Deutsche Telekom outage seen as part of broader internet
attack
An attempt to hijack consumer router devices for a wider
internet attack caused network outages that hit hundreds of thousands of
Deutsche Telekom customers in Germany, a company executive said.
… The
outages appeared to be tied to a botched attempt to commandeer customers'
routers to disrupt internet traffic, according to Deutsche Telekom's head of IT
security and the German Office for Information Security (BSI).
The BSI said the attack had also targeted the German
government's network but had failed because defensive measures had proved
effective.
… The
attack involved Mirai, malicious software designed to turn network devices into
remotely controlled "bots" that can be used to mount large-scale
network attacks.
Apparently they monitor their systems well enough to know how
this happened and what was accessed. Impressive!
Steve Ragan reports:
The person claiming
responsibility for the attack on San Francisco’s MUNI says the SFMTA has lax
security, and warns that if the ransom isn’t paid, they’ll release 30GB of
compromised data.
The demands follow a weekend of
headaches for SFMTA, after MUNI was targeted shortly before the Thanksgiving
holiday, resulting in systems that were encrypted and held for a $73,000
ransom.
On Sunday, Salted Hash revealed that 2,112 MUNI systems were infected with
hard drive encrypting malware.
Read more on Salted
Hash.
Note that Threatpost was able to subsequently
obtain a statement from SF MUNI. Tom
Spring reports:
Paul Rose, a San Francisco
Municipal Transportation Agency spokesperson told Threatpost in a statement
that the attackers’ allegations are false and that no customer privacy or
transaction information was compromised. “We have never considered paying ransom and
don’t intend to. The attack did not
penetrate our firewalls and we are able to restore systems through the work of
internal staff,” Rose said.
Read more on Threatpost.
(Related)
San Francisco Rail System Hacker Hacked
… On Monday,
KrebsOnSecurity was contacted by a security researcher who said he hacked this
very same cryptom27@yandex.com inbox after reading a news article about the
SFMTA incident. The researcher,
who has asked to remain anonymous, said he compromised the extortionist’s
inbox by guessing the answer to his secret question, which then allowed him to
reset the attacker’s email password. A
screen shot of the user profile page for cryptom27@yandex.com shows that it was
tied to a backup email address, cryptom2016@yandex.com, which also
was protected by the same secret question and answer.
… The server used
to launch the Oracle vulnerability scans offers tantalizing clues about the
geographic location of the attacker. That
server kept detailed logs about the date, time and Internet address of each
login. A review of the more than 300
Internet addresses used to administer the server revealed that it has been
controlled almost exclusively from Internet addresses in Iran. Another hosting account tied to this attacker
says his contact number is +78234512271, which maps back to a mobile phone provider
based in Russia.
But other details from the attack server indicate that the
Russian phone number may be a red herring.
Interesting?
David A. Zetoony, Joshua A. James, Jena M.
Valdetero, and Christopher M. Achatz of Bryan Cave provide an
overview of significant differences between U.S. breach notification laws
and the EU’s General Data Protection Regulation (“GDPR”). Here’s a
snippet from their analysis:
That said, there are several significant differences
including:
1. Type
of Information Governed. Data
breach notification laws in the United States apply only to enumerated types of
data that are considered particularly sensitive such as Social Security
Numbers, financial account numbers, or driver’s license numbers. The GDPR’s breach notification provision
applies to all types of “personal data” – a term that is defined as “any
information relating to identified or identifiable natural person (data
subject).”5
2. Materiality
Threshold For Government Notification. Some breach notification laws in the United
States only require notification if the breach is “material” (g., it
compromises confidentiality, security, or privacy of an individual). The GDPR’s breach notification provision
requires notifying a government agency (i.e., relevant Data Protection
Authority) unless the breach is not likely to result in a risk of the “rights”
of individuals.6
Read more on Bryan
Cave.
Fortunately, these cases will average only three minutes
each under President Trump!
Immigration Now 52 Percent of All Federal Criminal
Prosecutions
by Sabrina
I. Pacifici on Nov 28, 2016
Transactional Records Access Clearinghouse: “Immigration
remains the major focus of all federal criminal enforcement efforts. The latest available data show that criminal
prosecutions for illegal entry, illegal re-entry, and similar immigration
violations made up 52 percent of all federal prosecutions in FY 2016. During the 12 months ending September 30,
immigration prosecutions totaled 69,636. This number compares with just 63,405
prosecutions for all other federal crimes — including drugs, weapons, fraud,
and violations of the thousands of other criminal provisions that the federal
government is responsible for enforcing
For additional details including figures for top ten
districts and most common lead charges, see full report at: http://trac.syr.edu/tracreports/crim/446/”
Not sure I believe this one. Perhaps my geeks can build a working model to
test…
Anti-drone gun takes down targets from 1.2 miles away
There are numerous systems built to take
down wayward or dangerous drones, but they tend to have one big catch: you
need to be relatively
close to the drone, which could be scary if the robotic aircraft is packing
explosives. DroneShield thinks it
can help. It's introducing the DroneGun, a jammer that
disables drone signals (including GPS and GLONASS positioning) from as far as
1.2 miles away. Like most rivals, it
doesn't destroy the target drone -- it just forces the vehicle to land or
return to its starting point. Anti-drone
teams can not only disable threats from a safe distance, but potentially locate
their pilots.
No comments:
Post a Comment