It’s Way Too Easy to Hack the Hospital

If you recall this post from 2011, you knew this day was coming.

The culture of “Patch & Pray” will be the downfall so long as America chooses to be reactive over proactive.

 

Firewalls and medical devices are extremely vulnerable, and everyone’s pointing fingers

In the fall of 2013, Billy Rios flew from his home in California to Rochester, Minn., for an assignment at the Mayo Clinic, the largest integrated nonprofit medical group practice in the world. Rios is a “white hat” hacker, which means customers hire him to break into their own computers. His roster of clients has included the Pentagon, major defense contractors, Microsoft, Google, and some others he can’t talk about.

But when he showed up, he was surprised to find himself in a conference room full of familiar faces. The Mayo Clinic had assembled an all-star team of about a dozen computer jocks, investigators from some of the biggest cybersecurity firms in the country, as well as the kind of hackers who draw crowds at conferences such as Black Hat and Def Con. The researchers split into teams, and hospital officials presented them with about 40 different medical devices. Do your worst, the researchers were instructed. Hack whatever you can. Continue reading

Cyber-Attack on Nuclear Facilities Could Cause Radiation Leaks

Nuclear power plants across the globe are at increasing risk of cyber-attacks, which could ultimately lead to radiation leaks, according to a new report by the U.K.-based international affairs think tank, Chatham House. Continue reading

Experian hack exposes 15 million people’s personal information

Hack of one of the largest data brokers and credit agencies in the world affects T-Mobile USA users who applied for credit checks, company says

Experian, one of the largest credit agency data brokers in the world, has been hacked. Some 15 million people who used the company’s services, among them customers of cellular company T-Mobile who had applied for Experian credit checks, may have had their private information exposed, the company confirmed on Thursday.

Information from the hack includes names, addresses, and social security, driver’s license and passport numbers. The license and passport numbers were in an encrypted field, but Experian said that encryption may also have been compromised. Continue reading

Nuclear power plants ‘could become more open to cyber attacks’ as police consider cloud storage

The Civil Nuclear Constabulary (CNC), the armed police force tasked with guarding all of Britain’s nuclear plants, has previously refused to use the new storage technology given much of its information is classified as “sensitive”.

However the force has revealed it could start using cloud technology as early as April next year despite a series of high profile information breaches which raised questions about the software’s reliability.

Technology experts warned the move could be “unnecessary” and leave the force more exposed to foreign hackers.

Continue reading

Israel could be target of imminent cyberattack, PM’s office warns

National Cyber Authority instructs government agencies, security officials to prepare for ‘any possible scenario’

Israel could be the target of a wide-scale cyberattack, the National Cyber Authority in the Prime Minister’s Office warned Thursday.

Government ministries and security agencies were alerted to look for any changes in their computer systems, and security officials were instructed to prepare for “any possible scenario,” the Israeli daily Haaretz reported. Continue reading

‘Hackers’ give orders to German missile battery

https://i2.wp.com/www.thelocal.de/userdata/images/article/w468/0397eeafcba73095dccaa9553b0b016dfb01b6ed360876c25c8e8f71148934db.jpg

 

German-owned Patriot missiles stationed in Turkey were briefly taken over by hackers, according to media reports on Tuesday.

The attack took place on anti-aircraft ‘Patriot’ missiles on the Syrian border. The American-made weapons had been stationed there by the Bundeswehr (German army) to protect Nato ally Turkey.

According to the civil service magazine, the missile system carried out “unexplained” orders. It was not immediately clear when these orders were carried out and what they were. Continue reading

A disaster foretold — and ignored

LOpht’s warnings about the Internet drew notice but little action

The seven young men sitting before some of Capitol Hill’s most powerful lawmakers weren’t graduate students or junior analysts from some think tank. No, Space Rogue, Kingpin, Mudge and the others were hackers who had come from the mysterious environs of cyberspace to deliver a terrifying warning to the world.

The making of a vulnerable Internet: This story is the third of a multi-part project on the Internet’s inherent vulnerabilities and why they may never be fixed.

