MORE TO COME? | SWIFT warns banks on cyber heists as hack sophistication grows

SWIFT, the global messaging system used to move trillions of dollars each day, warned banks on Wednesday that the threat of digital heists is on the rise as hackers use increasingly sophisticated tools and techniques to launch new attacks.

Brussels-based SWIFT has been urging banks to bolster security of computers used to transfer money since Bangladesh Bank lost $81 million in a February 2016 cyber heist that targeted central bank computers used to move funds. The new warning provided detail on some new techniques being used by the hackers.

“Adversaries have advanced their knowledge,” SWIFT said in a 16-page report co-written with BAE Systems Plc’s cyber security division. “No system can be assumed to be totally infallible, or immune to attack.”

SWIFT has declined to disclose the number of attacks, identify victims or say how much money has been stolen. Still, details on some cases have become public.

Taiwan’s Central News Agency last month reported that Far Eastern International Bank lost $500,000 in a cyber heist. BAE later said that attack was launched by a North Korean hacking group known as Lazarus, which many cyber-security firms believe was behind the Bangladesh case.

Nepal’s NIC Asia Bank lost $580,000 in a cyber heist, two Nepali officials told Reuters earlier this month.

The new report described an attack on an unidentified bank. Hackers spent several months inside the network of one customer, preparing for the eventual attack by stealing user credentials and monitoring the bank’s operations using software that recorded computer keystrokes and screenshots, the report said.

When they launched the attack in the middle of the night, the hackers installed additional malware that let them modify messaging software so they could bypass protocols for confirming the identity of the computer’s operator, according to the report.

The hackers then ordered payments sent to banks in other countries by copying pre-formatted payment requests into the messaging software, according to the report.

After the hackers ended the three-hour operation, they sought to hide their tracks by deleting records of their activity. They also tried to distract the bank’s security team by infecting dozens of other computers with ransomware that locked documents with an encryption key, the report said.

While SWIFT did not say how much money was taken, it said the bank quickly identified the fraudulent payments and arranged for the stolen funds to be frozen.

source: interaksyon.com

Hackers target ‘Game of Thrones’; data, script stolen — HBO

NEW YORK — U.S. cable channel HBO said on Monday that hackers had stolen upcoming programming, and Entertainment Weekly reported that the theft included a script for an unaired episode of the hit fantasy show “Game of Thrones”.

HBO, a unit of Time-Warner Inc, declined to comment on the specific programming stolen in the hack.

“As most of you have probably heard by now, there has been a cyber incident directed at the company which has resulted in some stolen proprietary information, including some of our programming,” HBO Chairman Richard Plepler wrote in a message to employees, which the company shared with reporters.

The company declined to comment on reports that unbroadcast episodes and scripts were among the data hacked, citing an “ongoing investigation” by unspecified law enforcement officials.

Entertainment Weekly reported that hackers stole 1.5 terabytes of data and had already posted online unbroadcast episodes of “Ballers” and “Room 104,” along with “a script or treatment” for next week’s episode of “Game of Thrones”.

Reuters also received an e-mail on Sunday from a person claiming to have stolen HBO data, including “Game of Thrones”.

The show is now in its seventh season and due to wrap up next year.

source: interaksyon.com

Cyberattack sweeps globe, researchers see ‘WannaCry’ link

MOSCOW/KIEV/WASHINGTON — A major global cyberattack on Tuesday disrupted computers at Russia’s biggest oil company, Ukrainian banks and multinational firms with a virus similar to the ransomware that last month infected more than 300,000 computers.

The rapidly spreading cyber extortion campaign underscored growing concerns that businesses have failed to secure their networks from increasingly aggressive hackers, who have shown they are capable of shutting down critical infrastructure and crippling corporate and government networks.

It included code known as “Eternal Blue,” which cyber security experts widely believe was stolen from the U.S. National Security Agency and was also used in last month’s ransomware attack, named “WannaCry.”

“Cyberattacks can simply destroy us,” said Kevin Johnson, chief executive of cyber security firm Secure Ideas. “Companies are just not doing what they are supposed to do to fix the problem.”

The ransomware virus crippled computers running Microsoft Corp’s Windows by encrypting hard drives and overwriting files, then demanded $300 in bitcoin payments to restore access. More than 30 victims paid into the bitcoin account associated with the attack, according to a public ledger of transactions listed on blockchain.info.

Microsoft said the virus could spread through a flaw that was patched in a security update in March.

“We are continuing to investigate and will take appropriate action to protect customers,” a spokesman for the company said, adding that Microsoft antivirus software detects and removes it.

Russia and Ukraine were most affected by the thousands of attacks, according to security software maker Kaspersky Lab, with other victims spread across countries including Britain, France, Germany, Italy, Poland and the United States. The total number of attacks was unknown.

Security experts said they expected the impact to be smaller than WannaCry since many computers had been patched with Windows updates in the wake of WannaCry last month to protect them against attacks using Eternal Blue code.

Still, the attack could be more dangerous than traditional strains of ransomware because it makes computers unresponsive and unable to reboot, Juniper Networks said in a blog post analyzing the attack.

Researchers said the attack may have borrowed malware code used in earlier ransomware campaigns known as “Petya” and “GoldenEye.”

Following last month’s attack, governments, security firms and industrial groups aggressively advised businesses and consumers to make sure all their computers were updated with Microsoft patches to defend against the threat.

The U.S. Department of Homeland Security said it was monitoring the attacks and coordinating with other countries. It advised victims not to pay the extortion, saying that doing so does not guarantee access will be restored.

In a statement, the White House National Security Council said there was currently no risk to public safety. The United States was investigating the attack and determined to hold those responsible accountable, it said.

The NSA did not respond to a request for comment. The spy agency has not publicly said whether it built Eternal Blue and other hacking tools leaked online by an entity known as Shadow Brokers.

