Security News May 21, 2015/

May 14, 2015James Trainor, acting assistant director of the FBI's Cyber Division, said the agency used to learn about a new, large-scale data breach every two or three weeks. "Now, it is close to every two to three days,"Trainor also said the cybersecurity industry needs to "double or triple“ its workforce in order to keep up with hacking threats.http://thehill.com/policy/cybersecurity/242110-fbi-official-data-breaches-increasing-substantially

News

May 16 & 17, 2015According to an April 17, 2015, search warrant application filed by an FBI agent, Chris Roberts, who was kicked off a United Airlines flight in April after he tweeted about being able to make the oxygen masksdrop, reportedly did at one time take control of a plane while it was in flight. The agent who filed the warrant said that Roberts made the claim during a February 2015 interview.http://www.wired.com/2015/05/feds-say-banned-researcher-commandeered-plane/ http://arstechnica.com/security/2015/05/fbi-researcher-admitted-to-hacking-plane-in-flight-causing-it-to-climb/ http://www.cnet.com/news/fbi-claims-security-researcher-took-control-of-plane/ https://regmedia.co.uk/2015/05/17/fbi_chris_roberts_search_warrant_application.pdf Application for Search Warrant:http://www.wired.com/wp-content/uploads/2015/05/Chris-Roberts-Application-for-Search-Warrant.pdf

[Editor's Note (Honan): I hope that at some stage the actual details will come to light; there are a lot of lessons to be learnt from this episode for security researchers, law enforcement, regulators, andindeed for enterprises on how to handle allegations of vulnerabilities in their systems.(Assante): I am confident that the FBI investigation resulting from examination of the seized articles will provide some insight into the claims that had been made by Chris. I am hopeful but less confidentthat onboard system logs will reveal a clear picture of all the interactions or behaviors from accessed or impacted components on the involved aircraft.]

Question: Could an experienced hacker take control of an airplane in flight? Why or why not?

News

Roberts also told Wired he accessed in-flight networks approximately 15 times during various flights only to "explore" and "observe data traffic crossing them.

While the FBI affidavit mentions the virtual environment, it also states Roberts admitted to controlling a plane in flight. During conversations with the FBI, the warrant application reads, Roberts said he had "exploited vulnerabilities with [in-flight entertainment, or IFE] systems on an in-flight aircraft" 15 to 20 times from 2011 to 2014.

News

Roberts gained access to the network through the Seat Electronic Box installed under passenger seats on airplanes; he was able to remove the SEB cover by "wiggling and squeezing" the box. He then used an Ethernet cable with a "modified connector" to connect his laptop to the IFE system.

The FBI affidavit states Roberts then connected to other systems and overwrote code on the airplane's Thrust Management Computer to successfully command the system and issue a "CLB," or climb command, which "thereby caused one of the airplanes to climb, resulting in a lateral or sideways movement of the plane.“

http://searchsecurity.techtarget.com/news/4500246496/Alleged-airplane-hack-creates-more-questions-than-answers

News

May 8, 2015Cyber extortionists have targeted several hedge funds. John Carlin, head of the US Justice Department's National Security Division, told the audience at the SALT hedge fund conference earlier this month that"nation-state [actors] from Russia, China, Iran, and North Korea target your companies ... to use your information against you." Carlin said that DOJ is working with hedge funds that have been victims of theseattacks, and urged people to contact DOJ if they find themselves targeted, stressing that DOJ aims to go after the criminals, not the companies that are victimized.http://www.usatoday.com/story/money/business/2015/05/08/hedge-funds-conference-cyber-espionage/26983845/

News

May 15 & 18, 2015In November 2014, the FBI notified Penn State University that attackers had breached systems at its College of Engineering. The "highly sophisticated" breaches compromised personally identifiable information belonging to roughly 18,000 people and appeared to target research data as well. The systems were taken offline in mid-May to bolster their security. One of the attacks is likely to have originated in China. Penn State learned of the breach on November 21, 2014 and began aninvestigation, but did not take immediate action because any change in the networks' status quo would alert the attackers that their activity had been detected.http://www.v3.co.uk/v3-uk/news/2408952/chinese-hackers-hit-top-us-university-with-data-harvesting-attacks http://www.nbcnews.com/tech/security/penn-state-hit-china-based-hacker-university-says-n359631 http://www.theregister.co.uk/2015/05/15/penn_state_hack/ http://www.cnet.com/news/penn-state-cyberattack-exposes-passwords-from-18k-people/ http://arstechnica.com/security/2015/05/penn-state-severs-engineering-network-after-incredibly-serious-intrusion/

News

May 18, 2015Panda Labs has uncovered evidence of a series of attacks targeting the oil industry. The attacks were discovered during an investigation of what appeared to be a one-off attack on a computer at an oil tradingcompany. The attackers used email attachments that contained common Windows scripts and tools to evade detection. The tools requested credentials from the targeted machine and sent the harvested data back to an FTP server, which was found to contain information from multiple oil companies.http://www.pandasecurity.com/mediacenter/src/uploads/2015/05/oil-tanker-en.pdf http://www.nbcnews.com/tech/security/phantom-menace-hack-strikes-oil-industry-computers-n360776

News

May 18, 2015Researchers at Kaspersky Lab say a cyber espionage group known as Naikon targets systems belonging to government, military and civilian organizations in the South China Sea area, including Malaysia,Indonesia, Myanmar, and the Philippines. Naikon has been active for at least five years and appears to be state-sponsored. The group uses custom malware that includes platform-independent code and the abilityto intercept traffic from the entire targeted network. Naikon also often establishes command and control infrastructures within the targeted countries; if the stolen data are not moving outside a country'sborders, the activity is less likely to raise suspicions.http://www.theregister.co.uk/2015/05/18/naikon_cyberspies_spying /

News

May 20, 2015CareFirst BlueCross BlueShield is the latest health insurer to be hit by a cyberattack, with information on approximately 1.1 million customers compromised.

