Fired Chicago Schools Employee Causes Data Breach

Recently, a temporary worker at Chicago Public Schools was fired from her job and is alleged to have stolen a personal database in retaliation. The personal database contained the information of approximately 70,000 people. The information which was stolen included, names, employee ID numbers, phone numbers, addresses, birth dates, criminal histories, and any records associating individuals with the Department of Children and Family services.

She allegedly copied the database then proceeded to delete it from the Chicago Public School’s system. Those affected by this breach included employees, volunteers and others affiliated with Chicago Public Schools. Luckily, the breach was discovered before any information was used or spread in any way by the former employee. The individual is now being charged with one felony count of aggravated computer tampering/disrupting service and four counts of identity theft.

This incident is an example of a very essential part of computer security, no matter how many security measures are put in place to guard a system somebody, like a disgruntled employee, can still cause a security breach. The lesson to be learned is to keep a close eye on employees, especially those which show red flags, and to be careful what data/databases certain employees are authorized to use, view and modify.

Written by: Craig Gebo

Source: https://www.securitymagazine.com/articles/89553-fired-chicago-schools-employee-causes-data-breach

Apple User Data Site

Apple has recently released the initial version of a new website that will allow their users to check what personal information has been collected by Apple. This comes after an interview with Tim Cook in March where he said: “We’ve never believed that these detailed profiles of people that have incredibly deep personal information that is patched together from several sources should exist”. This website would add an unprecedented level of transparency for a company of this size. Despite this transparency and their apparent aversion to not making their customers products Apple still collects a wide variety of user information ranging from calendars and contacts to entire documents and photos. The website has already been tested in the EU to make sure it passed all of the privacy regulations that are present there. Their intentions do seem pure at least for right now. As part of the recently released iOS 12, Apple added features which help block targeted ads based on shopping or search history. Apple has continued to be very active in trying to push regulations regarding privacy across the globe. Even though they are making it harder for other companies to get personal information and allowing you to see your own they are continuing to collect and store that same information.

-Evan Schimberg

Iranian Hackers Steal Academic Research Papers From Over 70 Universities

By: Brent Burgess                                                                                                                9/18/201

Around three weeks ago SecureWorks, a cybersecurity research group, discovered a massive phishing scheme that has been recently targeting many universities. This phishing attack has targeted over 76 universities in 14 countries, including Australia, Canada, China, Israel, Japan, Switzerland, Turkey, the United Kingdom, and the United States. Most of these spoof sites had domains which attempted to replicate the universities’ library pages, getting access to accounts attempting to enter their library resources, and obtaining 31 terabytes of academic knowledge. When the information was entered, they were redirected to the actual university library site where they either were signed in or asked to repeat their credentials. The 16 domains were created between May and August of this year. Many of these stolen research papers were then sold by texting an encrypted message to WhatsApp or Telegram.

These phishing attacks were found to be perpetrated by the Cobalt Dickens hacking group which has been found to be closely associated with the Iranian government. In March of this year, the United States had indicted the Mabna hacking group and nine members in connection with the group. This group’s previous attacks appeared to have the same infrastructure as the Cobalt Dickens attacks, implying some of the same members were involved. These universities which create cutting-edge research are high priority targets due to the value of their information presents as well as the difficulty of securing them. This hack has taken place shortly after the United States decided to re-establish economic sanctions with the United States implying a potential political motivation.

“This widespread spoofing of login pages to steal credentials reinforces the need for organizations to incorporate multi-factor authentication using secure protocols and          implement complex password requirements on publicly accessible systems.”                  -SecureWorks

Sources:

https://www.zdnet.com/article/iran-hackers-target-70-universities-in-14-countries/ https://www.express.co.uk/news/world/1017903/US-sanctions-Iran-hackers-nuclear-power-cybersecurity-donald-trump/                                    https://www.securityweek.com/iranian-hackers-target-universities-large-attack-campaign-secureworks                                                https://www.secureworks.com/blog/back-to-school-cobalt-dickens-targets-universities

 

 

Crypto-jacking on Government Official Websites.

