Category Archives: Systems Security

Cyber supremacy! US VS RUSSIA

This all started back in 2008 when the Russians dropped of multiple USB flash drives in parking lots around US military bases located in the middle east. These flash drives were picked up and then inserted into computers inside the various bases spreading malware across the US’s machines allowing the Russians access to a secret network called SIPRNet. The network was used by the pentagon to transmit highly classified information. This was the first major cyber warfare incident pertaining two very powerful countries and it raised many questions as to how to respond to such threats.

Following multiple attacks from various countries over the years and the failure of the US Cyber Command, to deter those attacks, President Trump nominated Lieutenant General Paul Nakasone as the commander of the United States Cyber Command. This marked a new era for the organization and the way Cyber Warfare played out in the US as the lieutenant believed offense was greatly needed in order to defend.

In August of 2018, a few months after the nomination, Trump signed the National Security Presidential Memorandum 13 which basically allowed the US Cyber Command Team operate inside foreign networks without gaining presidential approval. This showed how big of a deal securing the nation’s cyber network had become, as they were indefinitely granted freedom to operate just as the military would operate independent. Once they gained this new power, the first thing they did was to go after the Russians who had attacked them multiple times over the years.

The US shutdown Russia’s Internet Research Agency who was responsible for designing many of the social media ads which impacted the 2016 elections. In addition, they hacked into the Russian Military intelligence, sending various threats to officers and hackers who had participated in the hack against the Pentagon back in 2008. But more importantly, the US recently deployed malicious code into Russia’s power grid system giving them the ability to turn off electricity supply to homes, hospitals and schools in an instant.

The goal here was mainly to deter the Russian’s from further cyber attacks against the US but this approach was basically the same strategy used during the Cold War era. With this more aggressive strategy which uses offense as a form defence, the cyber war would not slow down in anyway without set regulations agreed upon by not just Russia and the US but by every country.

Sources

https://www.nytimes.com/2019/06/15/us/politics/trump-cyber-russia-grid.html

https://www.independent.co.uk/news/world/europe/us-cyber-attack-russia-power-grid-war-kremlin-a8964506.html

Ademide Osunsina

Two Men Responsible for 2016 Hacks of Uber and Lynda.com Plead Guilty

On November 1st, two men plead guilty to charges of computer hacking and extortion conspiracy for the 2016 hacks of Uber and Lynda.com. The two men, Brandon Glover of Florida and Vasile Mereacre of Toronto, Canada, used a “custom-built” GitHub account credential tool to try already breached corporate credentials against Amazon Web Service. They eventually found credentials for Uber employees, allowing them to access data for 57 million records. The two men then anonymously contacted Uber’s Chief Security Officer using a ProtonMail email address to blackmail them. Uber agreed to pay them 100,000 dollars in Bitcoin, through a “bug bounty” program to cover up the incident. 

The two men then used the same method to access records for Lynda.com, which is owned by LinkedIn. They successfully accessed 90,000 accounts through the company’s AWS account and tried the same extortion demand they tried on Uber. Instead of paying the men, the firm decided to go public with the breach.

Uber did not escape scrutiny for trying to cover up the breach. They settled for $148 million to end the investigation into the breach. The FTC now requires Uber to submit all future privacy audits to the commission. They also had to pay a £385,000 ($424,000) settlement to the UK’s Information Commissioner’s Office. This is another case showing that covering up a data breach can be worse than the breach itself. 

Sources

Two Plead Guilty to Uber and Lynda.com Hacks

New York Times – 2 Plead Guilty in 2016 Uber and Lynda.com Hacks

SFGate – Hackers Plead Guilty in Data Breach

New York Times – Uber Settles Breach Investigation

FTC – Uber Settlement Agreement

 

Ryne Krueger

 

roll20 data breach leads to user’s accounts being sold on the dark web

On August 12, 2019 Jeffrey Lamb posted a report onto the roll20 blog saying that they are aware of the situation with a data breach and stated that there are accounts being sold on the dark web.

