significant differences including:
1.      Type of Information Governed.  Data breach notification laws in the United States apply only to enumerated types of data that are considered particularly sensitive such as Social Security Numbers, financial account numbers, or driver’s license numbers.  The GDPR’s breach notification provision applies to all types of “personal data” – a term that is defined as “any information relating to identified or identifiable natural person (data subject).”5
2.      Materiality Threshold For Government Notification.  Some breach notification laws in the United States only require notification if the breach is “material” (g., it compromises confidentiality, security, or privacy of an individual).  The GDPR’s breach notification provision requires notifying a government agency (i.e., relevant Data Protection Authority) unless the breach is not likely to result in a risk of the “rights” of individuals.6
Read more on Bryan Cave.

Fortunately, these cases will average only three minutes each under President Trump! 
Immigration Now 52 Percent of All Federal Criminal Prosecutions
by Sabrina I. Pacifici on Nov 28, 2016
Transactional Records Access Clearinghouse: “Immigration remains the major focus of all federal criminal enforcement efforts.  The latest available data show that criminal prosecutions for illegal entry, illegal re-entry, and similar immigration violations made up 52 percent of all federal prosecutions in FY 2016.  During the 12 months ending September 30, immigration prosecutions totaled 69,636.  This number compares with just 63,405 prosecutions for all other federal crimes — including drugs, weapons, fraud, and violations of the thousands of other criminal provisions that the federal government is responsible for enforcing
For additional details including figures for top ten districts and most common lead charges, see full report at: http://trac.syr.edu/tracreports/crim/446/”

Not sure I believe this one.  Perhaps my geeks can build a working model to test…
Anti-drone gun takes down targets from 1.2 miles away
There are numerous systems built to take down wayward or dangerous drones, but they tend to have one big catch: you need to be relatively close to the drone, which could be scary if the robotic aircraft is packing explosives.  DroneShield thinks it can help.  It's introducing the DroneGun, a jammer that disables drone signals (including GPS and GLONASS positioning) from as far as 1.2 miles away.  Like most rivals, it doesn't destroy the target drone -- it just forces the vehicle to land or return to its starting point.  Anti-drone teams can not only disable threats from a safe distance, but potentially locate their pilots.

No comments: