Friday Five: 12/16 Edition
It's Friday! Catch up on the latest infosec headlines with our weekly news roundup.
1. The Perfect Weapon: How Russian Cyberpower Invaded the U.S. by Eric Lipton, David E. Sanger and Scott Shane
Over a year before the November elections, FBI officials had called the DNC, reporting that at least one computer system had been compromised by “the Dukes”, a group of hackers linked to the Russian government. Intelligence officials believe that the cyber warfare campaign that disrupted the 2016 elections began as just information-gathering but eventually turned into an anti-Clinton, pro-Trump effort. Unfortunately, both the FBI and the DNC failed to grasp the gravity of the summer/fall 2015 hack and allowed Russian hackers to roam around the network for months before stricter security protocols were adopted. DNC employees were hit with phishing email after phishing email, resulting in mountains of emails being stolen and dumped. While the goal is not 100% clear, the Russian hacking was successful in undermining the US election process, helping Trump get elected, and damaging Clinton’s reputation. Read more on The Times’ deep investigation into the Russian operation.
In September, Yahoo disclosed a 500 million account breach. The world has now learned of a separate attack, comprising of one billion accounts, to become the largest known hack ever. This distinct hack happened in August 2013 and stolen data includes names, emails, phone numbers, birthdays, hash passwords and security questions and answers. The company doesn’t believe any financial data was stolen but the stolen data is more than enough to come up with phishing campaigns. Reset your passwords and security questions; however, given that this hack happened three years ago, the damage has been done. For more on the mega breach, read the full article.
Popcorn Time is a new ransomware that locks your computer files until you pay the ransom or you can spread the malware to two other people and get a free decryption key once they’ve both paid the ransom. Make sure you enter the decryption key right though; according to a report, if you keep entering the wrong decryption code, your files become permanently locked. The perpetrators are claiming to be Syrians using the ransomware as a means to make money for food, shelter, and medicine, but take that with a grain of salt. For more info, head to ZDNet.
The U.S. Election Assistance Commission, which works to ensure the security of voting machines, was hacked after the November elections. Russian-speaking “Rasputin” was selling log-in credentials of more than 100 people, including those with admin privileges, at the EAC. What’s alarming is that the successful hack was not sophisticated. He used a well-known and preventable SQL injection. The EAC handles reports of voting machine fraud and complaints of abuse. For more, read the full article.
34 suspects in 13 countries were arrested as part of a global crackdown on DDoS-for-hire services, which take down websites by flooding them with traffic. The rise of Mirai and botnets have contributed in the rise of DDoS attacks. Most buyers, especially those who are online gamers, use them to pull pranks, but victims have also been harassed by extortion schemes and include government departments, colleges, and internet hosting companies. Many of the suspected buyers were under 20, and one American detainee could face up to 10 years in prison if convicted. For more, read the full article on ITWorld.