Security in Healthcare

According to a recent survey, Healthcare is the latest favourite of the hacking community. There’s a shortage of security professionals in the healthcare business, and while many respondents involved in tech are worried about personal records and other data, the ones who aren’t involved in tech, while worried, do not believe their corporations to have been hit.

The tech respondents have a right to be worried. Recently, it’s come to light that Healthcare experiences 340% more security attacks and incidents than any other sector, and advanced malware is suspected in 1 of every 600 attacks, making Healthcare four times more likely to be hit by advanced malware than any other sector.

There are many ways that hackers can get in. With the digitalization of patient records, as well as the addition of wearable technology, such as smart watches and smartphones, hackers are finding many new avenues to break into the system. While security for wearable technology is a separate issue, Jonathan Collins, a principal analyst for ABI Research says that they can pave the way for easier access to Healthcare records.

By Kathleen H. Justen

Man arrested for selling U.S. military data to ISIS

On Sept 15, Malaysia police arrested Ardit Ferizi, 20, who is being accused of hacking into U.S. based company, the name of this company has not been released, and stole the information of 1,300 U.S. military and government personnel. Reports have confirmed that Ferizi was in contact with senior ISIS leaders in Syria, and has also sold this information to them. The information that was stolen was home addresses, phone numbers, email addresses, passwords, and photos of these people. ISIS then posted the information on social media as a means to issue “commands” to ISIS members to attack. Ferizi is also believed that he is the leader of a hacker group called “Kosova Hacker’s Security”, his alias in the hacking community is “Th3Dir3ctorY”.

Malaysian authorities and the FBI were working together in keeping the other informed on Ferizi’s actions. Malaysian authorities received information about Ferizi from the FBI, and began monitoring him. Ferizi is currently in custody and is being held until U.S. authorities can extradite him to the states. Ferizi is being charged with identity theft, computer hacking, and possibly other charges. If charged Ferizi could face up to 35 years in prison. The information to whom it related to have been notified by the Pentagon about the leak of information.


Hackers Can Read Your Texts and Listen to Your Calls

The SS7 (Signal System 7) is used by cellphone providers to help route calls and texts, especially between providers.  Developed in the 1980’s it is now apparent that the system if woefully insecure.  German researchers have discovered vulnerabilities that allow them to manipulate built in tools to spy on anyone using the network. ie. Everyone using a phone.  These tools allow hackers to track users, listen in on phone calls, read texts, and record encrypted communication for later decryption.  That’s just the start.

Not only can hackers spy on legitimate users,they can impersonate them as well, making phone calls or sending texts for free anywhere in the world.  This is because of the universal nature of SS7.  At the time of its creation, there were very few global communication providers, so security was very lax.  There were only a few entry points. Now that there are over 800 providers using the network, it is impossible to keep everything secure.  Ciaran Bradley, chief product officer at AdaptiveMobile, which provides network security for a fifth of all mobile users in the world says,”Once you have SS7 access and a mobile phone number, you pretty much can track anyone around the world.”

Even worse than the possibility of blackhat access to a global telecom network, companies such as Verint are actually developing and marketing surveillance tools that use these vulnerabilities to anyone with the coin.  Of course, governments like the US and England already have these capabilities, but these services would any organization or government the ability to track any phone in the world, instantly.

It is unclear which governments have acquired these tracking systems, but one industry official, speaking on the condition of anonymity to share sensitive trade information, said that dozens of countries have bought or leased such technology in recent years.   

“Any tin-pot dictator with enough money to buy the system could spy on people anywhere in the world,” said Eric King, deputy director of Privacy International, a London-based activist group that warns about the abuse of surveillance technology. “This is a huge problem.”

So obviously this is huge problem, and hopefully there have been effort to fix it right?  Unfortunately, all the information in this article so far is from mid December, 2014.  According to a recent article by Positive Research Security, the result of these vulnerabilities coming to light are… numerous states from companies such as GSMA and T-Mobile stating they are,”…looking into these issues.”  Only more recently did GSMA tell The Post that,” it was due to be replaced over the next decade because of a growing list of security and technical issues.”  For obvious reasons, providers don’t want subscribers to know about these problems.  It is also believed that law enforcement agencies as well as companies like Verint around the world use the system for surveillance.