Part 1: The story of how the Internet became so vulnerable
Part 2: The long life of a ‘quick fix’

Your computers, they told the panel of senators in May 1998, are not safe — not the software, not the hardware, not the networks that link them together. The companies that build these things don’t care, the hackers continued, and they have no reason to care because failure costs them nothing. And the federal government has neither the skill nor the will to do anything about it.

Continue reading

The biggest heist of secret US personnel data in cyber history is still ongoing

As was mentioned just the other day, all U.S. intelligence agencies have been compromised in addition to all other government entities that were attacked.

 

The White House has admitted that systems containing deeply personal information, submitted by current, former and prospective federal government employees for security clearances, had been “exfiltrated.” If the breach of the Office of Personnel Management (OPM) was conducted by hackers linked to China, as suspected, access to the Standard Form 86 submitted by an estimated 41 million federal employees provided them with what may be the world’s largest stolen data base of US intelligence and military personnel.

This is a “gold mine” of unencrypted data that leave US intelligence officers, for example, open to blackmail or coerced recruitment.

While officials speak of two hacks, debkafile’s cyber security and intelligence experts report that it was a single breach and is still ongoing. Known to experts as an “Advanced Persistent Threat,” it amounts to slow, continuous penetration by a computer virus, planted in an individual computer of a network which duplicates itself gradually and insidiously. Continue reading

Union: Hackers have personnel data on every federal employee

So, basically you can now say that the CIA, NSA, FBI et al have been compromised and are now in a Chinese database for future operations.

 

WASHINGTON (AP) — Hackers stole personnel data and Social Security numbers for every federal employee, a government worker union said Thursday, charging that the cyberattack on U.S. employee data is far worse than the Obama administration has acknowledged.

Sen. Harry Reid, the Democratic leader, said on the Senate floor that the December hack into Office of Personnel Management data was carried out by “the Chinese.” Reid is one of eight lawmakers who is briefed on the most secret intelligence information. U.S. officials have declined to publicly blame China, which has denied involvement. Continue reading

With a series of major hacks, China builds a database on Americans

China is building massive databases of Americans’ personal information by hacking government agencies and U.S. health-care companies, using a high-tech tactic to achieve an age-old goal of espionage: recruiting spies or gaining more information on an adversary, U.S. officials and analysts say.

Groups of hackers working for the Chinese government have compromised the networks of the Office of Personnel Management, which holds data on millions of current and former federal employees, as well as the health insurance giant Anthem, among other targets, the officials and researchers said.

“They’re definitely going after quite a bit of personnel information,” said Rich Barger, chief intelligence officer of ThreatConnect, a Northern Virginia cybersecurity firm. “We suspect they’re using it to understand more about who to target [for espionage], whether electronically or via human ­recruitment.” Continue reading

US Federal Reserve Bank Hit by Hackers

Hackers successfully attacked the Federal Reserve Bank of St. Louis, redirecting users of its online research services to fake websites set up by the attackers, the bank said on Tuesday.

The fake websites were designed to look like the web pages of services provided by the Federal Reserve Bank of St. Louis. The attack compromised the Internet’s routing system, known as the domain name system (DNS). Continue reading

ISIS preparing total cyber war on critical US systems

Hooded hackers released a video Monday stating that the Islamic State in Iraq and Syria was preparing to wage all-out “electronic” war on the US and Europe, but the war has not yet begun. Continue reading

Iran Rapidly Building Cyber Warfare Capabilities

Highlighted in teal below is a perfect example of grey terror during the ‘overture’ phase, as described in Soviet defector Viktor Suvorov’s book “Spetsnaz. The Story Behind the Soviet SAS” in chapter 15, Spetsnaz’s First World War.

Here’s a lengthy exerpt:

In Washington, as the President’s helicopter is taking off, several shots are fired at it from sniper’s rifles. The helicopter is only slightly damaged and the crew succeed in bringing it down again safely. No one in the craft is hurt. Responsibility for the attack is claimed by a previously unknown organisation calling itself ‘Revenge for Vietnam’.

There is a terrorist explosion at Vienna airport.

