Fired Chicago Schools Employee Causes Data Breach

Recently, a temporary worker at Chicago Public Schools was fired from her job and is alleged to have stolen a personal database in retaliation. The personal database contained the information of approximately 70,000 people. The information which was stolen included, names, employee ID numbers, phone numbers, addresses, birth dates, criminal histories, and any records associating individuals with the Department of Children and Family services.

She allegedly copied the database then proceeded to delete it from the Chicago Public School’s system. Those affected by this breach included employees, volunteers and others affiliated with Chicago Public Schools. Luckily, the breach was discovered before any information was used or spread in any way by the former employee. The individual is now being charged with one felony count of aggravated computer tampering/disrupting service and four counts of identity theft.

This incident is an example of a very essential part of computer security, no matter how many security measures are put in place to guard a system somebody, like a disgruntled employee, can still cause a security breach. The lesson to be learned is to keep a close eye on employees, especially those which show red flags, and to be careful what data/databases certain employees are authorized to use, view and modify.

Written by: Craig Gebo

Source: https://www.securitymagazine.com/articles/89553-fired-chicago-schools-employee-causes-data-breach

New Laws for Security in the UK Energy Industry

Due to the rapid development and advancement of technology, laws have had a hard time keeping up with modern practices and problems. Increasingly more industries have started to include some connection to the Internet of Things, thus providing more opportunities for hackers to attack. One such industry is the energy industry. Currently, the UK is in the process of developing laws to ensure a certain amount of security is implemented by energy companies. These laws will require that the energy companies put particular measures in place in order to protect sensitive personal data. One aspect of these laws is that the process for reporting a company’s compliance will be more involved, and require the company to show how they are meeting the requirements, not just say that they are. Consequences of not complying with these regulations will be in the form of fees based on either a flat rate or an amount based off of their global turnover depending on the size of the company.

While this does place more burden on the companies in terms of forcing them to invest in security properly, one aim of these laws is actually beneficial to them. These laws aim to increase public trust in industries using network connections. This past year, the UK has seen a great increase in attacks compared to previous years, which has taken a toll on the confidence the public has in online security. Therefore, this law hopes to help push companies to increase their protection and save them from attacks which will not only lead to stolen customer data but also to a drop in public confidence.

~Rebecca Medina

Source: http://www.powerengineeringint.com/articles/print/volume-26/issue-2/features/the-cybersecurity-laws-you-must-know.html

Tesla’s Cloud Server Hacked to Mine Cryptocurrency

Tesla has fallen victim to the recent wave of cryptojacking, or the use of someone else’s computing power to mine for cryptocurrencies. Last month, the cloud monitoring and defense firm Red Lock discovered the mining malware was being run on Tesla’s AWS infrastructure. Red lock discovered the hack while scanning for misconfigured cloud servers. They discovered that an open server that was running a Kubernetes, an administrative console for cloud application management, which was mining cryptocurrency.

How did this breach occur? The Kubernetes console wasn’t password protected, meaning that it could have actually been accessed by anyone. One of the containers within that console contained login credentials for  Tesla’s AWS cloud environment. From that point the attackers just logged in and deployed their mining scripts. It is unknown how long the mining was going on for, as the attackers hid themselves well. Since the mining occurred on a large cloud server, where power consumption is already quite high, the mining didn’t cause a significant change that would alert suspicion. The attackers also used their own mining server, communicated over an unusual IP port, encrypted all communications, and used a proxy server.

However, Tesla claims that customer privacy or vehicle safety was not compromised in any way. They also said that the impact seemed only to be in engineering test cars only. The hack was submitted by Red Lock through Tesla’s bug bounty program and they were awarded just over $3,000 which they donated to charity.

What can we make of this? Because of the sophistication of these attacks, you can assume that since hackers are “lazy” that the basic security measures are doing their jobs. But this also means that with the rise of cryptocurrency value, the payoff is becoming worth it to invest so much resources and effort to pull off a sophisticated hack on a major corporation. Organizations with cloud servers are being targeted more than ever and not all of them are prepared for it.

Owen Ryan

Sources:

https://www.wired.com/story/cryptojacking-tesla-amazon-cloud/

http://www.bbc.com/news/technology-43140005

Breach in Equifax

Equifax is one of three credit report agency who keeps financial data on many individuals throughout the United States. Between May and July of last year, hackers stole nearly half the U.S populations’ Social Security numbers, birthdays, driver’s licence numbers, and addresses from Equifax. The Wall Street Journal, now reports that stolen data also included tax identification numbers and driver’s license states and issuance dates, as well as some email addresses. The severity of the damage is enormous considering that hackers can use this information to open bank accounts, lines of credit, a home in their name, take car loans, and even take your tax refund without the victim’s knowledge. Furthermore, it makes it easier from them to impersonate you due to the fact that most of the information leaked is nearly impossible to change for all 145 million people.

Equifax was notified by Homeland security before the breach, alerting them that there was a critical vulnerability in their web application software, named Apache Struts, that was used to breach the system. However the person who received this information “forgot” to let the company that the software needed to be patched and updated. It is quite interesting that they still don’t know who hacked Equifax and, even more interesting that barely anyone is even asking the question anymore.

Till today Equifax is still investigating the breach with government officials. However, Sen. Elizabeth Warren released a report this week on the breach, calling on Congress to crack down on credit reporting agencies. “[The breach] showed how a lack of oversight and accountability from credit reporting companies played a key role in the largest credit consumer data breach in history,” Warner said in a statement to The Hill. Despite the damage caused by the cyber-security attack, not much has changed in Congress towards breaking down on credit agencies or improving data security systems.

Sources:

https://www.msn.com/en-us/news/technology/the-equifax-hack-exposed-more-data-than-previously-reported/ar-BBIZAbV?OCID=ansmsnnews11

http://thehill.com/policy/technology/373198-dem-call-for-more-action-on-equifax-hack

https://www.vox.com/policy-and-politics/2018/2/7/16984522/elizabeth-warren-equifax-data-breach-cfpb

-Noor Mohammad

Oracle Identity Manager Hacked through a Critical Flaw

 

Based in Redwood, California, Oracle Corporation is the largest software company whose primary business is database products. Historically, Oracle has targeted high-end workstations and minicomputers as the server platforms to run its database systems. Its relational database was the first to support the SQL language, which has since become the industry standard.

A exploit was found in Oracle’s identity management system. This exploix has been marked as CVE-2017-10151, it has been assigned the highest CVSS score of 10 and is easy to exploit without any user interaction.

This CVE is due to a security loophole involving a default account that allows an unathenticated attacker on the same network to compromise the Oracle Identity Manager through HTTP.

The full details of this vulnerability have not yet been released by Oracle.

“This vulnerability is remotely exploitable without authentication, i.e., may be exploited over a network without requiring user credentials,” Oracle’s advisory reads.

The easily exploitable vulnerability affects Oracle Identity Manager versions 11.1.1.7, 11.1.1.9, 11.1.2.1.0, 11.1.2.2.0, 11.1.2.3.0 and 12.2.1.3.0.

Oracle has already released patches for all versions of the products that were affected by this CVE. all users should update to the latest version of Oracle to patch the vulnerability before a hacker has the chance to exploit it.

Justin Palmer

Sources:

https://thehackernews.com/2017/10/oracle-identity-manager.html

https://www.oracle.com/index.html