Several private security experts have said they believe Shadow Brokers is tied to the Russian government, and that the North Korean government was behind WannaCry. Both countries’ governments deny charges they are involved in hacking.

WATCH THE REUTERS TV REPORT:


The first attacks were reported from Russia and Ukraine.

Russia’s Rosneft, one of the world’s biggest crude producers by volume, said its systems had suffered “serious consequences,” but added oil production had not been affected because it switched over to backup systems.

Ukrainian Deputy Prime Minister Pavlo Rozenko said the government’s computer network went down and the central bank reported disruption to operations at banks and firms including the state power distributor.

Danish shipping giant A.P. Moller-Maersk said it was among the victims, reporting outages at facilities including its Los Angeles terminal.

WPP, the world’s largest advertising agency, said it was also infected. A WPP employee who asked not to be named said that workers were told to shut down their computers: “The building has come to a standstill.”

A Ukrainian media company said its computers were blocked and it was asked to pay $300 in the crypto-currency bitcoin to regain access.

“Perhaps you are busy looking for a way to recover your files, but don’t waste your time. Nobody can recover your files without our decryption service,” the message said, according to a screenshot posted on Ukraine’s Channel 24.

Russia’s central bank said there were isolated cases of lenders’ IT systems being infected. One consumer lender, Home Credit, had to suspend client operations.

Other companies that identified themselves as victims included French construction materials firm Saint Gobain, U.S. drugmaker Merck & Co.  and Mars Inc.’s Royal Canin pet food business.

India-based employees at Beiersdorf, makers of Nivea skin care products, and Reckitt Benckiser, which owns Enfamil and Lysol, told Reuters the ransomware attack had impacted some of their systems in the country.

Western Pennsylvania’s Heritage Valley Health System’s entire network was shut down by a cyber attack on Tuesday, according to local media reports.

Last’s month’s fast-spreading WannaCry ransomware attack was crippled after a 22-year-old British security researcher Marcus Hutchins created a so-called “kill switch” that experts hailed as the decisive step in slowing the attack.

Security experts said they did not believe that the ransomware released on Tuesday had a kill switch, meaning that it might be harder to stop.

Ukraine’s cyber police said on Twitter that a vulnerability in software used by MEDoc, a Ukrainian accounting firm, may have been an initial source of the virus, which researchers including cyber intelligence firm Flashpoint said could have infected victims via an illegitimate software update.

In a Facebook post, MEDoc confirmed it had been hacked but denied responsibility for originating the attack.

An adviser to Ukraine’s interior minister said earlier in the day that the virus got into computer systems via “phishing” emails written in Russian and Ukrainian designed to lure employees into opening them.

According to the state security agency, the emails contained infected Word documents or PDF files as attachments.

Following is a list of companies and organizations that have reported being hit by cyberattacks:

ROSNEFT

Russia’s top oil producer Rosneft said its servers had been hit been a large-scale cyberattack but its oil production was unaffected.

A.P. MOLLER-MAERSK

Danish shipping giant A.P. Moller-Maersk, which handles one out of seven containers shipped globally, said a cyberattack had caused outages at its computer systems across the world.

Maersk’s port operator APM Terminals was also hit. Dutch broadcaster RTV Rijnmond reported that 17 shipping container terminals run by APM Terminals had been hacked, including two in Rotterdam and 15 in other parts of the world.

WPP

Britain’s WPP, the world’s biggest advertising company, said computer systems within several of its agencies had been hit by a suspected cyberattack.

MERCK & CO

Pharmaceutical company Merck & Co. said in a tweet its computer network was compromised as part of a global hack.

RUSSIAN BANKS

Russia’s central bank said there had been “computer attacks” on Russian banks and that in isolated cases their IT systems had been infected.

All Russian branches of Home Credit consumer lender are closed because of a cyberattack, an employee of a Home Credit call center in Russia said.

UKRAINIAN BANKS, POWER GRID

A number of Ukrainian banks and companies, including the state power distributor, were hit by a cyberattack that disrupted some operations, the Ukrainian central bank said.

UKRAINIAN INTERNATIONAL AIRPORT

Yevhen Dykhne, director of the capital’s Boryspil Airport, said it had been hit. “In connection with the irregular situation, some flight delays are possible,” Dykhne said in a post on Facebook.

SAINT GOBAIN

French construction materials company Saint Gobain said it had been a victim of a cyberattack, and it had isolated its computer systems to protect data.

DEUTSCHE POST

German postal and logistics company Deutsche Post said systems of its Express division in the Ukraine have in part been affected by a cyberattack.

METRO

Germany’s Metro said its wholesale stores in the Ukraine had been hit by a cyberattack and the retailer was assessing the impact.

MONDELEZ INTERNATIONAL

Food company Mondelez International said employees in different regions were experiencing technical problems but it was unclear whether this was due to a cyberattack.

TNT EXPRESS

The Netherlands-based shipping company said it was experiencing interference with some of its systems, following a global ransomware attack.

EVRAZ

Russian steelmaker Evraz said its information systems had been hit by a cyberattack but its output was not affected.

NORWAY

A ransomware cyberattack is taking place in Norway and is affecting an unnamed international company, the Nordic country’s national security authority.

MARS INC

A unit of candy manufacturer Mars Inc. has been targeted by cyber attackers, and the company has isolated the issue, a spokeswoman for the company said.

BEIERSDORF AG

India-based employees at Beiersdorf AG, the maker of Nivea skincare products, told Reuters the ransomware attack had impacted some of the company’s systems in the country. The extent of the impact was unclear and Beiersdorf, which is based in Germany, could not be reached immediately for comment in India.