A group of unidentified men attack the territory of the British military base in Cyprus with mortars.

A serious accident takes place on the most important oil pipeline in Alaska. The pumping stations break down and the flow of oil falls to a trickle.

In West Germany there are several unsuccessful attempts on the lives of American generals.

In the North Sea the biggest of the British oil rigs tips over and sinks. The precise reason for this is not established, although experts believe that corrosion of main supports is the culprit.

In the United States an epidemic of some unidentified disease breaks out and spreads rapidly. It seems to affect port areas particularly, such as San Francisco, Boston, Charleston, Seattle, Norfolk and Philadelphia.

There are explosions practically every day in Paris. The main targets are the government districts, communication centres and military headquarters. At the same time terrible forest fires are raging in the South of France.

All these operations — because of course none of these events is an accident — and others like them are known officially in the GRU as the ‘preparatory period’, and unofficially as the ‘overture’. The overture is a series of large and small operations the purpose of which is, before actual military operations begin, to weaken the enemy’s morale, create an atmosphere of general suspicion, fear and uncertainty, and divert the attention of the enemy’s armies and police forces to a huge number of different targets, each of which may be the object of the next attack.

The overture is carried by agents of the secret services of the Soviet satellite countries and by mercenaries recruited by intermediaries. The principal method employed at this stage is ‘grey terror’, that is, a kind of terror which is not conducted in the name of the Soviet Union. The Soviet secret services do not at this stage leave their visiting cards, or leave other people’s cards. The terror is carried out in the name of already existing extremist groups not connected in any way with the Soviet Union, or in the name of fictitious organisations.

The GRU reckons that in this period its operations should be regarded as natural disasters, actions by forces beyond human control, mistakes committed by people, or as terrorist acts by organisations not connected with the Soviet Union.

The terrorist acts carried out in the course of the ‘overture’ require very few people, very few weapons and little equipment. In some cases all that may be needed is one man who has as a weapon nothing more than a screwdriver, a box of matches or a glass ampoule. Some of the operations can have catastrophic consequences. For example, an epidemic of an infectious disease at seven of the most important naval bases in the West could have the effect of halving the combined naval might of the Soviet Union’s enemies.

 

Cyber attacks on banks, casino highlight growing threat

“Iranian hackers have been suspected in multiple incidents that inflicted damage on various entities in the private sector, including finance and energy firms,” according to the five-page report, “Pistachios and Saffron: Investigating the Iranian Cyber Threat.”

“Current analysis indicates Iran may intend to use its growing cyber force to attack global critical infrastructure,” the report added.

Once limited to website defacements and other less damaging attacks, Tehran’s hacker forces are now capable of using customized malicious software designed for use against specific victims. Continue reading

China Warns Its Soldiers: Wearable Tech Could Leak Secrets

https://i2.wp.com/cdn.defenseone.com/media/img/upload/2015/05/11/watch/defense-large.jpg

 

Published in the People’s Liberation Army (PLA) Daily—a mouthpiece for the military—the warning outlines the risks (link in Chinese) of all devices smart and wearable: watches, fitness trackers, and glasses are all addressed.

“The moment a soldier puts on a device that can record high-definition audio and video, take photos, and process and transmit data, it’s very possible for him or her to be tracked or to reveal military secrets,” says the message, without mentioning any specific products. Continue reading

US Commander: Take Nukes Off High Alert or Risk Hackers Starting a War

https://i1.wp.com/cdn5.img.sputniknews.com/images/102154/56/1021545606.jpg

 

Retired Gen. James Cartwright — who was vice chairman of the Joint Chiefs of Staff before retiring in 2011 — told the Associated Press that “de-alerting” nuclear weapons could reduce the likelihood of launching them in response to a false attack warning.

Just adding a little more time necessary to launch — which would do nothing to affect the deterrent value of the weapons — could make all the difference, said Cartwright, who was also the head of Strategic Command from 2004 to 2007.

Cartwright said that its an idea that should be revisited since “the sophistication of the cyberthreat has increased exponentially” in recent years. Continue reading

%d bloggers like this: