Saturday, June 10, 2017
Finding computers to launch DDoS attacks. New technology, failing to consider security.
Thousands of IP Cameras Hijacked by Persirai, Other IoT Botnets
The Persirai backdoor is designed to target more than 1,000 IP camera models, and researchers said there had been roughly 120,000 devices vulnerable to this malware at the time of its discovery several weeks ago.
The malware, which uses a recently disclosed zero-day vulnerability to spread from one hacked IP camera to another, allows its operators to execute arbitrary code on the targeted device and launch distributed denial-of-service (DDoS) attacks.
Trend Micro has determined that of a total of 4,400 IP cameras it tracks in the United States, just over half have been infected with malware. The percentage of infected cameras spotted by the security firm in Japan is nearly 65 percent.
They took the safe and no one noticed?
PULLMAN, Wash., June 9, 2017 — Today, Washington State University (WSU) announced that it is addressing a security incident involving certain community members’ personal information. Though there is no evidence the personal information has been accessed or misused, WSU is notifying impacted individuals and offering free identity protection services to those individuals whose personal information may have been accessed.
On April 21, 2017, WSU learned that a locked safe containing a hard drive had been stolen. The hard drive was used to store backed-up files from a server used by the university’s Social & Economic Sciences Research Center (SESRC). Immediately upon learning of the theft, WSU initiated an internal review and notified local law enforcement. On April 26, WSU confirmed that the stolen hard drive contained personal information from some survey participants and, as a result, the university retained a leading computer forensics firm to assist in the investigation.
The drive contained documents that included personal information from survey participants, such as names, Social Security numbers and, in some cases, personal health information.
… The university is taking steps to help prevent this type of incident from happening again. These steps include strengthening WSU’s information technology operations by completing a comprehensive assessment of IT practices and policies, improving training and awareness for university employees regarding best practices for handling data, and employing best practices for the delivery of IT services.
SOURCE Washington State University
Reactive vs proactive. I doubt they reimbursed Bangladesh or any other victim, but they did finally invest in security.
Costs of Bank Cyber Thefts Hit SWIFT Profit Last Year
Hackers stole $81 million from the Bangladesh central bank in February last year after gaining access to its SWIFT terminal and the emergence of other successful and unsuccessful hacks rocked faith in a system previously seen as totally secure.
Despite this, traffic increased on the network last year, hitting an all time peak in June of over 30 million messages.
SWIFT's 2016 profit before tax and rebates to its owner-customers fell by 31 percent to 47 million euros ($53 million), following additional investments in security, the co-operative said in its annual report published on Friday.
Chairman Yawar Shah said that Belgium-based SWIFT -- the Society for Worldwide Interbank Financial Telecommunication -- had linked management goals and incentives to security targets. [Increasingly common. Bob]
SWIFT, which was criticized by some former staff and customers for failing to have spotted weaknesses in its customers' operating practices, has expanded its security teams and developed new tools to help clients monitor transactions and spot anomalies.
Its ability to pre-empt attacks was limited by its customers’ historic failure to share information about hacks, SWIFT said.
A trend, yet not a tidal wave.
Melinda L. McLellan and Robyn M. Feldstein write:
Effective July 23, 2017, Washington will join Illinois and Texas as the third U.S. state to impose statutory restrictions on how businesses collect, use, disclose and retain biometric information. House Bill 1493 applies to entities that “enroll a biometric identifier in a database for a commercial purpose” and includes requirements to provide notice to individuals and obtain their affirmative consent, both prior to enrollment and if the business seeks to sell, lease or otherwise disclose the identifier to a third party.
The new law does not prescribe the exact form of notice and consent, making clear those processes are “context-dependent,” and notably, there is no specific requirement that consent must be written.
Read more on BakerHostetler Data Privacy Monitor.
Yet another sensor placed on a fleet of cars. What else could we detect or measure?
Researchers Use Ridesharing Cars to Sniff Out a Secret Spying Tool
… For two months last year, researchers at the University of Washington paid drivers of an unidentified ridesharing service to keep custom-made sensors in the trunks of their cars, converting those vehicles into mobile cellular data collectors. They used the results to map out practically every cell tower in the cities of Seattle and Milwaukee—along with at least two anomalous transmitters they believe were likely stingrays, located at the Seattle office of the US Customs and Immigration Service, and the Seattle-Tacoma Airport.
… "We wondered, how can we scale this up to cover an entire city?" says Peter Ney, one of the University of Washington researchers who will present the study at the Privacy Enhancing Technology Symposium in July. He says they were inspired in part by the notion of "wardriving," the old hacker trick of driving around with a laptop to sniff out insecure Wi-Fi networks. "Actually, cars are a really good mechanism to distribute our sensors around and cast a wide net."
Perspective. From a 16th Century postal service to oblivion in a mere 400 years?
Chicago cabbies say industry is teetering toward collapse
Cabbies have long grumbled that the sky is falling as they lose ground to ride-sharing companies. Now, cabbies in Chicago are pointing to new data that suggests the decline could be speeding up.
About 42% of Chicago’s taxi fleet was not operating in the month of March, and cabbies have seen their revenue slide for their long-beleaguered industry by nearly 40% over the last three years as riders are increasingly ditching cabs for ride-hailing apps Uber, Lyft and Via, according to a study released Monday by the Chicago cab drivers union.
More than 2,900 of Chicago’s nearly 7,000 licensed taxis were inactive in March 2017 — meaning they had not picked up a fare in a month, according to the Cab Drivers United/AFSCME Local 2500 report. The average monthly income per active medallion — the permit that gives cabbies the exclusive right to pick up passengers who hail them on the street — has dipped from $5,276 in January 2014 to $3,206 this year.
Strange, neither the White House nor Congress is on the list.