Shhh… Hacked By Your Cyber-security Firm?

(Above) Photo credit: Hacked.com

Do you still have faith in cyber-security firms – recall the recent story about the Hacking Team?

Consider this: A Cyber-security firm known as Tiversa scams potential and ex-clients into memberships by hacking into their servers as a scare tactic to increase profits for Tiversa. Tiversa was brought before the Washington D.C. courthouse in May to explain their scam.

Shhh… US Government Hacks at OPM Exposed More Than 21Million People

It was much worse than previously reported: more than 21 million people were “swept up in a colossal breach of government computer systems that was far more damaging than initially thought”. Find out more from the New York Times.

Shhh… Hackers Target Database of Chinese with Ties to US Government

Check out the NYT article below.

Hackers May Have Obtained Names of Chinese With Ties to U.S. Government

By DAVID E. SANGER and JULIE HIRSCHFELD DAVISJUNE 10, 2015

WASHINGTON — Investigators say that the Chinese hackers who attacked the databases of the Office of Personnel Management may have obtained the names of Chinese relatives, friends and frequent associates of American diplomats and other government officials, information that Beijing could use for blackmail or retaliation.

Federal employees who handle national security information are required to list some or all of their foreign contacts, depending on the agency, to receive high-level clearances. Investigators say that the hackers obtained many of the lists, and they are trying to determine how many of those thousands of names were compromised.

In classified briefings to members of Congress in recent days, intelligence officials have described what appears to be a systematic Chinese effort to build databases that explain the inner workings of the United States government. The information includes friends and relatives, around the world, of diplomats, of White House officials and of officials from government agencies, like nuclear experts and trade negotiators.

“They are pumping this through their databases just as the N.S.A. pumps telephone data through their databases,” said James Lewis, a cyberexpert at the Center for Strategic and International Studies. “It gives the Chinese the ability to exploit who is listed as a foreign contact. And if you are a Chinese person who didn’t report your contacts or relationships with an American, you may have a problem.”

Officials have conceded in the briefings that most of the compromised data was not encrypted, though they have argued that the attacks were so sophisticated and well hidden that encryption might have done little good.

The first attack, which began at the end of 2013 and was disclosed in the middle of last year, was aimed at the databases used by investigators who conduct security reviews. The investigators worked for a contracting firm on behalf of the Office of Personnel Management, and the firm was fired in August.

The broader attack on the personnel office’s main databases followed in December. That attack, announced last week, involved the records of more than four million current and former federal employees, most of whom have no security clearances.

White House and personnel office officials have provided few details about the latest breach. But the Department of Homeland Security has been telling outside experts and members of Congress that it regards the detection of the attack as a success, because it made use of new “signatures” of foreign hackers, based on characteristics of computer code, to find the attack.

In a statement, the personnel office said Wednesday that “it was because of these new enhancements to our IT systems that O.P.M. was able to identify these intrusions.” But the detection happened in April, five months after the attack began.

The list of relatives and “close or continuous contacts” is a standard part of the forms and interviews required of American officials every five years for top-secret and other high-level clearances, and government officials consider the lists to be especially delicate.

In 2010, when The New York Times was preparing to publish articles based on 250,000 secret State Department cables obtained by WikiLeaks, the newspaper complied with a request by the department to redact the names of any Chinese citizens who were described in the cables as providing information to American Embassy officials. Officials cited fear of retaliation by the Chinese authorities.

Officials say they do not know how much of the compromised data was exposed to the Chinese hackers. While State Department employees, especially new ones, are required to list all their foreign friends, diplomats have so many foreign contacts that they are not expected to list them all.

But other government officials are frequently asked to do so, especially in interviews with investigators. The notes from those interviews, conducted by a spinoff of the personnel office called the United States Investigative Service, were obtained by hackers in the earlier episode last year.

Intelligence agencies use a different system, so the contacts of operatives like those in the C.I.A. were not in the databases.

But the standard form that anyone with a national security job fills out includes information about spouses, divorces and even distant foreign relatives, as well as the names of current or past foreign girlfriends and boyfriends, bankruptcies, debts and other financial information. And it appears that the hackers reached, and presumably downloaded, images of those forms.

“I can’t say whether this was more damaging than WikiLeaks; it’s different in nature,” said Representative Adam B. Schiff, a California Democrat who is a member of the House Intelligence Committee, which was briefed by intelligence officials, the Department of Homeland Security and the personnel office on Tuesday. Mr. Schiff, who declined to speak about the specifics of the briefing, added, “But it is certainly one of the most damaging losses I can think of.”

Investigators were surprised to find that the personnel office, which had already been so heavily criticized for lax security that its inspector general wanted parts of the system shut down, did not encrypt any of the most sensitive data.