Jeffrey Lamb went on saying in his post that the roll20 team became aware of this data breach from finding private information of these roll20 accounts on the dark web. This happened back in February of this year.

In the blog post Jeffrey Lamb states what data was being sold on the dark web.

  • Name (both moniker and first/last as listed)
  • Email address
  • Last four digits of credit card
  • Most recent IP address
  • Salted password hashes (bcrypt)
  • Roll20 Gaming data (time played)

Each roll20 account block was being sold on the dark web marketplace for $208. Jeffrey Lamb also stated that this data breach had an effect on approximately four million users from the end of 2018.

In the aftermath of this discovery, roll20 had their legal team do an investigation on this matter. After the investigation concluded they “identified several possible vectors of attack that have since been remedied (jeff-roll20 — August 12, 2019)”. At the end of the blog post Jeffrey Lamb gave out some quick info on how a user can stay safe by changing current passwords and not sharing credentials between sites.

Apparently, the perpetrator of this data breach is an notorious hacker that already stole over 620 million user records from 16 websites. With notorious hacker hitting roll20 that adds approximately another 4 million user records.  

Links and Sources:

https://blog.roll20.net/post/186963124325/conclusion-of-2018-data-breach-investigation

By Traylin T. Drake, Oct 28, 2019

Burgerville’s data breach

At some point in 2017 or 2018, the restaurant chain Burgerville experienced a security breach. The only way Burgerville learned of the issue is when the FBI notified them on August 22 of this year. At first, it was seen as a “brief intrusion that no longer existed”. However by September 19, (almost a whole month later), the company realized that the breach was active, and was targeting customer’s financial information. Burgerville does not specify what kind of malware it was or where it was detected, though the source article adds that it could be at a point-of-sale system, where people physically swipe/scan/insert their cards.

Data that was stolen includes credit/debit card information: names, card numbers, expiration dates, and CVV security numbers. Burgerville also does not know how many people could have been affected by this, though they warn everyone who used cards from September 2017 through September 2018 to watch their accounts for false purchases. Anyone who used a card to purchase anything at any one of their locations during the last year can have their credit info compromised.

“This was a sophisticated attack in which the hackers effectively concealed all digital traces of where they have been,” states Burgerville. Although no direct evidence was given, the data breach is attributed to Fin7, also known as Carbanak group, another Eastern European hacking network that has successfully done cyberattacks on over 100 US companies.

In August, three Ukrainian members of Fin7 were arrested in Europe, where Fin7 is believed to operate. Despite the arrests, Fin7 is still actively deploying malware on corporate networks. According to the US Department of Justice, this is not the first time Fin7 has targeted a US restaurant chain. Other victims include Chipotle Mexican Grill, Chili’s, Arby’s, Red Robin, and Jason’s Deli.

Although the chain made the initial mistake of underestimating the breach, they pulled in an external cybersecurity company to stop the breach, remove malware, and take preventative measures. “The operation had to be kept confidential until it was completed in order to prevent the hackers from creating additional covert pathways into the company’s network,” Burgerville said in a written statement. Burgerville completed the operation to seal the breach on September 30.

Source articles: 

https://www.zdnet.com/article/burgerville-customer-credit-card-info-stolen-in-data-breach-laid-at-fin7s-feet/

https://www.oregonlive.com/business/index.ssf/2018/10/burgerville_reports_major_cred.html

 

Michael Abdalov

Critical Flaws Found in Amazon FreeRTOS IoT Operating System

Link

A researcher has found large flaws in the leading Real-Time Operating System, FreeRTOS. This leaves a large number of Internet of Things devices vulnerable to attack. This affects devices from refrigerators to pacemakers. Last year, Amazon took over project management and upgraded the OS for their own Amazon FreeRTOS IoT operating system. They enhanced the OS for use with their own products in the future.

There are a total of 13 vulnerabilities in FreeRTOS’s TCP/IP stack, which affect the Amazon FreeRTOS as well. These issues let hackers do just about anything they want to the target device, from executing their own code to leaking memory information. The technical details of the flaws have not been revealed to the public in order to protect the development of a fix.

-Max Swank