Cyber Security News Update August 24th
The NSA had a series of whistleblowers, the most notable of which was Edward Snowden, and in 2016 Reality Winner released a classified report about Russian hacking of the U.S. presidential election. Reality Winner, like Snowden, was a contractor with a top-secret security clearance who used her position to gain access to the documents she released. Ms. Winner was initially looking at 10 years in prison and $250,000 in fines; her final sentencing was reduced in conjunction with a pleas deal, and she’ll spend just over 5 years in prison and be under supervision for 3 years after she is released. Winner printed out a report about a spear phishing attack launched by the GRU, a Russian military intelligence agency; Winner then smuggled the report out in her underwear and sent it to the Intercept, which had assisted Snowden. Ms. Winner was caught when the Intercept gave a copy of the report to the NSA while attempting to verify its authenticity. The NSA was able to track down who had printed the report out by looking for clues that their printers hid in the document itself; Ms. Winner’s supports have called for her to be protected by the Whistleblower act because they see the document she provided as performing a public service. The courts were not of that opinion however and Ms. Winner was charged under the U.S. Espionage Act.
Source: The Hacker News
T-Mobile confirmed that it has suffered a massive security breach that allowed “some” information of 2 million of their customers to be taken. This information includes the name, postal code, phone number, email address, and account number. While financial information like the credit card, bank account, or social security number associated with the accounts wasn’t stolen it still represents dangerous breach of personal information. While these pieces might seem small on their own, they can be used to create a more complete profile on a potential target for a spear-phishing attack. Customers who have had their data should expect to be contacted by T-Mobile via text message, letter, or phone call.
Source: The Hacker News
An ATM hack in India saw 944 million rupees stolen, or about $13.5 million USD, from the Indian Cosmos Bank; this attack came from over two dozen separate ATM’s in different parts of the world. This appears to be related to the ATM cash-out attempt to the FBI warned of earlier this month, and the FBI has warned that improved cyber security protocols are necessary for businesses. Getting into compliance can be difficult for companies, but it’s easier to improve now and maintain a level of security than it is to race towards it after a major incident. Cyber security is a critical aspect of business and the majority of companies ignore it or don’t enforce their policies. Multi-factor authentication is a straight-forward and easy-to-implement; it can stop simpler attacks from working and will slow down more advanced attempts.
Source: Security Magazine