The damage was not limited to information about China, though that presumably would have been of most interest to the hackers. They are likely to be particularly interested in the contacts of Energy Department officials who work on nuclear weapons or nuclear intelligence, Commerce Department or trade officials working on delicate issues like the negotiations over the Trans-Pacific Partnership, and, of course, White House officials.

In a conference call with reporters on Wednesday, Senator Angus King, an independent from Maine on both the Intelligence Committee and the Armed Services Committee, called for the United States to retaliate for these kinds of losses. “Nation-states need to know that if they attack us this way, something bad is going to happen to their cyberinfrastructure,” he said.

But Mr. King said he could not say if the attacks on the personnel office were state-sponsored, adding, “I have to be careful; I can’t confirm the identity of the entity behind the attack.” The Obama administration has not formally named China, but there has been no effort to hide the attribution in the classified hearings.

The scope of the breach is remarkable, experts say, because the personnel office apparently learned little from earlier government data breaches like the WikiLeaks case and the surveillance revelations by Edward J. Snowden, both of which involved unencrypted data.

President Obama has said he regards the threat of cyberintrusions as a persistent challenge in a world in which both state and nonstate actors “are sending everything they’ve got at trying to breach these systems.”

The problem “is going to accelerate, and that means that we have to be as nimble, as aggressive and as well resourced as those who are trying to break into these systems,” he said at a news conference this week.

The White House has stopped short of blaming Katherine Archuleta, the director of the personnel office, for the breach, emphasizing that securing government computer systems is a challenging task.

Correction: June 10, 2015

An earlier version of a photo caption with this article misstated the name of the federal office building where employees handle national security information are required to list their foreign contacts. It is the Office of Personnel Management building, not Office of Personal Management.

Matt Apuzzo contributed reporting.

Shhh… Turning the White House into a Russian House?

Photo (above) credit: http://www.freakingnews.com

Here’s a breaking news (below) from the CNN:

WhiteHouse-Russian

How the U.S. thinks Russians hacked the White House

By Evan Perez and Shimon Prokupecz, CNN
Updated 0037 GMT (0737 HKT) April 8, 2015

Washington (CNN)Russian hackers behind the damaging cyber intrusion of the State Department in recent months used that perch to penetrate sensitive parts of the White House computer system, according to U.S. officials briefed on the investigation.

While the White House has said the breach only affected an unclassified system, that description belies the seriousness of the intrusion. The hackers had access to sensitive information such as real-time non-public details of the president’s schedule. While such information is not classified, it is still highly sensitive and prized by foreign intelligence agencies, U.S. officials say.

The White House in October said it noticed suspicious activity in the unclassified network that serves the executive office of the president. The system has been shut down periodically to allow for security upgrades.

The FBI, Secret Service and U.S. intelligence agencies are all involved in investigating the breach, which they consider among the most sophisticated attacks ever launched against U.S. government systems. ​The intrusion was routed through computers around the world, as hackers often do to hide their tracks, but investigators found tell-tale codes and other markers that they believe point to hackers working for the Russian government.

National Security Council spokesman Mark Stroh didn’t confirm the Russian hack, but he did say that “any such activity is something we take very seriously.”

“In this case, as we made clear at the time, we took immediate measures to evaluate and mitigate the activity,” he said. “As has been our position, we are not going to comment on [this] article’s attribution to specific actors.”

Neither the U.S. State Department nor the Russian Embassy immediately responded to a request for comment.

Ben Rhodes, President Barack Obama’s deputy national security adviser, said the White House’s use of a separate system for classified information protected sensitive national security-related items from being obtained by hackers.

“We do not believe that our classified systems were compromised,” Rhodes told CNN’s Wolf Blitzer on Tuesday.

“We’re constantly updating our security measures on our unclassified system, but we’re frankly told to act as if we need not put information that’s sensitive on that system,” he said. “In other words, if you’re going to do something classified, you have to do it on one email system, one phone system. Frankly, you have to act as if information could be compromised if it’s not on the classified system.”

To get to the White House, the hackers first broke into the State Department, investigators believe.

The State Department computer system has been bedeviled by signs that despite efforts to lock them out, the Russian hackers have been able to reenter the system. One official says the Russian hackers have “owned” the State Department system for months and it is not clear the hackers have been fully eradicated from the system.

As in many hacks, investigators believe the White House intrusion began with a phishing email that was launched using a State Department email account that the hackers had taken over, according to the U.S. officials.

Director of National Intelligence James Clapper, in a speech at an FBI cyberconference in January, warned government officials and private businesses to teach employees what “spear phishing” looks like.

“So many times, the Chinese and others get access to our systems just by pretending to be someone else and then asking for access, and someone gives it to them,” Clapper said.

The ferocity of the Russian intrusions in recent months caught U.S. officials by surprise, leading to a reassessment of the cybersecurity threat as the U.S. and Russia increasingly confront each other over issues ranging from the Russian aggression in Ukraine to the U.S. military operations in Syria.

The attacks on the State and White House systems is one reason why Clapper told a Senate hearing in February that the “Russian cyberthreat is more severe than we have previously assessed.”

The revelations about the State Department hacks also come amid controversy over former Secretary of State Hillary Clinton’s use of a private email server to conduct government business during her time in office. Critics say her private server likely was even less safe than the State system. The Russian breach is believed to have come after Clinton departed State.

But hackers have long made Clinton and her associates targets.

The website The Smoking Gun first reported in 2013 that a hacker known as Guccifer had broken into the AOL email of Sidney Blumenthal, a friend and advisor to the Clintons, and published emails Blumenthal sent to Hillary Clinton’s private account. The emails included sensitive memos on foreign policy issues and were the first public revelation of the existence of Hillary Clinton’s private email address​ now at the center of controversy: hdr22@clintonemail.com. The address is no longer in use.

Wesley Bruer contributed to this report

Shhh… Did Obama Know What He's Doing When He Signed the new Executive Order on Cybercrimes?

Was that a brainfart?

President Barack Obama signed an executive order Wednesday that permits the US to impose economic sanctions on individuals and entities anywhere in the world for destructive cyber-crimes and online corporate espionage – see the Bloomberg article below.

Now what’s this about? An all-out effort on cyber-criminals or just plain window dressing?

For all their abilities to trace the attacks right down to the identities of the hackers, have the US authorities been able to do anything? Recall the Mandiant Report two years ago that allegedly traced Chinese hackers down to the very unit of a military base in Shanghai?

Hackers-Chinese

Recall also the five Chinese military hackers (above) on the FBI wanted list last year? Where has that led to (see video clip below)? And what about the alleged North Korean hacks on Sony Pictures?

With all good intent and seriousness to go on the offensive, Obama has yet to put his words into action on this front…


Hackers, Corporate Spies Targeted by Obama Sanctions Order

by Justin SinkChris Strohm

President Barack Obama signed an executive order Wednesday allowing the use of economic sanctions for the first time against perpetrators of destructive cyber-attacks and online corporate espionage.

That will let the Treasury Department freeze the assets of people, companies or other entities overseas identified as the source of cybercrimes. The federal government also will be able to bar U.S. citizens and companies from doing business with those targeted for sanctions.

“Cyberthreats pose one of the most serious economic and national security challenges to the United States,” Obama said in a statement. “As we have seen in recent months, these threats can emanate from a range of sources and target our critical infrastructure, our companies and our citizens.”

Under the order, sanctions only will be used if a cyber-attack threatens to harm U.S. national security, foreign policy or the broader economy. It’s aimed at cybercriminals who target critical infrastructure, disrupt major computer networks, or are involved in the “significant” theft of trade secrets or intellectual property for competitive advantage or private financial gain.

Data Breaches

The administration is using the threat of sanctions to help prevent large-scale data theft after breaches at major U.S. corporations, including retailer Target Corp., health-insurer Anthem Inc. and home-improvement chain Home Depot Inc. It’s also a recognition that companies are facing increasingly destructive attacks, such as the hack against Sony Pictures Entertainment that crippled thousands of computers and delayed release of a comedy movie.

Sanctions imposed under the executive order will help disrupt the operations of hackers who may be in countries outside the reach of U.S. law enforcement, John Carlin, U.S. assistant attorney general for national security, said in a phone interview.

Banks and other companies connected to the U.S. financial system will be required to prohibit sanctioned hackers and entities from using their services, cutting them off from valuable resources, Carlin said.

“It’s a new powerful tool and we intend do to use it,” Carlin said. “It has the capability to significantly raise the cost for those who steal or benefit through cybercrime.”

Transcends Borders

The unique aspect of the executive order is that it allows the U.S. to impose sanctions on individuals or entities over hacking attacks regardless of where they are located, White House Cybersecurity Coordinator Michael Daniel told reporters on a conference call. While other sanctions are tied to a particular country or group of persons, hacking attacks transcend borders.

“What sets this executive order apart is that it is focused on malicious cyber-activity,” Daniel said. “What we’re trying to do is enable us to have a new way of both deterring and imposing costs on malicious cyber-actors wherever they may be.”

The order is a signal of the administration’s “clear intent to go on offense against the full range of very serious cyberthreats that are out there,” said Peter Harrell, the former principal deputy assistant secretary for sanctions at the State Department.