RECKITT BENCKISER

The Indian unit of British consumer goods company Reckitt Benckiser Group Plc, which owns brands such as Enfamil, Dettol and Lysol, was also hit by the ransomware attack, employees in India told Reuters. The extent of the impact on its systems was not immediately clear and the company could not be reached for comment in India.

source: interaksyon.com

Evictions, sanctions as US strikes back at Russia over election hacks

HONOLULU/WASHINGTON -- President Barack Obama ordered the expulsion of 35 Russian suspected spies and imposed sanctions on two Russian intelligence agencies over their involvement in hacking US political groups in the 2016 presidential election.

The measures, taken during the last days of Obama's presidency, mark a new post-Cold War low in US-Russian ties which have deteriorated over Ukraine and Syria.

Allegations by US intelligence agencies that Russian President Vladimir Putin personally directed efforts to intervene in the US election process by hacking mostly Democrats have made relations even worse.

"These actions follow repeated private and public warnings that we have issued to the Russian government, and are a necessary and appropriate response to efforts to harm US interests in violation of established international norms of behavior," Obama said in a statement from vacation in Hawaii.

It was not immediately clear whether President-elect Donald Trump, who has repeatedly praised Putin and nominated people seen as friendly toward Moscow to senior administration posts, would seek to roll back the measures once he takes office on January 20.

The Kremlin, which denounced the sanctions as unlawful and promised "adequate" retaliation, questioned whether Trump approved of the new sanctions. Moscow denies the hacking allegations.

US intelligence agencies say Russia was behind hacks into Democratic Party organizations and operatives ahead of the November 8 presidential election. US intelligence officials also say that the Russian cyberattacks were aimed at helping Trump, a Republican, defeat Democrat Hillary Clinton.

Trump has rejected that conclusion and said on Wednesday that "we ought to get on with our lives," when asked about possible tough sanctions for the cyberattacks.

Should Trump seek to overturn Obama's measures, he would likely encounter wide bipartisan Congressional opposition.

US House of Representatives Speaker Paul Ryan, the top Republican in Congress, said Russia "has consistently sought to undermine" US interests and the sanctions were overdue.

Republican Senators John McCain and Lindsey Graham said they intended to lead effort in Congress to "impose stronger sanctions on Russia."

The actions on Thursday were the strongest response by the Obama administration to Russia's cyber activities, however, a senior administration official acknowledged that Trump could reverse them and allow Russian intelligence officials back into the United States once he takes office. He said that would be "inadvisable".

"We believe these steps are important because Russia is not going to stop," one official said. "We have every indication that they will interfere in democratic elections in other countries, including some of our European allies," the official said.

Persona non grata

Obama is seeking to deter Russia and other foreign governments from leveraging cyberattacks in the future to meddle in US politics, former officials and cyber security experts said.

Obama put sanctions on two Russian intelligence agencies, the GRU and the FSB, four GRU officers and three companies "that provided material support to the GRU’s cyber operations.

Obama said the State Department declared as "persona non grata" 35 Russian intelligence operatives and is closing two Russian compounds in New York and Maryland that were used by Russian personnel for "intelligence-related purposes". The State Department originally said the 35 were diplomats.

A senior US official told Reuters the expulsions would come from the Russian embassy in Washington and consulate in San Francisco. The Russian embassy declined to comment on the expulsions.

The Russians have 72 hours to leave the United States, the official said. Access to the two compounds will be denied to all Russian officials as of noon on Friday, the senior US official added.

"These actions were taken to respond to Russian harassment of American diplomats and actions by the diplomats that we have assessed to be not consistent with diplomatic practice," the official said.

The State Department has long complained that Russian security agents and traffic police have harassed US diplomats in Moscow, and US Secretary of State John Kerry has raised the issue with Putin and his foreign minister, Sergei Lavrov.

The US official declined to name the Russian diplomats who would be affected, although it is understood that Russia's ambassador to the United States, Sergei Kislyak, will not be one of those expelled.

The United States also released an analysis report by the FBI and Department of Homeland Security examining forensic evidence officials said linked the cyberattacks to computer systems used by Russian intelligence services.

The report largely corroborates the existing findings of private sector cyber firms that investigated the breach at the Democratic National Committee and elsewhere.

source: interaksyon.com

Obama orders 'full review' of 2016 election cyberattacks

WASHINGTON - President Barack Obama has ordered a review of all cyberattacks that took place during the 2016 election cycle, the White House said Friday as concerns over Russian interference mount.

White House Deputy Press Secretary Eric Schultz said Obama called for the review earlier this week, amid growing calls from Congress for more information on the extent of Russian interference in the campaign.

"We are committed to ensuring the integrity of our elections and this report will dig into this pattern of malicious cyberactivity timed to our elections, take stock of our defensive capabilities and capture lessons learned to make sure that we brief members of Congress and stakeholders as appropriate," said Schultz.

Obama wants the report completed before his term ends on January 20, Schultz said.

"We are going to make public as much as we can," he added. "This is a major priority for the president."

Trump denies Russian role 


The move comes after Democrats in Congress pressed the White House to reveal details, to Congress or to the public, of Russian hacking and disinformation in the election.

It also comes after President-elect Donald Trump rejected the intelligence community finding of official Russian involvement. 

Confidential emails from the Democratic National Committee and John Podesta, a top advisor to Democratic nominee Hillary Clinton, were steadily leaked out via WikiLeaks in the months before the election, damaging Clinton's White House effort.

On October 7, one month before the election, the Department of Homeland Security and the Director of National Intelligence announced that "the Russian Government directed the recent compromises of emails from US persons and institutions, including from US political organizations."

"These thefts and disclosures are intended to interfere with the US election process," they said.

But in an interview published Wednesday with Time magazine for its "Person of the Year" award, Trump dismissed those findings. Asked whether the intelligence was politicized, Trump answered: "I think so."

"I don't believe they interfered," he said. "It could be Russia. And it could be China. And it could be some guy in his home in New Jersey."

Worried that Trump will sweep the issue under a rug after his inauguration, seven Democrats on the Senate Intelligence Committee called on November 29 for the White House to declassify what it knows about Russian interference.

The seven have already been briefed on the classified details, suggesting they believed there is more information that the public should know.

Then on Tuesday of this week, leading House Democrats called on Obama to give members of the entire Congress a classified briefing on Russian interference, from hacking to the spreading of fake news stories to mislead US voters.

Republicans in Congress have also promised hearings into Russian activities once the new administration comes in.

But some have suggested the Democrats are raising the issue out of bitterness over their sweeping electoral defeat.

Schultz denied politics was behind Obama's order.

"I want to be clear here that this is not an effort to challenge the result of the election," he said.

Russian interference in Germany

Obama's homeland security advisor Lisa Monaco said the cyber interference goes back to the 2008 presidential race, with both the Obama and John McCain campaigns hit by malicious computer intrusions.

"We have seen in 2008 and in this last election system malicious cyber activity. We maybe [have] crossed into a new threshold and it is incumbent upon us to take stock of that," said Monaco.

Russian hacking and election interference have also become a big issue in Germany.

On Thursday Germany's domestic intelligence agency BfV issued a stark warning over a rising Moscow-directed campaign of hacking and misinformation directed at "destabilizing" the country and influencing political discourse.

Last week WikiLeaks published stolen documents on intelligence activities that embarrassed Chancellor Angela Merkel just as she began campaigning for the elections slated for late 2017.

"In the political realm, we detect an increasingly aggressive cyber espionage, warned BfV chief Hans-Georg Maassen.

"The indications of attempts to influence the German parliamentary elections next year are intensifying."

source: interaksyon.com

ThyssenKrupp secrets stolen in ‘massive’ cyber attack

FRANKFURT — Technical trade secrets were stolen from the steel production and manufacturing plant design divisions of ThyssenKrupp AG in cyber attacks earlier this year, the German company said on Thursday.

ThyssenKrupp, one of the world’s largest steel makers, said it had been targeted by attackers located in southeast Asia engaged in what it said were “organized, highly professional hacker activities”.

In breaches discovered by the company’s internal security team in April and traced back to February, hackers stole project data from ThyssenKrupp’s plant engineering division and from other areas yet to be determined.

“ThyssenKrupp has become the target of a massive cyber attack,” the industrial conglomerate said in a statement.

Globally, cyber attacks on banks, retailers and other businesses have led to widespread consumer and financial data losses in recent years. ThyssenKrupp’s disclosure followed last week’s attack on Deutsche Telekom routers that caused outage for nearly 1 million customers.

While revelations of industrial espionage are far rarer, estimates put the costs to businesses in the billions of dollars. China was frequently blamed for such commercial hacking attacks until the United States and China agreed not to hack each other’s businesses (reut.rs/2gewbrH).

German business magazine Wirtschafts Woche reported the attacks hit sites in Europe, India, Argentina and the United States run by the Industrial Solutions division, which builds large production plants. The Hagen Hohenlimburg specialty steel mill in western Germany was also targeted, the report added.

The company declined to identify specific locations which were infected or speculate on likely suspects. It said it could not estimate the scale of the intellectual property losses.

Big-bang counter attack

ThyssenKrupp said it waited to publicize the attack while it identified, then cleansed infected systems in one concerted, global action before implementing new safeguards to monitor its computer systems. “It is important not to let the intruder know that he has been discovered,” a spokesman said.

A criminal complaint was filed with police in the state of North Rhine-Westphalia and an investigation is ongoing, it said. State and federal cyber security and data protection authorities were kept informed at each stage, as well as Thyssen’s board.

Secured systems operating steel blast furnaces and power plants in Duisburg, in Germany’s industrial heartland in the Ruhr Valley, were unaffected, the company said.

No breaches were found at its marine systems unit, which produces military submarines and warships.

A previous cyber attack caused physical damage to an unidentified German steel plant and prevented the mill’s blast furnace from shutting down properly.

The country’s Federal Office for Information Security (BSI) revealed two years ago that the attack caused “massive damage”, but gave no further technical details and the location of the plant has remained shrouded in mystery.

Subsequent media reports identified the target as a ThyssenKrupp facility, but the company has denied it was hit.

The industrial conglomerate, along with Airbus parent EADS, were the targets of major attacks by Chinese hackers in 2012, according to a Der Spiegel report.

The company, a big supplier of steel to Germany’s automotive sector and other manufacturers, is looking to form a joint venture of its European steel operations with India’s Tata Steel to combat over-capacity in the sector.

source: interaksyon.com

Third teen arrested over cyber attack on UK’s TalkTalk

LONDON — British police said Tuesday they had arrested a third teenager in connection with a cyber attack on Internet and telephone provider TalkTalk that put millions of customers’ data at risk.

The 16-year-old boy was arrested in the east England city of Norwich on Tuesday evening and taken to a police station while the property was searched, according to a statement from the Metropolitan Police.

It comes after the arrests last week of a 16-year-old boy from west London, a 15-year-old boy in Northern Ireland, and a 20-year-old man in Staffordshire in central England. All three have since been released on bail.

The personal data of some four million customers of TalkTalk are feared to have been breached in the hack, which was the third cyber attack on the firm in eight months in which customers’ data was stolen.

TalkTalk has said that it is not sure how many customers were affected but that data including names, bank details and addresses could be at risk.

The company has said that not all information on customers was encrypted, and described the attack as “significant and sustained”.

Police are working together with serious organised crime body the National Crime Agency and cyber crime detectives on the case.