60 minutes Australia Recently did a story in which they covered the vulnerabilities, and found that no progress has been made in fixing them since their discovery. “Criminals now have access to these huge security holes to steal your data and listen in to your calls. We know telephone companies know about it, we know security agencies know about it, but nothing is being done.”

The following is a quote from a Positive Research Center report on SS7:

During testing network security, Positive Technologies experts managed to perform such attacks as discovering a subscriber’s location, disrupting a subscriber’s availability, SMS interception, USSD request forgery (and transfer of funds as a result of this attack), voice call redirection, conversation tapping, disrupting a mobile switch’s availability.

The testing revealed that even the top 10 telecom companies are vulnerable to these attacks. Moreover, there are known cases of performance of such attacks on the international level, including discovering a subscriber’s location and tapping conversations from other countries.

Common features of these attacks:

  • The intruder doesn’t need sophisticated equipment. We used a common computer with OS Linux and SDK for generating SS7 packets, which is publicly available on the web.
  • Upon performing one attack using SS7 commands, the intruder is able to perform the rest attacks by using the same methods. For instance, if the intruder managed to determine a subscriber’s location, only one step left for SMS interception, transfer of funds etc.
  • Attacks are based on legitimate SS7 messages: you cannot just filter messages, because it may have negative influence over the whole service. An alternative way to solve the problem is presented in the final clause of this research.

Read the full PDF report here.

by Mark White


Global Attacks on Mobile Networks Jeopardize Privacy and Profits

There is a technology called SS7 that was developed in the 1970s which was developed for setting up phone calls and is still used today. The SS7 network was said to be used more than the internet every day without anyone realizing it. In the past people thought of a breach in this network as a passing thought, but now people have learned that they can exploit the system by issuing commands that the system was not built to receive. Once the system is exploited the person who breached the system they has the ability to make free calls, intercept calls / text messages, and track anyone wherever they are once you have their phone number.

The article then branched out to the security flaws that are currently present in adobe’s flash reader application. There was recently a zero day vulnerability that was quickly patched, but security experts aren’t very optimistic that vulnerabilities like this one will stay sealed for long within adobe flash. The problem is that adobe flash has many different areas to attack due to it being such a complex environment, and this makes it hard to keep it secure for very long if at all. In the article it said that it was projected that adobe flash will mostly be eradicated from use in 5 years.

The article then branched out again to bring awareness on the topic of false digital certificates being issued to phishing sites. These certificates are what make the padlock appear on your browser which is supposed be another security measure, it is supposed to inform the end user that a website is “safe”. The problem though is that there is a large amount of these certificates being issued to false sites, which helps these sites trick users into revealing their information to criminals because they feel the site is safe. “Despite industry requirements for increased vetting of high-risk requests, many fraudsters slip through the net, obtaining SSL certificates for domain names such as (issued by Comodo), (issued by Symantec), and (issued by GoDaddy),” Edgecombe continued.” (TechNewsWorld). One company that was called out on issuing many of these false certificates was CloudFare, which responded by saying they have allocated resources into quickly taking down these sites once they alerted to them.


Joshua Geise — Signed

TalkTalk Attacked, Hit with Ransomware


TalkTalk announced on Thursday that they received a ransom demand following a cyberattack could of compromised customer data that includes, names, addresses, birth dates, email addresses, account information, and credit card or bank details.

TalkTalk claims they, “constantly update its systems to make sure they are as secure as possible against the rapidly evolving threat of cybercrime…” CEO Dido Harding states. Even though they “keep up” with their systems, this cyberattack is the third security breach the company has faced in the past 12 months, but TalkTalk claim the three attacks were unrelated.

“TalkTalk appears to have really fumbled both their security posture, by not encrypting customer data and not segmenting valuable data, and their response to the breach, by not having a policy for such an eventuality and not alerting authorities and customers sooner.” Jon Lindsay says, “There is no excuse for neglecting security anymore and no need for people to unplug if they demand that companies demonstrate a commitment to security,”

This breach stands out because ransomware was apart of the hack.

TalkTalk should of taken more precautions in regarding the network and databases at hand. “TalkTalk should respond in fairly standard manner to the breach,” said Webber. This includes taking the network or databases offline if possible, assessing the damage, working with law enforcement and the legal department. Then determine the access point including an insider attack or social engineering, he explained.

-Dylan Hart