The breach took place on June 19, 2014, and was detected by the company, which took action to contain the damage, believing no member information had been accessed.

It learned differently in April 2015, after retaining a security firm to access its information technology in the wake of attacks on other health insurers, CareFirst, which operates in Maryland, the District of Columbia and parts of Virginia, said Wednesday.

The security firm, Mandiant, on April 21, 2015, discovered the attack likely resulted in unauthorized access to a database that stores information that members and others use to gain access to the company's website.

Attackers potentially gained customer names, user names, birth dates, email addresses and subscriber identification numbers. The company doesn't believe attackers accessed member Social Security numbers, medical claims, employment, credit card or financial information.http://www.cbsnews.com/news/carefirst-says-1-1-million-affected-by-cyberattack/

News

In March 2015, health insurer Premera Blue Cross said hackers may have accessed personal information including Social Security numbers on as many as 11 million people.

Premera Blue Cross is facing a class action lawsuit after disclosing that hackers might have gained access to the personal information of 11 million people last year. The suit, filed in Washington federal court, hammered Premera for waiting roughly six weeks to tell victims that their data might have been exposed.

The health insurer is one of the largest in the Pacific Northwest and serves customers in Washington state, Alaska and Oregon. It revealed the data breach on March 17, saying it had uncovered the attack on Jan. 29. A wide variety of personal information about current and former customers might have been exposed, including names, dates of birth, Social Security numbers, bank account information and even clinical treatment data.

Premera Blue Cross is facing a class action lawsuit after disclosing that hackers might have gained access to the personal information of 11 million people last year.

The suit, filed Thursday in Washington federal court, hammered Premera for waiting roughly six weeks to tell victims that their data might have been exposed. The health insurer is one of the largest in the Pacific Northwest and serves customers in Washington state, Alaska and Oregon. It revealed the data breach on March 17, 2015, saying it had uncovered the attack on Jan. 29, 2015.http://thehill.com/policy/cybersecurity/237181-premera-blue-cross-sued-over-data-breach

News

May 19, 2015The Obama administration on May 19 announced the arrest of a Chinese professor and the indictment of five other Chinese citizens in what it contended was a decade-long scheme to steal microelectronics designs from American companies on behalf of the Chinese government.

The indictment, under a provision of the Economic Espionage Act that is used only in cases where the government believes it can prove the theft was on behalf of a foreign power.

Authorities arrested a Chinese professor as he landed Saturday May 16 at Los Angeles International Airport on his way to a conference.http://www.nytimes.com/2015/05/20/technology/6-chinese-men-indicted-in-theft-of-code-from-us-tech-companies.html?_r=0

News

May 18, 2015Chinese hackers used Microsoft TechNet platform to hide malware distributionChinese hacking collective APT17, also known as Deputy Dog, used Microsoft’s own TechNet support network to hide its activity.

This wasn’t a case of a man-in-the-middle attack against the site’s members though, nor was it a compromise of Microsoft servers, but instead was a use of public accounts to obfuscate the group’s actions. Using its latent talents, APT17 set up standard profiles on the TechNet website and then filled them with malware, according to a FireEye report.

The particular malware that the group proliferated around the TechNet site was a variant of the BLACKCOFFEE malware. While that sort of nefarious software was detectable by botnet hunters, it took some time for it to be discovered, as most trackers considered TechNet traffic to be a secure source and not likely to have been compromised.

Fortunately it was eventually discovered and stamped out by Microsoft and FireEye in late 2014. In a bit of poetic justice, they gave APT17 a taste of its own medicine, with counter-malware code added to the TechNet profiles, which allowed those chasing the hackers to learn about the malware being used and who it may have affected.http://www.digitaltrends.com/computing/china-hackers-microsoft-technet/

News

May 11, 2015Russia and China seal cyber non-hack pactRussia and China have promised to play nicely and not hack each other.

According to the text of the agreement posted on the Russian government’s website on Wednesday, Russia and China agree to not conduct cyber-attacks against each other, as well as jointly counteract technology that may “destabilize the internal political and socio-economic atmosphere,” ”disturb public order” or “interfere with the internal affairs of the state.”

The two countries agreed to exchange information between law enforcement agencies, exchange technologies and ensure security of information infrastructure, the document says http://www.theregister.co.uk/2015/05/11/russia_china_cyber_pact_social_media/ http://blogs.wsj.com/digits/2015/05/08/russia-china-pledge-to-not-hack-each-other/

News