“This is a message that if folks around the world don’t cut out these activities, they’re going to find themselves cut off from the American banking system,” Harrell said in an interview.

Hidden Identities

Harrell said there are potential stumbling blocks to effective implementation. For one, hackers work hard to conceal their identity. Even though the U.S. and private companies have improved their ability to trace attacks, attribution can sometimes be difficult.

Daniel acknowledged that determining who is actually behind hacking attacks is still a challenge but said the U.S. is getting better at it.

In other cases, diplomatic considerations may be at play. The administration’s decision in 2014 to file criminal charges against five members of the Chinese military over their role in cyber-espionage strained relations with Beijing.

In January, Obama authorized economic sanctions against 10 North Korean officials and government entities in connection with the Sony attack. The North Korean government has denied any involvement in the Sony case.

Overseas Governments

Harrell said the use of sanctions can provide leverage as the U.S. registers complaints with governments overseas about cyber-attacks. Targeted use of the new sanctions powers also may help deter criminals.

“A number of these cyber-attacks are organized by fairly significant actors out there — large hacking collectives, or organized by foreign intelligence agencies,” Harrell said. “They all have real potential costs if they were put on sanctions lists.”

The Obama administration has been under pressure to take action to help companies protect their networks from cyber-attacks. In early March, Premera Blue Cross announced that hackers may have accessed 11 million records, including customer Social Security numbers, bank account data and medical information.

Home Depot in September said 56 million payment cards and 53 million e-mail addresses had been stolen by hackers. And just days earlier, JPMorgan Chase & Co. announced a data breach affecting 76 million households and 7 million small businesses.

The highest-profile breach, however, may have been the hacking of Sony Pictures. The U.S. government said North Korean hackers broke into the studio’s network and then exposed e-mails and private employment and salary records. U.S. authorities said it was in retaliation for plans to release “The Interview,” a satirical film depicting the assassination of leader Kim Jong Un.

Shhh… The Why's, How's and What's of Hacks into Health Insurance Companies Like Anthem and Premera

It should come as no surprise that health insurance companies store lots, lots more sensitive and personal information about their clients than banks and credit card companies and it certainly doesn’t help when they were not taking cybersecurity seriously, as the recent hacks on Anthem and Premera (article below) have highlighted.

And what’s going to happen to these clients following the (Anthem and Premera) hacks? Watch the video clips below.

The disturbing truth behind the Premera, Anthem attacks

March 24, 2015 | By Dan Bowman

As details continue to emerge following the recent hack attacks on payers Anthem and Premera–in which information for close to 90 million consumers combined may have been put at risk–perhaps the most disturbing revelation of all is that, in both instances, neither entity appears to truly take security seriously.

Premera, for instance, knew three weeks prior to the initial penetration of its systems in May 2014 that network security issues loomed large. A report sent by the U.S. Office of Personnel Management’s Office of Inspector General detailed several vulnerabilities, including a lack of timely patch implementations and insecure server configurations.

The findings were so bad, they prompted OPM to warn Premera, “failiure to promptly install important updates increases the risk that vulnerabilities will not be remediated and sensitive data could be breached.” In addition, OPM told the Mountlake Terrace, Washington-based insurer that failure to remove outdated software would increase the risk of a successful malicious attack on its information systems.

“Promptly” to Premera apparently meant eight months down the road. And one month after its self-imposed Dec. 31, 2014, deadline to resolve its issues, guess what the payer found?

Just imagine how much damage could have been spared had Premera acted with more haste.

In Anthem’s case, negligence continues to persist. The nation’s second-largest payer has refused to allow a federal watchdog agency to perform vulnerability scans and compliance tests on its systems in the wake of its massive hack attack. It also prevented auditors from adequately testing whether it appropriately secured its computer information systems during a 2013 audit, citing corporate policy prohibiting external entities from connecting to the Anthem network.

Corporate policy is all well and good, but it’s not going to mean squat to a consumer two years from now when Anthem’s complimentary credit monitoring wears off and the hackers begin wading through the treasure trove of stolen information. As one of those consumers, it would be nice to hear Anthem take the advice Shaun Greene, chief operating officer of Salt Lake City-based Arches Health Plan, who told my colleague Brian Eastwood last month that payers should hire third parties to conduct HIPAA risk assessments.

“That way, you avoid internal posturing and receive objective feedback,” Greene said.

Following last summer’s massive Community Health Systems breach–and on the heels of other high-profile cybersecurity attacks–it appeared earlier this year that the healthcare industry was finally starting to truly prioritize information protection.

That’s not to say that the majority of the industry doesn’t take such matters seriously. But it’s disappointing to see that some of its biggest players seem to feel differently. – Dan (@Dan_Bowman and @FierceHealthIT)