About a month ago it was discovered that there was a vulnerability being exploited on a browser plug-in called, Browsealoud. Browsealoud is a website plugin, developed by the company TextHelp, that adds speech, reading, and translation to websites, in an effort  to help those with dyslexia and other conditions.  Hackers injected a crypto-mining script on a Java file within the Browsealoud library. The script would mine the currency ‘monero’. Since the hackers attacked Browsealoud itself and not the individual websites, all the websites that were using Browsealoud (nearly 4000) were infected.  Some of the websites included  UK’s ICO (Information Commissioner’s Office) and NHS (National Health Service) and US’ federal judiciary. When someone visited a website using the plugin, the script would run and use the visitors CPU to begin mining.

Crytpo-mining is something to be wary about especially with the rise of Bitcoin and other cryptocurrencies. The hackers simply just wanted an easy way to mine more currency for themselves whether or not it was legally. There reason for doing this comes back to the acronym ‘MEECES’ which stands for money, ego, entertainment, cause, entrance, status. The attackers were just looking for some money in this case because as of now it is unknown who injected the script. It was very fortunate, with the information as of now, that no information of the users who used the website was stolen, and only were used to mine cryptocurrency.

Websites now should use more caution when implementing plugins to there website. Every company should have people testing for vulnerabilities within their services and should submit proof of this to their customers. In the future we need to become more aware of ways our websites and services can become vulnerable and the risks we take using them.

– Jordan Disciglio

Souces:
https://viraldocks.com/cryptojacking-attack-hits-4000-websites/

https://www.theguardian.com/technology/2018/feb/12/cryptojacking-attack-hits-australian-government-websites

Russian Government Cyber Attacks Targeting Critical US Infrastructure

In this modern, technology-run day-and-age, the use of cyber hacking by one nation against another is an increasingly frequent method of attack. The United States Computer Emergency Readiness Team in joint with the DHS and FBI recently released a report outlining specific types of attacks they have identified being used by the Russian government targeting the U.S. government as well as “organizations in the energy, nuclear, commercial facilities, water, aviation, and critical manufacturing sectors”. They have also confirmed that these attacks have been ongoing since at least March of 2016.

One type of attack uses spear phishing emails containing Microsoft Word files loaded with a malicious script. These script first installs some credential-harvesting tools like Hydra and CrackMapExec. Then, it attempts to retrieve a file on a server via SMB request. By doing so—whether or not the file exists—an authentication request is typically prompted to the user before continuing. At this point, the script will capture the hash of the user’s credentials, and make an attempt to extract the full username and password using the aforementioned tools installed on the machine.

Another type of attack again used phishing to obtain credentials via a link in a falsified .pdf contract agreement. Users were directed to follow a link in the document to enter their email address and password in order to agree to the service contract. Once the credentials were in hand, attackers used them to attempt to gain access to the internal systems of these important infrastructure institutions. A back-door was installed to allow persistent access, and attackers could then modify firewall settings and Windows registry keys.

The release of this information is significant in two ways. First, it is just another example as to the extreme importance of vigilant cyber security awareness and practice. Both of these attacks rely on the ignorance and thoughtlessness on the side of the end-user to gain access into the system. Whether it’s opening unsolicited Microsoft Word documents or agreeing to unfamiliar (and unofficial) contracts, both scenarios rely on users divulging their credentials without suspicion as to whether the requesting source is legitimate.

Second, it is another example of the changing landscape of cyber security and cyber hacking as it continues to be used more frequently by governments as a weapon against other nations. Now more than ever is cyber security conversation and awareness important for all people as we enter an age of online warfare.

— Brendon Stowe
Student, R•I•T
Web & Mobile Computing


Source:
Russian Government Cyber Activity Targeting Energy and Other Critical Infrastructure Sectors