These Technology IT Security links are part of a weekly series, Ethical Hacker Roundup, featuring the information security and cyber security related articles that we’ve read over and thought worth sharing from the past week.
Twitter announced on February 1 that it detected “unusual access patterns” on its network, which pointed to attackers gaining access to data from perhaps 250,000 users. One live attack was discovered and quickly shut down. But apparently hackers still made off with usernames, e-mail addresses, session tokens and encrypted/salted password strings. Twitter reset passwords and revoked session tokens for the compromised accounts.
In its official response, Twitter said, “This attack was not the work of amateurs, and we do not believe it was an isolated incident. The attackers were extremely sophisticated, and we believe other companies and organizations have also been recently similarly attacked. For that reason we felt that it was important to publicize this attack while we still gather information, and we are helping government and federal law enforcement in their effort to find and prosecute these attackers to make the Internet safer for all users.”
This attack, along with breaches at The New York Times, The Wall Street Journal and other organizations, could signal “a new wave” of sophisticated – and very possibly related — cyberattacks that even robust security defenses cannot thwart. If this is not an isolated incident, then more publications and financial and political institutions are likely to be attacked in the near future. Analysis indicates that “accounts with high levels of influence,” such as journalists and elected officials, may have been targeted.
According to Gartner security analyst Avivah Litan “The implication is that hackers are politically motivated, come from foreign nations, and are from societies where free speech is not a constitutional right. They are spying on their citizenry, trying to exfiltrate sensitive and confidential information concerning their nation’s activities and stealing information for financial gain. This has grave consequences on our ability to exercise free speech in the United States since that speech can be used against us in unpredictable ways.”
While proof that agencies within the Chinese government and military are behind recent cyberattacks against The New York Times, The Wall Street Journal, Twitter and other US media is not yet indisputable, the circumstantial evidence is mounting. Experts are concerned that China’s new leadership and the makeup of its current government will mean that politically motivated cyber-strikes emanating from China will escalate.
China’s businesses (many of which are state-owned) can also benefit financially from its government’s hack attacks, to the extent that these organizations lack the ethics to refrain from using ill-gotten data. Meanwhile, the Chinese military is “building infrastructure for cybernetwork operations at a prodigious rate.”
Organizations targeted by Chinese cyber-offensives in recent years include the United Nations; various government agencies in the US and elsewhere; US government satellites; the US Chamber of Commerce; oil and gas companies in the US, Europe and elsewhere; Google, Nortel Networks and other US high-tech companies; His Holiness the 14th Dalai Lama; and Chinese human rights groups.
US government agencies and companies are understandably reluctant to condemn the Chinese because of the importance of trade relations between the two countries. But a growing intensity of advanced persistent threats originating in China cannot be ignored – especially not by businesses that need to protect their data and plan for remediation in the event their defenses are breached.
Shortly after its mortifying attacks that turned the US Sentencing Commission website into a playable version of Asteroids, the hacktivist collective Anonymous successfully breached the Federal Reserve’s Emergency Communications System, which is used to communicate with banks in emergencies, such as natural disasters and terrorist acts. The hackers claim to have compromised the credentials of some 4,000 bankers.
According to “the Fed,” the information was obtained by exploiting “a temporary vulnerability in a website vendor product. The exposure was fixed shortly after discovery and is no longer an issue. This incident did not affect critical operations of the Federal Reserve System.”
No financial or monetary policy data was on the breached system. The data released by Anonymous contains the names and workplaces of employees at banks, credit unions and other lenders, as well as mobile phone numbers and computer login names and passwords.
There are a variety of other security assessments that we can perform that will help you know you’re secure and prove you’re compliant. We have the right combination of Information Security/Compliance domain expertise, technology industry knowledge and experience, and organizational character to help you define and execute on the best course of action. See how we can help.