State Department’s Email Compromised

The State Department’s unclassified email systems were hit by cyberattacks in recent weeks.  Sections of the system have been shut down to improve security and no classified systems were effected.  Maintenance is being performed on the system and will affect unclassified email traffic and employee access to public websites from the unclassified system, and it should be back up soon.  Analysis of the incident reports by the Department of Homeland Security show a common element of social engineering attempts.  This breach was part of the attack on the White House’s Executive Office of the President.  This is one of many breaches in the past few months.  Other incidents include the White House , the Office of Personnel Management, and just this week the U.S. Postal Service and National Oceanic and Atmospheric Administration.

The USPS said that more than 800,000 employees may have been compromised along with the information of customers who contacted the call center during the first eight months of the year.  At NOAA four agency’s websites were affected but no further information was given.

The State Department has agreed to brief lawmakers on the cyberattack.  A letter was sent to Secretary of State John Kerry on Monday from House Oversight Committee Ranking Member Elijah Cummings seeking more information by January 5 to help Congress as it considers cybersecurity laws and other ways to protect government and consumer information.  He is also seeking what the State Department is doing to improve its security since the breach.

Sources:

http://www.politico.com/story/2014/11/state-department-cybersecurity-hacking-112951.html

http://www.reuters.com/article/2014/11/17/us-cybersecurity-statedept-idUSKCN0J11BR20141117

USPS Hacker Attack

USPS, the United Stats Postal service has recently reported that hackers have been taking data from the service for over eight months. They have reported that the personal data of over eight hundred thousand employees has been taken along with 3 million customer’s data. The spokesmen for USPS, has said that there is no information that this data has been exploited.

USPS is currently working with the FBI to investigate the breach. They are also taking measurements to get better security by upgrading their current servers with added security measurements. USPS spokesmen have also said that there systems are still at risk and that the hackers may still be in the system along with malware that may be hidden and awaiting commands to activate.

There is some small speculation on who initiated the attack but USPS stated that there focus is not on who did the attack but rather protecting their systems and customers. They have offered a years worth of credit monitoring for its employees and they have recommended that customers pay attention to their bank accounts and change the passwords they use on accounts that have sensitive information.

Source: http://www.technewsworld.com/story/81337.html

Apple Masque Attack

Masque Attack exploits a flaw in Apple’s OSes that allows the replacement of one app by another so long as both apps use the same bundle identifier. All apps, except those preinstalled on iOS, such as Mobile Safari, can be replaced. The fake apps can access the original app’s local data, including log-in tokens. Among other things, they let attackers log into and loot victims’ bank accounts. The attacks work because iOS does not enforce matching certificates for apps with the same bundle identifier.FireEye researchers verified the vulnerability on both jailbroken and regular iOS devices on iOS 7.1.1, 7.1.2, 8.0, 8.1 and 8.1.1 beta. Attackers can leverage the vulnerability through wireless networks or USB ports. “Because all the existing standard protections or interfaces by Apple cannot prevent such an attack, we are asking Apple to provide more powerful interfaces to professional security vendors.” These attacks can be avoided by not downloading any apps from outside the Apple store.

Source: http://www.technewsworld.com/story/81342.html

Facebook? More like FakeBook.

Jordan omo

Csec

10/20/2014

              So in recent news there is a bit of buzz regrading certain Facebook accounts. Specifically Facebook accounts created by the DEA (Drug Enforcement Agency) and no, these are not accounts for DEA agents these are fake accounts used to catch other criminals. This is all coming to light because of a letter written by Joe Sullivan (CSO of Facebook) which states.

           “We recently learned through media reports that the Drug Enforcement Administration (“DEA”) created fake Facebook accounts and impersonated a Facebook user as part of its investigation of alleged criminal conduct unrelated to Facebook. Although we understand that the U.S. Department of Justice is currently reviewing these enforcement practices, we write to express our deep concern about the DEA’s conduct and ask that the DEA cease all activities on Facebook that involve the impersonation of others.”

          The DEA was first discovered doing this with an account created for a woman who was arrested using information from her phone. After creating the profile the officer added photo’s of the woman, and added friends on her behalf, including a man who is a known fugitive. All of these actions are in direct violation of Facebooks policies and terms of service.

Flashlight Apps do more than shine light

In our society today, many people have a great desire for instant gratification. With  technology expanding at alarming rates, consumers have grown accustomed to having the world at their finger tips at the push of a button. Cell phones are used for far more than making a quick phone call  or sending a text message. Many people in our society now use cell phones for mobile banking, GPS services and mini computers among a plethora of other utilities, including flashlights.

A group of researchers at Snoopwall—a technology solution that detects and blocks spyware and malware has found that some of  the most widely used flashlight apps are preforming tasks that far exceed the requirements of a flashlight. Many of the top flashlight apps request permission to use GPS location,modify storage, change display settings and view network connections  among other permissions that are not at all necessary for a flashlight. The Snoopwall study showed that it did not seem to be any more safe to download from google play than it was to get them from 3rd party websites as Google Play does not closely analyze the apps it puts in the market place. All of the top 10 google play flashlights executed unnecessary functions to various degrees. Apple devices were found to be at a slightly smaller risk due to the hardened operating systems of iOS 7 and 8.

Snoopwall recommends that users who have downloaded one of the potentially malicious apps delete them and depending on the permissions the app was given, reset the phone. The company also recommends that consumers  slow down and pay closer attention to the permissions that they give apps, disable GPS  and bluetooth services when not in use.

The full article can be found at: http://www.tripwire.com/state-of-security/security-awareness/spying-flashlight-apps-reveal-user-inattentiveness-to-cyber-security/

the list of permissions that some of the top apps that were tested can be found here: http://www.snoopwall.com/threat-reports-10-01-2014/

Ryan Stadtlander