Investigators are examining a ransom demand sent to TalkTalk and purporting to be from the hacker, though the company is not sure if the demand was genuine.

source: interaksyon.com

#ALDUB, IWAS MUNA? | Netizens advised against clicking links off Yaya Dub’s hacked Twitter

MANILA, Philippines — Users should avoid clicking links posted by the hacked Twitter account of Maine Mendoza, popularly known as Yaya Dub, to avoid having their social media accounts similarly hacked.

Some unsuspecting links, now deleted, were reportedly posted on Mendoza’s Twitter after it was hacked early this morning. The hacker group Anonymous Philippines have owned up to the breach, saying they wanted to use Mendoza’s popular Twitter handle to air their grievances.

Anonymous Philippines has since received much flak on social media for their stunt, with netizens condemning their act as preying on an innocent well-loved celebrity for their political means.

On their Facebook page, Anonymous Philippines wrote: “…Gusto lang namin ipromote yung (We just wanted to promote the) Million Mask March sa Nov 5. Kita kits na lang tayo. Maraming salamat sa lahat, sa (Let’s see each other there. Thank you to all) Aldub Nation.”

E-commerce advocate Janette Toral, however, said in her Twitter handle: “No matter how right you are, if you use illegal means, all your right reasons disappear. You become the perpetrator,”

Toral also retweeted a number of warnings advising users against clicking any link posted by Mendoza’s hacked account.

source: interaksyon.com

Mandarin Oriental says hackers stole credit card data

NEW YORK — Hackers broke into the Mandarin Oriental luxury hotel group’s database and stole credit card information from “an isolated number” of its properties in the United States and Europe.

“The incident is a direct result of an unauthorized cyber-attack,” the Hong Kong-based group said in a statement Thursday.

“Unfortunately incidents of this nature are increasingly becoming an industry-wide concern and therefore we have also alerted our technology peers in the hospitality industry.”

The hotel group said the breach came from malicious software that was “undetectable by all anti-viral systems.”

Mandarin said it had removed the malware and was “coordinating with credit card agencies, law enforcement authorities and forensic specialists to ensure that all necessary steps are taken to fully protect our guests and our systems across our portfolio.”

The luxury lodging group did not identify the hotels affected but said none of them were in Asia.

“We can confirm that only an isolated number of hotels in the US and Europe have been affected,” the statement said.

“Moreover, from the information we have to date, the breach has only affected credit card data and not any other personal guest data, and credit card security codes have not been compromised.”

Part of the Jardine Matheson group, Mandarin Oriental operates some 45 hotels in 25 countries.

source: interaksyon.com

Lenovo website breached, hacker group Lizard Squad claims responsibility

Chinese computer and smartphone firm Lenovo Group Ltd said its website was hacked on Wednesday, its second security blemish days after the U.S. government advised consumers to remove software called “Superfish” pre-installed on its laptops.

Hacking group Lizard Squad claimed credit for the attacks on microblogging service Twitter. Lenovo said attackers breached the domain name system associated with Lenovo and redirected visitors to lenovo.com to another address, while also intercepting internal company emails.

Lizard Squad posted an email exchange between Lenovo employees discussing Superfish. The software was at the center of public uproar in the United States last week when security researchers said they found it allowed hackers to impersonate banking websites and steal users’ credit card information.

In a statement issued in the United States on Wednesday night, Lenovo, the world’s biggest maker of personal computers, said it had restored its site to normal operations after several hours.

“We regret any inconvenience that our users may have if they are not able to access parts of our site at this time,” the company said. “We are actively reviewing our network security and will take appropriate steps to bolster our site and to protect the integrity of our users’ information.”

Lizard Squad has taken credit for several high-profile outages, including attacks that took down Sony Corp’s PlayStation Network and Microsoft Corp’s Xbox Live network last month. Members of the group have not been identified.

Starting 4 p.m. ET (2100 GMT) on Wednesday, visitors to the Lenovo website saw a slideshow of young people looking into webcams and the song “Breaking Free” from the movie “High School Musical” playing in the background, according to technology publication The Verge, which first reported the breach.

Although consumer data was not likely compromised by the Lizard Squad attack, the breach was the second security-related black eye for Lenovo in a matter of days.

The U.S. Department of Homeland Security said in an alert last Friday that the Superfish program, which came pre-installed on nearly a dozen Lenovo laptop models, makes users vulnerable to a type of cyberattack known as “SSL spoofing”, in which remote attackers can read encrypted Web traffic, redirect traffic from official websites to spoofs, and perform other attacks.

Lenovo has since released software to remove Superfish while pledging to never install it on future shipments.

source: interaksyon.com

US urges removing Superfish program from Lenovo laptops

BOSTON — The U.S. government on Friday advised Lenovo Group Ltd customers to remove “Superfish,” a program pre-installed on some Lenovo laptops, saying it makes users vulnerable to cyberattacks.

The Department of Homeland Security said in an alert that the program makes users vulnerable to a type of cyberattack known as SSL spoofing, in which remote attackers can read encrypted Web traffic, redirect traffic from official websites to spoofs, and perform other attacks.

“Systems that came with the software already installed will continue to be vulnerable until corrective actions have been taken,” the agency said.

Adi Pinhas, chief executive of Palo Alto, California-based Superfish, said in a statement that his company’s software helps users achieve more relevant search results based on images of products viewed. He said the vulnerability was “inadvertently” introduced by Israel-based Komodia, which built the application described in the government notice.

Komodia CEO Barak Weichselbaum declined comment on the vulnerability.

Lenovo apologized late on Friday in a statement for “causing these concerns among our users” and said that it was “exploring every action we can” to address the issues around Superfish, including offering tools to remove the software and certificate.

“We ordered Superfish pre-loads to stop and had server connections shut down in January based on user complaints about the experience. However, we did not know about this potential security vulnerability until yesterday (Thursday),” the Lenovo statement said.

“We recognise that this was our miss, and we will do better in the future. Now we are focused on fixing it,” the company said.

Komodia’s website says it produces a “hijacker” that allows users to view data encrypted with SSL technology.

“The hijacker uses Komodia’s redirector platform to allow you easy access to the data and the ability to modify, redirect, block, and record the data without triggering the target browser’s certification warning,” according to the site.

Marc Rogers, a researcher with CloudFlare, said that means companies which deploy Komodia technology can snoop on web traffic.

“These guys can do everything from just collect a little bit of marketing information, all the way to building a profile on you and spying on your banking connections,” he said. “It’s a very dangerous slope.”

Rogers said that use of Komodia’s technology in other products makes them vulnerable to the same types of attacks as Lenovo’s Superfish.

He said other vulnerable products include two parental filters: One from Komodia known as KeepMyFamilySecure and another from Qustodio.

Komodia’s Weichselbaum said his company was investigating reports of vulnerabilities in KeepMyFamilySecure.

Qustodio CEO Eduardo Cruz Chief Executive said his company’s Windows parental filter was vulnerable and he hoped to push out a fix within a few days.

Lenovo did not disclose how many machines were affected, but said that only machines shipped from September to December of last year had been pre-loaded with the vulnerable software.

Affected Lenovo products include laptops in its Yoga, Flex and MiiX lines as well as its E, G, U, Y and Z series, according to the company’s support website.

source: interaksyon.com

Cybercrime ring steals up to $1 billion from banks — Kaspersky

A multinational gang of cyber criminals has stolen as much as $1 billion from as many as 100 financial institutions around the world in about two years, Russian computer security company Kaspersky Lab said on Saturday.

The company said it was working with Interpol, Europol and authorities from different countries to try to uncover more details on what it being called an unprecedented robbery.

The gang, which Kaspersky dubbed Carbanak, takes the unusual approach of stealing directly from banks, rather than posing as customers to withdraw money from companies’ or individuals’ accounts. It said the gang included cyber criminals from Europe, including Russia and Ukraine, as well as China.

Carbanak used carefully crafted emails to trick pre-selected employees into opening malicious software files, a common technique known as spear phishing. They were then able to get into the internal network and track down administrators’ computers for video surveillance.

In this way, Kaspersky said, the criminals learned how the bank clerks worked and could mimic their activity when transferring the money.

In some cases, Carbanak inflated account balances before pocketing the extra funds through a fraudulent transaction. Because the legitimate funds were still there, the account holder would not suspect a problem.

Kaspersky said Carbanak also remotely seized control of ATMs and ordered them to dispense cash at a predetermined time, when a gang member would be waiting to collect the money.

“These attacks again underline the fact that criminals will exploit any vulnerability in any system,” Sanjay Virmani, director of Interpol Digital Crime Center, said in a statement prepared by Kaspersky. “It also highlights the fact that no sector can consider itself immune to attack and must constantly address their security procedures.”

source: interaksyon.com

FBI probing Sony hack, as data leaks emerge

WASHINGTON — The FBI said Tuesday it was investigating a cyberattack on Sony Pictures, amid reports that employee information as well as new films were being leaked online.

“The FBI is working with our interagency partners to investigate the recently reported cyber intrusion at Sony Pictures Entertainment,” a spokesman for the US federal law enforcement agency said in a statement.

“The targeting of public and private sector computer networks remains a significant threat, and the FBI will continue to identify, pursue, and defeat individuals and groups who pose a threat in cyberspace.”

Various reports meanwhile said the hackers appeared to have posted online both confidential employee data and films not yet released in theaters.

The security blogger and researcher Brian Krebs said he discovered on websites devoted to illicit trading a “global Sony employee list,” that included names, locations, salaries and dates of birth for more than 6,800 individuals.

“Another file being traded online appears to be a status report from April 2014 listing the names, dates of birth, SSNs (social security numbers) and health savings account data on more than 700 Sony employees,” Krebs wrote.

The Washington Post reported meanwhile that the FBI was warning companies in a confidential memo about the malicious software used in the Sony hack.

An FBI spokesman said only that “we provided a routine notification to private industry,” but declined to elaborate.

The spokesman added that the FBI “routinely advises private industry of various cyber threat indicators” to help protect computer networks.

According to the Post, the hackers used malware similar to that used to launch destructive attacks on businesses in South Korea and the Middle East, including one against oil producer Saudi Aramco.

Some reports in the past few days said Sony is looking into whether North Korea may have been behind the major cyberattack on the studio last week, possibly because of a upcoming comedy film about a CIA plot to assassinate its leader Kim Jong-Un.

“The Interview,” which stars Seth Rogen and James Franco as two journalists recruited by the CIA to bump off Kim, has infuriated the North Koreans, with state media warning of “merciless retaliation.”

The entertainment news site Variety has reported that unreleased Sony movies including the upcoming “Annie” have been made available on pirate file-sharing websites.

The war film “Fury” “Mr. Turner,” “Still Alice” and “To Write Love on Her Arms” were also made available.

Sony did not respond to an AFP request for comment.

source: interaksyon.com

PayPal fuels higher eBay revenue even as cyber attack, rivals weigh

SAN FRANCISCO — EBay Inc posted a 13 percent rise in quarterly revenue on Wednesday, as better-than-expected results from its fast-growing PayPal division helped the online retailer overcome increasing competition from Amazon.com Inc and a well-publicized cyber attack.

Investors had been braced for a tough quarter.

Ebay’s stock has fallen more than 8 percent since April, hurt by the cyber attack disclosed in May that compromised data for some 145 million customers, the departure of highly regarded PayPal chief David Marcus, and intensifying competition from both online and offline rivals. 


EBay was also hurt by a change in Google Inc’s algorithm, which pushed eBay results lower in search rankings, slowing traffic.

That slowdown was seen in June in a measure of transactions across eBay’s core Marketplaces platform, known as gross merchandise value, with the growth rate falling to 7 percent from around a double-digit pace in previous months.

“We had a challenging first half of the year with several distractions,” Bob Swan, the chief financial officer, told analysts on a conference call, noting that the cyber attack and the Google search engine changes “had an immediate and dramatic impact.”

Executives said eBay will spend more on measures to entice users back, including coupons, seller incentives and increased marketing.

Several investment brokerages had downgraded their forecasts ahead of Wednesday’s results. The second-quarter results and eBay’s revenue outlook were roughly in line with those tempered expectations. Revenue rose to $4.37 billion for the quarter, compared with $3.88 billion a year ago; Wall Street had forecast revenue of $4.38 billion, on average.

Payment volume leaped a better-than-expected 29 percent. Gross merchandise value grew 12 percent, in line with or slightly better than analysts’ forecasts.

Going forward, eBay will have to grapple with stiffening competition across its businesses.

Marcus departed for Facebook’s messaging team in June. The payments service faces a growing challenge from the likes of Amazon, which launched a recurring payments program in June. Google is also expected to delve further into this field. Brick-and-mortar retailers are investing to boost their online presence. EBay also has to fend off a growing coterie of fast-growing retail upstarts that focus on specific categories such as home and apparel.

Longer term, industry analysts speculate that Chinese e-commerce giant Alibaba Group Holdings Ltd, which is going public this year in what could be the largest-ever tech IPO, is preparing to leverage its U.S. investments into a play for the U.S. retail arena, the world’s largest.

On Wednesday, eBay forecast third-quarter revenue of $4.3 billion to $4.4 billion, compared with expectations for $4.4 billion, according to Thomson Reuters I/B/E/S.

For the second quarter, it posted non-GAAP earnings per share of 69 cents, a penny better than forecasts for 68 cents.

source: interaksyon.com

Spotify to ask users to re-enter passwords after cyberattack

SAN FRANCISCO — Music streaming service Spotify AB will ask some of its 40 million users to re-enter their passwords and upgrade their software in coming days after detecting unauthorized access to its internal systems and data.

Chief Technology Officer Oskar Stal said in a blogpost on Tuesday that it has found evidence of attackers accessing just one user’s data, which did not include payment or password information. But as a precaution, it intends to ask “certain Spotify users” to re-enter their log-in credentials, and upgrade their Google (GOOGL.O) Android app.

Spotify said it is not recommending any action yet for users of Apple Inc (AAPL.O) iPhones or devices based on Microsoft’s (MSFT.O) Windows.

The intrusion was the latest to hit a major tech company. In past months, cyberattackers have infiltrated databases and systems at eBay Inc and Adobe, though no financial information has so far been taken, according to the companies. Spotify, which is expected to seek an IPO soon, has more than 40 million active users scattered across more than 50 markets.

“We have taken steps to strengthen our security systems in general and help protect you and your data – and we will continue to do so. We will be taking further actions in the coming days to increase security for our users,” Stal said in his blogpost.

source: interaksyon.com

EBay initially believed user data safe after cyberattack

BOSTON/SAN FRANCISCO — EBay Inc initially believed that its customers’ data was safe as forensic investigators reviewed a network security breach discovered in early May and made public this week, a senior executive told Reuters on Friday.

EBay has come under fire over its handling of the cyberattack, in which hackers accessed personal data of all 145 million users, ranking it among the biggest such attacks launched on a corporation to date.

“For a very long period of time we did not believe that there was any eBay customer data compromised,” global marketplaces chief Devin Wenig said, in the first comments by a top eBay executive since the e-commerce company disclosed the breach on Wednesday.

EBay moved “swiftly to disclose” the breach after it realized customer data was involved, he said.

Wenig would not say when the company first realized that the cyberattackers accessed customer data, nor how long it took to prepare Wednesday’s announcement.

He said hackers got in using the credentials of three corporate employees, eventually making their way to the user database.

Hackers accessed email addresses and encrypted passwords belonging to all eBay users. “Millions” of users have since reset their passwords and the company had begun notifying users, though it would take some time to complete that task, Wenig said.

“You would imagine that anyone who has ever touched eBay is a large number,” he said. “So we’re going to send all of them an email, but sending that number all at once is not operationally possible.”

At least three U.S. states are investigating the company’s security practices. Customers have complained on social media about delayed notification emails. And New York’s attorney general called on eBay to provide free credit monitoring services to users.

But the Internet retail giant has no plans to compensate customers or offer free credit monitoring for now because it had detected no financial fraud, Wenig said.

Wenig declined comment when asked if he thought eBay had good security prior to the breach. He said the company would now bolster its security systems, and has mobilized senior executives in a subsequent investigation of the attack.

“We want to make sure it doesn’t happen again so we’re going to continue to look our procedures, harden our operational environment and add levels of security where it’s appropriate.”

The breach marked the latest headache for eBay this year. In January, it crossed swords publicly with activist investor Carl Icahn, who mounted a campaign to get it to spin out PayPal. Then in April, the e-commerce company disappointed investors with a weak second-quarter outlook, pressuring its shares.

Avoiding back door

Buying and selling activity on eBay remained “fairly normal” though eBay is still working out the cost of the breach, which included hiring a number of security firms. Wenig, who was previously a senior executive at Thomson Reuters Corp, declined to comment on whether the cost could be material to eBay’s results.

Wenig’s revelation that the company initially believed that no customer data had been compromised might take some of the heat off eBay’s executive team.

Cyber forensics experts said it’s not uncommon for large companies to take weeks to grasp the full impact of an attack, because hackers are often able to steal data without leaving obvious clues.

“In some cases you go in and find the smoking gun immediately. Other times, it takes a few days or even a few weeks,” said Kevin Johnson, a cyber-forensics expert who was not involved in the eBay investigation but has worked for other Fortune 500 companies.

Daniel Clemens, a forensics expert and CEO of Packet Ninjas, said investigators often ask companies to hold off on disclosure until they believe they understand the full extent of an attack. Otherwise, they risk tipping off attackers who might cover their tracks or leave “back doors” so they can return after the investigators complete their probe.

On Wednesday, the e-commerce company announced that hackers raided its network between late February and early March. The company said financial information was not compromised and its payments unit PayPal was not affected.

When eBay first discovered the network breach in early May, the senior team was immediately involved and held multiple daily calls on the issue. EBay staff have been working around the clock since Wednesday.

Wenig said he could not provide much more detail about what happened in the attack beyond the scant information given out so far.

He declined to provide further specifics, citing ongoing investigations by the Federal Bureau of Investigation and several forensics firms including FireEye Inc’s Mandiant division.

source: interaksyon.com

EBay asks 145 million users to change passwords after cyber attack

BOSTON — EBay Inc said that hackers raided its network three months ago, stealing some 145 million user records from a database in what is poised to go down as one of the biggest data breaches in history based on the number of accounts compromised.

It advised customers to change their passwords immediately, saying they were among the pieces of data stolen by cyber criminals who carried out the attack carried out between late February and early March.

EBay spokeswoman Amanda Miller told Reuters those passwords were encrypted and that the company had no reason to believe the hackers had broken the code that scrambled them.

“There is no evidence of impact on any eBay customers,” Miller said. “We don’t know that they decrypted the passwords because it would not be easy to do.”

She said the hackers copied a massive user database that contained those passwords, as well as email addresses, birth dates, mailing addresses and other personal information, but not financial data such as credit card numbers.

The company had earlier said a large number of accounts may have been compromised, but declined to say how many.

source: interaksyon.com

Largest-ever cyber attack slowing global Internet services

LONDON — One of the largest ever cyber attacks is slowing global internet services and the disruption could get worse, experts said on Wednesday, after an organization blocking “spam” content became a target.

Spamhaus, a London and Geneva-based non-profit group which helps weed out unsolicited “spam” messages for email providers, said it had been subjected to “distributed denial of service” (DDoS) attacks on an unprecedented scale for more than a week.

“Based on the reported scale of the attack, which was evaluated at 300 Gigabits per second, we can confirm that this is one of the largest DDoS operations to date,” online security firm Kaspersky Lab said in a statement.

“There may be further disruptions on a larger scale as the attack escalates.”

Spamhaus publishes blacklists used by internet service providers (ISPs) to weed out spam in email traffic.

The group is directly or indirectly responsible for filtering as much as 80 percent of daily spam messages, according to Cloudflare, a company that said it was helping Spamhaus mitigate the attack.

“We’ve been under this cyber-attack for well over a week,” Steve Linford, chief executive of Spamhaus, told the BBC. “They are targeting every part of the internet infrastructure that they feel can be brought down.”

Perpetrators of DDoS attacks typically target websites by flooding servers with messages from multiple systems so they cannot identify and respond to legitimate traffic.

Paul Vlissidis, group technical director at internet security firm NCC, said the volumes of traffic involved in the attack were having a knock-on effect on the rest of the internet.

Because many computers were involved in the attack, it was difficult to defend against.

“If you have a few computers sending large amounts of traffic you can filter them out easily. When literally thousands and thousands are involved it makes it much, much harder,” he told Reuters.

However, according to thinkbroadband, an independent British information website which allows users to test their broadband speed, there appeared to be little evidence of a slowdown.

“Of course it is possible that people may be finding some services or sites they access over the Internet are performing slower than usual … but there appears to be no evidence to say that UK broadband users have been slowed down across the board,” it said on its blog.

source: interaksyon.com

Pentagon creates new medal for cyber, drone warriors

WASHINGTON — The Pentagon unveiled a new medal on Wednesday to honor “extraordinary” troops who launch cyber attacks or drone strikes from their consoles, even if they do not risk their lives in combat.

Defense Secretary Leon Panetta, announcing the new “Distinguished Warfare Medal,” said it was time to recognize those who play a crucial role in modern warfare with hi-tech weapons far from the frontline.

“Our military reserves its highest decorations obviously for those who display gallantry and valor in actions where their lives are on the line, and we will continue to do so,” Panetta told a Pentagon news conference.

“But we should also have the ability to honor the extraordinary actions that make a true difference in combat operations.”

He said operators of unmanned, robotic aircraft and cyber weapons “contribute to the success of combat operations, particularly when they remove the enemy from the field of battle, even if those actions are physically removed from the fight.”

The medal reflects a new age of warfare that emerged over the past decade featuring robotic weapons and digital combat.

Predator and Reaper drones armed with Hellfire missiles and bombs have been used to kill insurgents in Iraq and Afghanistan and by the CIA to go after suspected Al-Qaeda militants in Pakistan, Yemen and elsewhere. Other robotic aircraft, including the stealthy RQ-170 Sentinel and larger Global Hawks, are used to spy on adversaries from the sky without putting pilots in harm’s way.

The military also views cyberspace as a new battlefield and has created a new command dedicated to digital warfare, recruiting and training new “cyber warriors.”

The power of digital weapons was driven home by a cyber attack that reportedly disrupted Iran’s uranium facilities in 2009-2010, which the New York Times said was carried out by US and Israel spy agencies.

The medal is designed as a brass pendant medal, nearly two inches tall, that will carry a laurel wreath encircling a globe with a Defense Department eagle at its center, attached to a red, white and blue striped ribbon.

The medal will only be given to troops for their role in operations that took place after the attacks of September 11, 2001 but, unlike other military medals, will not require that the soldier performed a courageous physical act that put his or her life in danger.

The new medal will be ranked higher than the Bronze Star, the fourth highest combat decoration, but lower than the Silver Star, officials said.

source: interaksyon.com